Privacy Policy
PRIVACY POLICY – FURTHER INFORMATIONLAST MODIFICATION: 05/25/2018
The Privacy Policy is part of the General Conditions that govern the Websitewww.gavimar-hotels.com together with the Cookies Policy and the Legal Notice.
GAVIMAR HOTELS reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that the user has registered on the Website and accesses his or her account or profile, upon accessing the Website, he or she will be informed if there have been any substantial changes in relation to the processing of his or her personal data.
Who is responsible for the processing of your data?
The data that is collected or that you voluntarily provide to us through the Website, either by browsing it, as well as all those that you may provide to us in the contact forms, via email or by telephone, will be collected and processed by the Data Controller, whose details are indicated below:
CALA GRAN SL APARTMENTS, CIF: B57117673
CALA GRAN COSTA DEL SUR HOTEL & RESORT/ CALA GRAN APARTMENTS
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Balearic Islands)
FERREO SA, CIF: A07258668
THE MIRADA CLUB RESORT
Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Balearic Islands)
Who is your contact at GAVIMAR HOTELS for the protection of your personal data?
Phone: (+34) 971657189
Mail: reserva@gavimar-hotels.com
Data Protection Officer: Jeronimo Bonafé García
If, for any reason, you wish to contact us regarding any matter relating to the processing of your personal data or privacy (with our Data Protection Officer), you may do so through any of the means indicated above.
What data do we collect through the website?
By simply browsing the Website, GAVIMAR HOTELS will collect information regarding:
- IP address.
- Browser version.
- Operating system.
- Duration of the visit or navigation on the Website.
Such information is stored by Google Analytics, so we refer to Google's Privacy Policy, since it collects and processes such information. www.google.com/intl/en/policies/privacy
Likewise, the Website provides the Google Maps utility, which may have access to your location, if you allow it, in order to provide you with greater specificity regarding the distance and/or routes to our offices. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and treatment of such data www.google.com/intl/en/policies/privacy
The information we manage will not be related to a specific user and will be stored in our databases for the purpose of carrying out statistical analyses, improvements to the Website, our products and/or services and will help us improve our commercial strategy. The data will not be communicated to third parties.
User registration on the website/ Submission of forms
In order to access certain products and/or services, the user must complete a form. To do so, the registration form requests a series of personal data. The data is necessary and obligatory to carry out such registration. If these fields are not provided, the registration will not be carried out.
In this case, the browsing data will be associated with the user's registration data, identifying the same specific user who browses the Website. In this way, we can personalize the offer of products and/or services that, in our opinion, best suits the user.
The registration data of each user will be incorporated into the GAVIMAR HOTELS databases, together with the history of transactions carried out by the user, and will be stored therein as long as the registered user's account is not deleted. Once such account has been deleted, said information will be removed from our databases, keeping the data relating to the transactions carried out separated for 10 years, without accessing or altering them, in order to comply with the legally applicable deadlines. The data that is not linked to the transactions carried out will be kept unless you withdraw your consent, in which case it will be deleted immediately (always taking into account the legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties. In relation to the sending of communications and promotions by electronic means and the response to requests for information, the legitimacy of the processing is the user's consent.
The purposes of the treatment will be the following:
a) Manage registration in the user registration area and access to the Website.
b) Manage the purchase of the products and/or services made available to you through the Website.
c) Keep you informed of the processing and status of your requests, purchases and/or reservations.
d) Respond to your request for information.
e) Manage all the utilities and/or services that the platform offers to the user
Therefore, we inform you that you may receive communications via email and/or on your phone, in order to inform you of possible incidents, errors, problems and/or the status of your requests.
For the sending of commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given by contacting GAVIMAR HOTELS, using the means indicated above. In any case, in each commercial communication, the user will be given the possibility of unsubscribing from receiving them, either by means of a link and/or email address.
Newsletter Sending
If the Website allows the option to subscribe to the Newsletter, you will need to provide us with an email address to which the newsletter will be sent.
Such information will be stored in a GAVIMAR HOTELS database, where it will remain registered until the interested party requests its removal or, where appropriate, GAVIMAR HOTELS ceases to send it.
The legal basis for the processing of this personal data is the express consent given by all interested parties who subscribe to this service by checking the box provided for this purpose.
Email data will only be processed and stored for the purpose of managing the sending of the Newsletter by users who request it.
In order to send the Newsletter, the express consent of the user will be requested at the time of registering for it by checking the box provided for this purpose. In this regard, the user may revoke the consent given by contacting GAVIMAR HOTELS, using the means indicated above. In any case, in each communication, you will be given the possibility of unsubscribing from receiving them, either by means of a link and/or email address.
If you are one of the following groups, please see the drop-down information:
+ WEB OR EMAIL CONTACTS
For what purposes will we process your personal data?
• Respond to your queries, requests or petitions.
• Manage the requested service, respond to your request, or process your petition.
• Information by electronic means, relating to your request.
• Commercial or event information by electronic means, provided that there is express authorization.
What is the legitimacy for the processing of your data?
Acceptance and consent of the interested party: In those cases where, in order to make a request, it is necessary to fill out a form and click on the send button, doing so will necessarily imply that you have been informed and have expressly given your consent to the content of the clause attached to said form or acceptance of the privacy policy.
All our forms have a checkbox with the following formula, to be able to send the information: “□ I have read and accept the Privacy Policy.
+ CUSTOMERS
For what purposes will we process your personal data?
• Preparation of the budget and monitoring thereof through communications between both parties.
• Information by electronic means, relating to your request.
• Commercial or event information by electronic means, provided that there is express authorization.
• Manage the administrative, communications and logistics services performed by the Controller.
• Carry out the corresponding transactions.
• Billing and declaration of appropriate taxes.
• Control and recovery management.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS
For what purposes will we process your personal data?
• Information by electronic means, relating to your request.
• Commercial or event information by electronic means, provided that there is express authorization.
• Manage the administrative, communications and logistics services performed by the Controller.
• Billing.
• Carry out the corresponding transactions.
• Billing and declaration of appropriate taxes.
• Control and recovery management.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products in any way.
+ GAVIMAR CLUB MEMBERS
For what purposes will we process your personal data?
• Offer the holder and his family important advantages and exclusive discounts.
What is the legitimacy for the processing of your data?
• The legal basis is contractual and the consent of the interested party.
+ SOCIAL NETWORK CONTACTS
For what purposes will we process your personal data?
• Respond to your queries, requests or petitions.
• Manage the requested service, respond to your request, or process your petition.
• Engage with you and create a community of followers.
What is the legitimacy for the processing of your data?
Acceptance of a contractual relationship in the corresponding social network environment, and in accordance with its Privacy policies:
Whatsapp: https://www.whatsapp.com/legal/#privacy
Facebook: https://www.facebook.com/policy.php?ref=pf
Twitter: https://twitter.com/privacy
YouTube: https://www.youtube.com/yt/policyandsafety/es/policy.html
How long will we keep personal data?
We can only consult or delete your data in a restricted manner by having a specific profile. We will process your data for as long as you allow us to do so by following us, being friends or clicking on “like”, “follow” or similar buttons.
Any correction of your data or restriction of information or publications must be made through the settings of your profile or user on the social network itself.
+ VIDEO SURVEILLANCE
For what purposes will we process your personal data?
• Video surveillance of our facilities.
• Control of our employees.
• They can sometimes be transferred to courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
• The unequivocal consent of the interested party when accessing our facilities after viewing the information poster of the video-surveilled area.
+ JOB SEEKERS
For what purposes will we process your personal data?
• Organization of selection processes for hiring employees.
• Call you for job interviews and evaluate your candidacy.
• If you have given us your consent, we may transfer it to collaborating or similar entities, with the sole purpose of helping you find employment.
What is the legitimacy for the processing of your data?
• The legal basis is your unequivocal consent, when you give us your CV and receive and sign information regarding the treatments we are going to carry out.
How long will we keep personal data?
• The CV will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
+ HR
For what purposes will we process your personal data?
• Management of the employment relationship and the employee's file.
• Carry out all administrative, fiscal and accounting procedures necessary to comply with our contractual commitments, obligations in terms of labor regulations, Social Security, prevention of occupational risks, fiscal and accounting matters.
• Payroll payment management through a financial institution.
• Time control through the access control system using fingerprint/card (if applicable).
• Management of the entity's collective insurance/pension plan.
• Carry out training activities, both subsidized and non-subsidized.
What is the legitimacy for the processing of your data?
• The legal basis for the processing of your data is the execution of your employment contract. Compliance with the relevant legal obligations. The consent of the interested party.
Do we include personal data of third parties?
• No, as a general rule we only process the data provided to us by the owners. If you provide us with data from third parties, you must first inform and request the consent of said persons, otherwise you exempt us from any liability for failure to comply with this requirement.
And data on minors?
• We do not process data from minors under 14 years of age on the website. Therefore, please refrain from providing such data if you are not that age.
Will we communicate electronically?
• They will only be used to manage your request, if it is one of the means of contact that you have provided us.
• If we carry out commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
• You can rest assured: We have adopted an optimal level of protection for the personal data we handle, and we have installed all the technical means and measures at our disposal, according to the state of technology, to prevent the loss, misuse, alteration, unauthorized access and theft of personal data.
To what extent will decision-making be automated?
GAVIMAR HOTELS does not use fully automated decision-making processes to establish, develop or terminate a contractual relationship with the user. In the event that we use such processes in a particular case, we will keep you informed and inform you of your rights in this regard if so prescribed by law.
Will profiling take place?
In order to offer you products and/or services in accordance with your interests and to improve your user experience, we may create a "commercial profile" based on the information provided. However, no automated decisions will be made based on this profile.
To which recipients will your data be communicated?
To the Companies that make up the GAVIMAR HOTELS group.
Your data will not be transferred to third parties, except under legal obligation. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial institutions for the collection of the service provided or product purchased, as well as to the data processors necessary for the execution of the agreement.
In the event of a purchase or payment, if you choose an application, website, platform, bank card, or any other online service, your data will be transferred to that platform or processed within its environment, always with maximum security.
In the event that you have given us your consent for the processing of your name and images and other information related to the activity of GAVIMAR HOTELS, they will be disclosed on the different social networks and website of GAVIMAR HOTELS.
International transfers
Should it be necessary for GAVIMAR HOTELS to carry out international data transfers, it will ensure that such transfers are possible in accordance with the General Data Protection Regulation or any other requirement established by the applicable regulations. For such purposes, the company will adopt the necessary agreements to guarantee a level of data protection equivalent to that provided for in European regulations.
In the case of working on a shared folder system in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc., an international transfer will be made to the United States under the authorization of article 49.c) of the General Data Protection Regulation or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
What Rights Do You Have?
• To know whether we are processing your data or not.
• To access your personal data.
• To request rectification of your data if they are inaccurate.
• To request the deletion of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent granted.
• To request the limitation of the processing of your data, in some cases, in which case we will only retain them in accordance with current regulations.
• To transfer your data, which will be provided to you in a structured, commonly used or machine-readable format. If you prefer, we can send it to the new controller that you designate for us. This is only valid in certain cases.
• To file a complaint with the Spanish Data Protection Agency if you believe that we have not served you correctly.
• To revoke consent for any treatment to which you have consented, at any time.
If you change any of your information, please let us know so we can keep it up to date.
Do you want a form to exercise your rights?
• We have forms for exercising your rights. Please request them by email or, if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.
• These forms must be signed electronically or accompanied by a photocopy of the ID.
• If you are represented by someone, you must attach a copy of their ID, or have them sign it with their electronic signature.
• Forms may be submitted in person, sent by letter or by email to the address of the Controller at the beginning of this text.
You have the right to file a complaint with the Spanish Data Protection Agency if you consider that your request for your rights has not been adequately addressed.
The maximum period for GAVIMAR HOTELS to resolve is one month, counting from the effective receipt of your request by us.
You have the right to revoke consent at any time for any of the treatments for which you have given it.
Do we use cookies?
If we use cookies other than those that are necessary, you can consult the cookie policy in the corresponding link at the top of our website.
How long will we keep your personal data?
• Personal data will be kept as long as you remain connected to us.
• Once you are disconnected, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them taking into account the statute of limitations for legal actions.
• The data processed will be kept until the legal deadlines mentioned above expire, if there is a legal obligation to maintain them, or if there is no such legal deadline, until the interested party requests their deletion or revokes the consent granted.
• We will keep all information and communications relating to your purchase or the provision of our service for the duration of the product or service warranties, to address any potential claims.
• For each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
File | Document | Conservation |
Customers | Invoices | 10 years |
Forms and coupons | 15 years | |
Contracts | 5 years | |
Human Resources | Payrolls, TC1, TC2, etc. | 10 years |
Curriculums | Until the end of the selection process, and 1 more year with your consent | |
Severance pay documents. Contracts. Temporary worker data. | 4 years | |
Worker's file. | Up to 5 years after discharge. | |
Marketing | Databases or web visitors. | For the duration of the treatment. |
Suppliers | Invoices | 10 years |
Contracts | 5 years | |
Access control and video surveillance | List of visitors | 30 days |
Videos | 30 days blockade 3 years destruction | |
Accounting | Accounting books and documents. Agreements between shareholders and boards of directors, company bylaws, minutes, regulations of the board of directors and delegated committees. Financial statements, audit reports Records and documents related to grants | 6 years |
Fiscal | Management of the entity, rights and obligations relating to the payment of taxes. Administration of dividend payments and tax withholdings. | 10 years |
Information on intra-group price establishments | 18 years old 8 years for intra-group transactions for price agreements | |
Safety and Health | Medical Records | 5 years |
Environment | Information on chemical or substantially hazardous substances | 10 years |
Documents relating to environmental permits While the activity is being carried out. | 3 years after the closure of the activity 10 years (statute of limitations for crime) | |
Records on recycling or waste disposal | 3 years | |
Grants for cleaning operations must retain documents of rights and obligations, receipts and payments | 4 years | |
Accident reports | 5 years | |
Insurance | Insurance policies | 6 years (general rule) 2 years (damages) 5 years (personal) 10 years (life) |
Shopping | Record all deliveries of goods or services, intra-community acquisitions, imports and exports for VAT purposes. | 5 years |
Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years |
Permits, licenses, certificates | 6 years from the expiration date of the permit, license or certificate. 10 years (criminal statute of limitations) | |
Confidentiality and non-competition agreements | Always the duration of the obligation or confidentiality | |
Protection of personal data | Processing of personal data, if different from the processing notified to the AEPD | 3 years |
Personal data of employees stored in the networks, computers and communications equipment used by them, access controls and internal management/administration systems | 5 years | |
Academics | Academic history | Indefinite |
Guests | Check-in of travelers/guests | 3 years |