Legal Notice / Privacy and Data Protection

Legal Notice

Rutas Madrid reserves all rights related to the contents of the website, as well as the content of the BLOG. The transmission, distribution, reproduction or storage, in whole or in part of any part of the content is prohibited, except with the express prior consent of the company.

Any information related to the contents will be dealt with by email to info@rutasmadrid.es

The texts, sounds, videos, images and animations are the property of the company Rutas Madrid, and ultimately its owner, with NIF 08926610B.

It is strictly forbidden to record video and audio on the route, this being understood as the direct recording of the tour guide in the course of his work. This prohibition focuses on the broadcast and public reproduction through social networks, websites or any analog or digital media. Rutas Madrid will not hesitate to take legal action against anyone who reproduce in whole or in part the recording of the routes and guides. It can only be done with the prior written consent of the management of the company.

In some of the routes, there will be a final photograph for distribution on social networks (always in the profile of the company itself, Rutas Madrid) These photographs will always be intended to be a souvenir of the route. Rutas Madrid guarantees that they will not be used for commercial, advertising or any other purpose. Since the photographs are a direct exposure of the person in social networks, Rutas Madrid undertakes to warn at least twice before taking the photograph that these will be intended for such spaces. The photographs are, obviously, voluntary. No customer is obliged to appear in them, so it is strongly requested that anyone who does not wish to appear, is removed at the time of taking the photograph. The contracting of our routes implies the acceptance of this point. However, we make available to any customer the necessary contact details in case of complaint and willingness to remove the photograph (see Privacy Policy).

Rutas Madrid reserves the right to modify without prior notice the specific stopping points of the routes, as well as the content of the same and the promotional photographs on the website or social networks. Despite trying to maintain a standard, Madrid can be a very complex city for guided tours (traffic, streets under construction, shows and concerts in the streets, etc.) so the routes, both in content and duration, may vary slightly.

The company’s website (www.rutasmadrid.es) does not accept electronic payments. The contact forms are only a basic means of communication with the customer in order to make a booking.

The timetables are exact. This means that a place is only reserved until the exact starting time of the tour. It is always recommended that you arrive at least 10 minutes before the start of the guided tour so that the guide can manage the booking. If you do not show up at the appointed time, the place is released and someone else can take your place on the tour.

This measure is motivated by the nature of many free tours (free tour) and above all by the current health situation with group limitations.

Currently, groups are limited to 25 people (24 plus the guide) in accordance with the provisions of Art. 29, 2 of Decree 55/2021 of 8 May. In accordance with this health regulation, everyone who books a place on a route with Rutas Madrid agrees to comply with all the stipulated safety measures. Those that concern our sector are to wear a mask completely covering the nose and mouth throughout the tour and try to keep a certain distance from the rest of the group.

Rutas Madrid uses other sales channels in addition to its own. These channels (Guruwalk, Yoorney, Civitatis, etc.) have their own regulations and legal notices, so we recommend reading them carefully before booking through them. In that sense, the platforms provide us with some basic contact details that are treated with the best guarantee and control (see Privacy Policy), but we are not responsible for how these platforms manage their data.

Data protection

The company Rutas Madrid, with NIF 08926610B, complies with current regulations provided in the following laws:

Organic Law 15/1999 of 13 December on the Protection of Personal Data.

Royal Decree 1720/2007 of 21 December, approving the Regulations for the development of the Organic Law.

Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce.

Rutas Madrid guarantees responsible use of the user’s personal data. The company will always try to collect as little data as possible (and essential) to manage the reservations of the guided tours offered. Under no circumstances will personal data relating to ethnic or racial origin, political, religious or philosophical ideology, trade union affiliation, genetic and biometric data, health, sexual orientation or any other data processing that entails a high risk to the rights and freedoms of individuals be required.

Article 5.1.f of the General Data Protection Regulation (hereinafter GDPR) determines the need to establish appropriate security safeguards against unauthorised or unlawful processing, against loss of personal data, accidental destruction or damage. This implies the establishment of technical and organisational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as set out in Article 5.2, that these measures have been put into practice (proactive accountability).

To fulfill this responsibility, Rutas Madrid undertakes to store personal data for a limited time (3 months maximum from the arrival of information), as well as messages that are made between the parties on the web servers of info@rutasmadrid.es.

Rutas Madrid will inform the user of the existence and acceptance of the particular conditions of the processing of their data in each specific case, informing the user of the responsibility of the file created, the address of the person responsible, the possibility of exercising their rights of access, rectification, cancellation or opposition, the purpose of processing and data communications to third parties where appropriate. The way to inform the user of the existence and acceptance of the conditions will be by means of a standard form with all the detailed information.

In some of the routes, a final photograph will be taken to distribute on social networks (always in the profile of the company itself, Rutas Madrid) These photographs will always have the purpose of constituting a memory of the route. Rutas Madrid guarantees that they will not be used for commercial, advertising or any other purpose. Since the photographs are a direct exposure of the person in social networks, Rutas Madrid undertakes to warn at least twice before taking the picture that they will be intended for such spaces.

Despite being completely voluntary (see Legal Notice), if any affected person wishes that a photograph in which he appears, a family member, friend, relative, or person dependent on it is removed from social networks, you can contact Rutas Madrid via email: info@rutasmadrid.es, the platform itself where the photograph has been uploaded (Facebook, Instagram, TikTok, etc …) or telephone 676 84 99 44.

Rutas Madrid undertakes to immediately remove any photograph that is requested from social networks. For the safety of customers, any photograph of the groups will be stored exclusively on these platforms, being removed directly from mobile devices in which it was made.

SECURITY MEASURES

The security measures with which Rutas Madrid treats your data are as follows:

ORGANISATIONAL MEASURES

INFORMATION WHICH MUST BE KNOWN TO ALL PERSONNEL WITH ACCESS TO PERSONAL DATA.

All personnel with access to personal data shall be made aware of their obligations in relation to the processing of personal data and shall be informed of such obligations. The minimum information that shall be known to all staff shall be as follows:

DUTY OF CONFIDENTIALITY AND SECRETY

  • Access to personal data by unauthorised persons shall be prevented. To this end, leaving personal data exposed to third parties (unattended electronic screens, paper documents in public access areas, media with personal data, etc.) shall be avoided. When absent from the workstation, the screen shall be locked or the session shall be logged off.
  • Paper documents and electronic media shall be stored in a secure place (cupboards or restricted access rooms) 24 hours a day.
  • Documents or electronic media (CDs, pen drives, hard disks, etc.) containing personal data shall not be disposed of without guaranteeing their effective destruction
  • .
  • No personal data or any other information of a personal nature shall be communicated to third parties, paying particular attention not to disclose protected personal data during telephone consultations, e-mails, etc.
  • No personal data or any other information of a personal nature shall be communicated to third parties.
  • The duty of secrecy and confidentiality persists even when the employee’s employment relationship with the company ends.

SECURITY VIOLATIONS OF PERSONAL DATA

When security breaches of personal data occur, such as, for example, theft or improper access to personal data, the Spanish Data Protection Agency shall be notified within 72 hours of such security breaches, including all the information necessary for the clarification of the facts that have given rise to the improper access to the personal data. The notification shall be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency at the address https://sedeagpd.gob.es/sede-electronica-web/.

TECHNICAL MEASURES

IDENTIFICATION

Where the same computer or device is used for personal data processing and personal use purposes, it is recommended to have several different profiles or users for each of the purposes. Professional and personal uses of the computer shall be kept separate.

Passwords shall be guaranteed for access to personal data stored in electronic systems. The password shall be at least 8 characters, a mixture of numbers and letters.

When accessing personal data stored on electronic systems, the password shall be kept separate.

Where personal data are accessed by different persons, for each person with access to personal data, a specific user name and password (unambiguous identification) shall be available.

Where personal data are accessed by different persons, for each person with access to personal data, a specific user name and password (unambiguous identification) shall be available.

The confidentiality of passwords shall be guaranteed, preventing them from being exposed to third parties.

Safeguarding DUTY

The following are the minimum technical measures to ensure the safeguarding of personal data:

UPDATING OF COMPUTERS AND DEVICES: The devices and computers used for the storage and processing of the data shall be updated periodically to the extent possible.

MALWARE: Computers and devices where the automated processing of personal data is carried out shall have an antivirus system that guarantees as far as possible the theft and destruction of personal information and data. The anti-virus system shall be updated on a regular basis.

FIREWALL: In order to avoid undue remote access to personal data, it shall be ensured that a firewall is activated and correctly configured in those computers and devices where personal data is stored and/or processed.

SECURITY COPY: A backup copy shall be made periodically on a second medium other than the one used for daily work. The copy shall be stored in a safe place, different from the place where the computer with the original files is located, in order to allow the recovery of personal data in the event of loss of information.

SECURITY COPY: Periodically a backup copy shall be made on a second medium other than the one used for daily work.

OVH HISPANO, S.L., CIF: B-83834747, with registered office at Calle Alcalá, Número 21, 5ª Planta, 28014, Madrid, Spain. You can consult its Privacy Policy at the following link: https://www.ovh.es/proteccion-datos-personales/.

MICROSOFT IRELAND OPERATIONS LIMITED, established at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. You can view its Privacy Policy at the following link: https://privacy.microsoft.com/es-es/privacystatement.

SSL: The website has SSL security certificate to improve security, the secure server establishes a connection so that the information is transmitted encrypted and is hosted on servers that OVH HISPANO, S.L., CIF: B-83834747, Address: Calle Alcalá, Número 21, 5ª Planta, 28014, Madrid, Spain, offers to INFOGESTIÓN The processing of the data by this entity is regulated by a data processor contract. You can consult the Privacy Policy of OVH HISPANO, S.L. in the following link: https://www.ovh.es/proteccion-datos-personales/.PROCESSOR / SSL: OVH is the service provider in charge of processing. The processing of the data is regulated by a data processor contract.

The security measures will be reviewed periodically, the review may be done by automatic mechanisms (software or computer programs) or manually.