Declaration on the protection of personal data – From May 2018
1. An overview of data protection
According to the Law on Protection of Personal Data, Law 15/1999 of 13 December (Ley Orgánica 15/1999 de 13 de Diciembre de Protección de Datos de Carácter Personal, hereinafter the Law or LOPD), CANCO Travel Services S.L. (Hereinafter referred to as “CANCO” or “we”) is obliged to inform you as a user that CANCO the personal data you enter or leave via our website www.cancolanzarote.com may be used for the purpose of completing the contract, providing services, products and information and distributing products and services therefore it will be processed electronically and stored in automated form. CANCO has notified that data is collected and stored by CANCO in the Register of the Data Protection Agency (Registro General de la Agencia de Protección de Datos). The way CANCO stores this data has been reviewed by the registry of the Data Protection Agency.
1.1. Consent to the processing and storage of personal data
By using and navigating the website www.cancolanzarote.com, you consent to the collection of personal data as described in section 1. When registering, making bookings, and when requesting other data, CANCO will only request personal data that may be required for the provision and improvement of service, as well as for communication with you. The sections of the website that require the input of data from you are marked with indications that clearly specify whether this data is required (mandatory) or optional. The entry of optional data is voluntarily. It will be indicated in detail if non-input of optional data can lead to restrictions on the quality of service or functionality of the website.
1.3. Data collection on our website
Who is responsible for the data collection on this website?
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form or during the checkout process.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
1.4. Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can prevent it by using certain browser addons. Detailed information can be found at point 5. You also can object to this analysis. We will inform you at point 5 about how to exercise your options in this regard.
2. General information and mandatory information
2.1. Data protection
As operators of this website we take the protection of your personal data very seriously. CANCO is obliged to use the collected personal data in accordance with the legal regulation solely for its own purposes, to treat them confidentially and to take all necessary measures to protect the data against loss, alteration, theft and unauthorized access by a third party.
In accordance with Art. 6 (1) (b) and (f) GDPR, CANCO reserves the right to forward your personal data to authorities or other entitled third parties, if this is necessary for the desired contractual arrangement between you and a contract partner of CANCO (provider) or for other legal reasons.
The collected personal data is processed and stored electronically in an automated way. CANCO is the owner and responsible for the databases used for this purpose.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
2.2. Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
CANCO Travel Services S.L.
Avenida de Tirajana 37, Apdo. Correos 550
35100 Maspalomas – Las Palmas – Spain
Telefon: 0034 633 533 444
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
2.3. Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
2.4. Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the Agencia Espanola de Protección de Datos in Madrid. You can find more information at their website https://www.aepd.es/.
2.5. Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
2.6. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
2.7. Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. credit card number), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, PayPal) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
2.8. Information, blocking, erasure
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. Please use the form below.
2.9. Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data collection on our website
3.2. Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
3.3. Contact form
The following statements equally apply to requests that you send us via our contact Email address “email@example.com”.
Should you send us questions via one of our contact forms, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
3.4. Registration on this website
You can register on our website for a customer account or for the CANCO Affilate Partner Program in order to access additional functions. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
3.5. Leaving comments and reviews on this website
If you use the comment and review function on this site, the time at which you created the comment and your email address will be stored along with your comment, as well as your stars rating and your username.
Storage of the IP address
Our comment function stores the IP addresses of those users who post comments. Since we partially do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.
How long comments are stored
The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).
The comments are stored based on your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
3.6. Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
3.7. Data transmitted when entering into a contract / Excursion booking
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract.
When you order an excursion or incoming service from CANCO, we will forward some of your personal information to contractors for contract creation and fulfillment. The outsourcing of our data processing and the handling of your personal data was regulated in accordance with the legal requirements in the collaboration agreements that CANCO has concluded with the providers. The identity of the provider can be found on the reservation confirmation (see also section 11.2. of our terms and conditions).
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
4. Social media
4.1. Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
4.2. Twitter plugin
Your privacy preferences with Twitter can be modified in your account settings at
4.3. Google+ plugin
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1’d a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users’ +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
4.4. Pinterest plugin
Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest:
5. Analytics and advertising
5.1. Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent the data generated by the Google Analytics cookies about your use of the website from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link:
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
6. Plugins and Tools
6.1. Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at
6.2. CANCO affiliate partner program
9. Payment service providers
Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
To process credit card payments, we use a plug-in from Stripe Payments Europe, Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Co. Dublin, Ireland (“Stripe”).
If you make a credit card payment during an order process, the following information will be sent to Stripe:
Name, country, credit card details, order number, payment amount, date and time of payment and Email address.
Stripe acquires knowledge about the credit card data exclusively for the purpose of processing the payment.