Privacy Policy

PRIVACY POLICY - EXTENDED INFORMATION

 

LAST MODIFICATION: 05/25/2018

 

The Privacy Policy is part of the General Conditions that govern the Website www.gavimar-hotels.com together with the Cookies Policy and the Legal Notice.

 

GAVIMAR HOTELS , reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that the user has registered on the website and accesses their account or profile, when accessing it, they will be informed in the event that there have been substantial modifications in relation to the processing of their personal data.

 

Who is responsible for the processing of your data?

 

The data that is collected or voluntarily provided to us through the Website, either by browsing it, as well as all those that you can provide us in the contact forms, via email or by phone, will be collected and processed by the Data Controller, whose data is indicated below:

 

HOTELES GAVIMAR SA CIF: A07214026

Commercial Registry: Volume 641, Book 557, Folio 87

Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Illes Baleares)

 

As well as the following companies (as Responsible or Responsible for treatment):

 

HOTELERA LLAHO SL, CIF: B07063134

ARIEL CHICO CLUB RESORT

Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Illes Baleares)

 

FERREO SA, CIF: A07258668

LA MIRADA CLUB RESORT

Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Illes Baleares)

 

APARTAMENTOS CALA GRAN SL, CIF: B57117673

CALA GRAN COSTA DEL SUR HOTEL & RESORT / CALA GRAN APARTAMENTOS

Address: Av. Fernando Tarragó, 27, 1º, 07660, Cala d´Or (Illes Baleares)

 

Who is your contact at GAVIMAR HOTELS for the protection of your personal data?

 

Phone: 971657189

Mail: gavimar2@gavimar.com

Data Protection Officer: Jerónimo Bonafé García

If, for any reason, you want to contact us in any matter related to the processing of your personal data or privacy (with our Data Protection Officer), you can do so through any of the means indicated above.

 

What data do we collect through the website?

 

By the simple fact of browsing the Website, GAVIMAR HOTELS> will collect information regarding:

- IP adress.

- Browser version.

- OS.

- Duration of the visit or browsing of the Website.

 

Such information is stored by Google Analytics, so we refer to Google's Privacy Policy, since it collects and processes such information. http://www.google.com/intl/en/policies/privacy/

In the same way, the Web Page provides the utility of Google Maps, which can have access to your location, if you allow it, in order to provide you with greater specificity about our distance and / or paths. venues. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and treatment of such data http://www.google.com/intl/en/policies/privacy/

 

The information that we handle will not be related to a specific user and will be stored in our databases, for the purpose of statistical analysis, improvements to the Website, about our products and / or services and will help us improve our strategy. commercial. The data will not be communicated to third parties.

 

User registration on the website / Sending forms

 

To access certain products and / or services, the user must fill in a form. For this, in the registration form, a series of personal data is requested. The data is necessary and mandatory to carry out such registration. In the case of not providing such fields, the registration will not be carried out.

In this case, the browsing data will be associated with the user's registration, identifying the same specific user who browses the Website. In this way, the offer of products and / or services that, in our opinion, best suits the user can be personalized.

 

The registration data of each user will be incorporated into the GAVIMAR HOTELS databases, together with the history of operations carried out by the same, and will be stored in them as long as the account of the registered user is not deleted. Once said account is eliminated, said information will be removed from our databases, keeping data related to the transactions carried out for 10 years, without accessing or altering them, in order to comply with the legally valid deadlines. The data that are not linked to the transactions carried out will be kept unless consent is withdrawn, in which case they will be deleted immediately (always taking into account the legal deadlines).

 

The legal basis for the processing of your personal data is the execution of a contract between the parties.

In relation to sending communications and promotions electronically and responding to requests for information, the legitimacy of the treatment is the consent of the user.

 

The purposes of the treatment will be the following:

a) Manage registration in the user registration area and their access to the Website.

b) Manage the purchase of the products and / or services made available to you through the Website.

c) Keep you informed of the processing and status of your requests, purchases and / or reservations.

d) Respond to your request for information.

e) Manage all the utilities and / or services offered by the platform to the user

 

Thus, we inform you that you will be able to receive communications via email and / or on your phone, in order to inform you of possible incidents, errors, problems and / or status of your requests.

 

To send commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given by contacting GAVIMAR HOTELS , using the means indicated above. In any case, in each commercial communication, you will be given the possibility of unsubscribing when receiving them, either through a link and / or email address.

 

Newsletter sending

 

On the Website, the option of subscribing to the GAVIMAR HOTELS Newsletter is allowed . For this, it is necessary that you provide us with an email address to which it will be sent.

 

Such information will be stored in a GAVIMAR HOTELS database, in which it will be recorded until the interested party requests its withdrawal or, where appropriate, GAVIMAR HOTELS ceases to send it.

 

The legal basis for the processing of these personal data is the express consent given by all those interested who subscribe to this service by checking the box for this purpose.

 

The data of the emails will only be processed and stored in order to manage the sending of the Newsletter by the users who request it.

 

To send the Newsletter, the express consent of the user will be requested when registering in it by checking the box for this purpose. In this regard, the user may revoke the consent given by contacting GAVIMAR HOTELS , using the means indicated above. In any case, in each communication, you will be given the possibility of unsubscribing when receiving them, either through a link and / or email address.

 

If you are any of the following groups, check the drop-down information:

 

+ WEB OR EMAIL CONTACTS

 

For what purposes are we going to process your personal data?

 

• Answer your questions, requests or requests.

• Manage the requested service, answer your request, or process your request.

• Information by electronic means, related to your request.

• Commercial or event information by electronic means, provided there is express authorization.

 

What is the legitimacy for the processing of your data?

 

The acceptance and consent of the interested party: In those cases where to make a request it is necessary to fill in a form and click on the send button, the completion of the same will necessarily imply that you have been informed and have expressly granted your consent to the content of the clause attached to said form or acceptance of the privacy policy.

All our forms have a checkbox with the following formula, in order to send the information: "□ I have read and accept the Privacy Policy."

 

+ CLIENTS

 

For what purposes are we going to process your personal data?

 

• Preparation of the budget and monitoring of the same through communications between both parties.

• Information by electronic means, related to your request.

• Commercial or event information by electronic means, provided there is express authorization.

• Manage the administrative, communications and logistics services performed by the Responsible. • Carry out the corresponding transactions.

• Billing and declaration of the appropriate taxes.

• Control and recovery procedures.

 

What is the legitimacy for the processing of your data?

 

The legal basis is your consent and the performance of a contract.

 

+ SUPPLIERS.

 

For what purposes are we going to process your personal data?

 

• Information by electronic means, related to your request.

• Commercial or event information by electronic means, provided there is express authorization.

• Manage the administrative, communications and logistics services performed by the Responsible.

• Billing.

• Carry out the corresponding transactions.

• Billing and declaration of the appropriate taxes.

• Control and recovery procedures.

 

What is the legitimacy for the processing of your data?

 

The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products in any way.

 

+ CLUB GAVIMAR MEMBERS

 

For what purposes are we going to process your personal data?

 

• Offer the owner and his family important advantages and exclusive discounts.

 

What is the legitimacy for the processing of your data?

 

The legal basis is contractual and the consent of the interested party.

 

+ SOCIAL MEDIA CONTACTS

 

For what purposes are we going to process your personal data?

 

• Answer your questions, requests or requests.

• Manage the requested service, answer your request, or process your request.

• Relate to you and create a community of followers.

 

What is the legitimacy for the processing of your data?

 

The acceptance of a contractual relationship in the environment of the corresponding social network, and in accordance with its Privacy policies: Facebook: http://www.facebook.com/policy.php?ref=pf

Twitter: http://twitter.com/privacy

Google *: http://www.google.com/intl/es/policies/privacy/

YouTube: https://www.youtube.com/yt/policyandsafety/es/policy.html

Flickr: https://policies.oath.com/ie/es/oath/privacy/products/flickr/index.html

 

How long are we going to keep personal data?

 

We can only consult or cancel your data in a restricted way by having a specific profile. We will treat them as long as you leave us following us, being friends or giving “like”, “follow” or similar buttons. Any rectification of your data or restriction of information or publications must be done through the configuration of your profile or user in the social network itself.

 

+ VIDEO SURVEILLANCE

 

For what purposes are we going to process your personal data?

 

• Video surveillance of our facilities.

• Control of our employees.

• Sometimes they can be assigned to the courts and tribunals for the exercise of legitimate actions.

 

What is the legitimacy for the processing of your data?

 

The unequivocal consent of the interested party when accessing our facilities after viewing the information poster of the video-monitored area.

 

+ JOB DEMANDERS

 

For what purposes are we going to process your personal data?

 

• Organization of selection processes for hiring employees.

• Appoint you for job interviews and evaluate your candidacy.

• If you have given us your consent, we may transfer it to collaborating or related entities, with the sole purpose of helping you find employment. What is the legitimacy for the processing of your data? The legal basis is your unequivocal consent, when you give us your CV and receive and sign information regarding the treatments that we are going to carry out. How long are we going to keep personal data? The curriculum will be stored for a period of one year, after which, in the event that we have not contacted you, it will be deleted.

 

+ HR

 

For what purposes are we going to process your personal data?

 

• Management of the employment relationship and the worker's file.

• Carry out all those administrative, tax and accounting procedures necessary to comply with our contractual commitments, obligations in terms of labor regulations, Social Security, prevention of occupational, tax and accounting risks.

• Payroll payment management through financial entity.

• Time control through the fingerprint / card access control system (if applicable).

• Management of group insurance / pension plan of the entity.

• Carry out training activities for both subsidized and non-subsidized training.

 

What is the legitimacy for the processing of your data?

 

The legal basis for the processing of your data is the execution of your employment contract. Compliance with the relevant legal obligations. The consent of the interested party.

 

Do we include personal data of third parties?

 

No, as a general rule we only process the data provided by the owners. If you provide us with data from third parties, you must first inform and request their consent from said persons, or otherwise you exempt us from any responsibility for the breach of this requirement.

 

And data of minors?

 

We do not process data of minors under 14 years of age, therefore, refrain from providing them if you are not that age.

 

Will we carry out communications by electronic means?

 

• They will only be made to manage your request, if it is one of the means of contact that you have provided us.

• If we carry out commercial communications, they will have been previously and expressly authorized by you.

 

What security measures do we apply?

 

You can rest assured: We have adopted an optimal level of protection of the personal data that we handle, and we have installed all the means and technical measures at our disposal, according to the state of technology, to avoid loss, misuse, alteration, access not authorized and theft of personal data.

 

To what extent will decision making be automated?

 

GAVIMAR HOTELS does not use fully automated decision-making processes to establish, develop or terminate a contractual relationship with the user. In the event that we use these processes in a particular case, we will keep you informed and communicate your rights in this regard if prescribed by law.

 

Will profiling take place?

 

In order to be able to offer you products and / or services in accordance with your interests and improve your user experience, we may prepare a "commercial profile" based on the information provided. However, no automated decisions will be made based on that profile.

 

To which recipients will your data be communicated?

 

To the Companies that make up the GAVIMAR HOTELS group.

Your data will not be transferred to third parties, except legal obligation. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial entities for the collection of the service provided or product purchased, as well as to those in charge of the treatment necessary for the execution of the agreement.

In case of purchase or payment, if you choose an application, website, platform, bank card, or any other online service, your data will be transferred to that platform or will be processed in its environment, always with maximum security.

 

In the event that you have given us your consent for the treatment of your name and images and other information, related to the activity of GAVIMAR HOTELS, they will be disclosed on the different social networks and GAVIMAR HOTELS website.

 

International transfers.

 

If it is necessary to carry out international data transfers by GAVIMAR HOTELS , it will ensure that such transfers are possible in accordance with the General Data Protection Regulations or any other requirement established by applicable regulations. For this purpose, the company will adopt the agreements that are necessary to guarantee a level of data protection equivalent to that provided for in European regulations.

 

In case of working in a system of shared folders in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc ... an international transfer will be made to the United States under the enabling of article 49.c) of the General Regulations of Data Protection or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.

 

What rights do you have?

 

• To know if we are treating your data or not.

• To access your personal data.

• To request the rectification of your data if they are inaccurate.

• To request the deletion of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent granted.

• To request the limitation of the processing of your data, in some cases, in which case we will only keep them in accordance with current regulations.

• To carry your data, which will be provided to you in a structured, commonly used or machine-readable format. If you prefer, we can send them to the new manager that you designate. It is only valid in certain cases.

• To file a claim with the Spanish Data Protection Agency, if you think we have not treated you correctly.

• To revoke consent for any treatment for which you have consented, at any time.

 

If you modify any information, we appreciate that you communicate it to us to keep it updated.

 

Do you want a form for the exercise of Rights?

 

• We have forms for the exercise of your rights, ask us by email or if you prefer, you can use those prepared by the Spanish Agency for Data Protection or third parties.

• These forms must be signed electronically or be accompanied by a photocopy of the DNI.

• If someone represents you, you must attach a copy of their ID, or have them sign it with their electronic signature.

• The forms can be presented in person, sent by letter or by mail at the address of the Responsible at the beginning of this text.

 

You have the right to file a claim with the Spanish Data Protection Agency, in the event that you consider that the request for your rights has not been adequately addressed.

 

The maximum term to resolve by GAVIMAR HOTELS is one month, counting from the effective receipt of your request by us.

 

You have the right to revoke consent at any time for any of the treatments for which you have granted it.

 

Do we treat cookies?

 

If we use other types of cookies than the necessary ones, you can consult the cookie policy in the corresponding link from the beginning of our website.

 

How long are we going to keep your personal data?

 

• Personal data will be kept as long as you are linked with us.

• Once you disassociate yourself, the personal data processed for each purpose will be kept for the legally stipulated periods, including the period in which a judge or court may require them, taking into account the statute of limitations for legal actions.

• The data processed will be kept as long as the aforementioned legal periods do not expire, if there is a legal obligation to maintain it, or if there is no such legal period, until the interested party requests its deletion or revokes the consent granted.

• We will keep all the information and communications related to your purchase or the provision of our service, while the guarantees of the products or services last, to attend to possible claims.

• In each treatment or type of data, we provide you with a specific period, which you can consult in the following table:

 

File	Document	Conservation
customers	Bills	10 years
	Forms and coupons	15 years
	Contracts	5 years
Human Resources	Payroll, TC1, TC2, etc.	10 years
	Resumes	Until the end of the selection process, and 1 more year with your consent
	Docs of severance pay. Contracts Temporary worker data.	4 years
	Worker's file.	Up to 5 years after withdrawal.
Marketing	Databases or website visitors.	While the treatment lasts.
Providers	Bills	10 years
	Contracts	5 years
Access control and video surveillance	Visitors list	30 days
	Videos	30 days lockout 3 years destruction
Accounting	Accounting Books and Documents. Partner agreements and boards of directors, company statutes, minutes, board of directors regulations and delegated committees. Financial statements, audit reports Records and documents related to grants	6 years
Fiscal	Management of the entity's administration, rights and obligations related to the payment of taxes. Administration of dividend payments and tax withholdings.	10 years
	Information on intra-group price establishments	18 years 8 years for intra-group transactions for price agreements
Security and health	Medical records	5 years
Environment	Information on chemical or substantially hazardous substances	10 years
	Documents related to environmental permits While the activity is carried out.	3 years after the closing of the activity 10 years (prescription crime)
	Records on recycling or waste disposal	3 years
	Subsidies for cleaning operations must keep documents of rights and obligations, receipts and payments	4 years
	Accident reports	5 years
Insurance	Insurance policies	6 years (general rule) 2 years (damage) 5 years (personal) 10 years (life)
Shopping	Register all deliveries of goods or provision of services, intra-community acquisitions, imports and exports for VAT purposes.	5 years
Legal	Intellectual and Industrial Property Documents. Contracts and agreements.	5 years
	Permits, licenses, certificates	6 years from the expiration date of the permit, license or certificate. 10 years (criminal statute of limitations)
	Confidentiality and non-competition agreements	Always the term of the obligation or confidentiality
Protection of personal data	Processing of personal data, if different from the treatment notified to the AEPD	3 years
	Personal data of employees stored in the networks, computers and communications equipment used by them, access controls and internal management / administration systems	5 years
Academics	Academic record	Undefined