Contact

Carretera de San Bartolomé, 71, 35500
Arrecife, Lanzarote

928 84 84 84

info@centrosturisticos.com

CACT Lanzarote > Privacy policy

Privacy policy

PRIVACY – DETAILED INFORMATION

The Privacy Policy is part of the General Terms and Conditions governing this website www.cactlanzarote.com

Who is responsible for processing your data?

CENTROS DE ARTE, CULTURA Y TURISMO DEL CABILDO DE LANZAROTE. CIF: Q3500356E

Address: Calle Triana nº 38, 35500, Arrecife.

Phone: 928801500

Data protection officer: lopd@centrosturisticos.com

You can contact us in any way.

We reserve the right to modify or adapt this Privacy Policy at any time; we recommend reviewing it regularly.

Who can provide us with data?

Accessing the website may involve the processing of personal data. By accessing our page, you declare that you are of legal age and that all the data you provide us, whether mandatory to provide the service or information, or additional data to complete your information and request, are truthful and correct. These data are provided to us voluntarily.

For certain data processing activities, we will ask you to grant us your consent, and for specific purposes, we will request your authorization through the activation of specific checkboxes. 

What data do we collect?

When submitting an information request, contacting us via email or phone, or hiring our services, we may ask you to provide a series of personal data and information such as your first name, last name, address, email, contact phone number, among others.

How is the information and data you provide us used?

CENTROS DE ARTE, CULTURA Y TURISMO DEL CABILDO DE LANZAROTE will process the information for the following purposes:

You can view the dropdown information:

What data do we collect through the website?

We may process your IP, the operating system or browser you use, and even the duration of your visit, anonymously.

If you provide data in the contact form, it will identify you in order to contact you.

What are the purposes for processing your personal data?

To respond to your inquiries, requests, or petitions.

To manage the requested service, respond to your request, or process your petition.

To provide information by electronic means related to your request.

To send commercial or event information by electronic means, provided there is explicit consent.

To carry out analysis and improvements on the website and our services.

What is the legal basis for processing your data?

The acceptance and consent of the data subject: In cases where it is necessary to complete a form to make a request and click the submit button, doing so will necessarily imply that you have been informed and have expressly granted your consent to the contents of the clause attached to the form or to the acceptance of the privacy policy.

All our forms include the * symbol for mandatory data. If you do not provide these fields or do not check the privacy policy acceptance checkbox, the information cannot be submitted. It typically includes the following formula: “□ I am over 14 and have read and accept the Privacy Policy.”

How long will we keep your personal data?

Until the consent granted is revoked.

What data do we collect through communication?

When you contact us via WhatsApp Business, you will be identified in order to contact you.

What are the purposes for processing your personal data?

To respond to your inquiries, requests, or petitions.

To manage the requested service, respond to your request, or process your petition.

To provide information by electronic means related to your request.

To send commercial or event information by electronic means, provided there is explicit consent.

To carry out analysis and improvements on the website and our services.

What is the legal basis for processing your data?

The acceptance and consent of the data subject.

What data do we collect through the Newsletter?

On the website, you can subscribe to the Newsletter by providing an email address, to which it will be sent.

We will store only your email in our database and proceed to send periodic emails until you unsubscribe or we stop sending emails.

You will always have the option to unsubscribe from any communication.

What are the purposes for processing your personal data?

To manage the requested service.

To provide information by electronic means related to your request.

To send commercial or event information by electronic means, provided there is explicit consent.

To carry out analysis and improvements in mailing campaigns to enhance our commercial strategy.

What is the legal basis for processing your data?

The acceptance and consent of the data subject: In cases where you subscribe, it will be necessary to check a checkbox and click the submit button. This will necessarily imply that you have been informed and have expressly granted your consent to receive the newsletter.

If you do not check the privacy policy acceptance checkbox, the information cannot be sent. It typically includes the following formula: “□ I am over 14 and have read and accept the Privacy Policy.”

How long will we keep your personal data?

Until the consent granted is revoked.

What are the purposes for processing your personal data?

To provide information by electronic means related to your request.

To manage administrative, communication, and logistical services carried out by the Responsible Party.

Reservation management.

Online sales.

During the payment process via card, personal data will be collected by the banking entity that owns the Virtual POS, including: type of connection, date and time, IP address, device information, email address, mobile phone, browsing data, transaction data, and data required by 3D Secure security protocols, solely for the purpose of detecting and preventing unauthorized payment transactions.

Billing and declaration of applicable taxes.

To carry out the necessary transactions.

Control and recovery management.

To send commercial or event information by electronic means, provided there is explicit consent.

What is the legal basis for processing your data?

The existence of a contractual relationship between the parties. The processing is necessary for the execution of a contract in which the data subject is a party, or for the application of pre-contractual measures at their request.

How long will we keep your personal data?

For the duration of the relationship between the parties and for…

What are the purposes for processing your personal data?

To respond to your inquiries, requests, or petitions.

To manage the requested service, respond to your request, or process your petition.

To engage with you and build a community of followers.

What is the legal basis for processing your data?

The legal basis for processing is the voluntary consent of the data subject to contact us and, where applicable, the acceptance of a contractual relationship within the relevant social media platform. Data processing within the social media network will be carried out in accordance with its Privacy Policies.

How long will we keep your personal data?

We can only view or delete your data in a restricted manner due to having a specific profile. We will process your data for as long as you continue to follow us, be friends with us, or click “like”, “follow”, or similar buttons.

Any correction of your data or restriction of information or posts must be done through your profile or user settings within the social media platform.

What are the purposes for processing your personal data?

To monitor the condition of the facilities and contractual performance.

What is the legal basis for processing your data?

Public and legitimate interest.

How long will we keep your personal data?

They will be kept for a maximum period of 30 days.

What are the purposes for processing your personal data?

To issue invoices to customers, prepare official accounting, calculate, file, and settle taxes, prepare commercial documents such as balances and reports, and manage administrative tasks related to collections and payments.

What is the legal basis for processing your data?

Law 58/2003, of December 17, General Tax Law.

How long will we keep your personal data?

Six years for commercial purposes, and the necessary period to address responsibilities arising from each purpose.

What are the purposes for processing your personal data?

Tendering processes for goods or services and relations with suppliers.

What is the legal basis for processing your data?

Application of contractual and pre-contractual measures.

How long will we keep your personal data?

Six years for commercial purposes, and the necessary period to address responsibilities arising from each purpose.

What are the purposes for processing your personal data?

Management of the electronic headquarters.

What is the legal basis for processing your data?

Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations.

Royal Decree 203/2021, of March 30, which approves the Regulation on the operation and functioning of the public sector by electronic means.

How long will we keep your personal data?

For the duration of the processing and in accordance with the legal retention periods.

What are the purposes for processing your personal data?

Management of the Transparency Portal.

What is the legal basis for processing your data?

Law 12/2014, of December 26, on transparency and access to public information.

Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations.

How long will we keep your personal data?

For the duration of the processing and in accordance with the legal retention periods.

What are the purposes for processing your personal data?

To attend to requests for the exercise of rights related to personal data.

What is the legal basis for processing your data?

Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, and the LOPDGDD 3/2018 of December 5.

How long will we keep your personal data?

For the duration of the processing and in accordance with the legal retention periods.

What are the purposes for processing your personal data?

To notify the data subjects and the Supervisory Authority of security breaches that may affect the rights and freedoms of the data subjects.

What is the legal basis for processing your data?

Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, and the LOPDGDD 3/2018 of December 5.

What are the purposes for processing your personal data?

Management of seat reservations in the training programmes offered or participated in by the entity.

What is the legal basis for processing your data?

Consent of the data subject.

How long will we keep your personal data?

Until the revocation of the consent granted, and in accordance with the legal retention periods.

What are the purposes for processing your personal data?

Request for permission to carry out filming at any of the Centres of Art, Culture, and Tourism of Lanzarote.

What is the legal basis for processing your data?

Application of contractual and pre-contractual measures.

How long will we keep your personal data?

For the duration of the processing and in accordance with the legal retention periods.

What personal data do we collect through the website?

If you identify yourself, we may collect: name, surname, email, phone number, and personal data of any third parties you provide in the communication.

What purposes will we use your personal data for?

  • Manage communications.
  • Take the necessary corrective measures.
  • If necessary, inform you about the outcome of the procedure.

What is the legal basis for processing your data?

The legal basis is a legal obligation or, if applicable, public interest.

How long will we keep your personal data?

The data will be kept for the time strictly necessary to clarify the facts communicated. In any case, after six (6) months, the provided data will be anonymized unless they are being investigated in a different legal context.

Do we include personal data of third parties?

No, as a general rule, we only process the data provided by the data subjects. If you provide data of third parties, you must inform and obtain their consent beforehand; otherwise, you exempt us from any responsibility for non-compliance with this requirement.

And data from minors?

We do not process data from minors under 14 years old. Therefore, do not provide data if you are under that age or, if applicable, provide data of third parties who do not meet that age requirement. CENTROS DE ARTE, CULTURA Y TURISMO DEL CABILDO DE LANZAROTE is exempt from any responsibility for non-compliance with this provision.

What security measures do we apply?

We have appropriate policies and technical and organizational measures in place to safeguard and protect your personal data against illegal or unauthorized access, accidental loss or destruction, damage, illegal or unauthorized use and disclosure. We will also take reasonable precautions to ensure that our staff and employees who have access to your personal data have received appropriate training.

To whom will your data be communicated?

Your data will only be shared with entities required by law, banks and financial institutions for the collection of the service provided, and the data processors necessary for the execution of our services. Furthermore, if you choose any application, website, platform, bank card, or other online service for payment, the data will be transferred to that platform or processed within its environment, always with maximum security. During the payment process, data will be collected by the bank entity that owns the Virtual POS.

When instructed, the web development and maintenance company, and web hosting provider will have access to our platform. These companies will sign a service provision contract requiring them to maintain the same level of privacy as we do.

There will be no international data transfers, and if necessary, they will only be carried out when legally authorized in accordance with the GDPR.

What rights do you have?

  • To know if we are processing your data.
  • To access your personal data.
  • To request the rectification of your data if it is inaccurate.
  • To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent given.
  • To request the limitation of the processing of your data in some cases, in which case we will only keep it in accordance with the current regulations.
  • To port your data, which will be provided in a structured, commonly used, and machine-readable format. If preferred, we can send it to the new controller you designate (only valid in certain cases).
  • To file a complaint with the Spanish Data Protection Agency or the competent supervisory authority if you believe we have not properly attended to your request.
  • To revoke the consent for any processing you have previously consented to, at any time.

If you change any data, please let us know so we can keep it updated.

Do you want a form for exercising your rights?

We have forms available for exercising your rights. Request them by email or, if you prefer, you can use the ones provided by the Spanish Data Protection Agency. These forms must be signed electronically or accompanied by a photocopy of your ID card. If someone represents you, they must attach a copy of their ID or have it signed electronically.

The forms can be submitted in person or sent by email to the Responsible Party’s address mentioned at the beginning of this text.

How long will it take us to respond to your exercise of rights?

The time will depend on the right, but at most within one month from your request, and up to two months if the matter is very complex and we notify you that we need more time.

For what purposes will we process your personal data?

Evaluate the level of satisfaction and the quality of the service provided.
Improve the quality and efficiency of the services offered.

What is the legal basis for processing your data?

The processing of your personal data is based on the following legal grounds:

Legitimate interest: If there is a prior contractual relationship (e.g., ticket purchases for our centres or services), the processing is based on the legitimate interest of the Centros de Arte, Cultura y Turismo de Lanzarote, in accordance with Article 21.2 of Law 34/2002 on Information Society Services and Electronic Commerce, to conduct surveys related to the quality and improvement of our services.

Consent: In the absence of a prior contractual relationship, processing is based on the explicit consent of the user, who may withdraw their consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Do we use cookies?

If we use any cookies other than those strictly necessary, you can consult the cookie policy through the relevant link at the start of our website.

How long will we keep your personal data?

Personal data will be kept as long as you remain linked to us.

Once you disassociate, the personal data processed for each purpose will be retained for the legally required periods, including the time a judge or court may request them, according to the statute of limitations for legal actions.

The data will be kept until the expiration of the aforementioned legal periods, if there is a legal obligation to retain them, or if there is no such legal period, until the individual requests their deletion or withdraws the consent granted.

We will retain all information and communications related to your purchase or the provision of our service to address potential claims.

For each data processing or type of data, we provide a specific period, which you can consult in the following table:

FileDocumentRetention
ClientsInvoices10 years
Forms and coupons15 years
Contracts5 years
MarketingWebsite visitor databasesAs long as processing lasts
SuppliersInvoices10 years
Contracts5 years
Video surveillanceVideos30 days
AccountingAccounting books and documents, partner agreements and board of directors’ meetings, company statutes, minutes, board regulations, and delegated committees, financial statements, audit reports, subsidy-related documents6 years
TaxAdministration of the company, rights, and obligations relating to tax payments, dividend payments, and tax withholdings10 years
LegalIntellectual and industrial property documents, contracts, and agreements5 years
Permits, licenses, certificates6 years from the expiry date of the permit, license, or certificate. 10 years (statute of limitations for criminal cases)
Confidentiality and non-compete agreementsAlways for the duration of the obligation or confidentiality
GDPR/LOPDGDPersonal data processing, if different from the processing notified to the AEPD3 years
Personal data of employees stored on networks, computers, and communication equipment used by them, access controls, and internal management/administration systems5 years

Newsletter

Enter your email and receive all our news


Follow us

Open chat
1
Need help?
Hello, how can we help you?

Attention hours 8:00 a.m. to 3:00 p.m. Monday through Friday. After this time you can leave us your email and query and we will respond as soon as possible.