Privacy Policy

Basic Information on Data Protection

Data Controllers

LOW WORLD TRAVEL S.L.

GLOBAL TRAVEL SOLUTIONS S.L.

Hereinafter CDV.

Purpose

Provision of online services

Management of website users

Commercial communications related to our services

Legal grounds

Consent

Legitimate interest

Execution of the contractual relationship

Fulfilment of legal obligations

Recipients

Data is not disclosed to third parties, except where legally required

Rights

Rights of access, rectification, erasure and portability of your data, restriction and objection to its processing, as well as not to be subject to decisions based solely on the automated processing of your data.

At CDV, we work to provide you with the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. Your privacy matters to us and we believe in being transparent about it.

Therefore, for the purposes set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, "GDPR") regarding the protection of individuals with regard to the processing of personal data and the free movement of such data, and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, "LSSI"), CDV informs the user that, as data controller, it will include the personal data provided by users in an automated file.

Our commitment begins by explaining the following:

We collect your data in order to improve your user experience, taking into account your interests and needs.

We are transparent about the data we collect about you and why we collect it.

Our goal is to offer you the best possible experience. Therefore, whenever we use your personal information, we will always do so in compliance with regulations, and when necessary, we will ask for your consent.

We understand that your data belongs to you. Therefore, if you decide not to allow us to process it, you may ask us to stop processing your data.

Our priority is to ensure your security and treat your data in accordance with European regulations.

If you wish to obtain more information on how your data is processed, please see the different sections of the privacy policy below:

Who is responsible for processing your personal data?

LOW WORLD TRAVEL S.L., a wholesale agency with licence number CV-Mm-1948-A, tax number (NIF) B76650852, registered address at Plaza de los Luceros, 1, Floor 5, 03001, Alicante, Spain. Registered in the Alicante Commercial Registry; Volume 4073; Book 0; Folio 88; Sheet A-157203; Entry 2.

GLOBAL TRAVEL SOLUTIONS S.L., a wholesale agency with licence (FUE) 2022-02894383, tax number (NIF) B01863257, registered address at Avda. Diagonal, 359 A1, Barcelona, 08037 Barcelona, Spain. Registered in the Barcelona Commercial Registry; Volume 47447; Folio 48; Sheet 552058; Entry 1.

CDV has appointed a contact person as internal GDPR Officer within its organisation. If you wish to make an enquiry regarding the processing of your personal data, you can contact them by email: rgpd@grupocdv.com

What personal data do we collect?

The personal data the user may provide includes:

Name and surname

Phone number

Tax number (CIF/NIF)

Company name

Bank details

Address and postcode

Email address

Location

IATA accreditation

IP address, date and time of your access to our services, browser you use, and data on your device’s operating system

Comments about the service to be contracted and needs

In some cases, it is mandatory to fill in the registration form to access and enjoy certain services offered on the website, in this case in order to be a user; therefore, if you do not provide the required personal data or do not accept this data protection policy, you will not be able to subscribe to and/or register for our services.

Why and for what purposes do we process your data?

At CDV, we process the data provided by interested parties for the following purposes:

To manage and carry out the service contracted by the USER, its billing and collection.

Customer data may be used to carry out market studies (statistical reports) to help expand and improve CDV’s products or services. In any case, no personal data will be included in the statistical reports generated.

To manage the sending of information requested from us, as well as any other enquiries you may have that are not subject to the Website’s terms and conditions or to the terms of services.

To carry out commercial actions and maintain and manage the relationship with the user, as well as manage the services offered through the website, provide information, and carry out follow-up actions.

In some cases, it will be necessary to provide information to Authorities or third-party companies for audit reasons, as well as to handle personal data from invoices, contracts, and documents to reply to claims from customers or public administrations.

We inform you that the personal data obtained as a result of your registration as a user will form part of the Record of Processing Activities where CDV is the owner, which will be updated periodically according to what is established by the GDPR.

What are the legal grounds for processing your data?

The processing of your data may be based on the following legal grounds:

Consent to contract online services via the CDV platform through the contact form and therefore for the execution of a contract at the request of the interested party. (Art.6.1 b) GDPR. For the provision of the respective service, the delivery of your data is required; otherwise, the requested services cannot be provided.

Processing of customer data to prepare statistical reports (market studies) based on the company’s legitimate interest, which is considered overriding to the extent that only the data provided by users will be processed, solely to improve the services offered by the entity. Additionally, statistical reports will contain no personal data of users, as this data will be anonymised.

To be able to respond to your request or enquiry and carry out follow-up after service contract. Providing your data is voluntary but where you do not provide it, we will not be able to respond to your request, enquiry, or claim. Therefore, providing your personal data for these purposes is a necessary requirement for us to deal with the requests made through this channel.

The prospective offer of products and services to customers is based on satisfaction of legitimate business interests, consisting of being able to offer our customers products or services and thus obtain their loyalty. In any case, authorisation to process your data for this purpose is voluntary and refusal would only mean you will not receive commercial offers of our products or services. Nonetheless, we remind you that you have the right to object to this data processing, which you may do via any of the means described in this Policy.

For processing CVs with the consent you give when submitting them to participate in company recruitment processes.

Legitimate interest for processing customer data in direct marketing actions and the express consent of the data subject regarding all matters relating to automated evaluations and profiling.

Compliance with legal obligations for fraud prevention, communication with public authorities, and third-party claims.

How long do we keep your data?

The data will be processed for the purposes described only for as long as strictly necessary to fulfil the commercial relationship with the client, as well as to comply with legal obligations arising from the processing of the data.

Who receives your data?

In some cases, only when necessary, CDV will provide user data to third parties. However, data will never be sold to third parties. External service providers used by CDV may use the data to provide the corresponding services but will not use such information for their own purposes or to transfer it to third parties.

CDV seeks to ensure the security of personal data when sent outside the company and makes sure that third-party service providers respect confidentiality and are equipped with the appropriate measures to protect personal data. These third parties are obliged to ensure that the information is handled in accordance with data privacy regulations and in line with Article 28 GDPR and Article 32.

In some cases, the law may require disclosure of personal information to public bodies or other parties, only the strictly necessary data will be disclosed to comply with such legal obligations.

The personal data obtained may also be shared with other companies in the group.

CDV as Data Processor

CDV will only access this data in two situations:

To ensure correct delivery of services and improve customer support when the customer contacts CDV support. In this case, access to customer data will be regulated through specific permissions and concrete control and security measures.

To comply with legal obligations in the context of judicial and/or administrative requests. Such requests are strictly regulated.

Access in the context of CDV support:

When a customer contacts CDV support, depending on the reason for the enquiry, they may access two categories of data. On the one hand, to better address the customer’s request, CDV support will access the information provided by the customer when creating their CDV account (name, surname, phone, email, etc.).

On the other hand, exclusively at the express request of the customer and subject to the technical limitations of each service, CDV support may access data stored by the customer in CDV’s services to identify the cause of a problem and, where appropriate, resolve it.

Access in the context of a judicial or administrative authority request

To comply with current regulations, CDV is obliged to respond to requests from judicial or administrative authorities. Such access requests are governed by a strict legal framework, so CDV only authorises them after verifying their validity and basis. In addition, unless the request or law prevents it, CDV undertakes to inform the client of such request at the earliest opportunity. Requests from a third country will only be processed if based on an international agreement, such as an existing judicial cooperation treaty between the requesting country and the Union or a Member State.

Where is your data stored?

As a general rule, data is stored within the EU. For data transferred to recipients outside the EU, we ensure that an adequate level of protection is guaranteed, with the use of Binding Corporate Rules (BCR). You can check the list of these countries on the European Commission website.

Thanks to the guarantees provided by CDV regarding data transfers, the customer can fulfil their regulatory obligations. Article 45 of the GDPR, which specifies cases of "transfers based on an adequacy decision", stipulates that a personal data transfer to a third country or international organisation may take place when the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question, ensures an adequate level of protection. Such transfers do not require any specific authorisation.

Call recording

Calls may be recorded in order to process your requests or answer your queries, as well as to assess and improve the responses provided by our agents and analyse the decisions you make as a result of such responses.

Your data will be processed on the basis of the entity’s legitimate interest, which prevails due to the need to have tools to assess and improve the quality of the responses we provide and the decisions you make based on them. Also to increase security and have evidence regarding the services or products you have requested and those offered by us, for which call recording is necessary.

Recordings will be kept for at least 12 months, or in any event until your request has been processed or your query answered. If new data is collected by phone as a result of a complaint, contract, product or service change, etc., the recording will be kept as evidence of the data collection as long as any type of legal liability may arise from the relationship. Information relating to the evaluation of decisions made by users based on responses provided is stored for a period of 12 months.

Processing of contact data for commercial calls

On occasion, CDV processes professional contact data obtained from the Internet to contact the parties involved by phone and attempt to schedule a business meeting with them or offer them services or products.

In view of the above, such processing is based on Article 6.1.f of the GDPR (legitimate interest), as in any case, the following premises are met:

a) The processing concerns only the data necessary for locating the data subject professionally.

b) The purpose of the processing is to maintain relations of any kind with the legal person in which the affected person provides their services.

The same presumption applies for the processing of data relating to sole traders and independent professionals, provided they are referred to only in that capacity and not for establishing a relationship with them as natural persons.

In any case, the data subjects may object to the processing in any of CDV’s contact addresses, as the entity is not obliged to carry out such processing. The data will be retained for the aforementioned purposes indefinitely unless the data subject objects, in which case it will be deleted.

What rights do you have and how can you exercise them?

You may address your communications and exercise your rights by making a request to the following email: rgpd@grupocdv.com

In accordance with the provisions of the GDPR, you may request:

Right of access: you can request information about what personal data we hold about you.

Right of rectification: you can notify us of any changes to your personal data.

Right of erasure and to be forgotten: you may request the deletion, after prior blocking, of your personal data.

Right of restriction of processing: this is the restriction of the processing of personal data.

Right to object: you can withdraw your consent to the processing of data, or object to processing ongoing.

Right to data portability: in some cases, you can request a copy of your personal data in a structured, commonly used and machine-readable format to transfer to another controller.

Right not to be subject to automated individual decision-making: you may request that you are not subject to decisions based solely on automated processing, including profiling, that produces legal effects or significantly affects you.

In some cases, your request may be refused if you request the deletion of data required to comply with legal obligations.

Likewise, if you have a complaint about data processing you can submit a claim to the data protection authority: www.aepd.es.

Who is responsible for the accuracy and truthfulness of the data provided?

The user is solely responsible for the accuracy and correctness of the data provided, exonerating CDV from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided and undertake to keep it duly updated. The user agrees to provide complete and correct information in the registration or subscription form. CDV reserves the right to terminate contracted services entered into with users if the data provided is false, incomplete, inaccurate, or not updated.

CDV is not responsible for the accuracy of information not produced by itself and for which another source is indicated, and therefore assumes no liability for any hypothetical damage that may arise from the use of such information.

CDV reserves the right to update, modify, or delete the information contained on its websites and may even limit or deny access to such information. CDV is exonerated from liability for any damage that the user may suffer as a consequence of errors, defects or omissions in the information provided by CDV, provided that it comes from external sources.

What security measures do we apply to protect your personal data?

CDV has adopted the legally required levels of security for the protection of Personal Data and tries to install any other additional technical means and measures within its power to prevent the loss, misuse, alteration, unauthorised access and theft of the Personal Data provided to CDV.

CDV is not responsible for possible damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond CDV's control, delays or blockages in using the current electronic system caused by deficiencies or overloads in telephone lines or in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damages that may be caused by third parties through illegitimate intrusions beyond the control of CDV. Nevertheless, the user must be aware that security measures on the Internet are not impregnable. Since no online service can guarantee absolute security.

Links to other websites

The CDV website may contain links to other websites. Clicking on one of these links to access an external website means you are subject to that website’s privacy policy, leaving CDV. exempt from any kind of liability regarding its privacy policy. It will only be responsible for redirections or links under the domain and ownership of the CDV group of companies.

Can the privacy policy be changed?

The Privacy Policy may be amended periodically. Please visit this page regularly to read the current version. We will indicate the dates of the latest revisions to this Privacy Policy at the end of this page; all revisions will become effective upon publication.