In accordance with Article 10 of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, we inform you that Port Torredembarra S.A., with NIF A43355403 and registered office at Edifici Capitania 43830 Torredembarra is responsible for the management and operation of the site port-torredembarra.es.

If you wish to contact us, you can do so by postal mail to the address provided above or by email at info@port-torredembarra.es

Access to our domain can be made directly or through any existing redirection, with the same Privacy Policy applying.

Privacy Policy

This Privacy Policy describes how we handle your personal data (e.g., collection, use, communication, storage, and protection of your personal information) and provides information about your rights as a data subject.

Port Torredembarra, (hereinafter THE OWNER) is responsible for the processing, as well as the collection, use, communication, storage, and protection of your personal data, in accordance with the General Data Protection Regulation, internal rules and policies, or any applicable national regulations.

In compliance with Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as the new General Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, this document informs you as follows:

Identity and Contact Details of the Data Controller

Our identifying information:

Port Torredembarra S.A.

You can contact us via:

  • Postal Mail: Edifici Capitania, 43830 Torredembarra
  • E-mail: info@port-torredembarra.es
  • Phone: 977.643.236
  • Website: port-torredembarra.es

Categories of Personal Data

We process the following categories of personal data:

  • Identification Data – name and surname, ID number or equivalent
  • Administrative Data – company name, address, banking details, and contact persons
  • Contact Data – email, phone number, and address
  • Digital Data – cookies, IP address, websites and social networks, and other publicly accessible data on the Internet, etc.
  • Employment Data – employee data, CVs, education, professional experience, and health
  • Business Data – suppliers and customers
  • Other necessary data for processing – for more information on the category of personal data in the development of our Activity, you may consult our Activity Register, section “Category of Data”.

How Do We Collect Your Data?

We collect information about you from the following sources:

  • When we communicate or interact with you by phone, email, or through another contact method.
  • Through the Contact Form on the website.
  • Through the Booking berth form on the website
  • Through time tracking tools.
  • When you visit our facilities.
  • When you provide us with a CV.

For more information about the different data collection mechanisms in the development of our Activity, you may consult our Activity Register.

How long do we keep your data?

Data will be retained for as long as there is a commercial, contractual, or professional relationship with the data subject and subsequently for the necessary years to comply with the corresponding legal obligations in each case. Notwithstanding the above, data will be kept as long as necessary for processing, and the data subject does not request its deletion.

Regarding employment or social security data, documents, or electronic records that have transmitted data proving compliance with obligations related to affiliation, registrations, terminations, or variations, as well as contribution documents and receipts for salary payments and delegated benefits, according to Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infringements and Sanctions in the Social Order, data retention will be 4 years.

Regarding accounting and tax documentation, for tax purposes, accounting books and other mandatory records according to applicable tax regulations (IRPF, VAT, Corporate Tax, etc.), as well as supporting documents justifying the entries recorded in the books (including programs and electronic files and any other documents of fiscal importance), must be retained for at least the period during which the Administration has the right to verify and investigate, and consequently, to assess tax liabilities, according to Articles 66 to 70 of the General Tax Law, the retention period will be 4 years.

Regarding accounting and tax documentation, for commercial purposes, books, correspondence, documentation, and evidence related to your business, properly ordered from the last entry made in the books, except as established by general or special provisions, this commercial obligation extends to mandatory books (income, expenses, investment assets, and provisions), in addition to the documentation and evidence supporting the entries recorded in the books (issued and received invoices, receipts, corrective invoices, banking documents, etc.), according to Article 30 of the Commercial Code, the retention period will be 6 years.

Data related to employee time tracking will be retained for 4 years, as established by Royal Decree-Law 8/2019, of March 8, on urgent measures for the social protection of combating labor precariousness in working hours.

For more information about data retention in the development of our activity, you may consult our Activity Register, section “Retention Period.”

To whom do we disclose your data?

Depending on the purpose of the processing, your personal data may be disclosed or processed by different categories of recipients:

  • Collaborators or external professionals (Labor and Tax Advisors, Health Surveillance Mutual, Occupational Risk Prevention Company, etc.)
  • Public administrations (General Treasury of Social Security, State Public Employment Service, Ministry of Labor, Ministry of Finance, and entities or organizations granting subsidies or aid of interest to the company, which will use them in the exercise of their legitimate powers)

In any case, we only disclose your data to the extent strictly necessary and in the manner required to carry out the purposes described in this privacy policy and only to entities with which we have signed agreements protecting your rights and freedoms regarding your personal data. These entities and/or professionals considered as Data Processors will be governed by the provisions of Article 28 of the GDPR, and we ensure that they take all necessary security measures in accordance with Article 32 of the GDPR.

For more information about data disclosure to third parties in the development of our activity, you may consult our Activity Register, section “Category of Recipients.”

Where do we process your data?

In order to carry out our activity and provide our services, we process your personal data in accordance with the conditions established in this privacy policy within the European Union (EU).

For more information about where we process data in the development of our activity, you may consult our Activity Register, section “International Transfer.”

For What Purposes Do We Process Your Data?

Your data will be collected for processing relevant to the following purposes:

  • Receiving contact information or other requests made by you through any of our communication channels.
  • Administrative tasks related to providing our services.
  • Communication of rates or berth reservations.
  • Responding to questions about any of our services.

For more information about the purposes of data processing in the development of our activity, you may consult our Activity Register, section “Purposes of Processing.”

You may withdraw your consent at any time free of charge by exercising your rights, sending your request in writing and duly identified with a proof of identity, to our address Edifici Capitania 43830 Torredembarra or by email to info@port-torredembarra.es, for more detailed information about exercising your rights, you may consult our Activity Register, section “Exercise of Rights.”

Why can we process your data?

The use of your data under the conditions described above is permitted by European and Spanish data protection regulations in accordance with the following legal bases:

Article 6 GDPR:

  • The data subject has given consent for the processing of their personal data for one or more specific purposes.
  • The processing is necessary for the performance of a contract in which the data subject is a party or for the application at the request of the data subject of pre-contractual measures.
  • The processing is necessary for compliance with a legal obligation to which the data controller is subject.

For more information about the legal basis for data processing in the development of our activity, you may consult our Activity Register, section “Legitimacy of Processing.”

What are your rights and how can you exercise them?

Data protection regulations allow you to exercise the following rights before the Data Controller: access, rectification, objection, erasure (“right to be forgotten”), restriction of processing, data portability, and the right not to be subject to automated individual decisions.

Any interested party has the right to be provided with BASIC INFORMATION before their data is collected, summarized and given at the same time and through the same medium in which their personal data is collected. Furthermore, the rest of the information should be provided in a more appropriate medium for presentation and understanding.

The information provided in layers or levels would be as follows:

1st Layer Information

  • The identity of the Data Controller.
  • What data will be processed.
  • The purpose of processing.
  • Where and how the data was obtained.
  • The legal basis for processing.
  • Whether the data will be communicated, transferred, or processed by third parties.
  • Reference to the procedure for Exercising Rights.

2nd Layer Information

  • Contact details of the Data Controller. Identity and contact details of the representative (if applicable). Contact details of the Data Protection Officer (if applicable).
  • Expanded description of the purposes of processing. Retention periods or criteria for data retention. Automated decisions, profiling, and logic applied.
  • Details of the legal basis for processing in cases of legal obligation, public interest, or legitimate interest. Obligation to provide data and consequences of failure to do so.
  • Recipients or categories of recipients. Adequacy decisions, guarantees, binding corporate rules, or specific applicable situations.
  • How to exercise the rights of access, rectification, erasure, and data portability, as well as restriction or objection to processing.
  • Right to withdraw consent given.
  • Right to lodge a complaint with the Supervisory Authority.

(The following table outlines your rights):

Right of Access To know what data of yours is being processed, for what purposes it is being processed, where the data was obtained, and whether it will be communicated or has been communicated to anyone.
Right of rectification To modify any inaccurate or incomplete data about you.
Right of Cancellation To erase data that is inadequate or excessive.
Right of Objection To prevent your data from being processed or to stop its processing, although only in the cases established by law.
Right to Restriction of Processing To request the suspension of data processing in the cases established by law.
Right to Data Portability To receive your data in a structured, commonly used, and machine-readable format and to transmit it to another Data Controller.
Right Not to be Subject to Automated Individual Decisions To prevent decisions about you that have legal effects or significantly affect you from being made solely based on data processing.

Characteristics of These Rights:

  • Their exercise is free of charge.
  • You may exercise the rights directly or through a legal representative.
  • If the request is submitted electronically, the information will be provided by these means when possible, unless the interested party requests it otherwise.
  • Before exercising your rights, we must identify you to protect your personal data against fraudulent attempts.
  • The request will be resolved within one month.

If the requests are manifestly unfounded or excessive (e.g., repetitive), the Data Controller may:

  • The Data Controller is obligated to inform you about the means to exercise these rights. These means must be accessible, and this right cannot be denied solely because you choose another method.
  • If the Data Controller does not address the request, they will inform you, at the latest within one month, of the reasons for not acting and the possibility of lodging a complaint with a Supervisory Authority.

If you wish to exercise any of the described rights, you can contact us through our Internal Data Protection Officer at:

  • By postal address:

Port Torredembarra S.A.

Attn: Data Protection Officer

Edifici Capitania 43830 Torredembarra (Tarragona)

  • Or by email to the following address: info@port-torredembarra.es

Supervisory Authority

If you wish to file a complaint regarding the processing of your data by THE CONTROLLER, please be informed that you can contact the Spanish Data Protection Agency at C/ Jorge Juan, 6 28001-Madrid http://www.agpd.es.

Cookies

Cookies are files that are downloaded to your computer to collect standard Internet log information and information about browsing habits. This information is used, for example, to track visitors’ usage of the website and to compile statistical reports on website activity.

You can configure your browser not to accept cookies. However, some first-party cookies are necessary to allow the user’s session on the website to use our services.

For more information, please refer to the website’s Cookie Policy.

Minors

The User certifies that they are over 14 years old and, therefore, have the legal capacity to provide consent regarding the processing of their personal data, in accordance with the provisions of this Privacy Policy.

If you wish to use our services through the website and are 14 years old or younger, we will need the consent of your legal guardian to store your data. If we do not have such consent, we may block or delete your data.

Activity Register

You may request an updated copy of our Activity Register via our email address info@port-torredembarra.es.

Security

THE OWNER adopts organizational and technical measures to ensure the security of personal data and to prevent its alteration, loss, processing, or unauthorized access, taking into account the state of technology, the nature of the stored data, and the risks to which it is exposed.

Updates

We keep our privacy policy under review and may change it occasionally (mainly to comply with legal and data protection practices).

Updated versions will be published on our website.

Applicable Law and Competent Courts

The terms and conditions governing this website, as well as any relations that may arise, are protected and subject to Spanish legislation. For the resolution of any disputes, litigation, or discrepancies that may arise between the user and Port Torredembarra S.A., regarding the use of this website, the parties agree to submit to the courts and tribunals of Tarragona, Spain.