PRIVACY POLICY AND DATA PROTECTION

LAST UPDATE: 23rd March 2025

Privacy is of utmost importance to The Ocean Explorers (the “Website“), and therefore, in compliance with applicable legislation, we commit to adopting the necessary technical and organizational measures to ensure an adequate level of security based on the risks associated with the processing of collected data.

This Privacy Policy and Data Protection (the “Privacy Policy” or the “Policy“) explains how we process user data when they interact with this Website (“User(s)“). In this regard, we recommend that you read the Privacy Policy before providing your personal data on this Website.

1. LAWS INCORPORATED INTO THIS PRIVACY POLICY

This Privacy Policy is adapted to the current Spanish and European regulations on personal data protection on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data, as well as its amendments and/or updates (hereinafter, “GDPR“).
  • Organic Law 3/2018 of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights, and its amendments and/or updates (hereinafter, “LOPD-GDD” or “LOPD“).
  • Royal Decree 1720/2007 of December 21, approving the Regulation implementing Organic Law 15/1999 of December 13 on the Protection of Personal Data, and its amendments and/or updates (hereinafter, “RDLOPD“).
  • Law 34/2002 of July 11, on Information Society Services and Electronic Commerce, and its amendments and/or updates (hereinafter, “LSSI-CE“).

2. IDENTIFICATION OF THE DATA CONTROLLER

The entity responsible for processing personal data collected by The Ocean Explorers is (the “Controller“):

  • Identity of the Controller: [Alessandra Fiumanò]
  • NIE: [Z0782321G]
  • Address: [Calle Panama 27, 3H, 35109 El Tablero, Las Palamas]
  • Email: [info@theoceanexplorers.com]
  • Contact Phone: [+34 624616123]
  • Activity: Coordination, planning, and design of experiences, trips, and events. Travel consulting and advisory services.

3. REGISTRATION OF PERSONAL DATA

In compliance with the GDPR and LOPD, we inform you that personal data collected by The Ocean Explorers through forms on various pages of the Website will be incorporated into our files and processed to facilitate, expedite, and fulfill the commitments established between The Ocean Explorers and the User, maintain relationships established in the forms completed by the User, or respond to their requests or inquiries.

Furthermore, in accordance with the GDPR and LOPD-GDD, unless an exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to its purposes, the processing activities carried out and the other circumstances established in the GDPR.

Specifically, personal data processed by The Ocean Explorers originates from:

  • Contact Form: to interact with the User and address all inquiries, doubts, or service contracts related to the Website, the User must first complete a Contact Form. Through this form, we request the following personal data: (a) First Name; (b) Last Name; (c) Email Address; and (d) Mobile number.

Additionally, The Ocean Explorers may use Users’ personal data to:

  • Ensure compliance with the Legal Notice and applicable law. This may include the development of tools and algorithms that help ensure the confidentiality of the personal data collected.
  • Support and improve the services and experiences offered by this Website.
  • Collect non-identifying data obtained through Cookies downloaded to the User’s device when browsing this Website, as detailed in the Cookie Policy.
  • Manage The Ocean Explorers’ social media accounts to properly maintain its online presence, inform about activities, products, or services, and for any other purposes permitted by social media regulations.

Lastly, The Ocean Explorers does not sell, rent, or transfer personally identifiable data to third parties without prior consent. However, in some cases, collaborations with other professionals may be conducted. In such cases, express and written consent from Users will be required, providing information about the identity of the collaborator and the purpose of the collaboration, ensuring the highest security standards at all times.

4. ACCURACY AND TRUTHFULNESS OF THE PROVIDED DATA

Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided to The Ocean Explorers, and they commit to keeping it properly updated. The User agrees to provide complete and correct information to The Ocean Explorers.

5. ACCEPTANCE OF DATA PROCESSING

In accordance with the GDPR and LOPD, for The Ocean Explorers to use User data, explicit and affirmative consent is required.

To ensure transparency, The Ocean Explorers includes a Privacy Policy acceptance checkbox at every data collection point on the Website. The User must check this box to authorize data collection and processing under this Privacy Policy and the Legal Notice.

6. PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING

The processing of Users’ personal data shall adhere to the principles established in Article 5 of the GDPR and Article 4 and following of the LOPD:

  • Lawfulness, fairness, and transparency: User consent is required for data processing for one or more specific purposes, with full transparency.
  • Purpose limitation: Personal data is collected for specific, explicit, and legitimate purposes.
  • Data minimization: The data collected is strictly necessary for the intended purposes.
  • Accuracy: Data must be accurate and kept up to date.
  • Storage limitation: Data is stored only as long as necessary for processing purposes.
  • Integrity and confidentiality: Personal data is processed securely, ensuring confidentiality.
  • Accountability: The Controller is responsible for ensuring compliance with these principles.

7. CATEGORIES OF PERSONAL DATA

The only data categories processed by The Ocean Explorers are identification data. Special categories of personal data, as defined in Article 9 of the GDPR, are not processed.

8. LEGAL BASIS FOR PROCESSING PERSONAL DATA

The legal basis for processing personal data is consent. The Ocean Explorers commits to obtaining the User’s explicit and verifiable consent for processing their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent shall be as easy as granting it. As a general rule, withdrawing consent shall not affect the use of the Website.

Whenever the User is required or allowed to provide their data through forms for inquiries, requests for information, or for any reason related to the content of the Website, they will be informed whether completing the form is mandatory, as some fields may be essential for the correct execution of the requested operation.

9. RETENTION PERIOD OF PERSONAL DATA

Personal data will only be retained for the minimum time necessary for the purposes of its processing, and in any case, until the User requests its deletion.

10. RECIPIENTS OF PERSONAL DATA

The User’s personal data will be shared with the following recipients or categories of recipients:

  • Hostinger: A platform that processes data for providing hosting services for the Website. [https://www.hostinger.com/]
  • WordPress: The Ocean Explorers uses WordPress for content management and hosting services, owned by Automattic, Inc. [https://automattic.com/]

If the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed at the time of data collection regarding the country or organization to which their data will be transferred.

11. PERSONAL DATA OF MINORS

In compliance with the GDPR (Article 8) and LOPD (Article 7), only individuals aged fourteen (14) years or older may lawfully consent to the processing of their personal data by The Ocean Explorers. If the User is under fourteen (14) years of age, parental or guardian consent will be required for data processing, and this shall only be deemed lawful if such consent is explicitly granted.

12. CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

The Ocean Explorers is committed to implementing the necessary technical and organizational measures to ensure the security of personal data and prevent its accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The Website has an SSL Certificate (Secure Socket Layer), ensuring that personal data is securely and confidentially transmitted between the server and the User, fully encrypted.

However, since The Ocean Explorers cannot guarantee the absolute security of the internet or the complete absence of cyberattacks, the Data Controller commits to notifying the User without undue delay in the event of a data breach that may pose a high risk to the rights and freedoms of natural persons. According to Article 4 of the GDPR, a personal data breach is defined as any security violation leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access to personal data.

Personal data will be treated as confidential, and the Data Controller commits to ensuring, through legal or contractual obligations, that confidentiality is respected by employees, associates, and any individuals with access to the information.

13. RIGHTS DERIVED FROM PERSONAL DATA PROCESSING

The User may exercise the following rights recognized under the GDPR and LOPD regarding The Ocean Explorers:

  • Right of Access: The User has the right to obtain confirmation on whether The Ocean Explorers is processing their personal data and, if so, to access the details of such data and how it is processed.
  • Right to Rectification: The User has the right to request the modification of their personal data if it is inaccurate or incomplete, taking into account the purposes of the processing.
  • Right to Erasure (Right to be Forgotten): The User has the right (unless otherwise stipulated by applicable law) to request the deletion of their personal data when: the data is no longer necessary for the purposes for which it was collected or processed; the User withdraws their consent, and there is no other legal basis for processing; the User objects to the processing, and there is no overriding legitimate reason to continue the processing; the data has been processed unlawfully; the data must be deleted to comply with a legal obligation; the data was obtained through a direct offer of information society services to a minor under fourteen (14) years of age. In addition to deleting the data, the Data Controller, considering available technology and the cost of implementation, must take reasonable steps to inform any controllers processing the data of the User’s request to delete any links to such data.
  • Right to Restriction of Processing: The User has the right to request the limitation of the processing of their personal data in the following cases: when the accuracy of the personal data is contested; when the processing is unlawful; when the Data Controller no longer needs the data, but the User requires it for legal claims; when the User has objected to the processing.
  • Right to Object: The User has the right to object to the processing of their personal data, and in such cases, The Ocean Explorers must cease processing the data unless there are compelling legitimate grounds to continue or if it is necessary for legal claims.
  • Right to Data Portability: If processing is carried out by automated means, the User has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller. Whenever technically feasible, the Data Controller shall directly transfer the data to the new controller.
  • Right Not to Be Subject to Automated Decision-Making,including Profiling: The right not to be subject to decisions based solely on automated processing, including profiling, unless otherwise stipulated by law.

The User may exercise these rights by submitting a written request to the Data Controller with the reference “GDPR – The Ocean Explorers”, including:

  1. Full name of the User and a copy of their ID. If representation is allowed, the ID of the representative must also be provided.
  2. A detailed request specifying the specific right they wish to exercise and the information they wish to access.
  3. Address for notification purposes.
  4. Date and signature of the request.
  5. Any supporting documents related to the request.

This request, along with any accompanying documents, may be sent to the following address and/or email:

  • Postal Address: [Calle Panama 27, 3H, 35109 El Tablero, Las Pamas]
  • Email: [info@theoceanexplorers.com]

14. LINKS TO THIRD-PARTY WEBSITES

The Website may include hyperlinks or links that allow access to third-party websites not operated by The Ocean Explorers. The owners of such websites have their own privacy policies, and they are responsible for their own data files and privacy practices.

For more details about third-party website links, please refer to Section 6  “Linking Policy” in the Legal Notice.

15. COMPLAINTS TO THE SUPERVISORY AUTHORITY

If the User believes there is a problem or violation of the current regulations regarding how their personal data is being processed, they have the right to seek judicial protection and file a complaint with the supervisory authority, particularly in their country of habitual residence, place of work, or where the alleged violation occurred. In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD) [www.agpd.es].

16. CHANGES TO THE PRIVACY POLICY

The Ocean Explorers reserves the right to modify this Privacy Policy at any time without prior notice. In such cases, the updated Privacy Policy will be published on the Website, and Users will be notified via email.