The following data protection policy is made up for all the companies which form the Golden Hotels Group:
It refers to the data it deals with in the exercise of its tourist services activities in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (General Regulation on data protection) and to Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights (LOPDGDD).
The Person in charge of processing any personal data is in each case the company of the group with whom the client or the provider is related. Each company responds to its clients and suppliers in compliance with the data protection regulations which guarantees its rights.
The Data Protection Officer (DPD) is the person who oversees in compliance with the Golden Group's data protection policy, ensuring that any personal data is properly treated and the rights of the people are protected. Its functions include dealing with any doubt, suggestion, complaint or claim of the people whose data are treated. You can contact the Data Protection Officer by writing to Golden Hotels, Calle Marconi 16, Pineda de Mar (CP-08397) tel. 9376271626 or to the email@example.com email address.
At Golden Hotels we treat personal data for the following purposes.
Contact: Address the queries of the people who contact us through the contact forms on our web pages. We use them solely for this purpose.
Telephone support: Pay attention to people who come in contact with us on this way. To offer more quality in the service, the conversions can be recorded by prior warning the person with whom we communicate.
Personnel selection: Receiving curriculums vitae of people interested in working with us and managing the personal data generated by the participation in the personnel selection processes, in order to analyse the suitability of the profile of the candidates based on the vacancies or newly created. Our criterion is to keep the data of candidates who do not end up being hired for a maximum period of one year, in case there is a new vacancy or a new job in the short term. However, in the latter case, we immediately eliminate the data if the interested person requests us.
Customer service: To register the new clients and the additional data that can be generated as a result of the business relationship with customers. In the contracting process, the essential information is requested, which must include bank details (current account number or credit card number) that will be communicated to banks that manage the payment (they can only be used for this purpose). The relationship of provision of tourist services involves other treatments, such as incorporating the data into accounting, billing or information to the tax administration. The clients of our establishments have access to the customer area where they access the information of the Group Golden and, among other functions. They can know the status of queries that have been made through this channel. Access to the customer area provides us with information about the user's activity in this service.
Information on our services: While there is a relationship with its customers, Golden Hotels uses its contact information to communicate and information about this relationship. This information may include references to our tourist services, whether they are of a general nature or refer more specifically to the characteristics and needs of the client.
Other information about services: With the explicit authorisation of customers, when the contractual relationship is over, the contact information is preserved to send advertising related to our services or products, information of a general or specific nature for the client's characteristics. This information is sent to anyone who, despite of not being a client, asks us or accepts it by filling out our forms.
Advertisements of our company services: Always with prior and explicit authorization of the people indicated in the previous section, the contact data is used to bring advertising, both general and adapted to the characteristics of the person, of services of the companies of our group. Likewise, with the explicit consent of the person interested, the contact data can be communicated to these companies so that these companies can directly send advertising of their products or services.
Management of the data of our suppliers: We record and process data of the suppliers of whom we obtain services or goods. It can be the data of people who act as freelancers and also data of legal entities representatives. We obtain the essential data to maintain the business relationship. We only use them for this purpose, and we use our own kind of relationship.
Videovigilance: When accessing to our facilities it is informed, when applicable, the existence of video surveillance cameras by means of the accredited signage. The cameras record images only of the points in which it is justified to guarantee the security of the goods and the people and the images are only used for this purpose.
Other channels for obtaining data: We also obtain data through face-to-face relationships and other channels such as receipt of emails, through our profiles on social networks and during the registration process for Wi-Fi services. In all cases, the data is used only for the explicit purposes that justify the collection and treatment.
The data treatments that we work with have different legal foundations, depending on the nature of each treatment.
In compliance with a pre-contractual relationship: For example, the data of potential customers or suppliers with whom we have previous relationships to formalize a contractual relationship, such as the preparation or study of budgets. It is also the case of the data treatment of people who have sent us their curriculum vitae or who participate in selective processes.
In compliance with a contractual relationship: The relationships with our clients and suppliers and all the actions and uses that these relationships entail.
In compliance with legal obligations: The data communications to the tax administration are established by regulatory norms of the commercial relations. The case of having to communicate data to judicial organs or to bodies and security forces can also occur in compliance with legal regulations that oblige them to collaborate with these public entities.
Based on consent: When we send information about our services, we treat the contact data of the recipients with their explicit authorization or consent. The navigation data that we can obtain through cookies we obtain with the consent of the person who visits our website, consent that can be revoked at any time by uninstalling these cookies. It is also with the prior consent of each person that we communicate their data to other companies in our group.
For legitimate interest: The images we get from the video surveillance cameras are treated according to the legitimate interest of our company to preserve its goods and facilities. Our legitimate interest also justifies the processing of data that we obtain from the contact forms.
As a general criterion, we only communicate data to administrations or public authorities and always in compliance with legal obligations. The identified data of people staying in our establishments is communicated to the General Directorate of the Police (compliance with Order IRP / 418/2010, of August 5, on the obligation to register and communicate to the General Directorate of the Police of people who are staying at the lodging establishments).
In the issuance of invoices to customers the data can be communicated to banking entities. On the other hand, in case the consent has been given, the data may be communicated to other companies of our group for the purposes indicated above. There is no transfer of data outside the scope of the European Union (international transfer).
In other respects, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. Sometimes these external companies must access personal data of our responsibility. It is not really a data transfer but a treatment assignment. Only company services are contracted that guarantee compliance with the data protection regulations. At the time of contracting, the obligations of confidentiality are formalized, and the action is monitored. It may be the case of data hosting services, computer support services or legal, accounting or fiscal advice.
We comply with the legal obligation to limit the period of preservation of the data to the maximum. For this reason, only the necessary and justified data is conserved for the purpose that motivated us initially. In certain cases, such as the information contained in the accounting documentation and the billing, the fiscal regulations oblige to keep them until the responsibilities is prescribe in this matter. Regarding the data that is dealt with based on the consent of the person interested, it is kept until this person does not revoke this consent. The images obtained by video surveillance cameras are kept for a maximum of one month. However, if there is any incident, the images will be kept for a longer period. The necessary period of time that the secure forces or judicial organs may need.
As provided in the General Regulation on data protection, the persons to whom we treat data have the following rights:
To know if they are treated: Anyone has the right to know if we treat their data, regardless of whether there has been a prior relationship.
To be informed in the collection: When personal data is obtained from the interested part, at the time of providing it, he or she must have clear information about the purposes for which he or she will be assigned, who will be responsible for the treatment and the other aspects derived from it treatment.
To access it: A very broad law that includes knowing precisely which personal information is being treated, what is the purpose for which they are addressed, communications to other people who will be (if applicable) or the right to obtain a copy or know the expected period of conservation.
To ask for the rectification: It is the right to rectify the inaccurate data that are subject to treatment by us.
To ask for its deletion. In certain circumstances there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified the treatment.
Request limitation of treatment: In certain circumstances, the right to request the limitation of the processing data is also recognized. In this case, they will no longer be dealt with and will only be retained for the exercise or defence of claims, in accordance with the General Data Protection Regulations.
Portability. In the cases provided in the regulations, the right to obtain personal data in a structured format that is commonly readable, and it is recognized and transmitted to another person responsible for the treatment if the interested person.
To oppose the treatment: A person can adduce reasons related to his or her particular situation. Reasons that will imply that they stop processing their data to the extent or extent that can be detrimental to him, except for legitimate reasons or the exercise or defence against claims.
Not receiving commercial information: We will respond promptly to the requests regarding the non-continuance of receiving commercial information made by people who previously had authorized us.
The rights that we have just enumerated can be exercised by sending a written request to Golden Hotels at Calle Marconi, 16, Pineda de Mar (CP 08397), or by sending an email to firstname.lastname@example.org, indicating in all cases "Protection of personal data".
If a satisfactory response has not been obtained in the exercise of the mentioned rights, it is possible to file a claim with the Spanish Data Protection Agency, through the forms or other channels accessible from its website www.agpd.es.
In all cases, either to file claims, ask for clarification or send suggestions, it is possible to contact the Data Protection Officer by email at email@example.com.