In compliance with current regulations on data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, known as the General Data Protection Regulation (RGPD or GDPR); Organic Law 15/1999, of December 13, on the Protection of Personal Data; Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of Organic Law 15/1999, we inform you that the Data Protection Policy and Privacy Policy of our company, regarding the processing of your personal data, is the following:
Data controller:
The controller of personal data is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
In this case, the data of the person responsible for the treatment are the following:
Identity: Salvador Jordà Vidal
CIF: 40431020X
Postal Address: C/ Santa Clara, 31, Castelló d'Empúries
Phone: +34 972250593
Email address: info@emporiumhotel.com
Salvador Jordà Vidal, as the party responsible for the data and for the website, in accordance with current legal regulations, and specifically with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), as well as Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), we inform you that we have implemented appropriate technical and organisational measures, according to the state of the art and the cost of their application with respect to the risks and nature of the personal data processed, to guarantee and protect the confidentiality, integrity and availability of your personal data.
Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There is a wide variety of information that is considered personal data, for example, name, contact information, identification number, computer IP, etc.
For further information, you can consult the website of the Spanish Data Protection Agency (http://www.agpd.es) or the Catalan Data Protection Authority (http://apdcat.gencat.cat/), among others.
The processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
For what purpose do we process your personal data?
The personal data provided by the interested parties will be used exclusively for the following purposes:
- Reservation, registration and contracting of products: Manage and execute the provision of the services and/or products contracted or requested by the interested parties, as well as the necessary steps to carry out the contractual relationship with the interested party, which includes informing, processing, managing, modifying and any other operation that is necessary for the management of your reservation or purchase, as well as subsequent billing and collection.
Usage analyses can be carried out based on the purchase and reservation history of the same interested party, without any automated decisions being made that have legal effects.
- Book of registration of travellers' entries in hospitality establishments: Collect, manage and send the information established by the current legal regulations regarding the book of registration of travellers' entries in hotel establishments.
- Queries: Respond to, respond to and follow up on queries and requests made by interested parties and/or provide information requested by the user.
- Access to the private area “my reservation”: Manage registration and allow access to the information on the website regarding the status of your reservation, as well as the general administration of the account, which allows you to modify the data of the same, its maintenance, control, management or cancellation, in the event that you have registered as a user.
- Advertising of our own products and services: Sending commercial advertising communications (newsletters) related to our products and services by any means (email, postal mail or telephone), with promotions and discounts, invitations to events organised by the company, etc. in the event that the interested party has accepted and consented to the sending of commercial communications by signing up and subscribing to the Newsletter.
- Completion of unfinished reservations: Contacting the user by any means (email or telephone) in the event that the reservation has not been completed in order to find out the reason why it has not been completed.
- Communicate changes to the privacy policy: Notify or communicate relevant changes to the data protection and privacy policy, legal notice or cookie policy.
- Statistics: Conduct market studies and statistics on our products and services, without any automated decisions being made.
The company informs you that it will not process your personal data for any other purpose than those included in this section, except in cases where there is a legal obligation or judicial requirement.
Your personal data will not be subject to decisions based on automated processing that have legal effects for the data subject.
How long will we retain your personal data?
The personal data that you have provided to us will be kept for the time necessary to carry out the requested or contracted service, and for a maximum period of 5 years from the last confirmation on your part of the existence of interest in us keeping your data.
This is without prejudice to a possible longer retention for the purposes of eventual compliance with legal obligations and for the exercise and monitoring of legal and judicial actions that may be relevant.
After the indicated periods have elapsed, the personal data will be deleted.
The legal basis for the processing of your personal data is the free and legitimate acceptance of the legal relationship by the user at the time of accepting this Personal Data Protection and Privacy Policy.
Likewise, the legitimacy for the processing of your data for each of the purposes of the processing of personal data that have been identified above is detailed below:
-Reservation, registration and contracting of products: The legal basis for the processing of your personal data is the contractual and, where applicable, pre-contractual relationship established between the parties for the execution of the provision of the services and/or products contracted or requested by the interested parties, and specifically, for the execution of the reservation of the services and products of our establishment that you have made, according to the terms and conditions set out in the Terms and Conditions of Contract section as well as compliance with the corresponding commercial, fiscal and accounting obligations. All of this based on the provisions of article 6.1 sections a) and b) of the GDPR.
The refusal to provide the personal data requested for the reservation will therefore make it impossible to carry out the contract or reservation requested. For further information on the contracting of our products and services, please consult the Terms and Conditions section. Once the reservation has been made, the interested party will receive a confirmation email with the reservation details.
-Traveler check-in logbook for hospitality establishments: The legal basis for the processing of your personal data is the legal obligation established in this regard regarding the collection, management and referral to the competent security bodies established in Organic Law 4/2015, of March 30, on the Protection of Citizen Security and other implementing regulations. This is based on the provisions of article 6.1 section c) of the GDPR.
Refusal to provide the requested personal data will therefore make it impossible for you to stay at the establishment.
-Queries: The legal basis for the processing of your personal data is the possibility of responding to queries freely raised by interested parties. This processing is carried out based on the provisions of article 6.1 sections a) and b) of the GDPR.
-Access to the private area “my reservation”: In the event that the interested party has registered as a user to be able to access, consult, modify or cancel the status of “my reservations” from the website, the legal basis for the processing of their data is the contractual or pre-contractual relationship existing between the parties and to allow access to the information on the website relating to the status of their reservation, as well as to modify the data thereof or cancel it, in the event that they have registered as a user, as well as their acceptance and free and express consent to process their data. This processing is lawful based on the provisions of article 6.1 sections a) and b) of the GDPR.
Failure to provide the requested personal data will make it impossible to access said information from the website.
- Advertising of own products and services: In the event that the interested party has checked the corresponding box to accept receiving advertising commercial communications (newsletters), the legal basis for sending advertising about products and services is the interested party's own free and express consent, which may be withdrawn at any time, without the withdrawal of consent for this purpose conditioning the execution of the room reservation contract, if applicable. This processing of personal data is based on the provisions of article 6.1 section a) of the GDPR.
Refusal to provide the requested personal data will therefore make it impossible to subscribe to the newsletter or receive commercial communications with information about our products or services.
We inform you that you have the right to withdraw your consent for this processing at any time, without affecting the legality of the processing based on the consent prior to its withdrawal. If you wish to withdraw your consent, please refer to the section “Rights of interested parties”.
- Completion of unfinished reservations: The legitimacy for processing the data in this case is the acceptance and express consent by the interested party of this treatment so that the company can contact the interested party in the event that a technical incident has occurred at the time of making the reservation or contracting. This processing of personal data is based on the provisions of article 6.1 section a) of the GDPR.
The refusal to provide the personal data requested for the reservation will therefore make it impossible to carry out and conclude the contract or reservation requested.
-Communicating changes to the privacy policy: The legitimacy for processing personal data in this case is based on the convenience of communicating to interested parties any changes that may occur in the company's privacy policy, as well as their free acceptance and consent to this processing, based on the provisions of article 6.1 sections a) ib) of the GDPR.
-Statistics: The legitimacy for processing data to carry out market studies and statistics on our products and services, without in any case making automated decisions with legal effects for the interested party, is the free acceptance and consent of the interested party for this treatment, based on the provisions of article 6.1 sections a) of the GDPR.
We inform you that you have the right to withdraw your consent for this processing at any time, without affecting the legality of the processing based on the consent prior to its withdrawal. If you wish to withdraw your consent, please refer to the section “Rights of interested parties”.
Recipients of data assignments or transfers.
In order to better fulfil the services requested from us, we provide certain data to data processors with whom we have signed the corresponding data protection contracts. In these cases, the data provided is only that which is strictly necessary for the specific activity to be carried out. By way of example only, the services that can be contracted to data processors are listed: IT service providers, security companies, tax, legal or judicial advice, etc. The above list is provided as an example, and the company may use services from companies belonging to other sectors of activity in order to provide quality services. Outside of these cases, no transfer or communication of data has been planned either within or outside the EU.
Information will also be provided to third parties in cases where this is required by current regulations or when judicially required (public administrations, courts and tribunals, security forces and bodies, tax agency, etc.)
Rights of interested parties
We inform you that as an interested party you have the following rights:
-Right of access: any person has the right to know and obtain information about the personal data that we process.
-Right to rectification: interested parties have the right to request the rectification, completion and/or correction of inaccurate, incorrect or incomplete data.
- Right to deletion (also known as the “right to be forgotten”): interested parties, if they consider it appropriate, will have the right to request the deletion of personal data concerning them, among other reasons, when the data is no longer necessary for the purposes for which it was collected.
-Right to cancellation: interested parties may request the cancellation of their data.
- Right to object: interested parties may object to the processing of their data for marketing purposes, including profiling, and in the other cases established in article 21 of the GDPR. If requested, the company will stop processing the data, except for compelling legitimate reasons or to exercise or defend possible claims.
- Right to limit processing: in certain circumstances provided for in article 18 GDPR, interested parties may request the limitation of the processing of their data. In this case, we will only retain them to exercise or defend claims. Specifically, you have the right to limit processing in the following cases:
- the interested party contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the same;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has, on grounds relating to his or her particular situation, objected to the processing of his or her personal data being processed in the public interest or in the exercise of official authority vested in the controller; and/or the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, pending the verification of whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability: interested parties have the right to obtain their personal data in a structured format for common use and machine reading, so that they can be transmitted to another controller, in accordance with Article 20 of the GDPR.
- Right not to be subject to automated individual decisions: data subjects have the right not to be subject to a decision based on the automated processing of their data that produces legal effects.
- Right to withdraw consent: Data subjects have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to its withdrawal. To withdraw your consent to receive commercial communications about our products and services, please see the section “How can you exercise your rights?”. You may also unsubscribe directly every time you receive a commercial communication by email.
Interested parties can obtain additional information about their rights on the website of the Spanish Data Protection Agency (http://www.agpd.es) or on that of the Catalan Data Protection Authority (http://apdcat.gencat.cat/).
How can you exercise your rights?
You can exercise your rights by sending a letter to the postal address (C/ Santa Clara, 31, Castelló d'Empúries) or to the email address (info@emporiumhotel.com), with the subject “Personal Data” attaching a photocopy of your identity document or any similar means established by law.
What avenues of complaint are available to you?
If you consider that your rights have not been adequately addressed, you have the right to file a complaint with the Spanish Data Protection Agency or any competent supervisory authority.
Information processed.
What categories of personal data do we process?
We try to ensure that the information we request is the minimum and necessary for the management of the purposes set out in this Data Protection and Privacy Policy.
Our company may process the following categories of personal data:
- Identification data: name and surname, identification number, country, etc.
- Postal or electronic addresses and telephone number.
- Economic and financial information for the management of the reservation and subsequent billing and collection of the requested service.
- Data relating to the products and services contracted
- Identification codes or keys, if you have registered as a user in the “My reservations” section of the website or in the “Club”.
- Website browsing data. For further information, please refer to the section on Cookies.
No specially protected data or special categories of data are processed.
The categories of interested parties whose personal data we process a priori are persons interested in the products and services of our company, as well as in the contracting or reservation of the same.
The interested party guarantees that the personal data provided is true and is responsible for communicating any changes or errors to the company, and is therefore responsible for the truthfulness and accuracy of the data provided at all times.
In the event that the interested party intends to communicate personal data of third parties, he/she must have previously informed and obtained the consent of the same, in accordance with our Data Protection and Privacy Policy. Therefore, in the event that the user has entered personal data of a third party, he/she declares and guarantees that he/she has the consent of the third party for the communication of his/her data and subsequent processing of the same by our company, as well as that he/she has previously informed the third party whose data he/she provides of the content of this Data Protection and Privacy Policy.
Personal data we collect automatically.
When you visit our websites, we automatically collect certain information, even if no booking or purchase is made. This information may include the IP address, the date and time when you accessed our services, information about the hardware, software or internet browser you use, the language selected, among others.
This information allows us to improve the services and user experience on the website, and to identify possible fraudulent uses and possible attacks on the website's security, as well as to compile statistics on the use and effectiveness of the website. Unless fraudulent use or use against the website's security is detected, this data will not be retained. In no case will automated decisions with legal effects for the user be made based on this information.
For further information, please see the section on Cookies.
Sending communications
Whenever the interested party makes a reservation or contracts a service or product, an email will be sent to them confirming the reservation or contract, with information about it. We may also contact the interested party in order to inform them of any changes or news related to it.
On the other hand, the company may send commercial communications related to the products or services it offers, provided that you have expressly and specifically consented to this by checking the box provided for this purpose or by any other manifestation of express consent in this regard.
The interested party may withdraw their consent to receive any type of commercial communication at any time by sending a communication in accordance with the terms set out in the section “Rights of interested parties”. Likewise, this possibility will also be offered to the interested party in each commercial communication received by email or SMS.
Communication of data by minors
The services offered through the website are only available to adults. Therefore, those who do not meet this condition should refrain from providing personal information on the website.
Links to third party websites
Our website may contain links to websites of third-party companies and entities. Since we cannot be held responsible for the way in which these companies treat the protection of privacy and personal data of their users, we advise you to carefully read the privacy policy statements of these websites that are not owned by the company regarding the use, processing and protection of personal data.
Social media
Our company uses social media to promote its services and products and to share information and experiences with its users and followers.
Since we cannot be held responsible for the way in which these companies handle the protection of privacy and personal data, and each of them has its own policy on the matter, we advise you to carefully read the privacy policy statements of each social network regarding the treatment they carry out with the personal data of their users, before using them.
Changes to the privacy policy
The company reserves the right to modify this Data Protection and Privacy Policy in accordance with the data processing it carries out and with the applicable legislation at any given time, which will be duly reported on the website, and therefore recommends that the interested party review it periodically to be informed of how the company processes and protects their personal data.
Questions and doubts
If you have any questions or concerns about this privacy policy, please contact us by sending an email to info@emporiumhotel.com with the subject “Privacy Policy”.