UK Policy

UK Privacy: 31/05/2024

Welcome to Vtcgirona.com. We are committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you visit our website or use our services.

1. Data Controller

The data controller responsible for your personal data is:

José María Lopez Ortiz
Vtcgirona.com
Email: vtcgirona@gmail.com
Phone: +34 666 45 30 32
VTC License: 12066689/3146KRK – 12416802/8059LHN

CIF/NIF: 45077518W

2. Information We Collect

We may collect and process the following data about you:

  • Personal Identification Information: Name, email address, phone number, and other contact details.
  • Booking Information: Details related to your transfer bookings, including pickup and drop-off locations, dates, and times.
  • Payment Information: Credit/debit card details or other payment information.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To Provide Our Services: Processing your bookings, managing payments, and providing customer support.
  • To Improve Our Services: Analyzing usage data to improve our website and services.
  • To Communicate With You: Sending booking confirmations, updates, and responding to your inquiries.
  • For Marketing Purposes: Sending promotional materials and offers, subject to your preferences.
  • To Comply With Legal Obligations: Ensuring compliance with applicable laws and regulations.

4. Legal Basis for Processing Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Consent: Where you have given us consent to process your data.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

6. Sharing Your Data

We may share your personal data with the following parties:

  • Service Providers: Third-party service providers who provide IT and system administration services.
  • Professional Advisors: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
  • Regulatory Authorities: As required by law or regulation.

7. International Transfers

Your data may be transferred to and processed in countries outside of the UK and the European Economic Area (EEA). We ensure that appropriate safeguards are in place to protect your data in these circumstances.

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.

9. Your Legal Rights

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Right to Access: Request access to your personal data.
  • Right to Rectification: Request correction of your personal data.
  • Right to Erasure: Request deletion of your personal data.
  • Right to Restriction of Processing: Request restriction of processing your personal data.
  • Right to Data Portability: Request transfer of your personal data.
  • Right to Object: Object to processing of your personal data.
  • Right to Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us using the contact details provided above.

10. Changes to This Privacy Policy

We may update this policy from time to time. Any changes will be posted on this page, and where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

11. Contact Us

If you have any questions about this privacy policy or our data protection practices, please contact us at:

José María Lopez Ortiz
Vtcgirona.com
Email: vtcgirona@gmail.com
Phone: +34 666 45 30 32
VTC License: 12066689/3146KRK – 12416802/8059LHN

12. Compliance with UK Data Protection Laws

We are committed to complying with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We ensure that your personal data is processed lawfully, fairly, and transparently. We will only collect and use personal data where we have lawful grounds to do so and in accordance with our legitimate business interests, your consent, or where required by law.

13. Your Rights under UK Data Protection Laws

In addition to the rights mentioned above, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been violated

The ICO’s contact details are as follows:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk/
Phone: 0303 123 1113

Data Privacy in the UK

In the United Kingdom, data privacy is governed by the General Data Protection Regulation (GDPR) as incorporated into UK law by the Data Protection Act 2018. These laws provide individuals with greater control over their personal data and impose strict obligations on organizations that process such data.

Key Principles of Data Protection under GDPR:

1. Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently. This means that organizations must have a lawful basis for processing personal data, such as consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.

  1. Purpose Limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  2. Data Minimization: Organizations should only collect and process personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  3. Accuracy: Personal data must be accurate and, where necessary, kept up to date. Organizations must take reasonable steps to ensure that inaccurate personal data is rectified or erased without delay.
  4. Storage Limitation: Personal data should be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  5. Integrity and Confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  6. Accountability: Organizations are responsible for and must be able to demonstrate compliance with the principles of data protection.

Individual Rights under GDPR:

  1. Right to Access: Individuals have the right to obtain confirmation as to whether or not their personal data is being processed and, if so, access to that personal data.
  2. Right to Rectification: Individuals have the right to have inaccurate personal data rectified and incomplete personal data completed.
  3. Right to Erasure (Right to be Forgotten): Individuals have the right to have their personal data erased under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed.
  4. Right to Restriction of Processing: Individuals have the right to request the restriction of processing of their personal data under certain circumstances, such as when the accuracy of the data is contested.
  5. Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
  6. Right to Object: Individuals have the right to object to the processing of their personal data under certain circumstances, such as processing for direct marketing purposes.
  7. Rights in Relation to Automated Decision Making and Profiling: Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Data Protection Officer (DPO):

Organizations may be required to appoint a Data Protection Officer (DPO) if their core activities involve regular and systematic monitoring of data subjects on a large scale or processing large amounts of sensitive personal data.

Data Breach Notification:

Organizations are required to notify the Information Commissioner’s Office (ICO) of data breaches without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach.

International Data Transfers:

The GDPR restricts the transfer of personal data outside the European Economic Area (EEA) unless certain safeguards are in place, such as adequacy decisions, standard contractual clauses, binding corporate rules, or specific derogations.

14. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Types of Cookies Used:

  1. Essential Cookies: These cookies are essential to provide you with services available through our website and to enable you to use some of its features. For example, these cookies allow you to log in to your account and add products to your shopping cart.
  2. Performance Cookies: These cookies help us understand how you interact with our website by providing information about areas visited, time spent on the site, and any issues encountered, such as error messages. This helps us improve the performance of our website.
  3. Functional Cookies: These cookies allow our website to remember choices you make while browsing, such as your username, language, or region, and provide you with enhanced and personalized features. For example, these cookies may be used to remember your language preferences or the region you are in.
  4. Advertising Cookies: These cookies are used to display ads relevant to you and your interests. They are also used to limit the number of times you see an ad and to help measure the effectiveness of an advertising campaign. These cookies are generally placed by advertising networks with the website operator’s permission.
  5. Third-Party Cookies: These cookies are set by a domain different from the one you are currently visiting. They are used for advertising purposes, tracking users across different websites, and delivering personalized content.

Please remember that you can control and manage cookies on your device through your browser settings. However, disabling some cookies may affect your browsing experience on our website.