In compliance with current data protection regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD), we inform you that our company's Data Protection Policy and Privacy Policy, with regard to the processing of your personal data, is as follows:
CONTROLLER OF PERSONAL DATA:
The controller of personal data is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.
In this case, the data controller's details are as follows:
Identity: Hotel Tramuntana
CIF: A-17567033
Postal Address: Carrer de la Paborderia, 61, 17486 Castelló d'Empúries, Girona (Spain)
Telephone: +34 972 654 323
Email address: info@hoteltramuntana.com
Hotel Tramuntana, as the data controller and website owner, in accordance with current legislation, and specifically with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), as well as Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce (LSSICE), informs you that we have implemented appropriate technical and organizational measures, according to the state of the art and the cost of their application with respect to the risks and the nature of the personal data processed, to guarantee and protect the confidentiality, integrity and availability of your personal data.
PERSONAL DATA:
Personal data is any information relating to an identified or identifiable natural person ("the data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There is a wide variety of information that is considered personal data, for example, name, contact information, identification number, computer IP address, etc.
For more information, you can consult the website of the Spanish Data Protection Agency or the Catalan Data Protection Authority, among others.
PROCESSING OF PERSONAL DATA:
The processing of personal data is considered to be any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
PURPOSE OF DATA PROCESSING:
For what purpose do we process your personal data?
The personal data provided by the interested parties will be used exclusively for the following purposes:
- Booking, registration, and product purchase: To manage and execute the provision of services and/or products contracted or requested by interested parties, as well as the necessary steps to carry out the contractual relationship with the interested party. This includes informing, processing, managing, modifying, and any other operation necessary for managing their booking or purchase, as well as subsequent invoicing and payment. Usage analyses may be performed based on the purchase and booking history of the same interested party, but in no case will automated decisions be made that have legal effects.
- Guest registration book for hotel establishments: Collect, manage and submit the information established by current legal regulations regarding the guest registration book for hotel establishments.
- Inquiries: To attend to, respond to and follow up on inquiries and requests made by interested parties and/or provide information requested by the user.
- Access to the private area “my reservation”: Manage registration and allow access to the information on the website regarding the status of your booking, as well as the general administration of the account, which allows you to modify the data of the account, its maintenance, control, management or cancellation, in the case that you have registered as a user.
- Advertising of our own products and services: Sending commercial advertising communications (newsletters) related to our products and services by any means (email, postal mail or telephone), with promotions and discounts, invitations to events organized by the company, etc., provided that the interested party has accepted and consented to the sending of commercial communications by registering and subscribing to the Newsletter.
- Completion of incomplete bookings: Contact the user by any means (email or telephone) in the event that the booking has not been completed in order to find out the reason why it has not been completed.
- Job Bank: To assess and manage your curriculum vitae and the academic and professional data you have provided to us, for the selection processes you have registered for or those that suit your professional profile, and to carry out the necessary actions for the selection and hiring of personnel, including contacting you to expand the information or arrange an interview, in the event that the interested party has registered on the form to work with us and/or has provided us with their curriculum vitae.
- Communicating changes to the privacy policy: Notifying or communicating relevant changes to the data protection and privacy policy, legal notice, or cookie policy.
- Statistics: Conducting market research and statistics on our products and services, without in any case making decisions in an automated manner.
The company informs you that it will not process your personal data for any other purpose except those listed in this section, except in cases where there is a legal obligation or judicial requirement.
Your personal data will not be subject to decisions based on automated processing that have legal effects for the data subject.
How long will we keep your personal data?
The personal data you have provided will be kept for the time necessary to carry out the requested or contracted service, and up to a maximum period of 5 years from the last confirmation by you of the existence of interest in us keeping your data.
This is understood without prejudice to a possible longer retention period for the purposes of eventual compliance with legal obligations and for the exercise and monitoring of any legal and judicial actions that may be relevant.
Once the indicated periods have elapsed, the personal data will be deleted.
LEGAL BASIS FOR PROCESSING YOUR DATA:
The legal basis for the processing of your personal data is the free and legitimate acceptance of the legal relationship by the user at the time of acceptance of this Personal Data Protection and Privacy Policy.
Likewise, the legal basis for processing your data for each of the purposes of personal data processing identified above is detailed below:
- Booking, registration, and product purchase: The legal basis for processing your personal data is the contractual and, where applicable, pre-contractual relationship established between the parties for the provision of the services and/or products contracted or requested by the interested parties, and specifically, for processing your booking of services and products at our establishment, according to the terms and conditions set out in the Terms and Conditions of Purchase section, as well as compliance with applicable commercial, tax, and accounting obligations. All of this is based on the provisions of Article 6.1, paragraphs a) and b) of the GDPR.
- Refusal to provide the personal data requested for the booking will therefore make it impossible to complete the requested contract or booking. For further information on contracting our products and services, please consult the Terms and Conditions section. Once the booking is made, the interested party will receive a confirmation email with the booking details.
- Guest registration book for hotels and other accommodation establishments: The legal basis for processing your personal data is the legal obligation established in Organic Law 4/2015 of March 30, on the Protection of Public Safety, and other implementing regulations, regarding the collection, management, and transmission of this data to the competent law enforcement agencies. This is based on the provisions of Article 6.1(c) of the GDPR. Refusal to provide the requested personal data will therefore make it impossible to stay at the establishment.
- Inquiries: The legal basis for processing your personal data is the ability to respond to inquiries freely submitted by interested parties. This processing is carried out in accordance with Article 6.1, paragraphs a) and b) of the GDPR.
- Access to the private "My Booking" area: If you have registered as a user to access, view, modify, or cancel the status of your "My Bookings" on the website, the legal basis for processing your data is the existing contractual or pre-contractual relationship between the parties. This allows you to access the information on the website regarding the status of your booking, as well as modify or cancel it, provided you have registered as a user. Your free and explicit consent to the processing of your data is also required. This processing is lawful under Article 6.1(a) and (b) of the GDPR. Refusal to provide the requested personal data will prevent access to this information from the website.
- Advertising of our own products and services: If you have checked the box to accept receiving commercial advertising communications (newsletters), the legal basis for sending advertising about products and services is your own free and explicit consent, which you may withdraw at any time. Withdrawing your consent for this purpose will not affect the execution of any room reservation agreement. This processing of personal data is based on Article 6.1(a) of the GDPR. Refusal to provide the requested personal data will therefore prevent you from subscribing to the newsletter or receiving commercial communications with information about our products or services. Please note that you have the right to withdraw your consent for this processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent, please see the section "Data Subject Rights."
- Completion of incomplete bookings: The legal basis for processing data in this case is the express acceptance and consent of the data subject for this processing, which allows the company to contact them in the event of a technical issue that occurred during the booking or contracting process. This processing of personal data is based on Article 6.1(a) of the GDPR. Refusal to provide the personal data requested for the booking will therefore prevent the execution and completion of the requested contract or booking.
- Job Bank: If you have registered using the form to work with our company and/or have provided us with your curriculum vitae, the legal basis for processing your data is your free acceptance and consent to the processing of your personal data and the evaluation and management of your job application, all in accordance with Article 6.1(a)(ib) of the GDPR. Refusal to provide the requested personal data will make it impossible to manage and process your job application.
- Communicating changes to the privacy policy: The legal basis for processing personal data in this case is based on the convenience of communicating to interested parties any changes that may occur in the company's privacy policy, as well as their free acceptance and consent for this processing, based on the provisions of Article 6.1 a) ib) of the GDPR.
- Statistics: The legal basis for processing data for market research and statistical analysis of our products and services, without any automated decisions being made with legal effects for the data subject, is the data subject's free and informed consent for this processing, as established in Article 6.1(a) of the GDPR. We inform you that you have the right to withdraw your consent for this processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent, please see the section "Data Subject Rights".
RECIPIENTS OF ASSIGNMENTS OR TRANSFERS OF DATA:
Your personal data will be communicated to other companies in the business group for purposes related to the processing of personal data of customers or users.
To ensure the best possible service delivery, we share certain data with data processors with whom we have signed the corresponding data protection agreements. In these cases, the data shared is limited to what is strictly necessary for the specific activity to be performed. By way of example only, the services that may be contracted from data processors include: IT service providers, security companies, and tax, legal, or other advisory services. This list is provided as an example; the company may use services from companies in other sectors to provide you with quality services. Outside of these examples, no transfer or disclosure of data is planned, either within or outside the EU.
Information will also be provided to third parties in cases where this is imperatively established by current regulations or when judicially required (public administrations, courts and tribunals, security forces and bodies, tax agency, etc.)
RIGHTS OF INTERESTED PARTIES:
We inform you that, as an interested party, you have the following rights:
- Right of access: anyone has the right to know and obtain information about the personal data we process.
- Right of rectification: interested parties have the right to request the rectification, supplementation and/or correction of inaccurate, incorrect or incomplete data.
- Right to erasure (also known as the “right to be forgotten”): Interested parties, if they deem it appropriate, will have the right to request the erasure of personal data concerning them, among other reasons, when the data are no longer necessary for the purposes for which they were collected.
- Right of cancellation: interested parties may request the cancellation of their data.
- Right to object: Data subjects may object to the processing of their data for marketing purposes, including profiling, and in the other cases established in Article 21 of the GDPR. If requested, the company will cease processing the data, except for compelling legitimate grounds or for the establishment, exercise, or defense of legal claims.
- Right to restriction of processing: Under certain circumstances provided for in Article 18 of the GDPR, data subjects may request the restriction of the processing of their data. In this case, we will only retain them for the establishment, exercise, or defense of legal claims. Specifically, you have the right to restrict processing in the following cases:
- The interested party may contest the accuracy of the personal data, within a period that allows the controller to verify its accuracy.
- The processing is unlawful and the interested party opposes the erasure of the personal data and requests instead the restriction of its use.
- The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing on grounds relating to his or her particular situation; or to the processing of his or her personal data being based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, pending the verification of whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability: Data subjects have the right to obtain their personal data in a structured, commonly used and machine-readable format, so that they can transmit it to another controller, in accordance with Article 20 of the GDPR.
- Right not to be subject to automated individual decisions: Interested parties have the right not to be subject to a decision based on the automated processing of their data that produces legal effects.
- Right to withdraw consent: Data subjects have the right to withdraw their consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
To withdraw your consent to receive marketing communications about our products and services, please see the section “How can you exercise your rights?”. You can also unsubscribe directly each time you receive a marketing email.
Those interested can obtain additional information about their rights on the website of the Spanish Data Protection Agency or on that of the Catalan Data Protection Authority.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise your rights by sending a written request to the postal address Carrer Mas del Pla, 7, 17700 La Jonquera, Girona (Spain) +34 972502703 or to the email address info@hoteltramuntana.com, with the subject “Personal Data” attaching a photocopy of your identity document or any analogous means established by law.
WHAT COMPLAINT CHANNELS ARE AVAILABLE?
If you believe that your rights have not been adequately addressed, you have the right to file a complaint with the Spanish Data Protection Agency or any other competent supervisory authority.
INFORMATION PROCESSED:
What categories of personal data do we process?
We strive to ensure that the information we request is the minimum necessary for managing the purposes outlined in this Data Protection and Privacy Policy.
Our company may process the following categories of personal data:
- Identifying information: name and surname, identification number, country, etc.
- Postal or email addresses and telephone number.
- Financial and economic information, for the management of the reservation and subsequent billing and collection of the requested service.
- Data relating to the products and services contracted (hotels booked, frequency, duration of stay, hotels booked in advance, etc.).
- Identification codes or keys, if you have registered as a user in the "My Bookings" section of the website or in the "Club".
- Academic and employment information, in case you have decided to apply for a job or send us your curriculum vitae.
- Website browsing data. For more information, see the section on Cookies.
No specially protected data or special categories of data are processed.
The categories of interested parties whose personal data we process are, in principle, those interested in our company's products and services, as well as in contracting or booking them. We also consider interested parties those who register on our job portal or submit their curriculum vitae.
The interested party guarantees that the personal data provided is truthful and is responsible for communicating to the company any modification or error in them, therefore being responsible for the truthfulness and accuracy of the data provided at all times.
If the interested party intends to communicate personal data of third parties, they must first inform and obtain the consent of those parties, in accordance with our Data Protection and Privacy Policy. Therefore, if the user has entered personal data of a third party, they declare and guarantee that they have the third party's consent for the communication and subsequent processing of their data by our company, and that they have previously informed the third party whose data they are providing of the content of this Data Protection and Privacy Policy.
Personal data that we collect automatically:
When you visit our website, we automatically collect certain information, even if you don't ultimately make a booking or purchase. This information may include your IP address, the date and time you accessed our services, information about the hardware, software, or internet browser you use, your language selection, and other details.
This information allows us to improve services and the user experience on the website, identify potential fraudulent use and security threats, and compile statistics on website usage and effectiveness. Unless fraudulent or security breaches are detected, this data will not be retained. Under no circumstances will automated decisions with legal consequences for the user be based on this information.
For more information, see the section on Cookies.
SENDING COMMUNICATIONS:
Whenever you make a reservation or purchase a service or product, you will receive an email confirming your booking or purchase, along with relevant information. We may also contact you to inform you of any changes or updates related to your booking or purchase.
On the other hand, the company may send commercial communications related to the products or services it offers provided that it has been expressly and specifically consented to by validating the box enabled for this purpose or by any other manifestation of express consent in this regard.
The data subject may withdraw their consent to receive any type of commercial communication at any time by sending a communication in accordance with the terms set out in the section “Rights of Data Subjects”. This option will also be offered to the data subject in each commercial communication they receive via email or SMS.
COMMUNICATION OF DATA BY MINORS:
The services offered through this website are only available to adults. Therefore, those who do not meet this requirement should refrain from providing personal information on the website.
LINKS TO THIRD-PARTY WEBSITES:
Our website may contain links to websites of third-party companies and entities. Since we cannot be held responsible for how these companies handle the protection of privacy and personal data of their users, we advise you to carefully read the privacy policies of these websites that are not owned by our company regarding the use, processing, and protection of personal data.
SOCIAL MEDIA:
Our company uses social media to promote its services and products and to share information and experiences with its users and followers.
Since we cannot be held responsible for how these companies handle privacy and personal data protection, and since each has its own policy on the matter, we advise you to carefully read each social network's privacy policy statements regarding how they handle users' personal data before using them.
CHANGES TO THE PRIVACY POLICY:
The company reserves the right to modify this Data Protection and Privacy Policy in accordance with the data processing it carries out and with the applicable legislation at any given time, which it will duly inform on the website, so it recommends that the interested party review it periodically to be informed of how the company processes and protects their personal data.
QUESTIONS AND DOUBTS:
If you have any questions or concerns about this privacy policy, please contact us by sending an email to info@hoteltramuntana.com with the subject line “Privacy Policy”.