Privacy Policy

This privacy policy is based on the General Data Protection Regulation (GDPR) which came into force on May 25, 2016.

HOTMED 34 SL, like all companies in the HOTMED 34 SL Group, is committed to ensuring that your personal information is protected and not misused.

In this document we explain who is responsible for processing, for what purpose your personal information will be processed, the legitimacy for processing, to whom we can communicate your personal information, how we collect it, why we collect it, how we use it, the rights you have, and also explains the processes we have put in place to protect your privacy.

By providing us with and explicitly authorizing us to manage your personal information, we understand that you have read and understood the terms related to the personal data protection information set forth. In all the companies of the HOTMED 34 SL Group we assume the responsibility of complying with the current legislation on national and European data protection, and we aim to treat your data in a lawful, fair and transparent manner.

CONTROLLER

Identity:

HOTMED 34 SL – CIF: B- 55260343
Postal Address: Carrer de Lladó 55 – 17210 – Calella de Palafrugell (Girona)
Telephone: 972 614 500
E-Mail: reserves@hotelmediterrani.com

PURPOSES

Extended description of the purpose/s of the treatment. The data provided by the clients will be used for:

• Administrative, accounting and tax management.
• Commercial contact by electronic means or regular mail.
• Information to the Authorities according to the current legislation.
• Detection, prevention and fight against fraud.
• Performing statistical analyses, as well as studies on the profile of those who use our products and services and the characteristics of such use.

CONSERVATION

Deadlines or criteria for data retention:

The personal data provided will be retained as long as the relationship as a client with HOTMED 34 SL is maintained and/or its deletion is not requested by the interested party, they will be retained in accordance with the legal deadlines established in tax and accounting matters, taking as a reference the last communication.

DECISIONS

Automated decisions, profiles and applied logic:

The company will NOT make automated decisions, profiles or logic applied to your data.

LEGITIMATION

Legitimation by execution of a contract:

Because the processing is necessary for the management of reservations and administrative management of the use of the hotel services, in which the client is a party, it is stated that the type of relationship in question is a commercial contract.

Since the communication of personal data is a legal or contractual requirement and a necessary requirement to subscribe to the services offered by HOTMED 34 SL, the interested party is informed that he/she is obliged to provide personal data, and also that the consequences of not doing so may entail the non-provision of the requested service.

When obtaining the client's data, HOTMED 34 SL will request the unequivocal and explicit consent for the management of his/her data.

RECIPIENTS

During the duration of the treatment, HOTMED 34 SL will not make any transfer, except for legal obligation, nor any transfer.

Optionally, temporary transfers will be made to IT Service Companies or Data Processors solely for the performance of communication services by HOTMED 34 SL.

Likewise, your personal information will be available to public administrations, judges and courts, to address possible responsibilities arising from the treatment.

RIGHTS

The interested party may exercise the following rights:

• Right to request access to their personal data.
• Right to request rectification or deletion.
• Right to request limitation of their processing.
• Right to object to processing.
• Right to data portability.
• Right to withdraw consent given.

Any person has the right to obtain confirmation as to whether or not the Entity is processing personal data that concerns them. Interested parties have the right to access their personal data, as well as to request rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, interested parties may request that the processing of their data be restricted, in which case we will only retain them for the exercise or defence of claims. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. In this case, the entity will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

If you have given your consent for a specific purpose, you have the right to withdraw the consent given at any time, without affecting the legality of the processing based on the consent prior to its withdrawal.

To do so, you may use the forms provided by the company, or send a letter to HOTMED 34 SL, Postal Address: Carrer de Lladó 55 – 17210 – Calella de Palafrugell (Girona), or you may send an email to: reserves@hotelmediterrani.com. If you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you may file a claim with the competent Data Protection Control Authority through its website: www.agpd.es.

In compliance with the provisions of article 21 of Law 34/2002 on information society services and electronic commerce, if you do not wish to receive more information about our services, you can unsubscribe at the following email address of the entity, indicating in the subject "Do not send emails": reserves@hotelmediterrani.com.

INTERNATIONAL TRANSFER

The personal information we collect resides in Spain. In certain cases, cloud computing services will be contracted outside the European Economic Area, with international data transfers taking place. Those third parties with whom we share your personal information may manage or transfer your personal information outside Spain and the European Union to other countries where they have facilities. In this case, complying with the requirements established by the Spanish Data Protection Agency and the European Union.

We will ensure that both any transfer of your personal information that we or those third parties with whom we share your personal information carry out, as well as the way in which we manage your personal information, comply with the legislation that applies to us. In any case, the transfer, storage and management of your personal information by us will always be governed by this Privacy Policy.

TYPE OF DATA

The personal data that we process at HOTMED 34 SL come directly from you:

The categories of data that are processed are:

• Identification data (Name, Surname, Identification Document number (DNI, Passport, NIF, CIF or similar)
• Postal addresses
• Electronic addresses
• Commercial information
• Financial data of your stays and use of services

Specially protected data is not processed.

DATA PROTECTION

We are committed to protecting your personal information. We use appropriate technical and organisational measures to protect your personal information and your privacy, and we review these measures periodically. We protect your personal information by using a combination of physical, computerised or logical security controls, including access controls that restrict and manage the way in which your personal information and personal data are processed, managed and administered. We also ensure that our employees are properly trained to protect your personal information. Our procedures indicate that we may ask you for proof of identity before sharing your personal information with you.

In accordance with our security and confidentiality guarantee, we are especially interested in offering you the highest level of security and protecting the confidentiality of the personal information you provide us. Therefore, commercial transactions are carried out in a secure server environment under the SSL (Secure Socket Layer) protocol.

The Internet is a means of communication and also a new medium that enables commercial transactions to be carried out over the Internet. Therefore, one of the main concerns of users who use the Internet is the security of data on the network.

An Electronic Commerce transaction is understood to be the entire process of carrying out a commercial agreement, including contact between both parties: customer and company. The aspects that all commercial transactions must meet must be:

• Authentication, which guarantees the legal or physical personality with which we communicate.
• Integrity, that is, that the content of the communication between both parties cannot be modified.
• Confidentiality, which consists of the guarantee that no unauthorized person can know the content of the communication.

When you register on our secure server or make a contract, your personal data, address, and those related to your payment method are incorporated into our database, used only to process your request, as well as to send information about offers and services that may be of interest to you.

DATA LEAK

In the event of a data leak being detected, both the directly affected users and the rest of the users will be informed by email or by post within a maximum period of 72 hours from the detection of the leak.

DATA OF MINORS

Our company does not plan to manage the data of minors. If necessary, it will only be collected with the express authorization of a parent or legal guardian.

SOCIAL NETWORKS

The use of social networks is becoming more and more frequent and is another way of contacting customers.

The information we collect through social networks sometimes includes personal information that is available online and to the public. We always make sure that all the information we use is correctly attributed to its source or is made anonymous.

These social networks are likely to have their own privacy policies, through which they will explain how they use and share your personal information. We encourage you to carefully review their privacy policies before using these social networks to ensure that you are comfortable with how your personal information is collected and shared.