Privacy Policy

Data protection information according to Art. 13 and 14 of the EU Data Protection Regulation (EU-GDPR)

The protection of your privacy is very important to us. This privacy policy applies to the website https://dtservices.travel/ (hereinafter called the website). Please read it thoroughly. In it you will find important information about the processing of your personal data and the rights to which you are entitled in accordance with the relevant legislation currently in force.

We reserve the right to update our privacy policy at any time due to business decisions taken, as well as to comply with possible changes in legislation or jurisprudence. Were you to have any doubts or require any clarification about our privacy policy or your rights, you can contact us through the channels indicated below.

You declare that the data you provide us with, now or in the future, is correct and truthful, and you undertake to inform us of any changes in it. In the event of you supplying us with personal data of third parties, you undertake to obtain their prior consent and inform them of the contents of this policy.

The fields in our forms, marked as obligatory, must be completed so that your requests can be dealt with.

1 Who is responsible for processing your data?

The data controller of personal data is DER Touristik Services S.L.U (hereinafter DTS), with registered address at Calle Genil, 30, 3ª planta, Pol. Son Fuster, 07009 Palma (Balearic Islands), Spain. Destination Touristic Services is a part of the travel group DER Touristik Group.

To contact the Data Protection Officer, obtain more information about the processing of your data, or to exercise the rights to which you are entitled by the relevant legislation currently in force, you can send an e-mail to dpd.es@dertouristik-services.com

2 Why will we process your data and on what legal basis?

Establishing contact within the scope of a business relationship: For the initiation or implementation of a business relationship, we will process the contact the users provide in the contact form in particular your contact data (name, address, telephone number and e-mail address), communication data (e.g. correspondence by e-mail), if applicable location data (IP address).

The legal basis for this processing of your personal data is Art. 6 para. 1 lit. a GDPR (your consent) and lit. b GDPR (pre-contractual measures, performance of contract) if we receive the data directly from you or we enter into a direct contractual relationship with you.

If you are not an existing or potential business partner yourself, we have usually received your contact details from our business partner who has named you as a contact person. In this case, the processing of your data is based on Art. 6 para. 1 lit. f GDPR (balancing of interests, based on our legitimate interest in contacting existing or potential business partners).

The provision of personal data about you for the purpose of contacting you in the context of a business relationship is on a voluntary basis. Insofar as your contact data is absolutely necessary for the initiation and fulfilment of a contract, you and must disclose your contact data, as otherwise the contract with you cannot be concluded.

If the communications end up resulting in the formalization of a commercial relationship or if they occur within the framework of a pre-existing commercial relationship, the information will be kept for a period of 10 years. This period of retention is mandatory for all companies in the business group in which the data controller is integrated, in application of German Law. It begins with the end of the calendar year in which the last entry was made in the trading book, the inventory was drawn up, the opening balance sheet or the annual financial statements were prepared, the individual financial statements in accordance with Paragraph 325 (2a) or the consolidated financial statements were prepared, the commercial letter has been received or sent or the accounting document has been prepared in accordance with the statutory retention periods pursuant to Paragraph 257 (5) of the German Commercial Code (HGB) for trading books, inventories, opening balance sheets, annual financial statements, individual financial statements pursuant to Paragraph 325 (2a) HGB, management reports, consolidated financial statements, Group management reports as well as the work instructions and other organizational documents required for their understanding, The accounting period shall begin at the end of the calendar year in which the last entry was made in the books, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared and the commercial or business letter was received or sent or the accounting document was prepared, Furthermore, the recording has been made or the other documents have been prepared in accordance with Paragraph 147 (4) AO for books and records, inventories, annual financial statements, management reports, the opening balance sheet as well as the work instructions and other organisational documents required for their understanding, accounting documents, documents referred to in Article 15 (1) and Article 163 of the Union Customs Code.

In the event that the communication is not related to a commercial or business relationship, the information will be kept for a period of 6 years. This period of retention is mandatory for all companies in the business group in which the data controller is integrated, in application of German Law. It begins with the end of the calendar year in which the commercial letter was received or sent in accordance with the statutory retention periods pursuant to Paragraph 257 (5) of the German Commercial Code (HGB) for commercial letters.

3 Operation, administration and management of website: We use information that we receive and store during your visit to our website exclusively for internal purposes of security and improving the functionality of the website. We only store the IP address transmitted by your web browser for a period of three months in order to be able to recognise, limit and eliminate faults or errors (e.g. attacks on our servers). However, storage ends after one month at the latest. After this period, we delete or anonymise the IP address. This data record consists of:

  • the page from which the file was requested,
  • the name of the file,
  • the date and time of the request,
  • the amount of data transferred,
  • the access status,
  • the description of the type of web browser used,
  • the IP address of the requesting computer ( that is anonymised after the above-mentioned period).

We use this information to enable access to our website, to monitor and administer our systems and to improve the design and functionality of the website. This is done on the basis of our overriding legitimate interest in the security and functionality of our website, Art. 6 para. 1 lit. f GDPR.

4 Recipients of your personal data

As a general rule, your data collected by us will not be disclosed to unauthorised persons.

However, in some cases we use service providers to process personal data, including for sending emails, chats and video telephony. Your data (contact data, communication data, location data (IP address) is stored in a secure data center and databases.

All service providers have been carefully selected and are subject to data protection agreements with us. The service providers are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the data processing and use.

We also use service providers located in third countries outside the European Union to process your data. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude the data protection contract (standard contractual clauses) provided by the Commission of the European Union for the processing of personal data in third countries or implement other permissible guarantees or legally permissible exceptions from Art. 49 GDPR. This provides appropriate safeguards for the protection of your data with service providers in the third country. You can request a copy of these guarantees using the contact details above.

Your data will only be communicated to third parties under legal obligation, with your consent, or when your request involves such communication.

To be more specific about this latter instance,

If you have chosen a destination or a particular department on the contact form, from DTS we shall pass the data indicated on to the section of the group in charge of the destination. Kindly be aware that when the inquiry pertains to a department or destination outside the European Economic Area, these communications may involve the transfer of your data to countries that do not offer an equivalent level of protection as the EU regarding personal data. These communications, and if applicable, international data transfers, are indispensable for the execution of the legal relationship established with you or for the implementation of pre-contractual measures on the basis of Art. 49 (b) GDPR as mentioned above. In the event of not providing your data, it may not be possible to respond to your inquiry or address your request correctly.

5 Links to other websites: Our website may contain links to other websites which are not covered by this website´s data protection declaration. If the collection, processing or use of personal data is associated with the use wo the websites of other providers, please refer to the data protection declarations of the respective providers.

6 What are your rights?

You have the right to seek confirmation as to whether we are processing your personal data or not, and, if so, to access it. You may also ask for your data to be rectified if it is inaccurate, as well as request its erasure when, among other reasons, this data is no longer necessary for the purposes for which it was collected.

Under certain circumstances, you may request restriction of the processing of your data. In such a case, we will only process the data in question for the formulation, exercise, or defence of legal claims, or with a view to protecting the rights of other people.

Under certain circumstances, and for reasons related to your particular situation, you may also object to the processing of your data. In this case, we will cease to process the data except for compelling legitimate reasons that prevail over your interest or rights and liberties, or for the formulation, exercise, or defence of legal claims.

Furthermore, under certain conditions, you may request the portability of your data and that it be transferred to another data controller.

In the same way, you have the right not to be subject to decisions based on automated processing that produce legal effects concerning you or similarly significantly affect you, when this right coincides with what is laid down in Article 22 of EU Regulation 2016/679.

You also have the right to file a complaint with the Spanish Data Protection Agency.

To exercise your rights, you have to send us a request by post or by email to the addresses set out in the section above: Who is responsible for processing your data?

You can obtain more information about your rights and how to exercise them at the website of the Spanish Data Protection Agency. www.aepd.es.