DETAILED INFORMATION MODEL
Privacy and Data Protection Policy
ALBERGUES Y HOTELES DEL MEDITERRANEO, S.L. (hereinafter the Entity) is committed to due diligence and compliance with the Data Protection regulations. As an axis of this duty and commitment, the Data Protection Channel (DATAPROTECT line) has been incorporated, which includes the fundamental elements of Data Protection, all managed, supervised and accredited by BONET consulting, a specialized firm and leader in Regulatory Compliance and Data Protection.
The detailed information on the confidentiality policy and Protection of Personal Data in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 is set out below. , regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation or GDPR) and article 11 of Organic Law 3/2018, on the Protection of Personal Data and Digital Rights Guarantee (LOPD GDD).
Data of the Data Controller and contact person of the Data Protection Officer / Delegate (RPD / DPD):
Identity: ALBERGUES Y HOTELES DEL MEDITERRANEO, S.L.
Address: / C. Q: (Hotel Brisamar Suites) Avda. Generalitat, 2 43880 Coma-Ruga
RPD / DPD contact details:
Data Protection Channel: www.corporate-ethicline.com/hotel-brisamar-suites
Purposes of the treatment
The Entity will treat the information provided by interested persons for the following purposes:
- Manage your attention, visit and meeting in our facilities, as well as the management and performance of the contracted services / products.
- Manage any type of request, suggestion or request about our professional services made by interested persons.
- Informative and commercial communications: treatment of your data in order to inform you about activities, articles of interest and general information related to our activity and the services / products contracted.
- Manage data provided by candidates for a job through the Curriculum Vitae (CV) for the purpose of selection and recruitment process.
For the good purpose and development of its attention and management of the above purposes, the holder consents to the processing of their data for the previous purposes, all under the strictest compliance with the Data Protection regulations and the policy that we are detailing . At any time you can exercise your rights (see specific section).
Data retention criteria
Management of services / products contracted with the Entity: the personal data provided in the contracts, offers and / or proposal of services, as well as those of other people whose intervention is necessary, will be kept for as long as the services are in force hired At the end of the provision of the contracted service (s), the personal data will be kept in cases where responsibilities could be derived with the Entity and / or in compliance with other regulatory frameworks that apply to the Entity or a rule with the rank of law that requires the conservation of these. The personal data will be maintained in a way that allows the identification and exercise of the Rights of those affected and, under the legal and organizational technical measures that are necessary to guarantee their confidentiality and integrity.
Curriculum Vitae Management: the Entity, as a rule, retains its Curriculum Vitae for a maximum period of one year; Once said period has elapsed, it will be automatically destroyed, in compliance with the principle of data quality.
Others: the rest of the data and information provided by the user for any measure, will be kept for as long as necessary to fulfill the purpose for which they were collected.
The legal basis that enables the Entity to process the personal data of users, customers, potential clients under the following titles:
- The consent of interested persons for the processing and management of any request for information or consultation about our services and products.
- The Consent given by the Candidates for a job for the purpose of selection and recruitment.
- The framework for the provision and / or contracting of services / products with the Entity.
- The legitimate interest to send you informative, commercial communications and / or promotional offers related to the activity of the Entity and the services / products contracted through email or any other means.
No personal data is transferred to third parties, unless otherwise provided by law.
Personal data is obtained directly from interested persons and our collaborators. The categories of personal data provided by our collaborators are the following:
- Identification data.
- Postal or electronic addresses.
- Data provided and / or consented by the interested parties related and necessary for the management and performance of the requested service / product.
Right of Access, Rectification and Deletion: interested persons have the right to obtain confirmation about whether or not we are treating personal data in the Entity. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes that were collected.
Right to Limitation and Opposition: in certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and, for reasons related to their particular situation, the interested parties may object to the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.
These rights may be exercised in our Data Protection Channel, see specific section.
Data Protection Channel / DATAPROTECT – line
The Entity has implemented a Data Protection Channel, contemplating the highest commitment, rigor and professionalism in terms of security, experience, independence and knowledge in the treatment of communications received.
The Data Protection Channel has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our previous commitments.
Through the Data Protection Channel, you can communicate and process the exercise of your Rights (see previous section) and communicate any evidence or knowledge that you had of possible security breaches (breaches) and / or possible breaches or irregularities about the regulations of Data Protection or the present policy of the Entity.
The access data to the Data Protection Channel are detailed at the beginning of this policy.
Attention and support
Interested persons may communicate to the Entity any questions about the processing of their personal data or interpretation of our policy, by contacting the Data Protection Officer (RPD / DPD) at the address, indicated at the beginning of the This policy.