1-WHO IS THE DATA CONTROLLER OF YOUR DATA PROCESSING?
The Data Controller and the owner of the website https://www.costabravahotelsdeluxe.com is ASSOCIACIÓ COSTA BRAVA HOTELS DE LUXE (also referred as the Company or Data Controller) with registered office at C. Turismo, 1 17253 Vall-llobrega (Girona), with tax identification number G55128938, (Our Association or Data Controller)
Data protection contact:
+34 972 600 017
2- PERSONAL DATA WE PROCESS AND PURPOSES
1-Types of personal data we process
We may collect and process the following categories of personal data:
a. Name, title, gender.
b. Your contact details, personal account, as well as your company name and business location including address, phone number, VAT number and your email address.
c. Information on your requests, services, or subscriptions.
d. Personal data of your employees.
e. Information collected when you use our Website and other digital media, if applicable.
When you visit our Website, we may record your IP address, browser type, operating system, originating website and web browsing behavior.
f. Information related to social networks.
g. Information you choose to share with us.
You can choose to share information with us, for example by giving us a comment on Facebook, completing a customer survey, or submitting data for an event.
2-Your personal data will only be used for the following purposes:
a) Carry out the necessary commercial and administrative procedures with the users of the web and our clients.
b) Contact you for contractual negotiations and to process your inquiries.
c) In case of formalizing contracts, purchases, etc., the data shall be used to process the corresponding contracts. In this regard, your data can be shared with third parties as detailed in point 5
d) To send commercial advertising communications by email, social network or any other electronic or physical way, if you have expressly consented to the sending of said commercial communications electronically. If you are our partner, we may send you commercial information related to our services.
e) Communicate with you to answer your questions and process your complaints.
f) Communicate with you to obtain your opinion on the service provided or the quality of our products or services.
g) Likewise, the data collected during browsing is processed in order to provide access to the online content of the website, as well as to respond to the requests of the website users, to keep a record of visit statistics (IP addresses, browser data, country, page accessed, etc.) in order to help us develop better services and products, optimize our offer and provide more effective customer service and improve the design and content of our websites.
h) The data of our partners and /or Suppliers will be processed, within the contractual relationship that binds them with us, in compliance with the administrative, fiscal, accounting and labor obligations that are necessary under current legislation.
i) Objection or revocation. You can object or revoke your consent to receive marketing communications at any time by following the instructions in the relevant marketing communication or by contacting us at firstname.lastname@example.org.
j) If you fill in any of the forms provided on our Website or in any other way, it will be necessary to provide certain personal data, which will be processed for the purpose for which they are requested.
k) The personal data of our staff will be used to comply with the corresponding labor and contractual obligations.
In accordance with the LSSICE, we inform you that GRUP COSTA BRAVA does not perform SPAM practices, therefore, it does not send commercial emails by e-mail if it does not have the necessary legitimacy. In any case, you will always have the possibility to withdraw your consent to receive our communications.
We shall not process your personal data for any other purpose than those described except by legal obligation or judicial requirement.
You shall not be the subject of decisions based on automated treatments that produce effects on your data.
3-WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR DATA?
The legal basis for the processing of your personal data is:
Performance of a contract: this is when the processing of your personal information is necessary to perform our obligations under a contract.
Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency, or in relation to the systems for prevention of money-laundering.
Legitimate interests: we shall process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interests.
Your express consent: in some cases, we would ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting our ASSOCIATION at email@example.com.
The legal basis for the processing of the personal data of the suppliers is based on the contractual relationship that is generated when we contract with them.
Any communication sent will be incorporated into the information systems of our Association.
- Sending commercial and / or promotional communications in response to your request for information by any means that you have provided us.
- Sending any information, including commercial information on news, news, fairs, activities, etc. and all that information related to our activities and related to the products purchased or the services contracted by our clients.
The User is informed that the means enabled by our Association to communicate with clients and others affected are corporate landlines and mobile phones and the corporate or customer service email provided on our website.
If you send personal information through a means of communication other than those indicated on this website or by any other means provided by our Association, you will be exempt from liability in relation to the security measures provided by the means in question.
4. DATA RETENTION. ¿How long shall we keep your personal data?
The personal data you provide us shall be kept for the time necessary to manage the information you request, or as long as there are contractual obligations deriving from services or content requested by users and subsequently until the expiration of legal, contractual or professional responsibilities that require its retention.
Once the data has met the needs for which it was collected, we will delete it permanently. However, we will keep your data longer if necessary, to comply with legal obligations. Likewise, it may be necessary to keep them for the time necessary until the prescription of the legal responsibilities that are generated.
5. DATA RECIPIENTS
Your personal data will be included in the Grup Costa Brava Centre database including COSTA BRAVA CENTRE SCCL, UNIÓ D’EMPRESARIS D’HOSTALERIA I TURISME COSTA BRAVA CENTRE, COSTA BRAVA VERD HOTELS SCCL, PETITS GRANS HOTELS DE CATALUNYA, S.L., ASSOCIACIÓ CUINA DE L’EMPORDANET, ASSOCIACIÓ CENTRES TURÍSTICS SUBAQUÀTICS.
Your Personal Data will be processed by duly authorized personnel, and, if necessary or practical to fulfill the purposes indicated above, they may be processed, in certain cases, by third parties.
The categories of recipients to whom your Personal Data may be communicated are the following:
a. Data processors, such as IT providers, consultants, and other companies.
b. Public entities and Authorities, exclusively for the purpose of complying with legal and regulatory obligations, as well as the requirements of the police authorities if is requested.
c. Other suppliers to whom, where appropriate, your personal data may be transferred, when is necessary for our normal operation, as financial institutions, and insurers, among others.
In any case, all of them will have signed, in advance, the corresponding confidentiality commitment in accordance with current regulations on the protection of personal data or are subject to the duty of professional secrecy
6. RIGHTS ¿what are your rights when you provide us with your data?
If you wish to exercise the rights that the data protection regulations grant you, please send us an e-mail to the following address firstname.lastname@example.org putting in the subject the right you want to exercise and attaching a copy of your national identity document or passport.
The Rights that the current regulations recognize and that, where appropriate, may be exercised are:
Right of access to data:
You have the right to be informed by the Data Controller if your personal data is being processed or not, and if the process is confirmed, you shall be able to access it by providing the following information:
- The purposes of processing.
- The categories of data.
- The term or criteria for data retention.
Right to rectification:
You will have the right to request the Data Controller to rectify your data when they are inaccurate or incomplete by means of an additional rectifying statement.
Right to Erasure:
The data subject shall have the right to request the Data Controller to erase its data, when:
- The processing is illegal.
- The data subject has withdrawn its consent.
- They are no longer necessary in relation to the purposes for which they were collected or processed.
- The data subject has exercised the right of opposition and other legitimate reasons for the processing do not prevail.
- The data must be erased to fulfill a legal obligation of the Data Controller.
The data subject shall not have the right to request the Data Controller to erase their data when the processing is necessary:
- To exercise the right to freedom of expression and information.
- To fulfill a legal obligation of the Data Controller.
- For the preparation, exercise, or defense of claims.
- For public interest based on current legislation for public health reasons or for historical, statistical or scientific research purposes.
Right to data portability:
You have the right to request the Data Controller to transfer your data to another Data Controller or to the same data subject, through a structured format of usual use and mechanical reading, when the processing is carried out by automated means and is based on:
- The consent of the data subject for specific purposes.
- The execution of a contract or pre-contract with the data subject.
The right to data portability will not apply when:
- The transmission is technically impossible.
- It can negatively affect the rights and freedoms of third parties.
- The processing has a public interest mission based on current legislation.
Right to restriction of processing:
1.The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
the processing is unlawful, and the data subject opposes the erase of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Right of opposition:
The data subject shall have the right to object to processing of personal data, on grounds relating to his or her situation, at any time. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right not to be subject to profiling:
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, mainly when is referred to the following personal aspects:
- Professional performance.
- Economic situation.
- Preferences or personal interests.
- Location or movements of the person.
When profiling is based solely on automated processing:
- The data subject will have the right to be informed if the decision that can be taken could have legal effects that significantly affect him.
- The data subject will have the right to obtain human intervention from the Data Controller, to express their point of view and to challenge the decision, if the processing has been authorized by:
- The explicit consent of the data subject.
- A contract between the Responsible and the data subject.
This right shall not apply if the decision:
- is necessary for entering, for the performance of a contract between the data subject and a data controller;
- is authorized by European Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on the data subject’s explicit consent.
7- SUPERVISORY AUTHORITY:
If you consider that our Association has violated any of your rights protected by the personal data protection regulations or that it has violated any obligation regarding the protection of Personal Data, you have the right to submit a claim to the competent Supervisory Authority which in Spain is the Spanish Agency for Data Protection located at Calle Jorge Juan, 6. 28001 – Madrid. Tel. 901 100 099 – 912 663 517
You can also submit an electronic claim through the electronic address that is available on their website https://www.aepd.es/
8. GOVERNING LAW AND JURISDICTION
It is also governed by Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights. Likewise, our website is governed by Law 34/2002, of July 11, on Information Society and Electronic Commerce Services.
Any dispute arising from matters relating to the Website, or our actions shall be exclusively subject to the jurisdiction of the courts of the city of Barcelona.
9. ADDITIONAL INFORMATION
The data you provide will be processed confidentially. Our Association has adopted all the technical and organizational measures and all the necessary levels of protection to guarantee the security in the treatment of the data and avoid its alteration, loss, theft, treatment or unauthorized access, according to the state of technology and nature of the stored data. Likewise, it is also guaranteed that the processing and registration in files, programs, systems or equipment, premises and centers comply with the requirements and conditions of integrity and security established in current regulations.
We inform you that our Association may have a presence on social networks. The processing of the data that is carried out of the people who become followers on social networks (and / or carry out any link or connection action through social networks) of the official Association pages will be governed by this section , as well as those conditions of use, privacy policies and access regulations that belong to the social network that is appropriate in each case and previously accepted by the user.
Our Association will process your data for the purpose of correctly managing your presence on the social network, informing you of the provider’s activities, products or services, as well as for any other purpose that the regulations of the Social Networks allow.
The following publications are prohibited:
- Publication allegedly illegal by National, European, or International regulations or that they carry out activities that are allegedly illegal or contravene the principles of good faith.
- That violate the fundamental rights of people, lack of courtesy in the network, annoy or may generate negative opinions in our users or third parties and in general whatever the content that Our Association considers inappropriate.
- And in general, that contravene the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of private life, consumer protection and intellectual and industrial property rights.
Likewise, our Association reserves the right to withdraw, without prior notice from the website or the corporate social network, those contents that are considered inappropriate.
The communications sent through social networks will be incorporated into a file owned by our Association, being able to send you information of interest.
In any case, if you send personal information through the social network, our Association. will be exempt from liability in relation to the security measures applicable to this platform, and if the user wants to know them, consult the corresponding conditions of the network in question.