PERSONAL DATA PROTECTION POLICY FOR THE WEB PAGE
We inform you below, in the form of questions and answers, of the conditions in which our entity processes your personal data:
Who is responsible for the processing of your data?
Frateromar SL CIF: B-76066729
Fariones Playa Apartments SA CIF: CIF-B35458215
Suite Hotel Fariones Playa SAU CIF: A-35372648
Postal address: C/ Acatife no 2 – CP 35510
Telephone: 928 59 59 91
For what purpose do we process your personal data?
We process the personal data you provide us with for the following purposes:
a) The management of the relationship with the client and the invoicing and collection of the services . The provision of data for this purpose by our clients is mandatory, preventing compliance with the contract in another case.
b) The management of relationships with our suppliers, as well as billing and payment of services . For this purpose, it is mandatory that the provider provide us with your data, since, otherwise, the contract could not be executed.
c) Channel requests for information, suggestions and complaints that you may send us, contact the sender of the information, respond to your request or query and follow up afterwards . The fact of providing the data for this purpose is voluntary, although, in case of not doing so, it will not be possible to respond to the request, query or claim. Therefore, the communication of your personal data for these purposes is a necessary requirement for us to be able to meet those requests.
d) Sending commercial communications about our services . Through these communications, users will be informed about the different services offered by the COMPANY and by the other entities that operate under the Grupo Plus Fariones brand, as well as the events organized by them. The entities that make up Grupo Plus Fariones, all of them dedicated to the hotel sector, are: Frateromar, SLU, Apartamentos Fariones Playa, SL and Suite Hotel Fariones, SA
If the addressee is our client, we will send you said commercial communications about the entity's services and events, unless you express your will to the contrary by checking the corresponding box at the time you provide your data or, later, by communicating it to us through any means. .
On the contrary, if you do not contract our services, we will not send you commercial information from the COMPANY, unless you expressly authorize us to do so. In the same way, even if you are our client, we will not send you commercial communications from the rest of the entities that operate under the Plus Fariones brand if you do not give your consent to do so. The authorization is voluntary and its refusal would only have the consequence that you would not receive commercial offers for our products or services.
In relation to the sending of the aforementioned communications, based on the information provided, we can prepare commercial profiles, to offer you the products and services that best suit your interests.
e) Process registrations for events and activities in which users want to participate . In this case, the images or videos made of the participants in a particular way during their development may be published, with their prior consent, on the entity's website, on its social networks, in corporate magazines, bulletin boards and any other another similar means of communication owned by the company, with the purpose of promoting such activities or events. The provision of the data is voluntary, both for the registration to the event and for the production of images and videos, although if it is not provided, they will not be able to register for them, nor will the images and videos be used for the indicated purposes.
f) If you send us your CV, we will process it to have information from those people who wish to do an internship and/or work with us in order to be able to carry out the corresponding personnel selection processes .
Entities that operate under the Plus Fariones brand have a centralized email address for receiving candidates' CVs (firstname.lastname@example.org). If the CV is sent to said address, the data will be processed by each of these entities as independent data controllers for the purposes indicated in the previous point. The provision of your data for this purpose is voluntary, although, if you do not provide them, you will not be able to participate in our personnel selection processes.
g) Manage reservations requested by users : The provision of data for this purpose is mandatory, and it is not possible to process reservations and provide the corresponding services otherwise.
h) In the event that you become a friend or follower of ours on social networks, we will process your data to keep you informed of our activities and promotions through said channels . The fact of providing the data for this purpose is voluntary, although, if you do not do so, you will not be able to be our friend or follower on the corresponding social network. The categories of data that are processed for this purpose are identification data.
For how long will we process your data?
We only keep your data for the period of time necessary to fulfill the purpose for which they were collected, to comply with the legal obligations that are imposed on us and to attend to the possible responsibilities that may arise from compliance with the purpose for which the data was collected. collected.
The data for the management of the relationship with customers and suppliers and the billing and collection of services will be kept for this purpose during the entire time that the contract is in force. Once said relationship is terminated, where appropriate, the data may be kept for the time required by applicable law and until the possible responsibilities derived from the contract prescribe.
The data processed to respond to requests, requests, queries or claims will be kept for the time necessary to respond to them and consider them definitively closed. Subsequently, they will be kept as a communications history for a period of one year, unless you request their deletion beforehand.
The data for sending commercial communications will be kept indefinitely, until, where appropriate, you express your willingness to delete them or your desire to stop receiving such communications.
The data of potential clients who do not contract our services and who do not wish to receive commercial information will be deleted when it is confirmed that the contract will not be carried out. In the event that the prior relationship between the parties, not yet consummated, could cause eventual responsibilities, the data will be kept until they expire. The data for the processing of registrations for events and activities, including the photographs and videos taken, may be kept for the duration of the event or activity, as well as its promotion, and even later, to respond to possible responsibilities. laws arising as a result of them.
The data that you provide us or that we obtain to take part in a specific open personnel selection process will be kept until said process is completed and canceled afterwards, unless the candidate is selected, in which case they will be incorporated into your employee file. If the candidates who are not selected want us to keep their CV for future selection processes, they must expressly request it by email. In the latter case, as well as when you spontaneously provide us with your CV, simply so that we take it into account in future selection processes, the data will be kept for a maximum of one year from the last update. You must keep the personal data you provide us updated; especially those related to training and professional experience. Sometimes, during the selection processes, you can go to job portals to find candidates that fit the professional profiles that are of interest to you, subject to the Privacy Policies of said platforms. The categories of personal data processed in these cases are the following: identification data, personal characteristics data, employment details data, academic and professional data and any other information that the candidate has published on the job portal or included in their CV .
The reservation data will be kept for the entire duration of your stay, as well as the provision of the requested services and, even after, for the entire time required by the applicable legislation and until the possible responsibilities derived from the service offered expire. In order to comply with the documentary registration obligations provided for in the regulations for the protection of citizen security, the user registration data will be kept for a period of 3 years from the end of the contracted service or provision.
The data provided through social networks will be kept as long as you remain a friend or follower of ours on the corresponding platform.
What is the legitimacy for the processing of your data?
The legal basis for the processing of customer and supplier data is the execution of the contractual relationship.
The processing of personal data for the response to your requests for information, requests, queries and claims is based on the consent of the person concerned. Said consent can be withdrawn at any time, although this will not affect the legality of the treatments carried out previously.
The prospective offer of our services to our clients is based on the satisfaction of the legitimate business interest consisting of being able to offer them the contracting of other products or services and thus achieve their loyalty. Said legitimate interest is recognized by the applicable legal regulations (General Data Protection Regulation), which expressly allows the processing of personal data on that legal basis for direct marketing purposes. However, we remind you that you have the right to oppose this processing of your data, and may do so by any of the means provided in this clause.
The prospective offer of the services of the rest of the hotels that operate under the Plus Fariones brand, as well as the remittance of commercial communications of the COMPANY services to those who, having shown interest in those, are not or have not become our clients, is based on the consent of the interested party. Said consent is revocable at any time, without this having more consequences than stopping receiving advertising and without affecting the data processing carried out previously.
The data for the processing of registrations for events and activities, including taking pictures and making videos, will be processed on the legal basis of the consent of the person who provides them. Said consent can be withdrawn at any time, although this will not affect the legality of the treatments carried out previously.
The legitimizing basis for the treatment of the CVs that you send us or that we obtain from employment platforms for a specific open personnel selection process is the existence of a pre-contractual relationship. Additionally, more data may be collected during interviews or selection processes, the treatment of which has the same foundation.
The legal basis for the treatment of the data contained in your CV, when you have asked us to keep it after a selection process or that you have sent us spontaneously, is your consent, which can be revoked at any time. However, the data processing carried out previously will not lose its legality due to the fact that the consent has been revoked.
The data for the management of reservations will be processed on the basis of the contractual relationship maintained between the parties. If the guest has any allergies or health problems and provides us with information in this regard, we will treat it based on their consent, which is manifested by the delivery of their data, in order to provide them with the corresponding services based on their needs. needs. This consent may be revoked at any time, without affecting the legality of the data previously provided. It is not mandatory for the client to provide their health data, although this could imply that the services we provide are not adapted to their needs.
The data provided through social networks will be processed on the legal basis of your consent, which may be revoked at any time, although this will not affect the legality of the treatments carried out previously.
To which recipients will your data be communicated?
The data will be communicated to the following entities:
a) The competent Public Administrations, including judges and courts, in the cases provided for in the Law and for the purposes defined therein.
b) The financial entities through which the management of collections and payments is articulated.
c) Companies with which additional services to lodging have been contracted (eg excursions, car rental).
d) The State Security Forces and Corps for compliance with Citizen Security regulations.
Although it is not a transfer of data, it may be that third-party companies, which act as our suppliers, access your information to carry out the service. These managers access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality and based on a contract in which they undertake to comply with the requirements of current regulations on the protection of personal data. .
What are your rights when you provide us with your data?
Anyone has the right to obtain confirmation as to whether or not we are processing personal data that concerns them. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which they were collected.
Under the conditions provided in the General Data Protection Regulation, interested parties may request the limitation of the processing of their data or its portability, in which case we will only keep them for the exercise or defense of claims.
In certain circumstances and for reasons related to their particular situation, the interested parties may oppose the processing of their data. If you have granted consent for a specific purpose, you have the right to withdraw it at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal. In these cases we will stop processing the data or, where appropriate, we will stop doing so for that specific purpose, except for compelling legitimate reasons, or the exercise or defense of possible claims.
In addition, the regulations on data protection allow you to oppose being subject to decisions based solely on the automated processing of your data, when appropriate.
The aforementioned rights are characterized by the following:
• Its exercise is free, except in the case of manifestly unfounded or excessive requests (eg, repetitive nature), in which case a fee proportional to the administrative costs borne may be charged or refusal to act.
• You can exercise your rights directly or through your legal representative or volunteer.
• Your request must be answered within one month, although, taking into account the complexity and number of requests, the term can be extended for another two months.
• We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of opting for another means. If the request is submitted by electronic means, the information will be provided by electronic means when possible, unless you request otherwise.
• If, for any reason, the request is not processed, we will inform you, no later than one month, of the reasons for this and the possibility of claiming before a Control Authority.
In order to facilitate the exercise of the aforementioned rights, we provide below the links to the application form for each of them:
o Form exercise of the right of access
o Form for exercising the right of rectification
o Form for exercising the right of opposition
o Form for exercising the right of deletion (right “to be forgotten”)
o Form for exercising the right to limit processing
o Exercise form of the right to portability
o Exercise form not to be subject to automated individual decisions
All the aforementioned rights can be exercised through the means of contact that appear at the beginning of this clause.
In all cases, you must prove your identity by attaching a photocopy or scanned copy of your ID or equivalent document, or a document proving representation, if the right is exercised through a representative.
All the aforementioned rights can be exercised through the means of contact with the entity that appear at the beginning of this clause.
Faced with any violation of your rights, especially when you have not obtained satisfaction in their exercise, you can file a claim with the Spanish Agency for Data Protection (contact details accessible at www.aepd.es), or another competent control authority. . You can also obtain more information about your rights by contacting these organizations.
How do we protect your personal data?
We are firmly committed to protecting the personal data we process. We use reasonably reliable and effective measures, controls and procedures of a physical, organizational and technological nature, aimed at preserving the integrity and security of your data and guaranteeing your privacy.
In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data.
In the case of the contracts that we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the order carried out, as well as to implement security measures. technical and organizational techniques necessary to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.
All these security measures are reviewed periodically to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed and there is no security system that is impenetrable, therefore, in the event that any information subject to processing and under our control is compromised as a result of a security breach, we will take the adequate measures to investigate the incident, notify the Control Authority and, where appropriate, to those users who may have been affected so that they take the appropriate measures.
What is your responsibility as the owner of the data?
By providing us with your personal data, the person who does so guarantees that they are over 14 years of age and that the data provided is true, exact, complete and up-to-date.
For these purposes, the interested party is responsible for the veracity of the data and must keep it properly updated so that it reflects their real situation, taking responsibility for false and inaccurate data that they may provide, as well as for damages, direct or indirect, which could be derived.
If you provide data from third parties, you assume the responsibility of previously informing them of everything provided in article 14 of the General Data Protection Regulation under the conditions established in said precept.
How have we obtained your data?
In those cases in which the user registration is carried out through social networks, the personal data that we will process will come from the social network in question, to which, previously, the interested party will have provided said data for the purposes provided in their corresponding policies. Of privacy. The categories of data that we will collect from the social network in question are those that appear in our registration form and that you have provided to said social network. If, in order to register on our website, more data than those provided by the social network are essential, you must fill them in additionally on our registration form, subject to the privacy conditions provided in this Policy.