Privacy policy

VOL DE COLOMS is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by VOL DE COLOMS implies the acceptance by the user of the provisions contained in this Privacy Policy and that their personal data will be treated as stipulated therein. Please note that although there may be links from our website to other websites, this Privacy Policy does not apply to the websites of other companies or organizations to which the website is redirected. VOL DE COLOMS does not control the content of third party websites nor does it accept any responsibility for the content or privacy policies of these websites.

Information on data processing (Regulation (EU) 2016/679 and LO 3/2018)

of the treatment
VOL DE COLOMS, SL (B17334822) and NIT I VOL, SL (B17939067)

crt. del Volcà Croscat, s/n 17881 Santa Pau


Purpose of the treatment Offer and manage our balloon flight services, tourism and travel agency activities.

Legitimation Consent obtained from the interested party.

Execution of the service contract.

Recipients The data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the treatment.

People’s rights Those interested have the right to exercise their rights of access, rectification, limitation of treatment, deletion, portability and opposition, by sending their request to our address.

Term of conservation
of the data
As long as the commercial relationship is maintained or during the years necessary to comply with legal obligations.

claim Those interested can go to the AEPD to submit the claim they deem appropriate.

Additional information You can consult the additional and detailed information below in “Questions on privacy”.

Questions about privacy

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, (RGPD) and Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of rights digitals (LOPDGDD), we offer you the following information about the processing of your personal data:

Who is responsible for the processing of your data?


NIF: B17334822

Address: Crta. del Volcà Croscat, s/n 17881 Santa Pau

Phone: 972680255


Activity: balloon flight services and tourist activities


NIF: B17939067

Address: Crta. del Volcà Croscat, s/n 17881 Santa Pau

Phone: 972680255


Activity: travel agency services

For what purpose do we process your personal data?

  • We process the information provided to us to manage our ballooning, tourist and travel agency services.
  • In the event that you contact us using the contact form on our website, we will process them to manage your query.
  • If you give us your consent, we can also process your data to send you information about our activities, products or services.
  • Also, if you give us your consent, we will be able to use the images captured in the activities in which you participate to spread the word about our services.
  • When accessing our facilities, your image may be recorded by video surveillance cameras for security control purposes.

How long will we keep your data?

  • The personal data provided will be kept as long as you are a user of our services or want to receive information about them, and then, during the periods established to comply with our legal obligations, which in the case of accounting and fiscal documentation for commercial purposes will be 6 years, in accordance with Art. 30 of the Commercial Code, and for tax purposes it will be 4 years, in accordance with articles 66 to 70 of the General Tax Law.
  • The images in which you appear participating in our activities will be preserved as long as their dissemination is maintained.
  • The images captured by the video surveillance system will be kept for one month.

What is the legitimacy for the processing of your data?

Legitimation to treat them is found in the execution of the service contract and in the consents you give us.

Regarding that information that is sent by minors under 16 years of age, it will be an essential requirement that it is done with the consent of the parent, the guardian or the legal representative of the minor so that the personal data can be the subject of treatment. If this is not the case, the minor’s legal representative must notify us as soon as he becomes aware of it.

Regarding the capture of images by the video surveillance system, the legitimacy is given by the legitimate interest of preserving the safety of people and property.

To which recipients will your data be communicated?

The data will not be communicated to third parties, unless required by law or necessary to fulfill the purpose of the treatment.

The images in which you appear participating in our activities may be viewed by third parties who access spaces and media in which we promote our services and activities.

What are your rights when you provide us with your data?

  • Anyone has the right to get confirmation as to whether we are dealing or not your personal data.
  • Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which they were collected.
  • In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
  • Also, in certain circumstances and for reasons related to their particular situation, interested parties can object to the processing of their data. In this case we will stop processing them, except for compelling legitimate reasons or for the exercise or defense of possible claims.
  • Those interested also have the right to the portability of their data.
  • Any data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that affect him or her in a similar way.
  • Finally, interested parties have the right to submit a claim to the competent Control Authority.

How can you exercise your rights?

By sending us a letter attaching a copy of a document that identifies you, to our physical or electronic address.

How did we get your data?

The personal data we process comes from the interested party himself, who guarantees that the personal data provided is true and is responsible for communicating any changes. Data marked with an asterisk are mandatory in order to provide the requested service.

What data do we process?

The categories of data that we can treat are:

  • Identification data
  • Postal or electronic addresses
  • image

The data is limited, given that we only process the data necessary for the provision of our services and the management of our activity.

Do we use cookies?

We use cookies during navigation on our website with the user’s consent.

The user can configure his browser to warn him of the use of cookies and to prevent their use. Please visit our cookie policy.

What security measures do we apply?

We apply the security measures established in article 32 of the RGPD, therefore we have adopted the necessary security measures to guarantee a level of security adequate to the risk of the data processing we carry out, with mechanisms that allow us to guarantee confidentiality, integrity, availability and permanent resilience of treatment systems and services.

Some of these measures are:

  • Information on data processing policies to staff.
  • Realization of regular backups.
  • Data access control.
  • Regular verification, evaluation and assessment processes.