The Management / Governing body of FANTASIA HOTELS AND RESORTS S.L.U. (hereinafter, the data controller), assumes the maximum responsibility and commitment to establishing, implementing and maintaining this Data Protection Policy, with the data controller guaranteeing continuous improvement in order to achieve excellence with regards to compliance with regulation (EU) 2016/679 of the European Parliament and of the Council, of 27th April 20016, on the protection of individuals in relation to the processing and free circulation of these data, which repeals Directive 95/46/EC (General Data Protection Regulation) (DOUE L 119/1, 04-05-2016), and Spanish regulations on the protection of personal data (Organic Law, specific sector legislation and its implementing regulations).
The Data Protection Policy of FANTASIA HOTELS AND RESORTS S.L.U. is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs this Policy, and is able to prove it before the competent supervisory authorities.
In this regard, the data controller will abide by the following principles, which all of its personnel should use as a guide and reference framework for processing personal data:
1. Data protection starting from the design: the data controller, both when determining the data processing media and at the time of processing, will implement appropriate technical and organizational measures, such as pseudonymization, in order to effectively apply the principles of data protection, such as minimization of data and to ensure the processing includes all the necessary guarantees.
2. Default data protection: the data controller will apply the appropriate technical and organizational measures with a view to ensuring that, by default, only the personal data necessary for each of the specific purposes are processed.
3. Data protection in the information life cycle: the measures that guarantee the protection of personal data will apply throughout the whole life cycle of the information.
4. Legality, loyalty and transparency: personal data will be processed in a lawful, loyal and transparent manner with regards to the data subject.
5. Limitation of purpose: personal data will be collected for specific, explicit, legitimate purposes and will not be subsequent processed in any way which is incompatible with these purposes.
6. Data minimization: personal data will be adequate, pertinent and limited to those that are strictly necessary for the purposes for which they processed.
7. Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be taken to ensure that any personal data that are inaccurate with regard to the purpose for which they are processed, are immediately erased or corrected.
8. Limitation of conservation period: personal data will be maintained in such a way that the identification of the data subject is permitted for no longer than is necessary for the purpose of processing the personal data.
9. Integrity and confidentiality: suitable technical or organizational measures will be implemented to ensure that personal data are processed in such a way as to guarantee their adequate security, including protection against unauthorized or illicit processing and against loss, destruction or accidental damage.
10. Information and training: one of the keys to guaranteeing the protection of personal data is training and information for all personnel involved in processing personal data. All personnel with access to the data will be duly trained and informed of their obligations with regards to compliance with data protection regulations throughout the information life cycle.
The Data Protection Policy of FANTASIA HOTELS AND RESORTS S.L.U. is made known to all of the data controller’s personnel and is made available to all data subjects.
Consequently, this Data Protection Policy involves all of the data controller’s personnel, who must know, assimilate and consider it as their own, with each member being responsible for applying it and for verifying the data protection rules which apply to their activity, and for identifying and proposing opportunities for improvement considered opportune with the aim of achieving excellence in compliance.
This Policy will be reviewed by the Management / Governing Body of FANTASIA HOTELS AND RESORTS S.L.U., as often as is considered necessary, to ensure it is at all times aligned with the provisions in force regarding personal data protection.