I. PRIVACY AND DATA PROTECTION POLICY
Hemels Madrid DMC, S.L. (hereinafter:Hemels Madrid) places great importance on the protection of personal data and the privacy of its customers, users, and business partners. In accordance with applicable legislation, Hemels Madrid commits to processing personal data in a lawful, fair, and transparent manner and to implementing appropriate technical and organizational measures tailored to the risk of processing.
This privacy policy applies to all personal data processed through the website https://hemelsmadrid.com and in the context of the services offered by Hemels Madrid.
II. APPLICABLE LEGISLATION
This Privacy Policy has been drawn up in accordance with current Spanish and European regulations, in particular:
- Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR);
Organic Law 3/2018 of December 5 on the protection of personal data and the guarantee of digital rights (LOPD-GDD);
Law 34/2002 of July 11 on information society services and electronic commerce (LSSI-CE).
III. IDENTITY OF THE DATA CONTROLLER
Data Controller:
Hemels Madrid DMC, S.L.
VAT number: ES B56928849
Registration in the Madrid Chamber of Commerce:
Tomo 46253 | Folio 21 | Section GNE | Page 812461
Representative:
Marijn Rudolf Johán Scholte
Contact details:
Address: Calle del Limón 17 – 2 IZQ, 28015 Madrid, Spanje
Telephone: +34 683 410 846
Email: contact@hemelsmadrid.com
IV. PROCESSED PERSONAL DATA
Hemels Madrid processes only the personal data that is necessary for carrying out its activities. This includes:
identification and contact details (name, email address, phone number, address);
billing and payment information;
data relevant to the organization and execution of trips, tours, events, and related services;
communication data (email correspondence).
Hemels Madrid does not process special categories of personal data as defined in Article 9 of the GDPR, unless this is strictly necessary for the provision of the service and with the explicit consent of the data subject.
V. PURPOSES OF PROCESSING
Personal data is processed for the following purposes:
handling requests and information inquiries;
preparing, organizing, and executing tours, custom trips, business trips, and other DMC services;
reserving services with partners such as hotels, guides, transport providers, museums, and other suppliers;
preparing and processing quotes, agreements, invoices, and payments;
maintaining customer relationships and communication;
complying with legal and tax obligations;
improving service delivery, website, and user experience;
commercial and administrative purposes related to the business activities of Hemels Madrid.
When collecting personal data, the data subject is informed about the specific purpose of the processing.
VI. LEGAL BASES
The processing of personal data is based on one or more of the following legal grounds:
the performance of a contract or taking pre-contractual measures;
the explicit consent of the data subject;
compliance with a legal obligation;
the legitimate interest of Hemels Madrid, particularly for administrative, operational, and security purposes.
Consent can be withdrawn at any time, without affecting the lawfulness of the processing prior to withdrawal.
VII. RETENTION PERIODS
Personal data will not be retained longer than necessary for the purposes for which they are processed. The following periods apply:
administrative and contractual data: as long as the contractual relationship is ongoing;
billing and accounting data: in accordance with legal retention periods (generally at least 6 years);
other data: as long as necessary or until the moment the data subject requests deletion, as far as legally permitted.
VIII. RECIPIENTS OF DATA
Personal data will only be shared with third parties if this is necessary for the execution of the agreed services, such as:
hotels and accommodations;
official guides and local partners;
transport companies;
museums, monuments, and other service providers.
These parties will only receive the data that is strictly necessary and are contractually or legally obliged to process it confidentially.
IX. DATA OF MINORS
Only individuals aged 14 or older can independently give consent for the processing of their personal data. For minors under 14 years of age, consent from a parent or legal representative is required.
X. SECURITY AND CONFIDENTIALITY
Hemels Madrid applies appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, or disclosure.
The website uses an SSL certificate, which encrypts data during transmission. In the event of a data breach that poses a risk to the rights and freedoms of data subjects, Hemels Madrid will report this in accordance with legal obligations.
XI. RIGHTS OF DATA SUBJECTS
The data subject has the right to:
access;
rectification;
erasure;
restriction of processing;
data portability;
object to processing;
not be subject to automated decision-making.
These rights can be exercised by sending a written request to Hemels Madrid, accompanied by a valid identification document, via:
Email: contact@hemelsmadrid.com
Postadres: Calle del Limón 17 - 2 IZQ, 28015, Madrid, ES
XII. LINKS TO THIRD PARTIES
The website may contain links to third-party websites. Hemels Madrid is not responsible for the privacy policy or content of these websites.
XIII. COMPLAINTS
If the data subject believes that the processing of personal data is in violation of applicable regulations, a complaint can be filed with the competent supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).
XIV. CHANGES
Heavenly Madrid reserves the right to change this privacy policy. The most recent version is always available on the website. Continued use of the website implies acceptance of the modified privacy policy.