You declare that the data you provide us with, now or in the future, is correct and true, and you undertake to inform us of any changes in this data. Should you be providing us with the data of third parties, you undertake to obtain the full prior consent of those concerned, and to inform them of the contents of this policy.
In general, the fields of our forms marked as mandatory must of necessity be completed for us to be able to deal with your requests.
- Who controls the processing of your personal data? The data controller for the processing of data obtained from this website is:
Data controller: Hotel Urso S.L. (hereinafter the HOTEL)
Postal address: Zurbano 45, 1º, 28010 Madrid
Email address: firstname.lastname@example.org
Tel no.: +34 914 444 458
- What do we process your data for and what is the legal basis for this?
- The management of our relationship with guests and users: we process the data that our guests,
customers and users provide in the course of their enquiries for us to deal with their requests.
This processing is required to ensure the implementation of our legal relationship with users of The Site and for the application of any precontractual measures requested.
- Management of accounts: we process the data that our users provide us with in the registration form on The Site, as well as those they register in their profile, to create and administer their accounts and to give them access to the functionalities available to registered users.
- Management of reservations of accommodation and service: Data provided in booking forms for accommodation, or to contract services, will be processed for the management of these bookings and the provision of the requested services. The categories of data that we process for these purposes are as follows:
- Identification data (first names, surnames, and ID card, or passport number) and contact details (address, email address, and telephone number) of the booking holder.
- Details of the booking itself, the voucher, or the requested service.
- Financial and transaction details.
The processing of this data is necessary to ensure the provision of the services requested, the implementation of the accommodation contract, and for the application of any precontractual measures requested.
Financial data and those concerning transactions of goods and services shall be processed for purposes of accounting and administrative management, and to enable compliance with our legal obligations in accounting and fiscal areas.
- Sending out commercial communications and management of distribution lists: We process identification and contact data provided by our customers and by those people who register on our distribution lists so they can be sent communications about our products and services.
This processing has its legal basis in the consent requested. Not giving your consent to this or withdrawing it does not affect your reservation or the provision of the services contracted.
You may request that your data ceases to be processed for commercial purposes by sending an email to the following email address: email@example.com.
- Administration and management of website security: we process browsing data (IP addresses or log files) to administer and manage the security of The Site and its areas of restricted access.
This processing has its legal basis in our legitimate interest in guaranteeing the security of The Site. This interest is expressly recognised in Recital no. 49 of the General Data Protection Regulation (GDPR). To assess this interest with respect to your rights and freedoms, we have taken into account that this processing corresponds to generalised security practices and fails to pose significant threats to interested parties.
- Statistical purposes and quality management: with the aim of evaluating and managing the quality of our services and products, we process identification data and contact details provided by our customers in their requests and suggestions. We also compile statistics based on aggregate data obtained from transaction data and from browsing data, e.g. IP addresses, weblogs, websites visited, and actions carried out on The Site. For more information, see our cookies policy.
This processing has its legal basis in our legitimate interest in evaluating and managing the quality of our services and products. To assess this interest with respect to your rights and freedoms, it was decided that this processing had a limited impact on the privacy of the interested parties, matched their reasonable expectations, and did not pose a significant threat.
- Who do we pass your data on to?
Your data shall only be passed on to third parties under legal obligation, with your consent, or when your request involves such disclosure.
- How long will we keep your data?
Generally speaking, your data will be kept for the life of the relationship you have with us and, in all cases, for the times laid down in the relevant statutory requirements, for example in accounting and fiscal issues, and for the time required to respond to any possible liability claims arising from this processing. We shall erase your data when it is no longer necessary or relevant for the purposes for which it was collected.
Logs of access to restricted areas of The Site shall be deleted a month after their creation.
Information concerning browsing shall be erased when the connection with The Site is over and the statistics have been compiled.
Data processed for commercial ends shall be kept until its erasure is requested.
- What are your rights?
You have the right to seek confirmation as to whether we are processing your personal data or not, and if so, access it. Likewise, you may request that the data be rectified if it is inaccurate or be completed if it is incomplete. You may also ask for the data to be erased, if, among other reasons, the data is no longer required for the purposes it was originally collected for.
Under certain circumstances, you may request the restriction of the processing of your data. In this case, we will only process the data in question for the establishment, exercise, or defence of legal claims, or for the protection of the rights of other people.
Under certain circumstances, and on grounds relating to your particular situation, you may also object to the processing of your personal data. In this case, we shall cease to process the data, unless there are compelling legitimate grounds that prevail over your interests, rights, and liberties, or for the establishment, exercise, or defence of legal claims.
Furthermore, and under certain conditions, you may request portability of your data so that it is passed on to another data controller.
You may withdraw the consent you had given for certain purposes, at any time, without this affecting the legality of the processing based on the consent given prior to its withdrawal.
Likewise, you have the right to file a claim with a data protection authority.
We would like to inform you that the European Regulation of the Protection of Personal (GDPR) similarly recognises the right to the portability of your data.
You also have the right to oppose the adoption of decisions based solely on automated processing that produce legal effects concerning you, or which similarly affect you, when this right coincides with the provisions laid down in Article 22 of Regulation (EU) 2016/679.
To exercise your rights, you have to send us a request to this effect, by post or by email, together with a copy of your official, national identity card, passport, or other valid document that identifies you. This request should be sent to the addresses given in the section “Who controls the processing of your personal data?”
You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency at www.aepd.es.