Privacy Policy

Last update: 16 Aug 2018

1.- USER INFORMATION

Who is the controller of your personal data?

HOTELINKING S.L. is the controller of the personal data of the user and informs you that this data will be processed in compliance with the provisions of Regulation (EU) 2016/679, of 27 April (GDPR), and Organic Law 3/2018, of 5 December (LOPDGDD).

What type of data do we request and process?

Depending on the form or method of obtaining your data, we always request the minimum data required in order to fulfil the purposes outlined in each case.

For what purpose do we process your personal data and why do we do so?

Depending on the form where we have obtained your personal data, we will process it confidentially in order to fulfil the purposes:

In the Contact form

  • To respond to enquiries or any type of request that is made by the user through any of the contact forms that are provided on the website of the controller.
    (The legitimate interests pursued by the controller, art. 6.1.f GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications. These communications will be issued by the controller and will be related to their products and services, or their collaborators or providers, with whom they have reached a promotion agreement. In this case, third parties will never have access to personal data.
    (the data subject has given consent , 6.1.a GDPR)
  • Carrying out statistical analysis and market studies.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

In the Newsletter form

  • Sending newsletters, news, offers, and online promotions.
    (the data subject has given consent , 6.1.a GDPR)

In the Request a quotation form

  • Sending commercial quotations about products and services.
    (for the performance of a contract or precontract, 6.1.b GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications. These communications will be issued by the controller and will be related to their products and services, or their collaborators or suppliers, with whom they have reached a promotion agreement. In this case, third parties will never have access to personal data.
    (the data subject has given consent , 6.1.a GDPR)

In the Online forum form

  • Participating in the online forums proposed by the controller.
    (the data subject has given consent , 6.1.a GDPR)

In the Curriculum form

  • To involve the data subject in staff selection processes and analyse the profile of the applicant with the aim of selecting a candidate for the controller’s vacant role.
    (the data subject has given consent , 6.1.a GDPR)

In the Testimony form

  • Moderate and publish the experiences, opinions, and suggestions of the user about a product or service on the website.
    (the data subject has given consent , 6.1.a GDPR)

In the Comments form

  • Moderating and publishing opinions about a publication on the website.
    (the data subject has given consent , 6.1.a GDPR)

In the Ethics Channel or complaints form

  • Properly managing the ethical channel, processing the corresponding irregularities notified through it, and deciding on the legitimacy of opening an investigation, for the purpose of detecting possible crimes and preventing the imposition of any kind of liability, and also avoiding any kind of behaviour that is contrary to the internal or external regulations of the entity.
    (for compliance with a legal obligation, 6.1.c GDPR)

In the Request a demonstration form

  • Sending the demo requested and responding to the enquiries made.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications. These communications will be issued by the controller and will be related to their products and services, or their collaborators or suppliers, with whom they have reached a promotion agreement. In this case, third parties will never have access to personal data.
    (the data subject has given consent , 6.1.a GDPR)
  • Carrying out statistical analysis and market studies.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

In the User registration form

  • Managing the account of the user to provide them with personalised access to the website and the interactive services it offers.
    (the data subject has given consent , 6.1.a GDPR)

In the Bookings form

  • Making bookings at the establishment of the controller.
    (for the performance of a contract or precontract, 6.1.b GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications relating to products or services that are similar to those that were initially subject to contracting with the client (art. 21.2 LSSI).
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

In the Appointments form

  • Scheduling appointments and meetings with the controller.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Social Media

  • Contact through Social Networks in order to maintain a relationship between the User and the Controller which can include the following operations: – Processing requests and enquiries. – Providing information about activities and events. – Providing information about products and/or services. – Interacting through the official profiles. The user has a profile on the same social network and has decided to join the social network of the Controller, thus showing their interest in the information that is published on it, therefore at the time of requesting to follow our official page, they provide their consent for the processing of their data. The User can, at any time, access the privacy policies on the social network itself, and also configure their profile in order to guarantee their privacy. Once the User is a follower or has joined the social network of the Controller, they can publish comments, links, images, photographs, or any other type of content supported by it on it the network. In any case, the User must be the owner of the content published, hold the copyright and intellectual property rights or have the consent of the affected third parties. – Sending commercial communications relating to activities of Group companies, as well as companies outside it, with which commercial collaboration or brokerage agreements have been established.
    (the data subject has given consent , 6.1.a GDPR)

Instant Messaging

  • Scheduling appointments and meetings with the controller.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications relating to products or services that are similar to those that were initially subject to contracting with the client (art. 21.2 LSSI).
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)
  • Managing, maintaining, improving or implementing the services provided.
    (for the performance of a contract or precontract, 6.1.b GDPR)
  • Managing your purchase or order online, processing payment and proceeding to ship or activate it, based on the general contracting conditions.
    (for the performance of a contract or precontract, 6.1.b GDPR)
  • Sending commercial quotations about products and services.
    (for the performance of a contract or precontract, 6.1.b GDPR)
  • Sending advertising commercial publications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, which makes it possible to send commercial communications. These communications will be issued by the controller and will be related to their products and services, or their collaborators or suppliers, with whom they have reached a promotion agreement. In this case, third parties will never have access to personal data.
    (the data subject has given consent , 6.1.a GDPR)
  • To respond to enquiries or any type of request that is made by the user through any of the contact forms that are provided on the website of the controller.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Video surveillance

  • Purpose Security and control of accesses, control of work and of internal activity Legitimacy Public interest for the security and control of accesses and Legitimate interest of the Controller based on Art. 20.3 of the Workers’ Statute Storage A maximum of 30 days.
    (the data subject has given consent , 6.1.a GDPR)

Images and recordings

  • File with still and/or dynamic images. It includes publication in the media of the controller or of third parties.
    (the data subject has given consent , 6.1.a GDPR)

Clients and suppliers

  • Commercial management with clients and suppliers
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Advertising exclusion

  • Management of data to prevent the sending of commercial communications to those who have expressed their refusal or opposition to receiving them.
    (for compliance with a legal obligation, 6.1.c GDPR)

Commercial advertising

  • Advertising management and market research. It includes data from legitimate sources that are publicly accessible.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Rights of data subjects

  • To deal with the requests of citizens to exercise the rights established in GDPR.
    (for compliance with a legal obligation, 6.1.c GDPR)

Users of the website, app, and other platforms of the controller

  • Identification data of users who access the corporate website.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Training, courses, workshops, activities, or similar

  • Management of access and usage conditions.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)

Connection to Wi-Fi network

  • Carrying out statistical analysis and market studies.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR)
  • Carrying out satisfaction and quality surveys.
    (the legitimate interests pursued by the controller, art. 6.1.f GDPR) (the data subject has given consent , 6.1.a GDPR)

Data of minors or vulnerable people

  • The controller will not collect or process personal data from minors under the age of fourteen, without fully complying with the requirements established in the applicable data protection regulations, with regard to the duty to inform and obtain the necessary consent. The data collected will be processed for the management of the informed purposes. The controller has the appropriate security measures for the security of this data.
    (the data subject has given consent , 6.1.a GDPR)

Legal representatives and contact people

  • If you are a legal representative or contact person from any of the entities or people that the Foundation is in contact with, the controller will process your data to control the implementation of the intended relationship.
    (the data subject has given consent , 6.1.a GDPR)

How long will we keep your personal data for?

It will be kept for no longer than is needed to maintain the purpose of the processing or if there are legal requirements that stipulate its safekeeping and when it is no longer needed for that purpose, it will be eliminated with the appropriate security measures to guarantee the anonymisation of the data or the total destruction of it.

To whom will we disclose your personal data?

No disclosure of personal data to third parties is planned unless, if necessary, for the development and implementation of the purposes of the processing, to our service providers relating to communications, with whom the controller has signed the confidentiality and processing contracts required by current privacy regulations.

Do we carry out international transfers?

In accordance with the provisions of article 44 of the GDPR, the authorisation for international data transfers to a country that has not been declared a country with a suitable level of protection can only be granted if sufficient guarantees are obtained. Thus, it can be granted if the controller provides a written contract concluded between the data exporter and importer, which outlines the necessary guarantees to respect the protection of the data subjects and guarantees the exercise of their rights.

It is possible that the controller has services from providers who have servers or headquarters in other places and, therefore, that these transfers may be carried out. To consult the updated list of providers, consult the controller or do so via dataprotection@hotelinking.com.

What rights do you have?

The rights of the user are:

  • The right to withdraw consent at any time.
  • The right of access, rectification, portability and elimination of your data, and to the limitation or opposition of its processing.
  • The right to make a complaint to the control authority (www.aepd.es) if you believe that the processing does not comply with current regulations.

Contact details in order to exercise your rights:

HOTELINKING S.L.. Parc Bit, C/ Isaac Newton Edificio Disset – 3rd floor, D9, – 07120 Palma (Balearic Islands). Email: dpo@grupox3.es. Contact data of the data protection officer: Consultancy X3 S.L., Jaume Balmes 26, 07005 Palma de Mallorca – dpo@grupox3.es.

2.- OBLIGATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

Users, by checking the corresponding boxes and entering data in fields, marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely and unequivocally accept, that their data is necessary to deal with their request, by the provider, and the inclusion of data in other fields is voluntary. The user guarantees that the personal data provided to the controller is true and takes responsibility for communicating any changes to it.

The controller states that all data requested through the website is obligatory, as it is necessary for the provision of an optimal service to the user. In the event that all the data is not provided, it is not guaranteed that the information and services provided will be completely tailored to your needs.

If by any means, you provide us with personal data from other people, the controller warns that you must do so with their consent, and having informed them, beforehand, of the points contained in this Privacy Policy. Likewise, the controller undertakes to provide any third party whose data you provide with the relevant information, in compliance with the provisions of article 14 of the General Regulation.

3.- SECURITY MEASURES

In compliance with the provisions of the current personal data protection regulations, the controller is complying with all the GDPR and LOPDGDD regulations for the processing of the personal data under its responsibility, and demonstrably with the principles described in article 5 of GDPR, for which data is processed in a lawful, fair, and transparent way in relation to the data subject and suitable, relevant, and limited to what is necessary with regard to the purposes for which it is processed.

The controller guarantees that they have implemented the suitable technical and organisational policies to apply the security measures established by GDPR and LOPDGDD in order to protect the rights and freedoms of users and have provided them with the appropriate information in order for them to exercise them.

For further information about privacy guarantees, you can contact the controller through HOTELINKING S.L.. Parc Bit, C/ Isaac Newton Edificio Disset – 3rd floor, D9, – 07120 Palma (Balearic Islands). Email: dpo@grupox3.es. Contact data of the data protection officer: Consultancy X3 S.L., Jaume Balmes 26, 07005 Palma de Mallorca – dpo@grupox3.es.

4.- VALIDITY

This privacy policy is valid from 18/07/2023.

The controller reserves the right to modify this policy in order to adapt it to future legislative or case law updates that apply, or for other technical, operational, commercial, corporate reasons, etc. If, as a consequence of the changes, the rights of users are affected, the controller undertakes to provide information about the reasons.