1. Data controller

The controller responsible for processing personal data is ARIGO CANARIAS, S.L., trade name XCAPE 39, VAT number B27561422, with registered office at Calle La Tosca 39, Aldea Blanca, 38628, San Miguel de Abona, Santa Cruz de Tenerife, telephone +34 659 803 978 and email info@xcape39.es.

2. Data we process

We may process identification and contact data (name, surname, telephone number, email, address), booking and rental data, identification and driving licence data, financial and payment information, as well as communications related to incidents, customer service or claims.

3. Purposes

Data will be processed to manage bookings and rental agreements, verify the identity and suitability of the driver, process payments and deposits, handle incidents, fines and accidents, provide customer service, comply with legal obligations and, where applicable, send commercial communications if there is a legitimate basis for doing so.

4. Legal basis

The legal basis for processing is the execution of the contract or pre-contractual measures, compliance with legal obligations and, where appropriate, the legitimate interest of the company or the consent of the data subject.

5. Data retention

Data will be retained for the time necessary for the contractual relationship and subsequently for the periods required by tax, accounting, civil, commercial or fraud prevention regulations, as well as while liabilities may arise.

6. Recipients

Data may be disclosed to financial institutions or payment gateways, insurance companies, accounting firms, advisors, technology providers, public administrations, law enforcement authorities or competent authorities when necessary or legally required.

7. Rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability by sending a written request to the company or to the indicated email address. You may also file a complaint with the Spanish Data Protection Agency if you believe your rights have been violated.

8. Security

The company applies reasonable technical and organisational measures to protect the confidentiality, integrity and availability of personal data.

9. Minors

The services are not intended for minors who do not have the legal capacity required to enter into a contract.

10. Updates

This policy may be modified to adapt it to legal changes or changes in the operation of the service. The current version will be the one published on the website.