Privacy Notice

1. Data Controller

The data controller responsible for your personal information is:

2. Information We Collect

We collect information you provide directly to us when you use our travel services:

• Personal Information: Name, email address, phone number, mailing address, date of birth, nationality
• Travel Information: Passport details, travel preferences, dietary requirements, accessibility needs
• Payment Information: Credit card details, billing address (securely processed by our payment partners)
• Communication: Records of your correspondence with us via email, WhatsApp, phone, and support requests

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contractual necessity: To fulfill our travel service contract with you
• Legal obligation: To comply with applicable laws and regulations
• Legitimate interests: To improve our services and protect our business
• Consent: For marketing communications and optional data processing

4. How We Use Your Information

We use your personal information to:

• Process and manage your travel bookings and arrangements
• Communicate with you about your trips, changes, or important updates
• Provide customer support and respond to your inquiries
• Send you travel documents, confirmations, and itineraries
• Improve our services and develop new offerings
• Comply with legal obligations and protect our business interests
• Send you marketing communications (with your consent)

5. Information Sharing

We may share your information with:

• Travel Service Providers: Airlines, hotels, tour operators, and local partners necessary to complete your booking
• Payment Processors: Secure payment companies to process transactions
• Government Authorities: When required by law or for immigration and security purposes
• Emergency Contacts: In case of travel emergencies or safety concerns

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information in accordance with GDPR Article 32:

• SSL/TLS encryption for all data transmission
• Secure servers and databases with restricted access
• Regular security audits and updates
• Employee training on data protection and privacy
• Compliance with industry security standards

7. Data Retention

We retain your personal information only for as long as necessary to:

• Provide ongoing services and support
• Comply with Spanish and EU legal requirements
• Resolve disputes and enforce agreements
• Maintain business records for tax and accounting purposes

Typically, we retain booking information for 5 years after completion of travel, in accordance with Spanish commercial law requirements.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal information we hold about you
• Right to Rectification (Art. 16): Ask us to correct inaccurate or incomplete information
• Right to Erasure (Art. 17): Request deletion of your personal information (subject to legal requirements)
• Right to Restriction (Art. 18): Request limitation of processing in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for optional data processing at any time

To exercise these rights, please contact us at hello@viatsy.com. We will respond within one month as required by GDPR.

9. Cookies and Tracking

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website usage and performance
• Provide personalized content and recommendations
• Support marketing and advertising efforts

You can control cookie settings through your browser preferences or our cookie consent banner. See our Cookies Policy for more details.

10. International Transfers

Your information may be transferred and processed in countries outside the European Economic Area (EEA) when necessary for travel services. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

11. Children's Privacy

Our services are not intended for children under 16 without parental consent. We do not knowingly collect personal information from children without appropriate parental authorization. If we become aware of such collection, we will delete the information promptly.

12. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency:

13. Contact Us

For questions about this Privacy Notice or to exercise your rights, please contact us: