• Identity of the Controller: Marc Sisó Vilagrasa
• NIF/CIF: 48057133J
• Registered Office: Plaça el Toll 10, Alcarràs
• Contact Email for privacy matters: info@ponentexplorers.com
• Contact Phone: +34 639 53 36 06

In processing your personal data, we will apply the following principles in accordance with the GDPR:

• Principle of lawfulness, fairness, and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes, about which we will inform you in advance with absolute transparency.
• Principle of data minimization: We will only request data that is strictly necessary in relation to the purposes for which we require it.
• Principle of storage limitation: Data will be kept for no longer than is necessary for the purposes of the processing.
• Principle of integrity and confidentiality: Your data will be processed in a manner that ensures appropriate security and confidentiality.

We collect personal information in various ways, including:

• Information you provide directly to us:
  • When making a reservation or contracting a service: Full name, address, phone number, email, payment details (credit/debit card), travel dates, destinations, travel preferences (room type, meals, etc.), passport or ID number (necessary for flights, international hotels, etc.), companion information (if applicable).
  • When contacting us (contact forms, email, phone, chat): Name, email, phone number, and the content of your inquiry or request.
  • Information about special needs or health (sensitive data): If you provide us with information about allergies, reduced mobility, or other health conditions to adapt our services, we will do so under your explicit consent and with the highest security measures.
• Information we collect automatically:
  • Browse and usage data: IP address, browser type, operating system, pages visited on our site, time spent, links clicked, general geolocation information (derived from IP). This information is collected through cookies and similar technologies (see our Cookies Policy).

We use your personal data for the following purposes and on the following legal bases:

• Management of reservations and provision of contracted travel services:
  • Purpose: To process your reservation requests, confirm your trips, manage payments, issue tickets and vouchers, communicate with you about your reservation (confirmations, changes, cancellations), coordinate with tourism service providers (airlines, hotels, tour operators, car rental companies, insurance, etc.).
  • Legal basis: Performance of a contract to which you are a party (Art. 6.1.b GDPR). Compliance with legal obligations (e.g., invoicing, passenger lists - Art. 6.1.c GDPR).
• Customer service and support:
  • Purpose: To respond to your inquiries, requests, complaints, or comments.
  • Legal basis: Legitimate interest in providing a quality service (Art. 6.1.f GDPR), or performance of a contract if the inquiry is related to a contracted service (Art. 6.1.b GDPR).
• Improvement of our services and the Website:
  • Purpose: To analyze Website usage to understand how users interact, improve usability, personalize your experience, and develop new services.
  • Legal basis: Legitimate interest (Art. 6.1.f GDPR) or your consent for the use of analytical cookies (Art. 6.1.a GDPR).
• Compliance with legal obligations:
  • Purpose: To comply with legal, tax, accounting, judicial, or administrative requirements.
  • Legal basis: Compliance with a legal obligation (Art. 6.1.c GDPR).
• Fraud prevention and security:
  • Purpose: To protect our systems, prevent fraudulent or illegal activities.
  • Legal basis: Legitimate interest (Art. 6.1.f GDPR).
• Management of health data for special needs (if applicable):
  • Purpose: To adapt travel services to your specific health needs (e.g., airport assistance, special meals).
  • Legal basis: Your explicit consent (Art. 9.2.a GDPR).

Our services are not primarily aimed at children under 14 years of age. If you are under 14, you need the consent of your parents or guardians to provide us with your personal data. If we detect that we have collected data from a minor under 14 without due consent, we will proceed to delete it. If a parent or guardian becomes aware that a minor has provided us with data without their consent, please contact us.

To fulfill the described purposes, your personal data may be shared with:

• Travel service providers: Airlines, hotels, car rental companies, tour operators, travel insurance companies, and other providers necessary for the provision of the services you have booked. We will only share strictly necessary information.
• Payment gateways and financial institutions: To process payments for your reservations.
• Technology service providers: Companies that provide us with web hosting services, web maintenance, data analysis, email marketing, customer relationship management (CRM), etc. These providers act as data processors and have contractual agreements that guarantee the protection of your data.
• Professional advisors: Lawyers, auditors, consultants, when necessary for compliance with our legal obligations or the defense of our interests.
• Authorities and public bodies: When required by law or within the framework of a legal proceeding (courts, law enforcement agencies, tax authorities, etc.).

We will keep your personal data only for the time necessary to fulfill the purposes for which it was collected, as well as to comply with legal obligations and determine possible liabilities that may arise from said purpose and data processing.

• Reservation and contractual data: During the term of the contractual relationship and, subsequently, during the applicable legal statute of limitations periods (generally 5-6 years for commercial and tax obligations).
• Inquiry data: For the time necessary to resolve your inquiry and to follow up on it.
• Cookie data: As specified in our Cookies Policy.

Once the data is no longer necessary, it will be securely deleted or anonymized.

You have the right to:

• Access your personal data.
• Request the rectification of inaccurate data.
• Request the erasure of your data (right to be forgotten), when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Request the restriction of processing of your data, in which case we will only keep it for the exercise or defense of claims.
• Object to the processing of your data, in certain circumstances and for reasons related to your particular situation. We will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
• Request the portability of your data to another controller, in a structured, commonly used, and machine-readable format.
• Withdraw consent given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Not be subject to automated individual decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise these rights, you can send a written communication to our registered office or to the email address info@ponentexplorers.com, clearly indicating the right you wish to exercise and attaching a copy of your ID or equivalent identification document.

We have adopted the necessary technical and organizational measures to ensure the security of your personal data and prevent its alteration, loss, unauthorized processing, or access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.

As a user, you are responsible for the truthfulness and accuracy of the data you provide us, and you release us from any liability in this regard. You undertake to provide complete and correct information and to keep it updated.

Our Website may contain links to other third-party websites. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please review these policies before submitting any personal data to these websites.

We reserve the right to modify this Privacy Policy to adapt it to new legislation or case law, as well as industry practices. In such cases, we will announce the changes on this page with reasonable anticipation of their implementation. We recommend you review this page periodically to stay informed of any updates.

If you believe that your data protection rights have been violated, you can lodge a complaint with the Spanish Data Protection Agency (AEPD):

• Address: C/ Jorge Juan, 6, 28001 – Madrid
• Electronic office: https://sedeagpd.gob.es/sede-electronica-web/
• Phone: 900 293 293

However, we recommend that before lodging a complaint with the AEPD, you contact us via info@ponentexplorers.com to try to resolve the matter amicably.