Privacy Policy

Privacy Policy and Data Protection

In compliance with current legislation, Travifo is committed to adopting the necessary technical and organizational measures, according to the appropriate level of security for the risk of the data collected.

Laws incorporated in this privacy policy

This privacy policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018, of December 5, on Personal Data Protection and Digital Rights Guarantee (LOPD-GDD).
• Royal Decree 1720/2007, of December 21, approving the Regulation implementing Organic Law 15/1999 (RDLOPD).
• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The data controller for personal data collected by Travifo is:

Name

Carlos Espelleta Conte

Contact email

support@travifo.com

Personal data registry

In compliance with the GDPR and LOPD-GDD, we inform you that personal data collected by Travifo, through the forms on its pages, will be incorporated and processed in our files in order to facilitate, expedite and fulfill the commitments established between Travifo and the User, or to respond to a request or inquiry.

Principles applicable to the processing of personal data

The processing of the User's personal data shall be subject to the following principles set out in Article 5 of the GDPR:

• Principle of lawfulness, fairness and transparency: The User's consent shall be required at all times, following fully transparent information about the purposes for which personal data is collected.
• Principle of purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes.
• Principle of data minimization: Personal data collected shall be limited to what is strictly necessary in relation to the purposes for which it is processed.
• Principle of accuracy: Personal data must be accurate and kept up to date at all times.
• Principle of storage limitation: Personal data shall only be kept for the time necessary for the purposes of processing.
• Principle of integrity and confidentiality: Personal data shall be processed in a manner that ensures its security and confidentiality.
• Principle of accountability: The Data Controller shall be responsible for ensuring that the above principles are met.

Categories of personal data

The categories of data processed by Travifo are limited to identifying data. Under no circumstances are special categories of personal data processed within the meaning of Article 9 of the GDPR.

Legal basis for the processing of personal data

The legal basis for the processing of personal data is consent. Travifo is committed to obtaining the explicit and verifiable consent of the User for the processing of their personal data for one or more specific purposes.

The User shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the use of the Website.

Purposes of personal data processing

Personal data is collected and managed by Travifo in order to facilitate, expedite and fulfill the commitments established between the Website and the User: account management, service provision, handling requests, and improving the functionality and browsing experience of the platform.

Travifo will not use personal data for direct marketing purposes without first obtaining the User's specific consent for such purpose.

Personal data retention periods

Personal data shall only be retained for the minimum time necessary for the purposes of processing and, in any case, until the User requests its deletion.

Recipients of personal data

The User's personal data may be shared with the following service providers, acting as data processors:

• Google Analytics 4 (Google LLC): a web analytics tool that collects anonymized browsing data to measure the Website's performance. Google LLC may transfer data outside the European Economic Area under the safeguards of the EU-U.S. Data Privacy Framework. More information is available in Google's Privacy Policy (https://policies.google.com/privacy). The User may opt out of tracking by installing the opt-out add-on available at https://tools.google.com/dlpage/gaoptout.

Cookies

Travifo uses its own and third-party cookies for the proper functioning of the Website and for statistical analysis of its use. For more information, please refer to our Cookie Policy (coming soon at /cookies).

Personal data of minors

Only persons over the age of 14 may give their consent for the lawful processing of their personal data by Travifo. In the case of minors under 14 years of age, the consent of parents or guardians is required for processing.

Security of personal data

Travifo is committed to adopting the necessary technical and organizational measures to ensure the security of personal data and prevent its accidental or unlawful destruction, loss or alteration, as well as unauthorized access thereto.

The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and in encrypted form.

In the event of a breach of personal data security that poses a high risk to the rights and freedoms of natural persons, Travifo will notify the User without undue delay, in accordance with Article 34 of the GDPR.

Rights derived from the processing of personal data

The User may exercise the following rights recognized by the GDPR and LOPD-GDD against the Data Controller:

• Right of access: Obtain confirmation of whether Travifo is processing their personal data and, if so, obtain information about it.
• Right to rectification: Request the modification of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): Request the deletion of personal data when it is no longer necessary for the purposes for which it was collected, among other grounds provided by law.
• Right to restriction of processing: Request the restriction of personal data processing in the cases provided by law.
• Right to data portability: Receive personal data in a structured, commonly used and machine-readable format, and transmit it to another data controller.
• Right to object: Object to the processing of personal data.
• Right not to be subject to automated decisions: Not to be subject to a decision based solely on the automated processing of data, including profiling.

To exercise any of these rights, the User may send a written communication to:

support@travifo.com

Indicating in the subject line the reference "RGPD-travifo.com" and attaching a copy of their identity document or equivalent proof of identity.

Complaints to the supervisory authority

If the User considers that there is a violation of current regulations regarding the processing of their personal data, they may file a complaint with the competent supervisory authority. In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD): www.aepd.es (https://www.aepd.es/).

Acceptance and changes to this policy

Use of the Website implies acceptance of this Privacy Policy. Travifo reserves the right to modify it at any time, due to legislative or case-law changes or decisions by the AEPD. The User is advised to review it periodically.