PRINCIPLES OF PERSONAL DATA PROCESSING – INFORMATION FOR CLIENTS AND BUSINESS PARTNERS

VB MALLORCA CYCLING CENTER, S.L.U.
Carrer de la Goleta s/n.
076100 Can Pastilla - Mallorca
Spain
C.I.F. / ID number: ES B67889519
Inscrita en el Registro Mercantil de Baleares • Tomo: 2940 • Libro: 0 • Folio: 74 • Hoja: PM-93337 • Inscripción: 1ª

---

INTRODUCTION

Dear Clients, Dear Business Partners,

The aim of these Principles is to inform you how VB MALLORCA CYCLING CENTER, S.L.U. (hereinafter the Company) collects, processes, uses and transfers your personal data (hereinafter Personal Data Processing).

The term ‘personal data’ refers to information concerning a specific physical person who can be directly or indirectly identified based on such data or together with additional data.

The most common examples of personal data the Company processes on a daily basis are the identification data of individuals (natural persons) or of representatives, employees or members of the statutory bodies of business partners (legal persons), and contact details (especially postal address, e-mail address, and phone number) of clients and business partners.

Who is the controller of your personal data?

The controller of the data is the Company. The Company determines how and for what purpose your personal data is processed. The contact details of the Company are listed in the ‘Inquiries and contacts’ paragraph below.

What personal data does the Company process? Why does the Company process your personal data?

In the table displayed below, you can see what personal data about clients and business partners the Company processes and why.

a) Clients

Personal data (Categories & examples )	Purpose of processing	Legal basis for processing
Basic identification and contact details: name & surname e-mail address, phone number voluntarily height, jersey size and required bike size	arranging & performing a specific contract, related communication processing reservations recording and enforcing claims	concluding & performing a contract legitimate interest of the Company in enforcing claims
Data related to the financial and invoicing	performing the relevant contract complying with legal obligations handling complaints	concluding & performing a contract fulfilment of legal obligations
Data for marketing purposes: name & surname e-mail, phone number, address	sending information about the company’s services, venues, and other business announcements sending business announcements in accordance with the client’s preferences	consent from the relevant person legitimate interest in contacting clients through direct marketing

b) Business partners

Personal data (Categories & examples)	Purpose of processing	Legal basis for processing
Basic identification and contact details: name & surname position, company e-mail address, phone number, postal address, payment & delivery details	arranging & performing a specific contract, related business communication recording and enforcing claims	concluding & performing a contract legitimate interest of the company in enforcing claims

What sources does the Company use to obtain your personal data?

The personal data the Company processes are obtained by the Company directly from the clients or business partners themselves, or from other available sources (for example the Commercial Register or ARES).

Does the Company share your personal data with other persons?

a) External service providers

The Company uses external service providers that provide the Company with services such as accounting, reporting, registering claims, designs, translations, marketing, and promotion. In order for them to be able to comply with their obligations, some personal data about clients and business partners must be passed on to these service providers by the Company.

External service providers are however examined by the Company and they guarantee full confidentiality to protect the personal data of our clients and business partners. The Company has signed contracts concerning Personal Data Processing - and agreements on the transfer of personal data if appropriate – with all the external service providers, in which the providers pledge to protect the personal data and to maintain the Company’s standards as regards keeping the personal data secure.

b) Transferring personal data to third parties

Under certain circumstances, the Company is obliged to share the personal data of clients and business partners with third parties in addition to the above external service providers. However, this is carried out in accordance with legal regulations addressing the protection of personal data.

Such third parties include, especially:

• administrative and other authorities (tax offices),
• financial institutions (banks, insurance companies),
• police, public prosecutor,
• external consultants,
• other controllers of personal data providing the clients of the Company with accommodation, transport, and other services connected with the services the Company provides.

Does the Company transfer your personal data to countries outside the EEA?

The Company will not transfer your personal data outside the European Economic Area.

How secure are your personal data?

The Company uses modern IT security systems to ensure the confidentiality, integrity, and accessibility of your personal data. The Company takes the necessary security and organizational measures to protect your personal data from illegal and unauthorized Personal Data Processing and from loss and damage of the data.

Your personal data can only be accessed by employees who need them to perform their job and who are bound by statutory and/or contractual confidentiality obligations.

How long are your personal data kept by the Company?

The Company stores your personal data only for the necessary period of time needed to serve the purpose for which they were originally collected, or to protect the legitimate interests of the Company.

The Company can store your personal data for the duration of the contractual relationship and for another 10 years after the contractual relationship has terminated, 10 years after the end of the tax period in which a tax document was issued, 5 years after a complaints procedure has terminated, and 30 days after you revoke your consent.

What are your rights concerning Personal Data Processing?

Under the specified conditions, you can exercise any of the rights listed below, which you have under the legal regulations for the protection of personal data, mainly the General Data Protection Regulation (GDPR):

• the right to receive clear, transparent, and comprehensible information about how your personal data are used and about your rights;
• the right to revoke your consent to the processing of your personal data at any time via post, e-mail or in person to our address listed below;
• the right to access your personal data and to be informed about any activities related to the processing of the data by the Company or other processors;
• the right to correct any incorrect, and to add incomplete, personal data;
• the right to delete your personal data, especially (i) if they are not needed for further processing, (ii) if your consent to the processing of the data has been revoked, (iii) if the data subject has repeatedly objected to the processing of the data, (iv) if the data are being processed illegally, or (v) if the data must be deleted in accordance with legal regulations;
• the right to restrict the processing of your personal data (i) if the data subject has contested the validity of the personal data, until the Company verifies their correctness, (ii) if the processing is illegal, (iii) if the Company does not need the data but the data subject needs the data in order to exercise their legal claims, (iv) or if the data subject raises objections against the processing of their data, until the Company verifies whether the legitimate interests of the Company outweigh the interests of the data subject;
• the right to object to the processing of your personal data if they are being processed for the legitimate interests of the Company. If you object to further processing for the purpose of direct marketing, the data will not be processed for this purpose;
• the right to obtain your personal data in a structured, commonly used, and machine-readable format, and to transfer them to another controller under compliance with legal regulations;

We will respond to a request to exercise your rights in connection with the processing of your personal data within the legal deadline, which is usually no later than 1 month after the specific request was delivered. We let you know in exceptional cases if your request will require extra time.

Inquiries and contacts

If you would like to exercise any of your rights in relation to the processing of your personal data, or you have any inquiries or complaints, please call us, or write to us via post or e-mail.

VB MALLORCA CYCLING CENTER, S.L.U.
Mgr. Vojtěch Beran, managing director
Carrer de la Goleta s/n., 076100 Can Pastilla - Mallorca, Spain
C.I.F. / ID number: ES B67889519
e-mail address: vojtech.beran@mallorcacyclingcenter.com phone number.: +420 777 871 045

Amendments to these Principles

The Company may decide to amend or update these Principles. The current valid version of the Principles is available on the Company website in the Policy Privacy section. However, we assure you that there will be no amendments with a retroactive effect and that we will not amend the Principles concerning the processing of data we have already obtained.