Privacy Policy
PRIVACY POLICY – EXPANDED INFORMATIONLAST MODIFICATION: 05/25/2018
The Privacy Policy is part of the General Conditions that govern the Websitewww.gavimar-hotels.com together with the Cookies Policy and the Legal Notice.
GAVIMAR HOTELS reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that the user has registered on the website and accesses their account or profile, when accessing it, they will be informed in the event that there have been substantial changes in relation to the processing of their personal data.
Who is responsible for the processing of your data?
The data that is collected or provided to us voluntarily through the Website, either by browsing it, as well as all those that you can provide us in the contact forms, via email or by phone, will be collected and processed by the Data Controller, whose details are indicated below:
HOTELS GAVIMAR SA CIF: A07214026
Mercantile Registry of Palma de Mallorca, Volume 641, Book 557, Page 87
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d'Or (Balearic Islands)
As well as the following companies (as Responsible or Processor):
HOTELERA LLAHO SL, CIF: B07063134
ARIEL CHICO CLUB RESORT
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d'Or (Balearic Islands)
FERREO SA, CIF: A07258668
LA MIRADA CLUB RESORT
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d'Or (Balearic Islands)
CALA GRAN SL APARTMENTS, CIF: B57117673
CALA GRAN COSTA DEL SUR HOTEL & RESORT/ CALA GRAN APARTMENTS
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d'Or (Balearic Islands)
Who is your contact at GAVIMAR HOTELS for the protection of your personal data?
Phone: (+34) 971657189
Email: gavimar2@gavimar.com
Data Protection Officer: Jerónimo Bonafé García
If, for any reason, you want to contact us in any matter related to the processing of your personal data or privacy (with our Data Protection Officer), you can do so through any of the means indicated above.
What data do we collect through the website?
By the simple fact of browsing the Website, GAVIMAR HOTELS will collect information regarding:
- IP adress.
- Browser version.
- OS.
- Duration of the visit or navigation through the Website.
Such information is stored through Google Analytics, so we refer to Google's Privacy Policy, since it collects and treats such information. www.google.com/intl/en/policies/privacy
In the same way, on the Web Page the Google Maps utility is provided, which may have access to your location, in the event that you allow it, in order to provide you with greater specificity about the distance and/or our paths. headquarters. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and treatment of such data www.google.com/intl/en/policies/privacy
The information that we handle will not be related to a specific user and will be stored in our databases, with the purpose of carrying out statistical analysis, improvements to the Website, about our products and/or services and will help us to improve our strategy. commercial. The data will not be communicated to third parties.
User registration on the website / Submission of forms
To access certain products and/or services, the user must fill out a form. For this, in the registration form, a series of personal data is requested. The data is necessary and mandatory to carry out such registration. In the case of not providing such fields, the registration will not be carried out.
In this case, the browsing data will be associated with the user's registration data, identifying the same specific user who is browsing the Website. In this way, it will be possible to personalize the offer of products and/or services that, in our opinion, best suits the user.
The registration data of each user will be incorporated into the GAVIMAR HOTELS databases, together with the history of operations carried out by the same, and will be stored there until the registered user's account is deleted. Once such account is deleted, said information will be separated from our databases, keeping those data related to the transactions carried out for 10 years, without accessing or altering them, in order to comply with the legally valid deadlines. The data that is not linked to the transactions carried out will be kept unless you withdraw the consent, in which case they will be deleted immediately (always taking into account the legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties. In relation to the sending of communications and promotions electronically and the response to requests for information, the legitimacy of the treatment is the consent of the user.
The purposes of the treatment will be the following:
a) Manage registration in the user registration area and their access to the Website.
b) Manage the purchase of products and/or services made available to you through the Website.
c) Keep you informed of the processing and status of your requests, purchases and/or reservations.
d) Respond to your request for information.
e) Manage all the utilities and/or services offered by the platform to the user
Thus, we inform you that you will be able to receive communications via email and/or on your phone, in order to inform you of possible incidents, errors, problems and/or status of your requests.
For the sending of commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given, by contacting GAVIMAR HOTELS, using the means indicated above. In any case, in each commercial communication, you will be given the possibility of unsubscribing from receiving them, either through a link and/or email address.
Newsletter sending
In the event that the Website allows the option to subscribe to the Newsletter, it will be necessary for you to provide us with an email address to which it will be sent.
Said information will be stored in a GAVIMAR HOTELS database, in which it will remain registered until the interested party requests its removal or, where appropriate, GAVIMAR HOTELS ceases to send it.
The legal basis for the processing of this personal data is the express consent given by all those interested who subscribe to this service by checking the box for that purpose.
The email data will only be processed and stored for the purpose of managing the sending of the Newsletter by the users who request it.
In order to send the Newsletter, the express consent of the user will be requested when registering in it by checking the box for this purpose. In this regard, the user may revoke the consent given, by contacting GAVIMAR HOTELS, using the means indicated above. In any case, in each communication, you will be given the possibility of unsubscribing from receiving them, either through a link and/or email address.
If you are one of the following groups, consult the dropdown information:
+ WEB OR EMAIL CONTACTS
For what purposes will we process your personal data?
• Answer your questions, requests or requests.
• Manage the requested service, answer your request, or process your request.
• Information by electronic means, regarding your request.
• Commercial information or events by electronic means, provided there is express authorization.
What is the legitimacy for the processing of your data?
The acceptance and consent of the interested party: In those cases where in order to make a request it is necessary to fill out a form and click on the send button, doing so will necessarily imply that you have been informed and have expressly granted your consent to the content. of the clause attached to said form or acceptance of the privacy policy.
All our forms have a verification box or checkbox with the following formula, in order to send the information: “□ I have read and accept the Privacy Policy.
+ CUSTOMERS
For what purposes will we process your personal data?
• Elaboration of the budget and follow-up of the same through communications between both parties.
• Information by electronic means, regarding your request.
• Commercial information or events by electronic means, provided there is express authorization.
• Manage the administrative, communications and logistics services carried out by the Responsible.
• Carry out the corresponding transactions.
• Billing and declaration of timely taxes.
• Management of control and recovery.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS
For what purposes will we process your personal data?
• Information by electronic means, regarding your request.
• Commercial information or events by electronic means, provided there is express authorization.
• Manage the administrative, communications and logistics services carried out by the Responsible.
• Billing.
• Carry out the corresponding transactions.
• Billing and declaration of timely taxes.
• Management of control and recovery.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products in any way.
+ GAVIMAR CLUB MEMBERS
For what purposes will we process your personal data?
• Offer the holder and his family significant benefits and exclusive discounts.
What is the legitimacy for the processing of your data?
• The legal basis is contractual and the consent of the interested party.
+ CONTACTS SOCIAL NETWORKS
For what purposes will we process your personal data?
• Answer your questions, requests or requests.
• Manage the requested service, answer your request, or process your request.
• Connect with you and create a community of followers.
What is the legitimacy for the processing of your data?
The acceptance of a contractual relationship in the environment of the corresponding social network, and in accordance with its Privacy policies:
Whatsapp: https://www.whatsapp.com/legal/#privacy
Facebook: https://www.facebook.com/policy.php?ref=pf
Twitter: https://twitter.com/privacy
YouTube: https://www.youtube.com/yt/policyandsafety/es/policy.html
How long will we keep personal data?
We can only consult or cancel your data in a restricted way by having a specific profile. We will treat them for as long as you let us by following us, being friends or clicking "like", "follow" or similar buttons.
Any rectification of your data or restriction of information or publications must be done through the configuration of your profile or user in the social network itself.
+ VIDEO SURVEILLANCE
For what purposes will we process your personal data?
• Video surveillance of our facilities.
• Control of our employees.
• Sometimes they can be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
• The unequivocal consent of the interested party when accessing our facilities after viewing the informative poster of the video-surveilled area.
+ JOB SEEKERS
For what purposes will we process your personal data?
• Organization of selection processes for hiring employees.
• Call you for job interviews and evaluate your candidacy.
• If you have given us your consent, we may transfer it to collaborating or related entities, with the sole objective of helping you find employment.
What is the legitimacy for the processing of your data?
• The legal basis is your unequivocal consent, by giving us your CV and receiving and signing information regarding the treatments that we are going to carry out.
How long will we keep personal data?
• The curriculum will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
+ HR
For what purposes will we process your personal data?
• Management of the employment relationship and the worker's file.
• Carry out all those administrative, tax and accounting procedures necessary to comply with our contractual commitments, obligations in terms of labor regulations, Social Security, occupational risk prevention, tax and accounting.
• Management of payroll through a financial institution.
• Time control through the access control system by fingerprint/card (if applicable).
• Management of group insurance / pension plan of the entity.
• Carry out training actions, both subsidized and non-subsidized training.
What is the legitimacy for the processing of your data?
• The legal basis for the processing of your data is the execution of your employment contract. Compliance with relevant legal obligations. The consent of the interested party.
Do we include personal data of third parties?
• No, as a general rule we only process the data provided by the owners. If you provide us with data from third parties, you must previously inform and request their consent from said persons, or otherwise you exempt us from any responsibility for non-compliance with this requirement.
And data of minors?
• On the web we do not process the data of children under 14 years of age. Therefore, refrain from providing them if you are not that age.
Will we make communications by electronic means?
• They will only be carried out to manage your request, if it is one of the means of contact that you have provided us.
• If we make commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
• You can rest assured: We have adopted an optimal level of protection for the personal data that we handle, and we have installed all the means and technical measures at our disposal, according to the state of technology, to avoid loss, misuse, alteration, access unauthorized and theft of personal data.
To what extent will decision making be automated?
GAVIMAR HOTELS does not use fully automated decision-making processes to establish, develop or terminate a contractual relationship with the user. In the event that we use those processes in a particular case, we will keep you informed and inform you of your rights in this regard if so prescribed by law.
Will profiling take place?
In order to be able to offer you products and/or services according to your interests and improve your user experience, we may prepare a "commercial profile" based on the information provided. However, no automated decisions will be made based on said profile.
To which recipients will your data be communicated?
To the Companies that make up the GAVIMAR HOTELS group.
Your data will not be transferred to third parties, except legal obligation. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial entities for the collection of the service provided or product purchased, as well as to those in charge of the treatment necessary for the execution of the agreement.
In the case of purchase or payment, if you choose an application, website, platform, bank card, or any other online service, your data will be transferred to that platform or will be processed in its environment, always with maximum security.
In the event that you have given us your consent for the processing of your name and images and other information, related to the activity of GAVIMAR HOTELS, they will be disclosed on the different social networks and GAVIMAR HOTELS website.
International transfers
If it is necessary for GAVIMAR HOTELS to carry out international data transfers, it will ensure that such transfers are possible in accordance with the General Data Protection Regulation or any other requirement established by applicable regulations. For this purpose, the company will adopt the agreements that are necessary to guarantee a level of data protection equivalent to that provided for in European regulations.
In case of working in a system of shared folders in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc... an international transfer will be made to the United States under the authorization of article 49.c) of the General Regulation of Data Protection or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
What rights do you have?
• To know if we are treating your data or not.
• To access your personal data.
• To request the rectification of your data if they are inaccurate.
• To request the deletion of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent granted.
• To request the limitation of the treatment of your data, in some cases, in which case we will only keep them in accordance with current regulations.
• To carry your data, which will be provided to you in a structured format, commonly used or mechanically readable. If you prefer, we can send them to the new person in charge that you designate. It is only valid in certain cases.
• To file a claim with the Spanish Agency for Data Protection, if you believe that we have not attended you correctly.
• To revoke consent for any treatment for which you have consented, at any time.
If you modify any data, we appreciate you letting us know so we can keep it updated.
Do you want a form for the exercise of Rights?
• We have forms for exercising your rights, ask us by email or if you prefer, you can use those prepared by the Spanish Agency for Data Protection or third parties.
• These forms must be signed electronically or be accompanied by a photocopy of the DNI.
• If someone represents you, you must attach a copy of your ID, or sign it with your electronic signature.
• The forms can be presented in person, sent by letter or by mail to the address of the person in charge at the beginning of this text.
You have the right to file a claim with the Spanish Agency for Data Protection, in the event that you consider that the request for your rights has not been adequately addressed.
The maximum period for GAVIMAR HOTELS to resolve is one month, counting from the effective receipt of your request by us.
You have the right to revoke consent at any time for any of the treatments for which you have granted it.
Do we treat cookies?
If we use other types of cookies that are not necessary, you can consult the cookie policy in the corresponding link from the beginning of our website.
For how long will we keep your personal data?
• Personal data will be kept as long as you remain connected with us.
• Once you disassociate yourself, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them, taking into account the limitation period for legal actions.
• The data processed will be kept as long as the aforementioned legal terms do not expire, if there is a legal maintenance obligation, or if that legal term does not exist, until the interested party requests its deletion or revokes the consent granted.
• We will keep all the information and communications related to your purchase or the provision of our service, while the guarantees of the products or services last, to deal with possible claims.
• In each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
File | Document | Conservation |
Customers | Bills | 10 years |
forms and coupons | 15 years | |
contracts | 5 years | |
Human Resources | Payroll, TC1, TC2, etc. | 10 years |
resumes | Until the end of the selection process, and 1 more year with your consent | |
Severance pay docs. contracts. Temporary worker data. | 4 years | |
Worker file. | Up to 5 years after discharge. | |
Marketing | Databases or web visitors. | As long as the treatment lasts. |
Suppliers | Bills | 10 years |
contracts | 5 years | |
Access control and video surveillance | visitor list | 30 days |
Videos | 30 days blockade 3 years destruction | |
Accounting | Accounting books and documents. Partner agreements and boards of directors, company bylaws, minutes, board of directors regulations and delegated commissions. Financial statements, audit reports Records and documents related to grants | 6 years |
Fiscal | Carrying out the administration of the entity, rights and obligations related to the payment of taxes. Administration of dividend payments and tax withholdings. | 10 years |
Information on intragroup price establishments | 18 years 8 years for intragroup transactions for price agreements | |
Security and health | Medical records | 5 years |
Environment | Information on chemical or substantially hazardous substances | 10 years |
Documents related to environmental permits While the activity is carried out. | 3 years after the closing of the activity 10 years (crime prescription) | |
Records about recycling or waste disposal | 3 years | |
Grants for cleanup operations must keep the documents of rights and obligations, receipts and payments | 4 years | |
accident reports | 5 years | |
insurance | insurance policies | 6 years (general rule) 2 years (damage) 5 years (personal) 10 years (life) |
Shopping | Record all deliveries of goods or provision of services, intra-community acquisitions, imports and exports for VAT purposes. | 5 years |
Legal | Documents Intellectual and Industrial Property. Contracts and agreements. | 5 years |
Permits, licenses, certificates | 6 years from the expiration date of the permit, license or certificate. 10 years (penal prescription) | |
Confidentiality and non-compete agreements | Always the duration of the obligation or confidentiality | |
Personal data protection | Treatment of personal data, if it is different from the treatment notified to the AEPD | 3 years |
Personal data of employees stored in the networks, computers and communications equipment used by them, access controls and internal management/administration systems | 5 years | |
academics | Academic record | Undefined |
guests | Registration of entry of travelers / guests (check-in) | 3 years |