PRIVACY POLICY
PRIVACY POLICY – EXTENDED INFORMATION
The Privacy Policy is part of the General Conditions that govern the website www.posadaterrasanta.com along with the Cookie Policy and the Legal Notice. HIDDEN AWAY HOTELS SL reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the website. In the event that a user has registered on the website and accesses their account or profile, upon accessing it, they will be informed in the event that there have been substantial modifications regarding the processing of their personal data.
Who is responsible for processing your data?
The data collected or provided voluntarily through the Website, whether by browsing it, as well as all those that you may provide us in the contact forms, via email or by phone, will be collected and processed by the Data Controller, whose details are indicated below:
HIDDEN AWAY HOTELS SL, VAT: B57676108
C/ Echegaray, 8, 28014, Madrid.
HOTEL POSADA TERRA SANTA, C/De la Posada Terra Santa, 5, 07001, Palma de Mallorca, Illes Balears.
Registered in the Commercial Register of Palma de Mallorca, Volume 2433, Folio 106, Sheet 66229.
Contact at HIDDEN AWAY HOTELS S.L for the protection of your personal data
Phone: 910 56 93 54
Data Protection Delegate Contact: [email protected]
If, for any reason, you want to contact us regarding any issue related to the processing of your personal data or privacy (with our Data Protection Delegate), you can do so through any of the means indicated above.
What data do we collect through the website?
Simply by browsing the Website, HIDDEN AWAY HOTELS S.L will collect information regarding:
– IP address.
– Browser version.
– Operating system.
– Duration of the visit or navigation on the Website.
This information is stored using Google Analytics, so we refer to Google’s Privacy Policy, as it collects and processes such information. http://www.google.com/intl/en/policies/privacy/
Similarly, the Website provides the use of Google Maps, which may have access to your location, if you allow it, in order to provide you with greater specificity about the distance and/or routes to our premises. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and processing of such data http://www.google.com/intl/en/policies/privacy/
The information we handle will not be related to a specific user and will be stored in our databases for the purpose of conducting statistical analysis, improving the Website, our products and/or services, and will help us improve our commercial strategy. The data will not be communicated to third parties.
User registration on the website / Form submission
To access certain services, such as booking, it is necessary for the user to fill out a form. For this, personal data is requested in the registration form. The data is necessary and mandatory to carry out such registration. If such fields are not provided, the registration will not be carried out.
In this case, the browsing data will be associated with the user’s registration data, identifying the same user who browses the Website. In this way, the offer of products and/or services that, in our opinion, best suits the user can be personalized.
The registration data of each user will be incorporated into the databases of HIDDEN AWAY HOTELS S.L, together with the history of operations carried out by the same, and will be stored in them until the registered user account is deleted. Once such an account is deleted, this information will be removed from our databases, keeping data related to transactions made for 10 years, without being accessed or altered, in order to comply with the legally effective deadlines. Data that are not linked to transactions made will be kept unless consent is withdrawn, in which case they will be immediately deleted (always taking into account legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties. Regarding the sending of electronic communications and promotions and responding to requests for information, the legitimacy of the processing is the user’s consent.
The purposes of the data processing will be as follows:
a) Manage your access to the Website.
b) Manage the purchase of services available to you through the Website.
c) Keep you informed about the processing and status of your requests, purchases, and/or reservations.
d) Respond to your information request.
e) Manage all the utilities and/or services offered by the platform to the user.
Thus, we inform you that you may receive communications via email and/or on your phone, in order to inform you of possible incidents, errors, problems, and/or the status of your requests.
For the sending of commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given, by contacting HIDDEN AWAY HOTELS SL, using the means indicated above. In any case, in each commercial communication, you will be given the possibility to unsubscribe from receiving them, either through a link and/or email address.
Newsletter Sending
On the Website, the option to subscribe to the Newsletter of HIDDEN AWAY HOTELS SL is allowed. To do this, it is necessary to provide us with an email address to which it will be sent.
This information will be stored in a database of HIDDEN AWAY HOTELS SL, in which it will be registered until the interested party requests its removal or, where appropriate, it ceases to be sent by HIDDEN AWAY HOTELS SL.
The legal basis for the processing of this personal data is the express consent given by all those interested who subscribe to this service by checking the box provided for this purpose.
The email data will only be processed and stored for the purpose of managing the sending of the Newsletter by users who request it.
For the sending of the Newsletter, the express consent of the user will be requested at the time of registration by checking the box provided for this purpose. In this regard, the user may revoke the consent given, by contacting HIDDEN AWAY HOTELS SL, using the means indicated above. In any case, in each communication, you will be given the possibility to unsubscribe from receiving them, either through a link and/or email address.
If you are any of the following groups, please consult the information below:
+ WEB OR EMAIL CONTACTS
What purposes will we process your personal data for?
- Answer your queries, requests, or petitions.
- Manage the requested service, answer your request, or process your petition.
- Electronic information, related to your request.
- Commercial or event information by electronic means, provided there is express authorization.
What is the legitimacy for the processing of your data?
The acceptance and consent of the interested party: In those cases where to make a request it is necessary to fill out a form and click on the send button, the completion of it will necessarily imply that you have been informed and have expressly given your consent to the content of the attached clause of said form or acceptance of the privacy policy.
All our forms have a verification checkbox with the following formula, in order to send the information: “□ I have read and accept the Privacy Policy.”
+ CUSTOMERS
What purposes will we process your personal data for?
- Preparation of the budget and monitoring thereof through communications between both parties.
- Electronic information, related to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Manage administrative, communication, and logistics services performed by the Controller.
- Perform the corresponding transactions.
- Invoicing and declaration of the corresponding taxes.
- Control and collection management.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS
What purposes will we process your personal data for?
- Electronic information, related to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Manage administrative, communication, and logistics services performed by the Controller.
- Invoicing.
- Perform the corresponding transactions.
- Invoicing and declaration of the corresponding taxes.
- Control and collection management.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or failing that your consent to contact us or offer us your products by any means.
+ SOCIAL MEDIA CONTACTS
What purposes will we process your personal data for?
- Answer your queries, requests, or petitions.
- Manage the requested service, answer your request, or process your petition.
- Relate to you and create a community of followers.
What is the legitimacy for the processing of your data?
Acceptance of a contractual relationship in the environment of the corresponding social network, and in accordance with its Privacy policies:
Facebook http://www.facebook.com/policy.php?ref=pf
Instagram https://help.instagram.com/155833707900388
Twitter http://twitter.com/privacy
Linkedin http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Whatsapp: https://www.whatsapp.com/legal/#privacy-policy
How long will we keep personal data?
We can only consult or unsubscribe your data in a restricted way by having a specific profile. We will treat them for as long as you let us follow you, be friends, or click “like,” “follow,” or similar buttons. Any rectification of your data or restriction of information or publications must be made through the configuration of your profile or user in the social network itself.
+ VIDEO SURVEILLANCE
What purposes will we process your personal data for?
- Video surveillance of our facilities.
- Control of our employees.
- On occasion, they may be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
The unequivocal consent of the interested party when accessing our facilities after viewing the informative sign of the video-monitored area.
+ JOB APPLICANTS
What purposes will we process your personal data for?
- Organization of selection processes for hiring employees.
- Schedule job interviews and evaluate your candidacy.
- If you have given us your consent, we may transfer it to collaborating or related entities, with the sole purpose of helping you find a job.
What is the legitimacy for the processing of your data?
The legal basis is your unequivocal consent, by delivering your CV to us and receiving and signing information regarding the treatments we are going to carry out.
How long will we keep personal data?
The resume will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
+ HR
What purposes will we process your personal data for?
- Management of the employment relationship and the worker’s file.
- Carry out all those administrative, fiscal, and accounting procedures necessary to comply with our contractual obligations, obligations regarding labor, Social Security, occupational risk prevention, fiscal, and accounting regulations.
- Payroll management through a financial institution.
- Time control through the access control system by fingerprint/card (if applicable).
- Management of the entity’s group insurance/pension plan.
- Carry out training actions, both subsidized and non-subsidized training.
What is the legitimacy for the processing of your data?
The legal basis for the processing of your data is the execution of your employment contract. Compliance with the relevant legal obligations. The consent of the interested party.
Do we include personal data of third parties?
No, as a general rule, we only process the data provided by the owners. If you provide us with third-party data, you must inform and request their consent from those individuals beforehand, or otherwise exempt us from any responsibility for failing to comply with this requirement.
And what about data from minors?
We do not process data from minors under 14 years of age, so please refrain from providing them if you are under that age.
Will we make communications via electronic means?
Communications will only be made to manage your request if it is one of the contact methods you have provided to us. If we carry out commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
You can rest assured: We have adopted an optimal level of protection for the personal data we handle, and we have implemented all technical means and measures at our disposal, according to the state of the technology, to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data.
To what extent will decision-making be automated?
HIDDEN AWAY HOTELS SL does not use fully automated decision-making processes to establish, develop, or terminate a contractual relationship with the user. In the event that we use such processes in a particular case, we will keep you informed and communicate your rights in this regard if required by law.
Will profiling take place?
In order to offer you products and/or services according to your interests and improve your user experience, we may create a “commercial profile” based on the information provided. However, automated decisions will not be made based on this profile.
Who will your data be communicated to?
Your data will not be transferred to third parties, except for legal obligations. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial entities for the collection of the provided service or acquired product, as well as to data processors necessary for the execution of the agreement.
In the event of a purchase or payment, if you choose any application, website, platform, bank card, or any other online service, your data will be transferred to that platform or processed in its environment, always with maximum security.
In the event that you have given us your consent for the processing of your name and images and other information related to the activities of HIDDEN AWAY HOTELS SL, they will be disclosed on the different social networks and website of HIDDEN AWAY HOTELS SL.
International transfers
If it is necessary to carry out international data transfers by HIDDEN AWAY HOTELS SL, it will ensure that such transfers are possible in accordance with the General Data Protection Regulation or any other requirement established by applicable regulations. For this purpose, the company will adopt the necessary agreements to ensure a level of data protection equivalent to that provided for in European regulations.
In the event of working in a system of shared folders in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc., an international transfer to the United States will be made under the provisions of Article 49.c) of the General Data Protection Regulation or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
What Rights do you have?
- To know if we are processing your data or not.
- To access your personal data.
- To request the rectification of your data if it is inaccurate.
- To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent given.
- To request the limitation of the processing of your data, in certain cases, in which case we will only keep them in accordance with current regulations.
- To port your data, which will be provided to you in a structured, commonly used, or machine-readable format. If you prefer, we can send them to the new controller you designate. This is only valid in certain cases.
- To file a complaint with the Spanish Data Protection Agency, if you believe that your rights have not been properly addressed.
- To revoke the consent for any processing for which you have consented, at any time. If you modify any data, we appreciate your communication to keep them updated.
Would you like a form to exercise your Rights?
- We have forms for exercising your rights, ask us for them by email or, if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.
- These forms must be signed electronically or accompanied by a photocopy of your ID card.
- If someone represents you, you must attach a copy of their ID card, or they must sign it with their electronic signature.
- The forms can be submitted in person, sent by mail or by email to the address of the Controller at the beginning of this text.
You have the right to file a complaint with the Spanish Data Protection Agency if you believe that your rights have not been properly addressed.
The maximum period for resolution by HIDDEN AWAY HOTELS S.L is one month, from the effective receipt of your request by us.
You have the right to revoke the consent for any processing for which you have consented at any time.
Do we use cookies?
If we use any other type of cookies than those necessary, you can consult the cookie policy in the corresponding link from the beginning of our website.
How long will we keep your personal data?
- Personal data will be kept as long as you remain linked to us.
- Once you unlink, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them according to the statute of limitations for legal actions.
- The processed data will be kept until the expiration of the legal periods mentioned above, if there is a legal obligation to keep them, or if there is no legal deadline, until the data subject requests their deletion or revokes the consent given.
- We will keep all information and communications related to your purchase or the provision of our service, for as long as the product or service warranties last, to attend to any possible claims.
- In each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
File | Document | Storage |
Customers
| Invoices | 10 years |
Forms and Coupons | 15 years | |
Contracts | 5 years | |
Human Resources
| Payrolls, TC1, TC2, etc. | 10 years |
CV | Until the end of the selection process, and 1 more year with your consent | |
Dismissal indemnity documents Contracts Data of temporary workers | 4 years | |
Employee file | Up to 5 years after termination | |
Márketing | Database or website visitors | For the duration of the treatment |
Suppliers
| Invoices | 10 years |
Contracts | 5 years | |
Access control and video surveillance
| Visitor list | 30 days |
Videos | 30 days lockdown 3 years destruction | |
Accounting | Accounting books and documents Partnership agreements and board meetings, company bylaws, minutes, board regulations, and delegated committees Financial statements, audit reports Records and documents related to subsidies | 6 years |
Fiscal
| Tax Ledger of the entity’s administration, rights and obligations related to tax payments Payment administration of dividends and tax withholdings | 10 years |
Information on intra-group pricing | 18 years 8 years for intra-group transactions for pricing agreements | |
Safety and Health | Medical records | 5 years |
Environment
| Information on chemical substances or substantially hazardous substances | 10 years |
Documents related to environmental permits As long as the activity is carried out | 3 years after closing the activity 10 years (crime prescription) | |
Records on recycling or waste disposal | 3 years | |
Grants for cleaning operations must retain documents of rights and obligations, receipts, and payments | 4 years | |
Accident reports | 5 years | |
Insurance | Insurance policies | 6 years (general rule) 2 years (damages) 5 years (personal) 10 years (life) |
Purchases | Record of all delivered goods or services, intra-community acquisitions, imports, and exports for VAT purposes. | 5 years |
Legal
| Intellectual and Industrial Property Documents Contracts and agreements | 5 years |
Permits, licenses, certificates | 6 years from the expiration date of the permit, license, or certificate 10 years (criminal prescription) | |
Confidentiality and non-competition agreements | For the duration of the obligation or confidentiality | |
Personal Data Protection
| Personal data processing, if different from the processing notified to the AEPD | 3 years |
Personal data of employees stored on networks, computers, and communication equipment used by them, access controls, and internal management/administration systems | 5 years | |
Academic | Academic record | Indefinite |