DATA PROTECTION POLICY
This is the data protection policy of the Hotel Restaurant Llevant SL. It refers to the data that is processed in the exercise of their commercial activities in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016).
Who is responsible for the processing of personal data?
The person responsible for the processing of personal data is Hotel Restaurant Llevant SL (from now on Hotel), with CIF B 17386699 and address at Calle Francesc de Blanes, no. 5, from Llafranc (CP 17211), telephone 972 300 366 email address email@example.com, www.hotel-llevant.com. Figure registered in the Girona Mercantile Register volume 1349.
The Hotel Restaurant Llevant SL is an integral part of a group of which the Hostal Terralet is also part, www.terraletllafranc.com.
For what purpose do we process the data?
At the Hotel we treat personal data for the following purposes:
Respond to inquiries from people who contact us through contact forms on our website. We use them solely for that purpose.
Attend by phone to people who contact us in this way. To offer a higher quality of service, conversations can be recorded with prior notice to the person with whom we communicate.
Selection of personnel. Receipt of curricula vitae that people interested in working with us send us and management of personal data that are generated by the participation of personnel selection processes, in order to analyze the adequacy of the profile of candidates based on vacancies or newly created. Our criteria is to keep for a maximum period of one year also the data of people who do not end up being hired, in case a new vacancy or a new job is produced in the short term. However, in the latter case, we immediately delete the data if the person concerned requests it.
Register new customers and additional data that may be generated as a result of the business relationship with customers. In the contracting process, the essential information is requested, including the bank details (current account number or credit card) that will be communicated to the banking entities that manage the collection (they can only be used for this purpose). The relationship for the provision of tourist services involves other treatments, such as incorporating accounting data, billing or information to the tax administration.
Information about our services.
While there is a contractual relationship with its clients, the Hotel uses their contact information to communicate information related to this relationship, information that may circumstantially include references to our services, either of a general nature or more specifically referred to the characteristics and needs of the client. < / p>
Other service information.
With the explicit authorization of the clients, once the contractual relationship has ended, the contact information is kept to send advertising with our services, information of a general or specific nature for the characteristics of the client. This information is sent to whoever, even and not having been a client, has requested it or accepts it by filling out our forms.
Advertising services of companies of our group.
Always with the prior and explicit authorization of the people indicated in the previous section, the contact information is used to deliver publicity, both of a general nature and adapted to the characteristics of the person, information on services of the companies of our group. Likewise, with the explicit consent of the interested person, the contact information may be communicated to these companies so that these companies can directly send advertising of their services.
Management of the data of our suppliers.
We register and process the data of the suppliers from whom we obtain services and goods. It can be the data of people who act as freelancers and also data of representatives of legal persons. We obtain the essential data to maintain the commercial relationship, we use it solely for this purpose and we make our own use of this kind of relationship.
When accessing our facilities, when the case arises, the existence of video surveillance cameras is informed by means of approved signs. The cameras record images only of the points in which it is justified to guarantee the safety of goods and people, and the images are used solely for this purpose.
Users of our website.
Other data collection channels.
We also obtain data through face-to-face relationships and other channels such as receiving emails, through our profiles on social networks and during registration for Wi-Fi services. In all cases, the data is used only for explicit purposes that justify the collection and treatment.
What is the legal legitimacy for the data processing?
The data processing that we carry out has different legal bases, depending on the nature of each treatment.
In compliance with a pre-contractual relationship. Case of the data of possible clients or suppliers with whom we have relationships prior to the formalization of a contractual relationship, such as now the preparation or study of budgets. It is also almost the data processing of people who have sent us their curriculum vitae or who participate in selection processes.
In compliance with a contractual relationship . Case of relationships with our customers and suppliers and all the actions and uses that these relationships entail.
In compliance with legal obligations . Data communications to the tax administration are established by regulations governing commercial relations. There may be the case of having to communicate data to judicial bodies and security bodies or forces in compliance with legal regulations that require collaboration with these public bodies.
Based on consent. When we send information about our services, we treat the contact details of the recipients with their authorization or explicit consent. The browsing data that we can obtain through cookies is obtained with the consent of the person who visits our website, a consent that can be revoked at any time by uninstalling these cookies.
For legitimate interest . The images that we obtain with video surveillance cameras are processed in the legitimate interest of our company to preserve its assets and facilities. Our legitimate interest also justifies the data processing that we obtain from the contact forms.
To whom is this data communicated?
As a general criterion, we only communicate our data to the administration or public authorities and always in compliance with legal obligations. The identification data of the people who stay in our establishments are communicated to the General Directorate of the Police (compliance with Order IRP / 418/2010, of August 5, on the obligation of registration and communication to the General Directorate of the Police of people who stay in lodging establishments).
In the issuance of invoices to customers, the data can be communicated to banks. In justified cases we will communicate the data to the bodies and security forces or to the competent judicial bodies. No data transfers will be made outside the scope of the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and expertise. Sometimes these external companies have to access personal data of our responsibility. It is not properly a data transfer but a treatment order. Only companies that guarantee compliance with data protection regulations are contracted. At the time of hiring, their confidentiality obligations are formalized and their performance is monitored. For being the case of data hosting services, computer support services or legal, accounting or tax advice.
How long do we keep the data?
We comply with the legal obligation to limit the time of conservation of the data as much as possible. For this reason, only the time necessary and justified for the purpose that motivated their obtaining is kept. In certain cases, such as the data contained in accounting documentation and billing, tax regulations oblige to keep them until the responsibilities in this matter are prescribed. In the case of the data that are processed based on the consent of the interested person, they are kept until this person does not revoke this consent of the interested person, they are kept until this person does not revoke this consent. The images obtained by the video surveillance cameras are kept for a maximum of one month, although in the case of incidents that justify it, the necessary time will be kept to facilitate the actions of the bodies and security forces or the judicial bodies.
What rights do people have in relation to the data we process?
As provided by the General Data Protection Regulation, the people from whom we process data have the following rights:
To know if they are treated. Anyone has, first of all, the right to know if we process their data, regardless of whether there has been a previous relationship.
To be informed at the collection. When the personal data are obtained from the interested party, at the time of providing them you must have all the clear information about the purposes for which they will be used, who will be responsible for the treatment and the other aspects derived from this treatment.
To access them. Very broad right that includes knowing precisely what personal data are being processed, for what purpose they are processed, the communications to be made to other people (if applicable) or the right to obtain a copy or to know the expected conservation period.
To request rectification. It is the right to rectify inaccurate data that are subject to treatment by us.
To request the deletion. In certain circumstances there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and their treatment was justified.
Request the limitation of the treatment. Also in certain circumstances, the right to request the limitation of data processing is recognized. In this case, they will no longer be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulation.
To portability. In the cases provided for in the regulations, the right to obtain one's personal data in a structured, machine-readable format of common use is recognized, and transmit them to another data controller if the interested party so wishes.
To object to the treatment. A person can allege reasons related to her particular situation, reasons that will lead to the fact that her data stops being processed to the degree or extent that it may lead to damage, except for legitimate reasons or the exercise or defense against claims.
Not to receive commercial information. We will immediately respond to requests not to continue receiving commercial information from the people who previously authorized it.
How can you exercise or defend your rights?
The rights that we have just listed can be exercised by directing a written request to the Hotel Restaurant Llevant SL, to the postal address Calle Francesc de Blanes 5, or by sending an email to firstname.lastname@example.org, indicating in all the cases 'Protection of personal data'.
If a satisfactory response to the rights has not been obtained, it is possible to file a claim with the Spanish Agency for Data Protection, through the forms or other channels accessible from the page www.agpd.es.