PRIVACY POLICY

This is the data protection policy of the hotels Porto Cristo, Mar d’Amunt, Àgora, Cap de Creus and Apartments.

This information refers to any data processed in the course of its tourist services in compliance with the General Data Protection Regulation (Regulation (EU) No 2016/679 of the European Parliament and of the Council dated 27 April 2016) and Organic Law 3/2018, dated 5 December, on the Protection of Personal Data and guarantee of digital rights.

Who is responsible for the processing of your personal data?

The responsible for the processing of personal data is in each case the company with whom the customer or the supplier is related. Each company responds to its customers and suppliers for compliance with data protection regulations and guarantees their rights. INVERTUR SL (Hotel Porto Cristo, Hotel Àgora, Hotel Mar d’Amunt i Apartaments turístics), APARTAMENTS CAP DE CREUS SL (Hotel Cap de Creus).

What is the purpose of our processing of the data?

We process personal data for the following purposes.

Contact.
To deal with any queries from people who contact us through the contact forms on our website. We use them solely for this purpose.

Telephone assistance.
To attend by phone people who contact us by this way. In order to offer more quality in the service, conversations may be recorded by warning the person with whom we are communicating beforehand.

Customer service.
Registering new customers and additional data that may be generated as a result of the business relationship with customers. Essential data are requested during the contracting process, including bank details (current account or credit card number), which will be sent to the banking institution managing the charge (they can only use them for this purpose). The relationship involving the provision of tourist services entails other processing, such as incorporating the data to accounting, invoicing or information to the tax authorities.

Information about our services.
Once the contractual relationship ends, the contact details are stored to send out adverts related to our services or products, general or specific information, based on each customer’s characteristics, subject to the explicit authorisation of the customer. This information is sent to whoever requests it from us or who agrees to the same by filing in our forms, even if not a customer.

Advertising of services of companies from our group.
The contact details are used to send out general advertising as well as advertising that is adapted to the characteristics of each person, of the services of our group companies, always subject to the explicit prior authorisation of the people mentioned above. Contact details can also be sent to these companies to allow them to directly send advertising about their services subject to the explicit consent of the interested party.

Management of data from our suppliers.
We register and process data of the suppliers from whom we obtain services or goods. These can be data of people acting as freelancers as well as details of representatives of legal entities. We obtain the essential data to maintain the business relationship, which is intended solely for this purpose and use it only for this kind of relationship.

Video surveillance.
The approved signs warn about the existence of video surveillance when entering to our facilities, where applicable. The cameras record images only of the points where it is justified to ensure the safety of both goods and people and the images are used only for this purpose.

Users of our website.
The browsing system and software that enables the operation of our website collect data that are ordinarily generated during the use of the Internet protocols. Included in this data category is the IP address or domain name of the computer used by the person connecting to the website. This information is not associated with specific users and is used for the sole purpose of obtaining statistical information on the use of the website. Our website does not use cookies to enable the identification of specific individuals, users of the site. The use of cookies is reserved to collect technical information to facilitate accessibility and efficient use of the site.

Other data collection channels.
We also obtain data through face-to-face relationships and other channels such as the receipt of e-mails or through our profiles on social networks. In all cases, the data is intended only for the purposes stated that justify the collection and processing of the same.

What is the legal basis for the processing of the data?
The data processing that we carry out has different legal bases, depending on the nature of each processing.
In compliance with a pre-contractual relationship. Data involving potential customers or suppliers with whom we have a relationship prior to the formalisation of a contractual relationship, such as the preparation or the study of estimates. Also, cases involving the processing of data from people who have provided us with their CV or who participate in selection processes.
In compliance with a contractual relationship. Cases involving relationships with our subscribers, customers and suppliers and all actions and uses involved in these relationships.
In compliance with legal obligations. Communications of data to the tax authorities are established by business relation regulatory standards. Data may have to be reported to judicial bodies or security forces, also in compliance with legal standards that oblige to cooperate with these public bodies.
Based on consent. Whenever we send information about our products or services, we process the contact details of the recipients with their explicit permission or consent. The browsing data that we may obtain via cookies is obtained with the consent of the person visiting our website, which can be revoked at any time by uninstalling these cookies. With prior consent, we may also communicate your data to other group companies.
For a legitimate interest. The images we obtain through video surveillance cameras are processed for the legitimate interest of our company to preserve their property and facilities. Our legitimate interest also justifies the processing of data obtained from contact forms.

To whom is the data reported?

As a general rule, the data is only sent to the public administrations or authorities and always in compliance with legal obligations. The identification details of people staying in our establishments are sent to the Directorate General of Police (in compliance with Order IRP/418/2010, dated 5 August, on the obligation to register and report people staying in the lodging establishments to the General Directorate of Police).
The data may be communicated to financial institutions when issuing invoices to customers. If consent has been given, the data may be sent to other companies from our group for the purposes indicated above. No data is transferred outside the scope of the European Union (international transfer).
On the other hand, for certain tasks we obtain services of companies or people providing us their experience and specialisation. In some cases, these external companies must access personal data that we are responsible for. This is not a transfer of data per se, but rather processing. Only services of companies that ensure compliance with data protection legislation can be contracted. Their confidentiality obligation is to be formalised at the time of contracting the same and their actions monitored. This may involve the case of data hosting services, computer support services or legal, accounting or tax consulting.

How long do we retain the data?
We comply with legal obligation to limit the period that data is retained as much as possible. For this reason, they are kept only as long as it is necessary and justified for the purpose for which they have been obtained. In certain cases, such as data contained in the accounting and invoicing documentation, tax regulations require to be kept until such time as responsibilities in this area are exhausted.  Any data that are processed on the basis of the consent of the interested person is kept until the interested person revokes this consent. The images obtained by cameras are stored for up to one month, but may be retained for the time necessary in order to facilitate the proceedings of the security forces or the judicial bodies in the event of any incident that justifies the same.

What rights do people have in relation to the data that we process?

As provided by General Data Protection Regulation, people whose data we process have the following rights:

To know if they are being processed. First and foremost, everyone has the right to find out if we are processing their data, regardless of whether there has been a previous relationship or not.

To be informed during collection. Whenever personal data are obtained from the people concerned, they must be provided with clear information about the purposes for which data will be used, who will be responsible for the processing and any other aspects arising from this processing at the time of providing the data.

To access them. A very broad right that includes knowing precisely what personal data are being processed, what the purpose for which they are being processed is, notifications that will be send to others (if applicable) or the right to obtain a copy or to know the planned duration of retention of the same.

To request their rectification. You have the right have any inaccurate data that we are processing to be rectified.

To request their deletion. In certain circumstances, there may be a right to have data deleted, including when they are no longer necessary for the purposes for which the data were collected and the processing justified, among others.

To request restricted processing. In certain circumstances, the right to request restricting processing of data is also recognised. In this case, they will no longer be processed and shall be retained only to exercise or defend claims, in accordance with General Data Protection Regulation.

Portability. The cases referred to in legislation recognise the right to obtain personal data in a machine-readable common use structured format and transfer them to another controller if so requested by the interested person.

To object to the processing. Anyone can argue the reason related to their particular situation, which would result in the termination of processing of their data to the degree or extent that could harm them, except for any legitimate reasons or the exercise or defence against claims.

Not to receive any commercial information. We will immediately deal with any requests not to continue sending commercial information to anyone who had previously requested us to do so.

How can I exercise or defend my rights?

The rights that we have detailed above can be exercised by sending a written request to INVERTUR SL (Hotel Porto Cristo, Hotel Àgora, Hotel Mar d’Amunt, Apartaments), Data Protection, carrer major 59, 17489 El Port de la Selva, or also sending an email to  direccio@hotelportocristo.com; or a APARTAMENTS CAP DE CREUS SL (Hotel Cap de Creus), Data Protection, carrer illa 10, 17489 El Port de la Selva, or also sending an email  to direccio@hotelcapdecreus.com.

If a satisfactory response has not been obtained in the exercise of the rights, a complaint can be filed with the Spanish Data Protection Agency, by filling out the forms, or other accessible channels on its website. www.agpd.es.