This Policy is permanently accessible through the link enabled on the website, called «Data Protection», and can be updated at any time, either as a result of a regulatory change or by changing the configuration of services or the type of business developed. Modifications that imply changes in the provision of the contracted service, or require the consent of the interested parties, will be communicated thirty calendar days in advance so that the interested parties can express their opposition to the processing of their data according to the described change, or so that Clients may adopt the measures they deem appropriate in relation to the modification communicated. If after the period provided the user accesses their services again or does not communicate their opposition, the new conditions will be accepted.
1. Responsible for the Treatment
Baraka treats the data in a fair and lawful manner; it only treats those data that it considers adequate, pertinent and not excessive in relation to the scope and the determined, explicit and legitimate purposes for which it obtains them, and does not use them for purposes incompatible with those for which the data has been collected.
The users of Baraka’s website and services (hereinafter, users) are responsible for the veracity, timeliness and accuracy of the data they provide to Baraka, considering the information provided by them to be accurate, current and accurate. Users can modify and / or update their data, and their preferences regarding the treatment of the data provided, through the configuration of the options that are available in the «Client Area» (also called, «Control Panel») . Baraka, as soon as it becomes aware of the inaccuracy, will adopt the necessary measures so that the affected data can be rectified without delay.
To access and / or navigate the baraka.travel website, it is not necessary to provide any information. The mandatory nature of the answer to the questions that are asked, or of the data requested through the website, is indicated by the inclusion of an asterisk (*) following the question or field of the form. If the required data is not provided, it will not be possible to provide the requested service or functionality.
Baraka does not process minors’ data in any case, since only registration as a user and the contracting of services through the baraka.travel website are allowed to persons of legal age with full capacity to act in legal transactions.
Baraka will only treat the personal data provided by the users in accordance with the purposes described in this Policy and in the General Contracting Conditions of the services contracted by the users, which are listed merely as follows:
• Users: the data collected by any of the media or contact channels identified on the website (including, chats or phone calls) and through the Baraka services, are used for the purpose of managing the account and contracted services by users, both at the technical level and at the accounting, tax and administrative levels, and / or to notify them of incidents, news or any information of interest about their services. To this end and in compliance with tax regulations and data protection, the identification data provided by users are checked, consulting the data quality service of the tax administration, and those data that prove to be inaccurate are rectified.
• Baraka uses the contact data provided by users to send them, electronically or not, information on the improvements that are implemented in the services they have hired, and to keep them informed about the news that they believe may be of interest to them. (offers and promotions). Baraka is absolutely opposed to the practice of spamming: the user is the one who decides -and authorizes- whether he wants to receive this type of communication or not, either by registering as a user in baraka.travel and, therefore, by accepting Baraka’s General Conditions and this Policy, or when requesting information of this type by any of the means of contact provided on the web.
• Baraka keeps the traffic and location data generated in the framework of the provision of electronic communications services contracted by users, at the disposal of the competent authorities during the legally established period, in accordance with Law 25/2007 of 18 October, of preservation of data related to electronic communications and public communications networks. These data are not used for commercial promotion purposes.
• Human resources: the data received is kept to take them into account in future selective processes of workers and / or collaborators.
• Suggestions, Complaints or Comments: the data collected is used to address the communications received and provide them with the corresponding response
• Contact: the data received by any of the means and / or contact channels indicated on the website, are used to contact and / or manage the request or incident reported. Received calls can be recorded, for security reasons and to improve the quality of services.
• The cookies used by Baraka are anonymous and do not provide references that allow users to deduce personal data. The only non-anonymous cookies, that is, those that allow user identification, are those that the user voluntarily activates when accessing the «Client Area» of the website. These cookies store the username on your terminal equipment, as well as a hash of the user’s name and password, for fifteen days, with the exclusive purpose of facilitating access to areas restricted to the user without the need to manually enter the password. access every time. To know our policy of installation and management of storage devices and data recovery in terminal equipment consult our Cookies Policy.
• Social networks: users who use the automated publishing service in social networks must provide their access codes (username / email address and password) to these networks, which will be used for the sole purpose of publishing on behalf of of the users the contents that these provide. These contents must respect both the current legislation and the conditions of use of the social networks themselves.
- Other web forms (Sponsorships, new TLDs, etc.): the information is used for the purpose described in the web form itself.
Baraka does not transfer data to third parties, unless a law or a community standard provides otherwise, or if necessary for the provision of the contracted service. In this case, only communicate essential data to manage the request of users and provide contracted services, so that the transfer responds to the free and legitimate acceptance of an existing legal relationship between the parties and Baraka, whose development, compliance and control necessarily involve the connection of the data and that includes the necessary transmission of the same. In the event that a user leaves a comment or interacts socially with the website of baraka.travel or in the social networks in which it is present, it must be borne in mind that their data will be published in the environment in which it operates, that is, You will expressly authorize the communication of your data – associated with the action you take – to the rest of the users who access the website or social network.
The consent given, both for the treatment and for the transfer of data of the interested parties, is revocable at any time by communicating it to Baraka in the terms established in this Policy for the exercise of the ARCO rights. This revocation will not be retroactive in any case.
Interested parties can exercise their ARCO rights, and revoke the consent given for the treatments and / or assignments of their data, at any time by requesting it by postal mail addressed to the Legal Department of Baraka Club de Viatges SLU, at the following address: Carrer del Camí Fondo, 14 08221 Terrassa (Barcelona); or, by sending an email to info @ baraka.travel. In any case, the request for a copy of the official document proving the identity of the owner of the data must be accompanied.
2. In charge of the Treatment
Data transfer, access and / or processing of personal data that are the responsibility of Baraka users when these are necessary for the adequate provision of the services they have hired is not considered. In such cases, Baraka will have the status of controller in accordance with current regulations on data protection. The data protection regime applicable to these treatments is regulated both in this Policy, as in the General Conditions for Contracting of the corresponding Service and in the Particular Conditions that make up the order or final request (collectively, the Main Contract).
The user who hires the service (hereinafter, Contracting Party), or where appropriate the third entity that decides on the purpose, content, use and treatment of personal data, are solely responsible for the data they receive in the services of Baraka Baraka treats the information hosted in its services exclusively on behalf of the Contracting Party under the terms and conditions stipulated in the Main Contract. The Contracting Party, or the third entity to which this is providing a service treating data for which it is responsible, state that they are owners of files containing personal data collected legally and that, by virtue of the services contracted to Baraka, authorizes its treatment, to the extent necessary for the provision thereof.
In those cases in which Baraka may have access to the data, it undertakes not to apply, use or disclose the data processed for purposes other than those derived from the Main Contract. Baraka will only process the data contained in its services to execute the contracted services on behalf of the Contracting Party in accordance with the instructions indicated and, in no case, will it use them for purposes other than those agreed in the Main Contract. Baraka will not communicate or allow access to the processed data to any third party, not even for its preservation, unless: in the Main Contract the opposite is established, or the communication is necessary for the provision of the contracted services or that the assignment comes In this sense, the contracting person expressly authorizes Baraka, when contracting any of the services available on the baraka.travel website, to subcontract on its behalf and on its own behalf as many entities as necessary to the correct provision of the services detailed in the Main Contract. The entities thus subcontracted will have the status of processor, will be subject to the same data protection and confidentiality rules as Baraka and will regulate their relationship with Baraka in accordance with the regulations on data protection. The identity of these subcontracted entities is published on the baraka.travel website.
In the event that the Contracting Party acts as the person in charge of the processing of a third entity responsible for the data, it must guarantee before contracting any service that involves the processing of such data, which has the express authorization of the latter to proceed with the subcontracting of the data. the services entrusted to it that coincide with the purpose of the Main Contract, also ensures that the relationship with the third entity responsible for the data is legally regulated in accordance with the requirements of current legislation on data protection prior to hiring the service through baraka.travel. Otherwise, you must refrain from subcontracting with Baraka and if you breach this prohibition, you will be responsible and will assume any sanction imposed on it as a consequence of this lack of legitimacy.
Baraka has adopted the necessary technical and organizational measures to guarantee the security of personal data and to prevent their alteration, loss, treatment or unauthorized access, in accordance with current regulations on the protection of personal data. Specifically, the measures associated with the average level of security for files and / or automated processing, in accordance with Title VIII of Royal Decree 1720/2007, of December 21, approving the Regulation for the Development of Organic Law 15 / 1999, of December 13, of Protection of Personal Data. Baraka only provides the technical infrastructure, and if so contracted, the administration of the same, circumscribing its responsibility to the security measures provided in relation to these functions. Therefore, its responsibility will be limited to those tasks that, by the very nature of the Main Contract, must be carried out by Baraka directly in the services (such as, for example, the restriction of access to the premises where the resources that are located are located. host the data). Baraka declines any responsibility for the breach of the security systems of the Contracting Party or the inviolability of the information when it is transported through any communications network. Baraka will not be responsible for any security incidents that occur as a result of an attack or unauthorized access to the systems in such a way that it is impossible to detect or prevent it even if the necessary measures are adopted according to the current state of technology or a lack of of diligence of the user or Contracting Person in relation to the guard and custody of their access codes and / or personal data. The Contracting Party recognizes that these measures are adjusted to the level of security applicable to the type of information processed as a result of the provision of the service that Baraka performs on behalf of the Contracting Party, in accordance with the provisions of current legislation on data protection . It is the exclusive responsibility of the Contracting Party to assess whether the conditions of the Main Contract are appropriate to their needs and comply with the legal requirements to which they are bound as the File / Treatment Responsible. In case the treatment to be performed requires any additional measure to those indicated in the Main Contract, the Contracting Party must inform Baraka so that it can offer the possibility of contracting additional technologies and services necessary to implement said security measure. The hiring of the additional measure will be done through the formalization of a specific document that will be annexed to the Main Contract. If Baraka can not provide the additional measure required by the Contracting Party, it will notify it as soon as possible. In the event that for the provision of the contracted service an additional measure not communicated to Baraka or not contracted after offering said option to the Contracting Party is required, Baraka will not be responsible for the lack of implementation of the security measures required by current regulations in terms of data protection. Similarly, if the qualification of the level of the file processed by Baraka for the provision of the contracted service was erroneous, Baraka will not be responsible for the lack of adequacy of the security measures to the provisions of the regulations.
The Contracting Party must notify the identification of the files or treatments on which Baraka is responsible for the treatment, indicating the name of the file, its level or security measures and the data of the File / Treatment Manager, as well as notifying any change in the previous data. In the event that the contracting party fails to fulfill this obligation, it will be liable for the sanctions that were imposed on Baraka for such reason.
Baraka will keep the personal data to which it has had access due to the service provided, as well as any support or document in which they appear, during the time in which the Main Contract is in force or as long as an Act stipulates this. , will destroy the data and any media or documents in which they are incorporated, taking into account the characteristics of the services contracted and the retention periods stipulated, as the case may be, in the Main Contract. However, Baraka may keep the data and information processed, duly blocked, in the event that responsibilities could arise from its relationship with the Contracting Party. The destruction of the information will be done without the need to issue formal communication or any certification in which it is stated that it has been carried out.
Baraka undertakes to maintain professional secrecy with respect to the data accessed by virtue of the Main Contract, and the duty to keep them, obligations that will subsist even after the end of its relationship with the Contracting Party. The rest of the obligations envisaged in relation to the processing of data by third parties, will be extinguished at the moment in which the data have been deleted or eliminated from the data storage equipment or in some way, destroyed or made inaccessible.