PRIVACY POLICY

Introduction

We are highly committed to people’s privacy, and the protection of personal data is of utmost importance to us.

We process data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation), Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), and all applicable legislation.

This Privacy Policy was reviewed in May 2025 to meet information and transparency obligations applicable to the website operator, and to provide any interested party—not only website users—with the general terms regarding data processing. Changes may occur until the next review.

 

Who is responsible for processing your data?

  • Data Controller: Gran Karting Club S.L.
  • Tax ID (NIF/CIF): B‑35079359
  • Email: info@grankartingclub.com

 

What is the origin and type of data we process?

Sources of personal data may include:

  • Paper, electronic, or digital forms
  • Communication systems: email, messaging apps, phone, etc.
  • Other lawful sources

Categories of personal data, depending on stakeholder type (user, client, supplier, employee, candidate, etc.) and nature of activity:

  • Identification data: name, surname, image
  • Identification codes: username, employee ID
  • Contact information: postal or electronic addresses, phone number, social profile
  • Personal and professional characteristics: age, date of birth, qualifications, CV
  • Financial and insurance data: bank details, credit cards, etc.
  • Payroll or work-related details: position, payslip, etc.
  • Transactional data: goods and services supplied or received
  • Special category data: health, trade union membership, racial origin
  • Other necessary or implicit data for performing our services and activities

Mandatory or optional nature:

Data marked as mandatory (e.g. with an asterisk) in forms is required to process a request. Optional fields are voluntary. Users assure the accuracy of given data and must update it if changes occur. Failing to provide required data may prevent optimal service delivery.

 

What purpose do we process your personal data for?

General processing is to enable the normal operation of our business. Specific purposes include:

  • Clients and prospects: managing pre-contractual and contractual relationships; internal admin; financial management; marketing; customer service.
  • Collaborators, creditors, and suppliers: managing and maintaining business relationships, administration, and finance.
  • Employees: managing the employment relationship, HR, internal communications, training, health & safety, time tracking, and other obligations.
  • Candidates: managing CVs, job offers, recruitment.
  • Website and social media users: user support and communication management.
  • Visitors: visitor management and facility access control.

Other general purposes may include:

  • Profiling for personalized offers and communications (under legitimate interest)
  • Video surveillance, for property and personnel safety and workplace control
  • Call recording for security, guarantee, and quality
  • Credit risk analysis and debt collection (legitimate interest)
  • Communications via email or messaging for organizational or promotional purposes
  • Other lawful purposes arising naturally from the company’s activity

 

How long do we keep your data?

  • Data is retained while there is a relationship, unless deletion is requested, liabilities may arise, or legal retention periods apply.
  • Candidate data not deemed professionally relevant is deleted immediately.
  • Retention periods are documented in our internal data protection inventory, ensuring confidentiality upon deletion.

 

Legal grounds for data processing

Processing is based on one or more of the following:

  • Informed consent from the data subject
  • Pre-contractual or contractual necessity
  • Legitimate interest of the controller
  • Compliance with legal obligations
  • Other legally valid grounds

 

To whom will your data be disclosed?

Data is not disclosed to third parties by default, except:

  • Service providers or data processors necessary for delivering services
  • Competent authorities, when legally required
  • Other legitimate stakeholders or third parties under legal obligation

 

What rights do you have regarding your data?

You may exercise the following rights at any time:

  • Access your personal data to confirm whether it is being processed
  • Request rectification or deletion of inaccurate or unnecessary data
  • Request restriction of processing under certain conditions
  • Receive data previously provided in a structured, portable format
  • Object to processing based on your specific situation, except where legitimate grounds prevail
  • Withdraw consent at any time (potentially affecting ongoing contractual relationship but not previous lawful processing)

To exercise your rights, contact us via email or postal address provided. You may also lodge a complaint with the Data Protection Authority.

 

Data security

We adopt technical and organizational measures to ensure confidentiality, integrity, availability, and resilience of data. We process data lawfully, fairly, and transparently per GDPR principles, limiting data to what is necessary.

Where legally permitted, we are not liable for damages caused by third-party system breaches. Any security incident will be reported immediately to relevant authorities.

 

Sending communications or information

We send telematic communications (emails, messages) only when considered relevant or when you have consented. You may opt out at any time via the mechanism provided in the message, in line with Article 22 of Law 34/2002.

 

Social networks

We may maintain official profiles on social networks. This policy applies to data processing of users who follow or engage with these profiles.

Uses include: communication, marketing, user support, event promotion, and interaction.

By following our profiles, you consent to processing data from your public profile.

You should consult the social network’s privacy policies and configure your privacy settings accordingly.

Followers must not post illegal, immoral, discriminatory, or harmful content. We reserve the right to remove content without notice and are not liable for platform-specific security measures.

Minors or persons with special needs should obtain parental or legal consent before using social media or providing personal data. In Spain, children aged under 14 require the holder of parental authority or legal guardians for data processing.

 

Employment and candidate management

Job applicants may submit professional data via forms or email. This data is processed for recruitment within the company or affiliated entities under informed consent or other lawful basis. Unused data or non-relevant applications are deleted with confidentiality. Candidates may revoke consent and exercise their rights at any time.

 

Logo GKC Tr

Booking Contact

+34 636 49 40 49
info@grankartingclub.com

Kids’ Birthday Contact

+34 690 00 31 26
cumples@grankartingclub.com

Av. de Wind Surfing, 0
35100 Bahía Feliz,
Las Palmas

Legal Notice
Privacy Policy
Cookies Policy
Activity Rules

Open 365 days a year

No reservation required

(except for events)

Come straight in and enjoy

Monday to Thursday: 10:00 AM – 8:00 PM

Friday to Sunday: 10:00 AM – 9:00 PM

Kart Gran Canaria
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.