ADDITIONAL INFORMATION ON THE PROCESSING OF PERSONAL DATA
Below, we describe how your personal data is processed and your rights under the current data protection regulations - Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, hereinafter, the "applicable regulations on data protection".
The data controller is Instalaciones Turísticas Costeras S.A. (hereinafter "the Data Controller"), with business address at C/ Francia 183 (pol Ind. Ciudad Transporte) 12006, Castellón, Spain.
If you wish, you can contact us by e-mail at the following address: firstname.lastname@example.org.
Your personal data is processed in accordance with the provisions of the applicable regulations on data protection, and will be processed legitimately and for the purposes we indicate below:
Your data will be processed in order to manage the booking of rooms through the different channels provided by the entity that owns the hotel.
Accordingly, in the event you do not allow the processing of your personal data for such purpose, and since the processing thereof is necessary to comply with the contractual obligations or application of pre-contractual measures with the Data Controller, you will not be able to make the booking.
Provided you have given your consent, your personal data may be processed for the following purposes:
You may withdraw your consent at any time. It should be noted that the withdrawal of consent is not retroactive.
The possible categories of data that will be processed are:
To carry out all the purposes described above, the Data Controller works with third-party service providers who may have access to personal data as a result of the execution of the contracted services. In any case, the Data Controller follows strict selection criteria of said third parties in order to comply with their obligations in data protection and signs their relevant data protection agreement with them, where these third parties are obliged to comply with their obligations in data protection, and in particular, to deploy those legal, technical and organisational security measures that are deemed appropriate to guarantee the security, integrity and confidentiality of the data of the interested parties, with regard to its processing for the purposes stated.
Your data will be transferred to other companies belonging to the hotel group to make your booking. The legal basis for transferring said data is the execution or fulfilment of the contractual obligations that are established with the Data Controller when requesting the booking of a room. Your data may also be transferred to the owners of the hotels in the event it is necessary to manage your request for information, and the legal basis for said transfer is your consent.
Additionally, the Data Controller may disclose the personal data and any other information of the user when required by public authorities in exercising the functions that are legitimately allocated to them and in accordance with the provisions that are applicable in those cases in which it is deemed necessary.
5. Will your data be transferred to third-party countries or international organisations?
International data transfers can be made outside the European Economic Area under different circumstances:
In all transfers the appropriate level of protection is guaranteed in accordance with the principles of the Privacy Shield or the Standard Contractual Clauses approved by the EU Commission.
6. For how long will we store your data?
The Data Controller will comply with the provisions of current legislation regarding the duty to delete personal information once the purpose has been reached, or when consent for the processing thereof has been withdrawn, leaving the information duly blocked, making it solely available to Judges and Courts, the Public Prosecutor's Office or the relevant Public Administrations for the attention of the possible responsibilities arising from the processing, and only during the statutes of limitations of the aforementioned responsibilities. Once these deadlines have elapsed, the information will be safely disposed of permanently.
7. How have we obtained your data?
The personal data that the Data Controller processes is the personal information you have provided by using the website contact form, when booking rooms through the website feature or through tour operators, or through the information published on websites or social networks related to the hotel or any other activity you may have on our website.
8. What are your rights when you provide us with your data?
In accordance with the provisions of the applicable regulations on data protection, as well as the national regulations on data protection, you have the right to exercise, if you wish, the rights of access, rectification and deletion of data, as well as request the restriction of the processing of your personal data, directly object to it, request the right to data portability, as well as not to be the subject of automated individual decisions.
Additionally, in the event that the personal data processing described is based on the consent given by you, you may withdraw the aforementioned consent at any time. Likewise, it should be noted that the withdrawal of the consent given will not affect the legality of the processing carried out prior to the withdrawal of said consent.
You can exercise the rights described above through the following channels, providing the necessary documentation that allows us to verify your identity (copy of ID, passport, Foreigner's Card, etc.):
9. Before whom can you exercise your claims?
If you understand that your data protection rights have been violated or if you have any complaint regarding your personal information, you can contact the data controller, whose contact details can be found in section 1.
In any case, the interested parties can always go before the Spanish Agency for Data Protection, control authority in matters of data protection, http://www.agpd.es, C/ Jorge Juan number 6, 28001, Madrid.