Privacy and Data Protection Policy

In accordance with Article 10 of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, we inform you that Marina Hércules S.A., with NIF A51013514 and address at Avda. Juan Pablo II, S/N, Ceuta 57007 is responsible for the management and operation of the site ceutanautic.com.

If you wish to contact us, you can do so by postal mail to the address indicated above or by email to info@ceutanautic.com

Access to our domain can be done directly or through any existing re-direction, with this same Privacy Policy being applicable.

Privacy Policy

This Privacy Policy describes how we treat your personal data (e.g., collection, use, communication, conservation, and protection of your personal information) and provides information about your rights as a data subject.

Marina Hércules, (hereinafter THE HOLDER) is responsible for the processing, as well as the collection, use, communication, conservation, and protection of your personal data, in accordance with the General Data Protection Regulation, internal rules and policies, or any applicable national regulations.

In compliance with Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as the new General Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, through this document, THE HOLDER informs:

Identity and contact details of the Controller

Our identifying information:

Marina Hércules S.A.

You can contact us by:

- Postal mail: Avda. Juan Pablo II, S/N, Ceuta 57007
- E-mail: info@ceutanautic.com
- Telephone: 956.525.001
- Website: ceutanautic.com

Categories of personal data

We process the following categories of personal data:

Identification data – name and surname, ID card or equivalent
Administrative data – Company name, address, bank details and contact persons
Contact data – email, telephone number and address.
Digital data – cookies, IP address, websites and social networks and other data publicly accessible on the Internet, etc.
Employment data – data of own employees, curriculum vitae, studies, professional experience and health.
Business data – suppliers and customers.
Other data necessary for the processing – for more information on the category of personal data in the development of our Activity, you can consult our Record of Activities, section “Data Category”.

How do we collect your data?

We collect information about you from the following sources:

When communicating or interacting with you by telephone, e-mail or through other means of contact.
Through the Contact form on the web.
Through the Reservation Request form on the web.
Through time control tools, if applicable.
When you visit our facilities.
When you provide us with a curriculum vitae.

How long do we keep your data?

The data will be kept while there is a commercial, contractual or professional relationship with the interested party and subsequently for the years necessary to comply with the corresponding legal obligations in each case. Without prejudice to the foregoing, they will be kept as long as they are necessary for the processing and the interested party does not request their deletion.

Regarding labor data or data related to social security, documentation or computer records or media in which the corresponding data that prove compliance with the obligations regarding affiliation, registrations, cancellations or variations that, where appropriate, occur in relation to said matters, as well as the contribution documents and the receipts justifying the payment of salaries and the delegated payment of benefits, according to Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Infractions and Sanctions in the Social Order, its conservation will be 4 years.

Regarding accounting and tax documentation, for tax purposes, the accounting books and other mandatory registration books according to the tax regulations that apply (IRPF, VAT, IS, etc.), as well as the documentary supports that justify the annotations registered in the books (including computer programs and files and any other proof that has tax significance), must be kept, at least, during the period in which the Administration has the right to verify and investigate and, consequently, to settle tax debt, according to Articles 66 to 70 of the General Tax Law, will be 4 years.

Regarding accounting and tax documentation, for commercial purposes, books, correspondence, documentation and supporting documents concerning your business, duly ordered from the last entry made in the books, unless otherwise established by general or special provisions, this commercial obligation extends to both the mandatory books (income, expenses, investment goods and provisions), in addition to the documentation and supporting documents on which the annotations registered in the books are supported (invoices issued and received, tickets, corrective invoices, bank documents, etc.), according to Article 30 of the Commercial Code, will be 6 years.

The data related to the time controls of the workers will be kept, as established by Royal Decree-Law 8/2019, of March 8, on urgent measures for social protection and the fight against job insecurity in the working day, for 4 years.

To whom do we transfer your data?

Depending on the purpose of the processing, your personal data could be transferred or processed to different categories of recipients:

Collaborators or external Professionals (Advisors in Labor and Tax matters, Mutual Insurance Company in charge of health surveillance, Occupational Risk Prevention Company, …)
Public administrations (General Treasury of Social Security, the State Public Employment Service, the Ministry of Labor, the Ministry of Finance, and the entities or organizations that grant aid or subsidies of interest to the company, which will use them in the legitimate exercise of their powers).

In any case, we transfer your data only to the extent that it is strictly necessary and in the manner required to carry out the purposes described in this privacy policy and only to entities with which we have signed agreements protecting your rights and freedoms in relation to your personal data, these entities and/or professionals considered as Data Processors will be governed by the provisions of Art. 28 of the GDPR and this entity is responsible for ensuring that they take all the necessary security measures in accordance with Art. 32 of this GDPR.

Where do we process your data?

In order to carry out our activity, the provision of our services, we process your personal data in accordance with the conditions established in this privacy policy within the European Union (EU).

For what purposes do we process your data?

Your data will be collected for the processing operations relevant to the following purposes:

Receive contact information or other requests made by you through any of our communication channels.
Administrative tasks derived from the provision of our services.
Communication of rates or mooring reservations.
Answer questions about any of our services.

For more information on the purposes of data processing in the development of our Activity, you can consult our Record of Activities, section “Purposes of Processing”.

You may withdraw your consent at any time free of charge by exercising your rights, directing your request in writing and duly identified by means of an accrediting document, to our address Avda. Juan Pablo II, S/N, Ceuta 57007 or by email to info@ceutanautic.com. For more detailed information on the Exercise of your rights, you can consult our Registry of Activities, section “Exercise of Rights”

Why can we process your data?

The use of your data under the conditions described above is permitted by European and Spanish data protection regulations in accordance with the following legal bases:

Art. 6 GDPR

The data subject gave their consent to the processing of their personal data for one or more specific purposes.
The processing is necessary for the execution of a contract to which the data subject is a party or for the application at their request of pre-contractual measures.
The processing is necessary for compliance with a legal obligation applicable to the controller.

What are your rights?

Data protection regulations allow you to exercise your rights of access, rectification, opposition, deletion (“right to be forgotten”), restriction of processing, portability and not to be subject to individualised decisions before the Controller.

Any interested party has the Right to be provided BEFORE their data is collected, with basic information at a first level, in a summarised manner, at the same time and in the same medium in which their personal data is collected and, on the other hand, to be sent the rest of the information, in a medium more suitable for its presentation and understanding.

The information to be provided in layers or levels would be the following:

1st Layer Information

The identity of the Data Controller.
What data will be processed.
For what purpose.
Where and how they were obtained.
The legal basis of the processing.
Whether they will be communicated, transferred or processed by third parties.
Reference to the procedure for Exercising Rights.

2nd Layer Information

Contact details of the controller. Identity and details of the representative (if any). Contact details of the data protection officer (if any).
Extended description of the purposes of the processing. Time limits or criteria for data retention. Automated decisions, profiles and applied logic.
Details of the legal basis of the processing, in cases of legal obligation, public interest or legitimate interest. Obligation or not to provide data and consequences of not doing so.
Recipients or categories of recipients. Adequacy decisions, guarantees, binding corporate rules or specific applicable situations.
How to exercise the rights of access, rectification, deletion and portability of data, and the limitation or opposition to its processing.
Right to withdraw consent given.
Right to complain to the Supervisory Authority.

(The following table indicates what your rights are).

Right of access	To know what data of yours is being processed, for what purpose it is processed, where the data has been obtained and if they are going to communicate it or have communicated it to someone
Right of rectification	To modify those data of yours that are inaccurate or incomplete
Right of cancellation	To cancel your inadequate or excessive data
Right of opposition	To prevent your data from being processed or ceasing to be processed, even if only in the cases established by law
Right to restriction of processing	To request that data processing be suspended in the cases established by law.
Right to data portability	To be able to receive your data provided in a structured electronic format, commonly used and be able to transmit them to another Controller.
Right not to be subject to individualised decisions	In order that a decision is not taken about you that produces legal effects or affects you based only on the processing of your data.

These rights are characterised by the following:

Its exercise is free of charge.
You can exercise your rights directly or through a legal representative.
If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests otherwise.
Before exercising your rights, we must identify you to protect your personal data against fraudulent attempts.
Your request will be resolved within one month.

If the requests are manifestly unfounded or excessive (e.g. repetitive nature) the controller may:

The controller is obliged to inform you about the means to exercise these rights. These means must be accessible and this right cannot be denied for the sole reason that you opt for another means.
If the controller does not act on the request, it will inform you, at the latest within one month, of the reasons for its inaction and the possibility of complaining to a Supervisory Authority.

If you wish to exercise any of the rights described, you can contact us through our Internal Data Protection Officer:

By postal address:

Marina Hércules S.A.

Att. Data Protection Officer

Avda. Juan Pablo II, S/N, Ceuta 57007

Or by email to: info@ceutanautic.com

supervisory authority

If you wish to file a complaint in relation to the processing of your data by THE HOLDER, we inform you that you can contact the Spanish Data Protection Agency, C/ Jorge Juan, 6 28001-Madrid http://www.agpd.es

Cookies

Cookies are files that are downloaded to your computer to collect standard Internet registration information and information about browsing habits. This information is used, for example, to track the use of website visitors and collect statistical reports on website activity.

You can configure your browser to not accept cookies. However, some first-party cookies are necessary to allow the website user’s session to use our services.

For more information, visit the Cookies Policy of our website.

Minors

The User certifies that they are over 14 years of age and therefore have the necessary legal capacity to provide consent regarding the processing of their personal data, all in accordance with the provisions of this Privacy Policy.

If you wish to use our services through the web and you are 14 years old or younger, we will need the consent of your legal guardian to store your data, if we do not have it, we may proceed to block or delete it.

Registry of Activities

You can request an updated copy of our Registry of Activities through our email address info@ceutanautic.com.

Security

THE OWNER adopts organizational and technical measures in order to guarantee the security of personal data and prevent its alteration, loss, treatment or unauthorized access, taking into account the state of the technology, the nature of the stored data and the risks to which they are exposed.

Updates

We keep our privacy policy under review and may change it occasionally (mainly to comply with legal and data protection practices). Updated versions will be published on our website.

Applicable Legislation and competent courts

The terms and conditions that govern this website, as well as the relationships that may arise, are protected and are subject to Spanish legislation. For the resolution of any type of controversy, litigation or discrepancy that may arise between the USER and Marina Hércules S.A. due to the use of this website, it is agreed to submit them to the Courts and Tribunals of Ceuta, Spain.