HOSPES GROUP PRIVACY POLICY
This Privacy and Personal Data Protection Policy is an integral part of the Terms of Use of the website located at the URL www.hospes.com.
Identity of the party responsible for the processing of personal data
The person responsible for the processing of personal data is: GRUPO HOSPES (hereinafter, the data controller).
This privacy policy affects the following group companies:
Hospes Hoteles, S.L. with NIF B62173604 and address at Calle Serrano, 40 4ª D 28001, Madrid.
Traentro XXI, S.L. with NIF B62285994 and address at Avenida Navarro Reverter, 14 46004 Valencia.
Hestia Hoteles S.L. with NIF B31702053 and address at Calle Rafael Altamira, 7 03002 Alicante.
Palacio de los Patos S.L. with NIF B18525907 and address at Calle Serrano, 40 4ª D 28001 de Madrid.
Toralipo S.L. with NIF B57058851 and address at Carretera d'Andratx, 11 07811 Calvià, Mallorca.
Hotel Palacio de los Arenales Gestión S.L. with NIF B86902327 and address at Paseo General Martínez Campos 25, 28010 Madrid.
JML Salamanca 22, S.A. with NIF A82248436 and address at Arroyo de Santo Domingo, 3, 37001 Salamanca.
Your contact details for the purposes of this policy and the content of the Website are as follows:
Address: Calle Serrano 40-4d, 28001, Madrid (Madrid)
Contact email: webmaster@hospes.com
Data Protection Officer (DPO): Plus Corporate S.L.
Email: webmaster@hospes.com
Purposes of the processing for which the personal data is used
The personal data is collected and managed by GRUPO HOSPES in order to facilitate, speed up and fulfil the commitments established between the website and the user or to maintain the relationship established in the forms that the latter fills in or to attend to a request or query.
The data may also be used for the purpose of sending newsletters, as well as informative communications and/or publicity from the HOSPES GROUP.
Categories of personal data
The categories of data processed by the HOSPES GROUP in order to manage the aforementioned processing are: identification data and communication addresses.
We inform you that the data required is essential in order to be able to carry out the services requested, and refusal to supply them will make it impossible to provide them.
The information provided by the User to the HOSPES GROUP through the forms must be exact and truthful. The user guarantees the authenticity of all the data provided and will keep the information given to the HOSPES GROUP up to date so that it corresponds, at all times, to the real situation of the User. In the event of inaccurate, incomplete or false statements communicated by the User, the User will be the only person responsible for any damage that may be caused to the HOSPES GROUP or to third parties as a result.
Legal basis for the processing of personal data
The legal basis for the processing of personal data is the express and explicit consent given by the user in each case, who may withdraw this consent at any time.
With regard to the management of the contracting of services, payment, invoicing, the basis of legitimacy of the processing of your personal data is established in the need for such processing for the execution of the contract.
With regard to the processing of personal data for the sending of information related to the services provided by the company, the legitimate interest of the HOSPES GROUP shall be the basis for legitimisation.
Retention periods for personal data
Personal data will only be retained for the minimum time necessary for the purposes of their processing and, in any case, only for the period necessary for the performance of the service, the expiry and prescription of legal and/or fiscal responsibilities or until the user requests their deletion.
Recipients of personal data
The user's personal data will be shared with the following recipients or categories of recipients: Consultants or booking companies for the management of the service.
In case the controller intends to transfer personal data to a third country or international organisation, the user will be informed about the third country or international organisation to which the data is intended to be transferred, as well as about the existence or absence of an adequacy decision of the Commission.
Personal data of minors
In accordance with the provisions of articles 8 of the RGPD and 7 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, only those over 14 years of age may give their consent to the processing of their personal data in a lawful manner by GRUPO HOSPES. In the case of a minor under 14 years of age, the consent of the parents or guardians will be required for the processing, and this will only be considered lawful to the extent that they have authorised it.
Secrecy and security of personal data
The HOSPES GROUP undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, so as to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.
Personal data shall be treated as confidential by the controller, who undertakes to inform and to ensure by means of a legal or contractual obligation that such confidentiality is respected by his employees, associates, and any other person to whom he makes the information accessible.
Rights deriving from the processing of personal data
The user may exercise the following rights recognised in the RGPD and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights against the data controller:
Right of access: this is the user's right to obtain confirmation as to whether or not the HOSPES GROUP is processing their personal data and, if so, to obtain information about their specific personal data and the processing that the HOSPES GROUP has carried out or is carrying out, as well as, among other things, the information available about the origin of said data and the recipients of the communications made or planned for said data.
Right of rectification: this is the user's right to have their personal data modified if it proves to be inaccurate or, taking into account the purposes of the processing, incomplete.
Right of erasure: is the right of the user, unless otherwise provided for by law, to obtain the erasure of his or her personal data when they are no longer necessary for the purposes for which they were collected or processed; the user has withdrawn his or her consent to the processing and the processing has no other legal basis; the user objects to the processing and there is no other legitimate reason to continue the processing; the personal data have been processed unlawfully; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to erasure, the controller shall, taking into account available technology and the cost of its implementation, take reasonable steps to inform controllers who are processing the personal data of the data subject's request for erasure of any link to those personal data.
Right to restriction of processing: this is the user's right to restrict the processing of his or her personal data. The user has the right to obtain the restriction of processing when he/she contests the accuracy of his/her personal data; the processing is unlawful; the Controller no longer needs the personal data, but the user needs it to make claims; and when the User has objected to the processing.
Right to data portability: where processing is carried out by automated means, the User shall have the right to receive from the Controller his or her personal data in a structured, commonly used and machine-readable format and to transmit it to another Controller. Where technically feasible, the Controller shall transmit the data directly to that other controller.
Right of opposition: this is the user's right not to have his or her personal data processed or to have the processing of such data by the HOSPES GROUP ceased.
The right not to be subject to a decision based solely on automated processing, including profiling.
Users may exercise their rights by writing to the Data Controller at the following address and/or e-mail address:
Postal address: Calle Serrano 40, 4ºD, 28001 Madrid (Madrid)
E-mail: webmaster@hospes.com
Links to third party websites
The web site may include hyperlinks or links that allow access to web pages of third parties other than the HOSPES GROUP and which are therefore not operated by the HOSPES GROUP.
The owners of these websites will have their own data protection policies, being themselves, in each case, responsible for their own files and their own privacy practices.
Data retention in accordance with the LSSI (Spanish Data Protection Act)
The HOSPES GROUP hereby informs you that, as a data hosting service provider and by virtue of the provisions of Law 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce (LSSI), it retains for a maximum period of 12 months the information necessary to identify the origin of the data hosted and the time at which the service was initiated. The retention of this data does not affect the secrecy of communications and may only be used in the framework of a criminal investigation or for the safeguarding of public security, being made available to judges and/or courts or the Ministry that so requires.
Complaints to the supervisory authority
In the event that the user considers that there is a problem or infringement of the regulations in force in the way in which his personal data are being processed, he will have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular, in the State in which he has his habitual residence, place of work or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).
Acceptance and changes to this privacy policy
It is necessary that the user has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that he/she accepts the processing of his/her personal data so that the data controller can proceed in the manner, during the periods and for the purposes indicated. Use of the web site implies acceptance of the Privacy Policy.
GRUPO HOSPES reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a change in legislation, jurisprudence or doctrine of the Spanish Data Protection Agency.