Data Protection Policy
The Management / Governing body of AINTURBAN HOTELES S.L.U. (hereinafter, the data controller), assumes the maximum responsibility and commitment to establishing, implementing and maintaining this Data Protection Policy, with the data controller guaranteeing continuous improvement in order to achieve excellence with regards to compliance with regulation (EU) 2016/679 of the European Parliament and of the Council, of 27th April 20016, on the protection of individuals in relation to the processing and free circulation of these data, which repeals Directive 95/46/EC (General Data Protection Regulation) (DOUE L 119/1, 04-05-2016), and Spanish regulations on the protection of personal data (Organic Law, specific sector legislation and its implementing regulations).
The Data Protection Policy of AINTURBAN HOTELES S.L.U. is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs this Policy, and is able to prove it before the competent supervisory authorities.
In this regard, the data controller will abide by the following principles, which all of its personnel should use as a guide and reference framework for processing personal data:
1. Data protection starting from the design: the data controller, both when determining the data processing media and at the time of processing, will implement appropriate technical and organizational measures, such as pseudonymization, in order to effectively apply the principles of data protection, such as minimization of data and to ensure the processing includes all the necessary guarantees.
2. Default data protection: the data controller will apply the appropriate technical and organizational measures with a view to ensuring that, by default, only the personal data necessary for each of the specific purposes are processed.
3. Data protection in the information life cycle: the measures that guarantee the protection of personal data will apply throughout the whole life cycle of the information.
4. Legality, loyalty and transparency: personal data will be processed in a lawful, loyal and transparent manner with regards to the data subject.
5. Limitation of purpose: personal data will be collected for specific, explicit, legitimate purposes and will not be subsequent processed in any way which is incompatible with these purposes.
6. Data minimization: personal data will be adequate, pertinent and limited to those that are strictly necessary for the purposes for which they processed.
7. Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be taken to ensure that any personal data that are inaccurate with regard to the purpose for which they are processed, are immediately erased or corrected.
8. Limitation of conservation period: personal data will be maintained in such a way that the identification of the data subject is permitted for no longer than is necessary for the purpose of processing the personal data.
9. Integrity and confidentiality: suitable technical or organizational measures will be implemented to ensure that personal data are processed in such a way as to guarantee their adequate security, including protection against unauthorized or illicit processing and against loss, destruction or accidental damage.
10. Information and training: one of the keys to guaranteeing the protection of personal data is training and information for all personnel involved in processing personal data. All personnel with access to the data will be duly trained and informed of their obligations with regards to compliance with data protection regulations throughout the information life cycle.
The Data Protection Policy of AINTURBAN HOTELES S.L.U. is made known to all of the data controller’s personnel and is made available to all data subjects.
Consequently, this Data Protection Policy involves all of the data controller’s personnel, who must know, assimilate and consider it as their own, with each member being responsible for applying it and for verifying the data protection rules which apply to their activity, and for identifying and proposing opportunities for improvement considered opportune with the aim of achieving excellence in compliance.
This Policy will be reviewed by the Management / Governing Body of AINTURBAN HOTELES S.L.U., as often as is considered necessary, to ensure it is at all times aligned with the provisions in force regarding personal data protection.
In Europe and Spain there are data protection regulations designed to protect your personal information that are binding on us.
Therefore, it is very important to us that you fully understand what we are going to do with the personal data we ask you for.
In this way, we will be transparent and put you in control of your data, with plain language and clear choices that allow you to decide what we will do with your personal information.
Please do not hesitate to ask us if you have any questions after reading this information.
Thank you for your cooperation.
Who are we?
We are at your disposal, please do not hesitate to contact us.
What will we use your data for?
In general, your personal data will be used to interact with you and to provide you with our services.
It may also be used for other activities, such as sending you advertising or promoting our activities.
Why do we need to use your data?
Your personal data is necessary for us to be able to deal with you and to provide you with our services. We will provide you with a number of check boxes to enable you to make a clear and simple choice about the use of your personal information.
Who will know the information we ask for?
In general, only duly authorised staff of our company will be able to know the information we ask you for.
Similarly, those entities that need to have access to your personal information in order for us to provide our services to you may also have access to your personal information. For example, our bank will know your details if payment for our services is made by credit card or bank transfer.
Likewise, those public or private entities to which we are obliged to provide your personal data in order to comply with any law will be aware of your information. To give you an example, the Tax Law obliges us to provide the Tax Agency with certain information on financial transactions exceeding a certain amount.
In the event that, apart from the cases mentioned above, we need to disclose your personal information to other entities, we will ask for your prior permission through clear options that will allow you to decide in this regard.
How will we protect your data?
We will protect your data with effective security measures commensurate with the risks associated with the use of your information.
To this end, we have adopted a Data Protection Policy and annual checks and audits are carried out to ensure that your personal data is secure at all times.
Will we send your data to other countries?
There are countries in the world that are safe for your data and others that are not so safe. For example, the European Union is a safe environment for your data. Our policy is not to send your personal information to any country that is not safe from a data protection point of view.
In the event that, in order to provide you with the service, it is necessary to send your data to a country that is not as secure as Spain, we will always request your prior permission and we will implement effective security measures to reduce the risks of sending your personal information to another country.
How long will we keep your data for?
We will retain your information for the duration of our relationship and for as long as we are required to do so by law. At the end of the applicable legal periods, we will dispose of it in a secure and environmentally sound manner.
What are your data protection rights?
You can contact us at any time to find out what information we hold about you, rectify it if it is incorrect and delete it after the end of our relationship, where this is legally possible.
You also have the right to request the transfer of your information to another entity. This right is called ‘portability’ and may be useful in certain situations.
To request any of these rights, you must make a written request to our address so that we can identify you.
Specific forms are available at our offices to request these rights and we will assist you in completing them.
To find out more about your data protection rights, you can consult the website of the Spanish Data Protection Agency (www.aepd.es).
Can you withdraw your consent if you change your mind at a later date?
You can withdraw your consent if you change your mind about the use of your data at any time.
For example, if you were once interested in receiving advertising for our products or services, but you no longer wish to receive advertising, you can let us know by filling in the objection form available in our offices.
If you feel that your rights have been disregarded, where can you make a complaint?
If you believe that your rights have been disregarded by our entity, you can make a complaint to the Spanish Data Protection Agency by any of the following means:
Spanish Data Protection Agency
C/ Jorge Juan, 6
28001-Madrid
Telf. 901 100 099
Telf. 91 266 35 17
Making a complaint to the Spanish Data Protection Agency does not entail any cost and you do not need the assistance of a lawyer or solicitor.
Will we profile you?
Our policy is not to profile users of our services.
However, there may be situations where, for service delivery, marketing or other purposes, we need to profile information about you. An example might be the use of your purchase or service history to enable us to offer you products or services tailored to your tastes or needs.
In such cases, we will implement effective security measures to protect your information at all times from unauthorised persons seeking to use it for their own benefit.
Will we use your data for other purposes?
Our policy is not to use your data for purposes other than those we have explained to you. If, however, we need to use your data for other activities, we will always ask for your permission beforehand by providing you with clear options to allow you to decide.
Informative clause club and newsletter
If you click on the "Subscribe to Club Las Fuentes" button, you will give your authorization to receive our promotional Newsletter in your email address, also consenting to the processing of personal data provided for the aforementioned purpose. If you wish to stop being part of our "Club Las Fuentes" and stop receiving our Newsletter at your email address, you can oppose the processing of your data for informational purposes at any time by sending an email message, with the subject "SUBSCRIPTION NEWSLETTER", to the following address: info@granhotel-lasfuentes.com .
You can contact us to find out what information we have about you, rectify it, delete it and request the transfer of your information to another entity (portability). To request these rights, you must make a written request to our address, along with a photocopy of your ID: AINTURBAN HOTELES S.L.U., RESIDENCIAL PARAISO 7, 1-A, CP 50008, ZARAGOZA (Zaragoza). If you understand that your rights have been neglected, you can make a claim at the AEPD (www.aepd.es).
