PRIVACY POLICY

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter the GDPR) and the current Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, we hereby inform users of the website http://www.apartohotel-rosales.com/ (hereinafter referred to as the “website”), regarding the processing of personal data which they have voluntarily provided during the process of registering, accessing and using the functions offered by the website.

  1. Identification of the Data Controller

In terms of data protection, Apartahotel Rosales must be regarded as the data controller in relation to the data files and processing operations identified in this privacy policy.

  1. Legitimacy

The processing of users’ data is carried out on the following legal bases, which legitimise such processing, as provided for in Articles 6 and 7 of the GDPR: the user’s free, specific, informed and unambiguous consent, by making this privacy policy available to them; the user must accept this policy by means of a statement or a clear affirmative action, such as ticking a box provided for that purpose; or the performance of a contract for the purchase of a product from Apartahotel Rosales or a service offered by it.

  1. Consent to the processing of personal data

Obtaining the user’s consent is a prerequisite for Apartahotel Rosales to process personal data. Therefore, the features on the website that require access to the user’s personal data may only be used once the user has given their consent.

As provided for in Article 7 of the GDPR, the user’s consent must reflect a freely given, specific, informed and unambiguous indication of their wishes when agreeing to the processing of their data by Apartahotel Rosales. For these reasons, when using the aforementioned functions, the user must tick a box thereby giving their express consent to the processing of their personal data.

  1. Minors

The processing of a minor’s personal data may only be based on their consent if they are aged fourteen or over. In this regard, the processing of data relating to children under the age of fourteen, based on consent, shall only be lawful if consent has been given by the holder of parental authority or guardianship (Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, hereinafter the LOPD).

  1. Purpose of data processing

Apartahotel Rosales will collect only the data that is strictly necessary to fulfil the purposes for which it is collected, in accordance with the principles of data minimisation and purpose limitation set out in Article 5 of the GDPR. Consequently, should the User fail to provide such data, certain functions and content on the website that rely on that data will not be available.

The purposes for which the website needs to collect users’ personal data are as follows:

  • to deal with any enquiries and orders made by the User;
  • the sending of commercial and/or promotional communications by electronic means.
  • In order to use the functions listed, the User must voluntarily provide personal data (primarily identification and contact details), which will be stored in automated data files owned by Apartahotel Rosales.
  • The personal data provided by the User may be used to send newsletters, as well as commercial communications regarding promotions and/or advertising from Apartahotel Rosales, only where the User has previously given their express consent to receive such communications electronically.
  • The collection, storage, modification, organisation and, where applicable, erasure of the data provided by users shall constitute processing operations carried out by the Data Controller, with the aim of ensuring the proper functioning of the website, maintaining the service provision and/or commercial relationship with the User, and for the management, administration, provision of information, delivery and improvement of the service.
  1. Categories of personal data collected

The personal data collected by Apartahotel Rosales comprises any information that the User has provided whilst visiting the website, namely their first name, surname, email address and, in certain cases, the text of any message they have sent to Apartahotel Rosales. Furthermore, when the User visits the website, certain information is automatically stored for technical reasons, such as the IP address assigned by their internet service provider.

  1. Retention of personal data

Any personal data to which access is granted will be processed and retained for as long as a contractual relationship exists or the purpose for which it was collected remains valid. Thereafter, Apartahotel Rosales will retain personal data once the contractual relationship has ended or when such data ceases to be relevant for the purposes for which it was collected, duly blocked, so that it may be made available to the competent public authorities, judges and courts or the Public Prosecutor’s Office during the limitation period for any legal proceedings that may arise from the relationship with the User and/or the retention periods provided for by law. Apartahotel Rosales will proceed to physically delete your data once these periods have elapsed.

Where the User has given their consent to the purposes of data processing set out in this Privacy Policy, Apartahotel Rosales will retain their information provided that the User does not withdraw the consent previously given, via the means indicated above.

  1. Safety measures

The security measures adopted by Apartahotel Rosales are those required by the GDPR, in accordance with the provisions of Article 32. In this regard, Apartahotel Rosales, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, has put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved.

Furthermore, Apartahotel Rosales has put in place additional measures to strengthen the confidentiality and integrity of information within the organisation. It continuously monitors, controls and evaluates its processes to ensure that data privacy is respected.

Although the Data Controller makes backup copies of the content hosted on its servers, it accepts no liability for the loss or accidental deletion of data by users.

  1. Exercising users’ rights

Users who have provided their personal data via the website may contact the website owner in order to exercise, free of charge, their rights of access to, rectification or erasure of, restriction of processing and objection to the data held in its files.

The data subject may exercise their rights by sending a written communication to Apartahotel Rosales, quoting the reference “Data Protection”, specifying their personal details, providing proof of their identity and setting out the reasons for their request. They may also exercise these rights by emailing: arosales@apartohotel-rosales.com. Furthermore, the User has the right to withdraw the consent originally given and to lodge complaints regarding their rights with the Spanish Data Protection Agency (AEPD).

  1. Recipients

The data will not be disclosed to any third party outside Apartahotel Rosales, unless required by law or, in any event, following a request for the User’s consent. Furthermore, Apartahotel Rosales may grant access to or transfer the personal data provided by the User to third-party service providers with whom it has entered into data processing agreements, and who shall only access such information in order to provide a service on behalf of and for the account of the Data Controller.

  1. International transfers

Users’ personal data will not be shared with third parties outside the European Economic Area.

  1. External links

As a service to our visitors, our website may include hyperlinks to other sites that are not operated or controlled by the Website. Apartahotel Rosales therefore does not guarantee, nor is it responsible for, the lawfulness, reliability, usefulness, accuracy or timeliness of the content of such websites or their privacy practices.

  1. Social plugins

This website may contain links and services relating to various social media platforms (for example, Facebook’s ‘Like’ button). If the User is a member of a social media platform and clicks on the relevant link, the social media provider may link their profile data to the information relating to their visit to this website. It is therefore advisable for the User to familiarise themselves with the features and policies regarding the processing of personal data of the relevant social media platform.

  1. Changes to this privacy policy

Apartahotel Rosales reserves the right to amend this policy to bring it into line with new legislation or case law, as well as with industry practices. In such cases, the changes made will be announced on this page a reasonable time before they come into effect. If the changes require the User’s express consent, they will be communicated directly to the User via email, giving them the opportunity to withdraw their consent to the processing of their data.