Privacy policy
We make this Privacy Policy available to you in order to inform you in detail about how we process your personal data and protect your privacy and the information you provide to us.
If we introduce changes to this Privacy Policy in the future, we will notify you through this website or by other means, so that you can be aware of the new privacy conditions adopted.
Below, in a question-and-answer format, we inform you of the conditions under which our entity processes your personal data:
Who is the controller of your data?
- Identity: EXPRESS TRAVEL TOURS SL — Tax ID (CIF): B88142930
- Postal address: Plaza Puerta Del Sol, 4 – 3rd Floor, D, 28013 – Madrid (Spain)
- Telephone: (+34) 657 588 496
- Email: info@theyellowtour.com
For what purpose do we process your personal data?
We process the personal data you provide to us for the following purposes:
Professional, administrative, accounting, and tax management of the assignment for legal defense or advisory services, as well as file management. Providing data for this purpose by our clients is mandatory; otherwise, the contract cannot be performed.
Management of relationships with our suppliers and collaborators, as well as invoicing and payment for services. For this purpose, it is mandatory that the supplier or collaborator provides us with their data; otherwise, the contract cannot be performed.
Handling requests for information, suggestions, and complaints you may send us; contacting the sender; responding to the request or inquiry; and follow-up. Providing data for this purpose is voluntary; however, if you do not provide it, we will not be able to respond to the request, inquiry, or complaint. Therefore, communicating your personal data for these purposes is necessary for us to address such requests.
Sending communications and information about the firm’s services and activities, provided that the user authorizes us to do so. Authorization is voluntary; refusing it will only result in you not receiving the referenced communications.
If you send us your CV, we will process it to have information about people who wish to do internships and/or work with us, in order to carry out relevant recruitment and selection processes. Providing the data is voluntary; however, if you do not provide it, you will not be able to participate in the entity’s selection processes.
If you become our friend or follower on social media, we will process your data to keep you informed of our activities and promotions through those channels. Providing the data for this purpose is voluntary; however, if you do not provide it, you will not be able to be our friend or follower on the relevant social network. The categories of data processed for this purpose are identifying data.
How long will we process your data?
We only keep your data for the period of time necessary to fulfill the purpose for which it was collected, comply with legal obligations imposed on us, and address any liabilities that may arise from fulfilling the purpose for which the data was collected.
Data for managing the relationship with clients, suppliers, and collaborators and for invoicing and collecting payment for services will be kept for that purpose for as long as the contract or provision of services remains in force. Once that relationship ends, where applicable, the data may be kept for the period required by applicable law and until any potential liabilities arising from the provision of the service expire. Data from potential clients who do not end up contracting our services and who do not wish to receive commercial information will be deleted once it is confirmed that no contract will be entered into. If the prior relationship between the parties—even if not consummated—could give rise to potential liabilities, the data will be kept until such liabilities expire.
Data processed for sending additional information about the firm’s services and activities will be kept indefinitely, unless the user objects or withdraws consent.
Data processed to handle requests, petitions, inquiries, or complaints will be kept for the time necessary to respond and close them definitively. Afterwards, they will be kept as a communications record for one year, unless you request deletion earlier.
Data you provide (or that we obtain) to participate in a specific open recruitment process will be kept until that process concludes and then deleted, unless the candidate is selected, in which case it will be incorporated into their employee file. If unsuccessful candidates wish us to keep their CVs for future selection processes, they must expressly request this by email. In this latter case, and also when you provide your CV spontaneously so that we may consider it for future selection processes, the data will be kept for a maximum of one year from the last update. You must keep the personal data you provide to us updated—especially training and professional experience.
Data provided through social networks will be kept for as long as you remain our friend or follower on the relevant platform.
What is the legal basis for processing your data?
The legal basis for processing data of suppliers, collaborators, and clients is the performance of the contractual relationship.
Sending information about the firm’s services and activities is based on the data subject’s consent. This consent may be withdrawn at any time, with no consequence other than no longer receiving advertising, and without affecting data processing carried out previously.
Processing personal data to respond to your requests for information, petitions, inquiries, and complaints is based on the data subject’s consent. This consent may be withdrawn at any time, although this will not affect the lawfulness of processing carried out previously.
To which recipients will your data be disclosed?
Data will be disclosed to the following entities:
Competent Public Administrations, including judges and courts, in the cases provided by law or as a result of the requested assignment and for the purposes defined therein.
Financial institutions through which collection and payment management is carried out.
Although this is not a data transfer, third-party companies acting as our service providers may access your information in order to provide the service. These processors access your data following our instructions, may not use it for a different purpose, and must maintain strict confidentiality, under a contract in which they undertake to comply with current personal data protection regulations.
What are your rights when you provide us with your data?
Any person has the right to obtain confirmation as to whether or not we are processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request rectification of inaccurate data or, where appropriate, request deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Under the conditions set out in the General Data Protection Regulation, data subjects may request restriction of processing or data portability, in which case we will only keep the data for the exercise or defense of claims.
In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. If you have given consent for a specific purpose, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal. In such cases, we will stop processing the data or, where appropriate, stop processing it for that specific purpose, except for compelling legitimate grounds or for the exercise or defense of possible claims.
In addition, data protection regulations allow you to object to being subject to decisions based solely on automated processing of your data, where applicable.
The aforementioned rights are characterized by the following:
Exercising them is free of charge, unless the requests are manifestly unfounded or excessive (e.g., repetitive), in which case a fee proportionate to the administrative costs incurred may be charged or action may be refused.
You may exercise your rights directly or through your legal or voluntary representative.
We must respond within one month, although, taking into account the complexity and number of requests, the period may be extended by a further two months.
We are obliged to inform you of the means to exercise these rights, which must be accessible, and we may not deny the exercise of the right solely because you choose another means. If the request is submitted electronically, the information will be provided by those means where possible, unless you request otherwise.
If, for any reason, we do not act on the request, we will inform you, at the latest within one month, of the reasons and of the possibility of lodging a complaint with a Supervisory Authority
To facilitate exercising these rights, we provide the links below to the request form for each right:
- Form to exercise the right of access
- Form to exercise the right of rectification
- Form to exercise the right of objection
- Form to exercise the right of erasure (“right to be forgotten”)
- Form to exercise the right to restriction of processing
- Form to exercise the right to data portability
- Form to exercise the right not to be subject to automated individual decision-making
All the rights mentioned may be exercised through the contact methods listed at the beginning of this clause.
If there are doubts about the identity of the data subject, the entity reserves the right to request proof of identity by providing a photocopy or scanned copy of their national ID card (DNI) or equivalent document, or proof of representation if the right is exercised through a representative.
In the event of any violation of your rights—especially when you have not obtained satisfaction in exercising them—you may file a complaint with the Spanish Data Protection Agency (contact details available at www.aepd.es) or another competent supervisory authority. You can also obtain more information about your rights by contacting those bodies.
How do we protect your personal data?
We are firmly committed to protecting the personal data we process. We use reasonably reliable and effective physical, organizational, and technological measures, controls, and procedures aimed at preserving the integrity and security of your data and ensuring your privacy.
In addition, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of personal data.
In contracts we sign with our providers, we include clauses requiring them to maintain confidentiality regarding personal data to which they have had access as a result of the service provided, as well as to implement the technical and organizational security measures necessary to guarantee the permanent confidentiality, integrity, availability, and resilience of the systems and services used to process personal data.
All these security measures are periodically reviewed to ensure their adequacy and effectiveness. However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, if any information being processed and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where appropriate, those users who may have been affected so that they can take suitable measures.
What is your responsibility as the data subject?
By providing us with your personal data, the person doing so guarantees that they are over 14 years of age and that the data provided is true, accurate, complete, and up to date.
For these purposes, the data subject is responsible for the truthfulness of the data and must keep it appropriately updated so that it reflects their real situation, being responsible for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise.
If you provide third-party data, you assume responsibility for informing them in advance of everything provided in Article 14 of the General Data Protection Regulation under the conditions set out therein.
