Privacy Policy
Within the framework of the Organic Law 3/2018, dated December 5, related to Personal Data Protection and the guarantee of digital rights, in conjunction with Royal Decree 1720/2007, dated December 21, approving its developmental regulations, as well as in Regulation (EU) 2016/679 of the European Parliament and Council dated April 27, 2016, concerning the protection of natural individuals pertaining to personal data processing, which repeals Directive 95/46/EC (hereinafter, GDPR), Law 34/2002, dated July 11, regarding the services of the information society and electronic commerce (hereinafter, LSSI-CE), and Organic Law 3/2018, on Personal Data Protection and guarantee of digital rights, we ensure the safeguarding and confidentiality of personal data provided by our clients, in accordance with the General Data Protection Regulation (GDPR). Our Data Protection Policy is based on the proactive responsibility principle, whereby the Data Controller is accountable for regulatory and jurisprudential compliance and can demonstrate it to the appropriate control authorities.
Data Processing Purpose: What is your data used for?
All data supplied by our clients or visitors on our website or its staff will be included in the personal data processing activity register, created and maintained by nztravel, which is essential to provide the services requested by users or to address questions raised by our visitors. Our policy does not involve creating user profiles.
The data processing conducted via this portal is geared towards the administrative and documentary management of the travel applications lodged by the applicant, the provided data being used solely for the aforementioned purposes. As part of this service, nztravel may access sensitive data such as medical certificates and information regarding the applicant’s health, as well as certificates related to the absence of criminal offenses.
These data are essential for the processing of the documentation requested by the interested parties and will be processed with appropriate security and confidentiality measures by the responsible party.
Legitimacy of Processing: Why do we need your data?
a) Contractual relationship: Applicable when you purchase one of our products or contract one of our services.
b) Legitimate interest: To respond to inquiries and complaints and manage debt collection.
c) Your consent: If you are a user of our website, by checking the box on the contact form, you give us permission to send you the necessary communications to respond to the inquiry or request for information.
Recipients: Who do we share your data with?
We provide your data to public or private entities to which we are legally obligated to furnish your personal data. For example, the Tax Law mandates the provision of certain information about economic transactions exceeding a certain amount to the Tax Agency.
In the context of providing service through our web portal, your data will be shared with the various consular offices to which your documentation request is directed.
Communication: Where might we send your data?
International data transfers may occur if you request documentation from a country outside the European Economic Area, necessitating communications with the respective consular offices and/or document processors.
Retention: How long do we keep your data?
Your personal data will be retained only as long as necessary to fulfill the purposes for which they were collected. When determining the appropriate retention period, we consider the risks involved in the treatment, as well as our contractual, legal and regulatory obligations, internal data retention policies and our legitimate business interests described in this Privacy Notice and Cookies Policy.
In this regard, nztravel will retain the personal data, duly blocked, once its relationship with you ends, during the limitation period of the actions that may arise from the relationship maintained with the interested party.
Once blocked, your data will be inaccessible to nztravel, and will not be processed except to make it available to public administrations, judges, and courts, to address potential responsibilities arising from the treatments, as well as for the exercise and defense of claims before the Spanish Agency for Data Protection.
Security: How do we protect your data?
We use all reasonable efforts to maintain the confidentiality of personal information processed in our systems. We implement rigorous security levels to protect personal data we process against accidental losses and unauthorized access, processing, or disclosure, taking into account the technological state, the nature, and the risks that the data are exposed to. However, we cannot be held accountable for the use you make of the data (including username and password) that you use on our website. Our staff adheres to strict privacy rules, and we require the same from third parties providing support services, allowing us to audit them to ensure compliance.
Your rights: What rights can you exercise?
We inform you that you may exercise the following rights:
- Right to access your personal data to know what data is being processed and the operations carried out with them.
- Right to rectify any inaccurate personal data.
- Right to delete your personal data when possible (e.g., by legal imperative).
- Right to restrict the processing of your personal data when the accuracy, legality, or necessity of data processing is doubtful, in which case we may retain them for claim exercise or defense.
- Right to object to the processing of your personal data when the legal basis that enables us to process the aforementioned data is our legitimate interest. nztravel will cease processing your data unless it has a legitimate interest or is necessary for claim defense.
- Right to data portability when the legal basis that enables us to process it is a contractual relationship or your consent.
- Right to revoke consent granted to nztravel.
Claim redress: Where can you file a complaint?
Should you believe your rights have been disregarded by our organization, you can file a complaint with the Spanish Agency for Data Protection, through one of the following means:
- Online: https://www.aepd.es
- Mail: Spanish Agency for Data Protection, C / Jorge Juan, 6, 28001, Madrid
- Phone: 901.100.099 and 912.663.517