Responsible Tourism Institute / Biosphere ("RTI", "RTI / Biosphere", "we" or "us") treats personal data that is provided to us with respect and integrity. Data protection has a particularly high priority for us, and we are committed to safeguarding the privacy of the data that we receive through our websites.
General Data Protection Regulation;
Any other data protection regulations specific of the applicable country.
Through this data protection statement, our company wishes to inform to the general public about the nature, scope and purpose of the personal information that we collect, use and process. In addition, the interested parties are informed, through this declaration of data protection, of the rights to which they are entitled.
The Responsible Tourism Institute (RTI) is an international organization that promotes, for more than 20 years, responsible tourism at the international level, helping all actors involved in the tourism sector to develop a new way of traveling and getting to know our Planet. For this, we have been sponsoring and collaborating with the United Nations Educational, Scientific and Cultural Organization (UNESCO) since our birth, through a memorandum of understanding. We are also members of the World Tourism Organization (UNWTO) and founding member of the Global Sustainable Tourism Council (GSTC). We collaborate with various associations of entrepreneurs in the tourism sector, as well as with organizations, governmental and non-governmental, for the realization of tourist activities and projects, located both in developed countries, and in developing countries, where projects are carried out consistent with the principles of sustainable development.
Many of our services are provided through an online certification and benchmarking platform, fully incorporated into our website www.biospheretourism.com, through which we store and protect the data provided by our customers. We have implemented numerous technical and organizational measures to ensure the most complete protection of personal information processed through our websites, incorporating privacy controls that affect the way we process your personal information.
In your relationship with us through the websites for the purposes of the General Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union and other provisions related to data protection, our data are:
Responsible Tourism Institute
1, La Rosa Street
Santa Cruz de Tenerife, Spain
E-mail contact: firstname.lastname@example.org
CHAPTER 1. DEFINITIONS
Our data protection statement is intended to be legible and understandable to the general public, as well as to our customers and business partners. To guarantee this, we would like first to explain the terminology used.
In this data protection statement, we use, among others, the following terms:
1a) Personal information.
Personal data means any information related to an identified or identifiable physical person ("data subject"). An identifiable physical person is one that can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more specific factors of the physical, physiological factors genetic, mental, economic, cultural or social identity of that physical person.
1b) Data subject.
The data subject is any identified or identifiable physical person, whose personal information is processed by the responsible controller of the processing.
1c) Data processing.
Processing is any operation or set of operations that is performed with personal data, either by automated means or not, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or making available, alignment or combination, restriction, deletion or destruction.
1d) Processing restriction.
The processing restriction is the set of personal information stored with the aim of limiting its processing in the future.
Profiling means any form of automated processing of personal information, which consist on the use of personal information to evaluate certain personal aspects related to a physical person, in particular to analyze or predict aspects related to the performance of that physical person at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
1f) Controller or responsible controller of the processing.
The controller or responsible controller of the processing is the physical or legal person public authority, agency or other body that, alone or in conjunction with others, determines the purposes and means of processing personal data. When the purposes and means of such processing are determined by the legislation of the European Union or of the Member State, the controller or the specific criteria for their designation may be provided for in the legislation of the Union or of the Member State.
Processor is a physical or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The addressee is a physical or legal person, public authority, agency or other body, to which the personal information is disclosed, whether it is a third party or not. However, public authorities that may receive personal information in the context of a particular investigation in accordance with the European Union or Member State law will not be considered as addressees. The processing of these data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.
1i) Third party.
Third party is a physical or legal person, public authority, agency and agency other than the subject of the data, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to personal data.
The consent of the interested party is a freely given, specific, informed and unequivocal indication of the interested party's wishes, by means of which, through a declaration or a clear affirmative action, it means that it accepts the processing of the personal data related to it.
CHAPTER 2. DATA RECOPILATION
When you buy us, we ask you to provide us with your payment information, which will be used for the safe processing of your order.
In addition, we request a valid email address, which will be included in our database within our list of emails. Given the characteristics of our integrated certification and benchmarking platform in our website www.biospheretourism.com, we need your email not only for the generation and registration of your user in our services, but also for the communication of the derived processes of these services. These processes and their communication include the correct registration of the user, the notice of the date of the next audit, the instructions to complete the certification questionnaire and the improvement actions, the notice of the next payment, etc. In addition, we use your email to send information about news and updates, as well as marketing promotions.
Within our databases, in the list of emails of our integrated certification and benchmarking platform on our website, we have established:
- the general categories of personal data that we can process;
- in the case of personal data that we did not obtain directly from our clients, the source and specific categories of those data;
- the purposes for which we can process personal information;
- the legal bases of the processing.
We can process the data of your account or customer profile ("account data"). The data of your account or customer profile can include your name and email address. The data of the account can be processed in order to provide our services, updates and discounts, guarantee the security of our website and our services, keep backup copies of our databases and communicate with you.
We can process the personal information you provide us during the use of our certification services, benchmarking, etc. ("service data"). The data of the service can be processed in order to provide our services, ensure the security of our website and our services, keep backup copies of our databases and communicate with you.
We may process information related to our customer relationships, including customer contact information ("customer relationship data"). The customer relationship data may include your name, your company or organization, or profession, contact information and information contained in the communications between you and your employer. The customer relationship data can be processed in order to provide our services, ensure the security of our website and our services, keep backup copies of our databases and communicate with you.
We may process information related to transactions, including purchases of goods and services, that you have made with us and / or through our services ("transaction data"). The transaction data can include your contact information and the details of the transaction. The transaction data can be processed in order to provide our services, ensure the security of our website and our services, keep backup copies of our databases and communicate with you.
We can process the information contained in any query you send us regarding products and / or services ("query data"). The data of the query can be processed in order to provide our services, ensure the security of our websites and our services, keep backup copies of our databases and communicate with you.
We can process the information contained or related to any communication you send us ("correspondence data"). The correspondence data may include the communication content and the metadata associated with the communication. Our websites will generate the metadata associated with the communications made using the contact forms of the websites. Correspondence data can be processed to provide our services, ensure the security of our website and our services, keep backup copies of our databases and communicate with you.
Also, as a user of our website, we process the data on the use of our websites by anyone browsing through them, respecting our Cookies Policy. Such usage data may include your IP address, geographical location, type and version of the browser, operating system, reference source, duration of the visit, page views and navigation routes of the website, as well as information about the time, the frequency and pattern of service use. The source of the usage data is our analysis tracking system. These usage data can be processed in order to analyze the use of our websites.
The websites www.responsibletourisminstitute.com and www.biospheretourism.com collect a series of general data and information when a user subject to data or an automatic system connects with our website. This information and general data are stored in the server's log files. The collected data can be:
- Operative system used by the access system,
- The website from which an access system comes at our website (called “referrers”),
- Secondary websites,
- The date and time of access to the website,
- An Internet Protocol address (IP address),
- Any other data and similar information that may be used in case of attacks on our information technology systems.
When you use this data and general information, RTI does not make any conclusions about the user of the data. Rather, this information is necessary to:
- deliver the content of our website correctly (for example, that the user visualizes the correct version of our web pages depending on their language and geographical location of access);
- optimize the content of our website (for example, not showing pages or content previously viewed by a particular user);
- ensure the long-term viability of our information technology systems and website technology;
- provide the police authorities with the information necessary for criminal prosecution in case of cyber-attack;
In addition to the specific purposes for which we may process your personal information established in this Section 2, we may also process any of your personal information when such processing is necessary to fulfill a legal obligation to which we are subject.
Do not give us the personal information of another person, unless we request you to do that.
Access to our websites is free; however, we take this opportunity to remind you that in case you access to any of our websites through a mobile device, Internet tariff providers and operators will continue to apply the charges and standard rates provided in the service contract that you have stipulated with them.
We do not knowingly collect or solicit information from clients who are underage, nor do we consciously allow such customers to register in our services. Our services and their contents are not intended for children underage.
If we discover that we have collected personal information from an underage child without parental consent, we will remove this information as soon as possible.
If you think we have information about an underage child, contact us at email@example.com.
CHAPTER 3. USE AND DISCLOSURE OF PERSONAL INFORMATION TO OTHERS
The Responsible Tourism Institute and all its territorial biosphere delegations (Biosphere Spain, Biosphere USA, Biosphere Germany, etc.) use the data received to improve, test and monitor the effectiveness of our services; develop and test new products and functions; to control measurements, such as the total number of visitors, traffic and demographic models; to diagnose or solve technological problems; to update the websites on your device.
In addition to the specific disclosures of personal information established in this Section 3, we may disclose your personal information when such disclosure is necessary to fulfill a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another physical person. We may also disclose your personal information when such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in judicial proceedings or in an administrative or extrajudicial proceeding.
We do not rent or sell your information to third parties without your consent, unless otherwise stated by virtue of legal provisions.
We may share your information, as well as information about tools such as cookies or similar, with third-party organizations that help us provide services to you, but only to the extent reasonably necessary.
We may also share this information with our advertising partners, so we can offer you, among other things, targeted advertising that may interest you.
We can access your information, as well as store and share it in response to a request when the law requires it. In addition, we can access your information, as well as store and share it, if we think in good faith that this is necessary to: detect, prevent and manage fraud and other illegal activities; protect ourselves, you and other people, even in the context of any investigation; prevent events that could cause imminent physical harm or death.
CHAPTER 4. COOKIES AND TRACKING TECHNOLOGIES
Many cookies contain the so-called identification or cookie ID. A cookie identification is a unique identifier of the cookie. It consists of a string of characters through which you can assign Internet pages, servers or applications to the specific application or server in which the cookie was stored.
Through a cookie, information and offers on a website can be optimized, taking the customer in mind.
Through a cookie, information and offers on a website can be optimized with the customer in mind. Cookies allow us, as mentioned above, to recognize customers of our websites. The objective of this recognition is to make it easier for customers to use our websites.
The interested party can, at any time, avoid the configuration of cookies through our websites through the corresponding configuration of the application and, therefore, can permanently deny the configuration of cookies. In addition, the cookies already configured can be deleted at any time, if the data subject deactivates the configuration of cookies in the application, not all functions of our websites can be fully usable.
We use automatically collected information during the Services through cookies and similar technologies to: (i) personalize our Service, such as reminding a Customer or Visitor information or login details so that the Client or Visitor does not have to re-enter during a visit or later access; (ii) provide personalized content and information; (iii) monitor and analyze the effectiveness of the websites and activities of third parties; and (iv) monitor the use metrics of the site, such as the number of visitors.
If you want to know more about our Cookies Policy, you can access through this link: Cookies Policy.
CHAPTER 5. QUALITY OF THE DATA.
CHAPTER 6. SECURITY OF THE DATA
We have taken reasonable measures to keep your personal information secure at all times and in accordance with our Information Security Policies. For example, electronic access to our databases is limited to personnel authorized and segmented by departments (those in charge of maintaining the public profiles of the clients cannot access the information on the certification or on the billing of the clients).
We also take measures to protect reasonably your personal information against misuse and loss, unauthorized access, modification or disclosure, and it is maintained accurately, completely and updated.
CHAPTER 7. OPENING
We will be honest and let you know about the type of personal information we collect about you and the actual use of that information. We will inform you at the time we collect your personal information, or shortly thereafter, about how we will treat it.
If you need details about the personal information we have about you, please contact us by email at: firstname.lastname@example.org.
CHAPTER 8. ACCESS, CORRECTION AND ELIMINATION
We respect your privacy rights and provide you with reasonable access to the information we have collected about you and obtain a more detailed explanation of how the information is used.
If you wish to access or modify any other personal information we have about you, or to request that we remove any information about you that we have obtained through the acquisition of our websites, you can contact us as set out below in SECTION 16 'How to contact us ' Unless it is required that personal information be retained by us for administrative or legal reasons, RTI will comply with such requests at the earliest possible opportunity.
CHAPTER 9. STOP RECEIVING COMMUNICATIONS
If you want to stop receiving our communications, you can unsubscribe at any time by following the instructions contained in the email received, accessing your user profile and clicking on "Do not receive news" or by contacting us through the channels and addresses provided in CHAPTER 16 'How to Contact Us.'
Please note that if you are a client of one of our services and choose not to receive our informative emails or the promotional communications you receive from us, you will continue receiving the emails associated with the service you have contracted as a client through our Certification and benchmarking platform integrated in our website. Remember that as we explained in CHAPTER 2, for the collection of data we need your email not only for the generation and registration of your user in our services, but for the communication of the processes derived from these services. These processes and their communication include the correct registration of the user, the notice of the date of the next audit, the instructions to complete the certification questionnaire and the improvement actions, the notice of the next payment, etc.
CHAPTER 10. TRANSFER OF DATA
CHAPTER 11. DATA CONTROLLER AND DATA PROCESSOR
In accordance with the regulations provided by the General Data Protection Regulation, also known as GDPR for the European Union, the data controller and data processor for Responsible Tourism Institute / Biosphere is the developer of our websites:
Projectes a Internet Enginyeria de Software, S.L.
517, Aragó Street
E-mail contact: email@example.com
At the same time, they are also data processors any of the territorial delegations of the Responsible Tourism Institute. To receive more information about the list of territorial delegations of the RTI, please contact us by email at: firstname.lastname@example.org.
CHAPTER 12. SENSITIVE INFORMATION
We do not believe in the intrusive collection of your personal data and we will not collect information that is considered highly personal or highly confidential without your prior consent. If you want to know more about our Clause of Confidentiality applicable to our clients, you can consult our Terms of Service (TOS).
CHAPTER 13. RETENTION AND ELIMINATION OF DATA
We only retain personal information collected from a Client for as long as the Customer's email address is active on our mailing list, or for a limited period of time, whenever we need it to fulfill the purposes for which we have collected initially, unless required by law.
In some cases, it is not possible for us to specify in advance the periods for which your personal information will be stored. In such cases, we will determine the retention period based on the 10-year criteria, once your relationship with us ends.
Your main rights under the data protection law are:
- access right;
You have the right to confirm whether or not we process your personal information and, when we do, access your personal information, together with certain additional information. This additional information includes details of the purposes of processing, the categories of personal information affected and the addressee of personal data.
- Correction right;
You have the right to rectify inaccurate personal information and, taking in mind the purposes of processing, to complete any incomplete personal information about you.
- Right to remove;
In some circumstances, you have the right to delete your personal information without undue delay. Those circumstances include: personal information are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw the consent for processing based on prior consent; you object the processing under certain rules of the applicable data protection law; the processing is for direct marketing purposes; and the personal information have been illegally processed. However, there are exclusions of the right to erase. General exclusions include when processing is necessary: to exercise the right to freedom of expression and information; for the fulfillment of a legal obligation; or for the establishment, exercise or defense of legal claims.
- The right to restrict processing;
In some circumstances, you have the right to restrict the processing of your personal information. Those circumstances are: challenges the accuracy of personal information; the processing is illegal but you object to the removal; we no longer need personal information for the purposes of our processing, but you require personal information for the establishment, exercise or defense of legal claims; and has objected to the processing, pending the verification of that objection. When processing has been restricted on this basis, we can continue storing your personal data. However, we will only process it in another way: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- The right to object to the processing;
You have the right to object to the processing of your personal information for reasons related to your particular situation, but only to the extent that the legal basis for processing is that the processing is not necessary for: the realization of a task carried out in the public interest or in the exercise of any official authority conferred upon us. If you file such objection, we will cease to process personal information unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and liberties, or the prosecution is for the establishment, exercise or defense of legal claims.
- The right of the portability of the data;
You have the right to object to our processing of your personal information for direct marketing purposes (including profiling for direct marketing purposes). If you make such objection, we will stop processing your personal information for this purpose.
- The right to complain to a supervisory authority;
To the extent that the legal basis for the processing of your personal information is:
- that the processing is necessary for the execution of a contract of which you are a party or to take action upon your request before concluding a contract, and such processing is carried out by automated means, you have the right to receive your personal information from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. If you believe that our processing of your personal information violates data protection laws, you have the legal right to present a complaint with a supervisory authority responsible for data protection. You can do it in the EU member state of your usual residence, your place of work or the place of the alleged infringement.
- The right to remove the consent;
To the extent that the legal basis for processing your personal information is consent, you have the right to remove that consent at any time. The withdrawal will not affect the legality of the processing before the remove. You can exercise any of your rights in relation to your personal information by contacting us as set out below in CHAPTER 16 'How to contact us'. Unless it is required that personal information be retained by us for administrative or legal reasons, RTI will comply with such requests at the earliest possible opportunity.
CHAPTER 14. RESOLUTION OF COMPLAINS
We are committed to providing our clients with a fair and responsive system to handle and resolve complaints related to the handling of their personal information. You have the right to complain and have your claim handled efficiently if you are concerned about the handling of your personal information. We believe that by receiving your claim, we are given a valuable opportunity to improve the services we provide and maintain your trust in our services.
If at any time you wish to present a complaint regarding the handling, use or disclosure of your personal information, you may do so by contacting us directly with us as set forth below in CHAPTER 16 'How to contact us' or directly via email @ biospheretourism.com. Our goal is to investigate and advise on the outcome of the complaint promptly.
If you are not satisfied with our handling of your claim, you can contact the Data Protection Officer at:
CHAPTER 15. AMENDMENTS
We can update this policy by publishing a new version on our websites.
You should check this page frequently to make sure you are happy with the changes to this policy.
We may notify you of significant changes to this policy by email or through the private messaging system (tickets) within our service system.
CHAPTER 16. DATA TRANSFER
In general, Responsible Tourism Institute will not communicate this personal data to third parties, with the exception that the provision of a service implies the need for a contractual relationship with a person in charge of processing and this is strictly necessary to manage and maintain the relationship between the user and the aforementioned company, with express authorization by the user. We inform you that we have contractual relationships with the following companies of the same business group, therefore, it is necessary that these companies have access to your personal data to adequately perform the obligations emanated from the subscribed contract.
Biosphere Responsible Tourism
Biosphere Experience S.L.
Both companies share the same address:
C/La Rosa 1, 1
38002, Santa Cruz de Tenerife, Canary Islands, Spain.
This will be done only during the time necessary to enable the execution of the contract of commission, and under the same conditions and with the same responsibility that is required of the responsible party.
Once the order has been finalized, the person in charge of the treatment will return the Personal Data to the Responsible Party and will delete any copy of it that is available.
On the other hand, only the third parties with whom Responsible Tourism Institute has a legal or contractual obligation with, will have access to this personal data, which include, for example, the Ombudsman and Judges and Courts interested in the procedures related to the presented claims.
CHAPTER 17. HOW TO CONTACT US
Responsible Tourism Institute
Calle La Rosa 1
Santa Cruz de Tenerife, Spain
By phone: +34922242904