1. Privacy Policy

LEGAL REGULATIONS:

This website complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the Protection of Data of Natural Persons (RGPD), Organic Law (ES) 3/2018 of 5 of December relative to the Protection of Data and Guarantee of Digital Rights (LOPDGDD), as well as with Organic Law (ES) 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSICE or LSSI ). RESPONSIBLE FOR THE TREATMENT OF YOUR PERSONAL DATA: GESTORA LAS DUNAS SA

CIF: A81198442
Address: URB. NOVO SANCTI PETRI S / N - ZIP: 11130 CHICLANA DE LA FRONTERA (CADIZ)
Telephone: 956 49 49 85
Email: comercial@aparthotelasdunas.com

This document is part of the general conditions that regulate the website www.aparthotelasdunas.com, understanding by Site all the pages and their contents owned by GESTORA LAS DUNAS SA which are accessed through the domain www.aparthotelasdunas.com and your subdomains. The use of this website attributes the condition of User of the same and implies the acceptance of all the conditions included in the Legal Notice and this Privacy Policy. Every time when using the platform you provide us or it is necessary for us to access any type of information that, due to its characteristics, allows us to identify you, such as your name, surname, email, address, telephone number, credit or debit card number, etc., (Hereinafter personal data) either to navigate, reserve or make use of our services will be subject to the application of this Privacy and Cookies Policy, and you must review these texts to verify that you are satisfied with them.

GESTORA LAS DUNAS SA reserves the right to modify or adapt the Legal Notice and this Privacy Policy at any time. We recommend that you review them, and if you have registered and access your account or profile, you will be informed of the changes.

GESTORA LAS DUNAS SA undertakes to treat your data in an absolutely confidential manner and exclusively for the purposes indicated. GESTORA LAS DUNAS SA informs you that it has implemented the necessary technical and organizational security measures to guarantee the security of your personal data and prevent its alteration, loss, treatment and / or unauthorized access, taking into account the status of the technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action or from the physical or natural environment. All this in accordance with current regulations on data protection.

If it is any of the following groups, check the drop-down information:

+ CUSTOMERS AND RESERVATIONS

For what purposes are we going to process your personal data?

• Manage reservations and provide accommodation services.
• Preparation of the budget and monitoring of the same through communications between both parties.
• Sending information by electronic means, related to your request.
• Sending commercial or event information by electronic means, provided there is express authorization.
• Manage the administrative, communications and logistics services performed by the Responsible.
• Billing and payment of services.
• Carry out the corresponding transactions.
• Billing and declaration of the appropriate taxes.
• Access control and security (video surveillance).
• Control and recovery procedures.

For the sending of commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given by contacting GESTORA LAS DUNAS SA using the means indicated above. In any case, in each commercial communication, you will be given the possibility of unsubscribing when receiving them, either through a link and / or email address.

What is the legitimacy for the processing of your data?

• Execution of the contract to provide our services.
• Compliance with legal obligations of the person in charge.
• Consent of the interested party.
• Legitimate interest of the person in charge (video surveillance).

How long are we going to keep your personal data?

• At least for the terms established by consumer, commercial and tax regulations.
• Passenger entry reports, three years.
• Video surveillance, up to one month, except for data related to incidents or crimes.

To which recipient will your data be communicated?

• Guest registry: competent authorities in compliance with those established in Organic Law 4/2015 on the protection of citizen security, Order INT / 1922/2003.
• In accordance with private security regulations, when necessary, the video surveillance data will be made available to the Security Forces and Bodies and competent authorities.

+ SUPPLIERS

For what purposes are we going to process your personal data?

• Billing and declaration of the appropriate taxes.
• Sending information by electronic means, related to your request.
• Sending commercial or event information by electronic means, provided there is express authorization.
• Manage the administrative, communications and logistics services performed by the Responsible.
• Carry out the corresponding transactions.

What is the legitimacy for the processing of your data?

The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products by any means.

+ WEB OR EMAIL CONTACTS

What data do we collect through the Web?

We can treat your IP, what operating system or browser you use, and even the duration of your visit, anonymously. If you provide us with information in the contact form, you will identify yourself so that we can contact you, if necessary.

For what purposes are we going to process your personal data?

• Answer your questions, requests or requests.
• Manage the requested service, answer your request, or process your request.
• Information by electronic means, related to your request.
• Commercial or event information by electronic means, provided there is express authorization.
• Perform analysis and improvements on the Web, on our services.
• Improve our commercial strategy.

What is the legitimacy for the processing of your data?

The acceptance and consent of the interested party: In those cases where to make a request it is necessary to fill in a form and click on the send button, the completion of it will necessarily imply that you have been informed and have expressly granted your consent to the content. of the clause attached to said form or acceptance of the privacy policy.

All our forms have mandatory data. If you do not provide these fields, or do not check the privacy policy acceptance checkbox, the information will not be sent.

+ NEWSLETTER CONTACTS

What data do we collect through the newsletter?

On the Web, it is allowed to subscribe to the Newsletter, if you provide us with an email address, to which it will be sent.

We will only store your email in our database, and we will proceed to send you emails periodically, until you request the cancellation, or where appropriate, GESTORA LAS DUNAS SA stops sending it.

You will always have the option to unsubscribe, in any communication, to revoke your consent granted to receive commercial information electronically, you can communicate it by sending an email to comercial@aparthotelasdunas.com.

For what purposes are we going to process your personal data?

• Manage the requested service.
• Information by electronic means, related to your request.
• Commercial or event information by electronic means, provided there is express authorization.
• Carry out analysis and improvements in the sending of mailing, to improve our commercial strategy.

What is the legitimacy for the processing of your data?

The legal basis for the treatment of your data is the acceptance and consent of the interested party: In those cases where you subscribe, it will be necessary to include your email in the subscription newsletter and click on the send button. This will necessarily imply that you have been informed and have expressly given your consent to receive the newsletter.

+ SOCIAL MEDIA CONTACTS

For what purposes are we going to process your personal data?

• Answer your questions, requests or requests.
• Manage the requested service, answer your request, or process your request.
• Relate with you and create a community of followers.

What is the legitimacy for the processing of your data?

The acceptance of a contractual relationship in the environment of the corresponding social network, and in accordance with its Privacy policies:
Facebook Instagram Twitter http://www.facebook.com/policy.php?ref=pf https://help.instagram.com/155833707900388 http://twitter.com/privacy

How long will we keep your personal data?

We can only consult or cancel your data in a restricted way by having a specific profile. We will treat them for as long as you let us; for example following us, being friends or giving "I like" or similar buttons.

Any rectification of your data or restriction of information or publications must be done through the configuration of your profile or user in the social network itself.

+ VIDEO SURVEILLANCE

For what purposes are we going to process your personal data?

• Video surveillance of our facilities.
• Control of our employees.
• Sometimes they can be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
The unequivocal consent of the interested party when accessing our facilities after viewing the information poster of the video-monitored area.

+ EMPLOYEES

For what purposes will your personal data be processed?

• Management of the relationship with the worker / collaborator (whether labor, service provision or collaboration, internship contract, trainees, etc.) and, where appropriate, the worker's file.
• Carry out all those administrative, fiscal and accounting procedures necessary to comply with contractual commitments, obligations in terms of labor regulations, Social Security, prevention of occupational, fiscal and accounting risks.
• Payroll payment management through a financial institution.
• Collection of the worker fee and transfer it to the Union.
• Where appropriate, carry out training activities for both subsidized and non-subsidized training.
• Time control through the control system that is enabled.
• Use of video surveillance systems for security, both for clients and workers / collaborators, control access to the facilities as well as control compliance with the obligations of the worker / collaborator. The monitored areas will be suitably signposted. • In relation to the purposes of controlling compliance with the obligations of the worker / collaborator, we inform that the information obtained through the control system may be used to impose disciplinary sanctions for breaches of the employment contract or the relationship for the provision of services .
• Management of group insurance / pension plan of the company.

What is the legitimacy for the processing of your data?

• Execution of contract: The legal basis for the treatment of your data is the execution of a labor contract.
• Compliance with a legal obligation:

◦ The processing of data derived from labor relations are legitimized by Royal Legislative Decree 2/2015, of October 23, which approves the revised text of the Workers' Statute Law.
◦ Royal Decree - Law 8/2019, of March 8, on urgent measures of social protection and the fight against job insecurity in the working day. ◦ Obligation of protection in the area of Prevention of Occupational Risks, by virtue of Law 31/1995, of November 8, on Prevention of Occupational Risks.
◦ Provision of information to the entities that manage the economic benefits of Social Security in accordance with the General Law of Social Security.
◦ Communication of your data when requested by the Labor Inspectorate. Law 42/1997, of November 14, regulating the Labor Inspection.
◦ Tax obligations of the entity, in accordance with the General Tax Law.

To which recipients will your data be communicated?

Your data will be communicated to the entities and organizations detailed below:

• To the corresponding banking entities, to be up to date with payments.
• To the tax administration.
• Organizations of the Social Security, Mutual of Work Accidents and Occupational Diseases of the Social Security.
• In the event that it is requested, your data will be transferred to the Labor Inspectorate.
• To the entities that participate in the management of training courses that the worker wishes to attend in order to participate in the courses that are organized. In the case of receiving subsidized training, as established by Organic Law 5/2002 of June 19, on Qualifications and Vocational Training, as well as in the case of contracts for training and learning provided for by RD 1529/2012, All the information required for the monitoring and control of the training actions carried out must be provided to the competent public administrations.

+ JOB SEEKERS

For what purposes are we going to process your personal data?

• Organization of selection processes for hiring employees.
• Make an appointment for job interviews and evaluate your candidacy.

How long are we going to keep personal data?

By virtue of the conservation policy of GESTORA LAS DUNAS SA, personal data will be kept for a maximum period of one year from receipt of the CV.

What is the legitimacy for the processing of your data?

The legal basis is your unequivocal consent, when you give us your CV.

To which recipients will your data be communicated?

• The data will not be transferred to third parties except with the consent of the interested party.
• Legal obligations that apply to us.

+ OTHER INFORMATION OF INTEREST ABOUT OUR PRIVACY POLICY

Do we include personal data of third parties?

No, as a general rule we only process the data provided by the owners. If you provide us with data from third parties, you must first inform and request their consent to said persons, or otherwise you exempt us from any responsibility for the breach of this requirement.

And data of minors?

We do not process data of minors under 14 years of age, therefore, please refrain from providing them if you are not that old.

Will we carry out communications by electronic means?

• They will only be made to manage your request, if it is one of the means of contact that you have provided us.
• If we carry out commercial communications, they will have been previously and expressly authorized by you.

What security measures do we apply?

You can be calm; We have adopted an optimal level of protection of the Personal Data that we handle, and we have installed all the means and technical measures at our disposal according to the state of technology to avoid the loss, misuse, alteration, unauthorized access and theft of the Data Personal.

To which recipients will your data be communicated?

Your data will not be transferred to third parties, except legal obligation. Specifically, they will be communicated to the State Tax Administration Agency (AEAT), banks and financial entities for the collection of the service provided or product purchased. As to those in charge of the treatment necessary for the execution of the agreement.

In case of purchase or payment, if you choose an application, website, platform, bank card, or any other online service, your data will be transferred to that platform or will be processed in your environment, always with maximum security.

When we order it, the web development and maintenance company, or the hosting company, will have access to our website. They will have signed a service provision contract that requires them to maintain the same level of privacy as us.

We use applications that may involve an International Transfer of data to the United States. This will only be carried out to entities that have demonstrated and that have committed themselves through standard contractual clauses (in English SCCs) to comply with the level of protection and guarantees in accordance with the parameters and requirements established in the current European regulations on the subject of data protection, such as the European Regulation, or when there is a legal authorization to carry out the international transfer.

By contract you accept that your data be transferred to other PRODAT offices in cases where a consultant from the same assists us in some service, which will normally be given in the province where you work, and to which we do not arrive so as not to waste resources . If we do not leave the province of Cádiz, there will be no transfers.

What rights do you have?

• To know if we are treating your data or not.
• To access your personal data.
• To request the rectification of your data if they are inaccurate.
• To request the deletion of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw the consent granted.
• To request the limitation of the processing of your data, in some cases, in which case we will only keep them in accordance with current regulations.
• To carry your data, which will be provided in a structured, commonly used or machine-readable format. If you prefer, we can send them to the new manager that you designate. It is only valid in certain cases.
• To file a claim with the Spanish Data Protection Agency, if you believe that we have not treated you correctly.
• To revoke consent for any treatment for which you have consented, at any time.
If you modify any information, we appreciate that you communicate it to us to keep it updated.

Do you want a form for the exercise of Rights?

• We have forms for the exercise of your rights, ask us by email or if you prefer, you can use those prepared by the Spanish Agency for Data Protection or third parties.
• These forms must be electronically signed or accompanied by a photocopy of the DNI.
• If someone represents you, you must attach a copy of your ID, or sign it with your electronic signature.
• The forms can be presented in person, sent by letter or by email at the address of the Responsible at the beginning of this text.

How long does it take us to reply to the Exercise of Rights?

It depends on the right, but a maximum of one month from your request, and two months if the issue is very complex and we notify you that we need more time.

Do we treat cookies?

We use cookies on this website. Cookies are small files with information about your navigation on this platform and whose purpose is to facilitate your navigation on it. You can consult the Cookies Policy in the corresponding link from the beginning of our website.

How long will we keep your personal data?

• Personal data will be kept as long as there is a link with us.
• Once you dissociate yourself, the personal data processed for each purpose will be kept for the legally stipulated periods, including the period in which a judge or court may require them, taking into account the statute of limitations for legal actions.
• The data processed will be kept as long as the aforementioned legal deadlines do not expire, if there is a legal obligation to maintain it, or if there is no legal deadline, until the interested party requests its deletion or revokes the consent granted.
• We will keep all the information and communications related to the provision of our service, while the guarantees last or to attend to possible claims.

By contracting our services you are authorizing us to transfer your personal data to the company FLEXMYROOM INSURETECH, S.L., domiciled in Benidorm (03503 – Alicante), Calle Gerona, 13, Local CA 18, and with CIF number B42687616, with the sole purpose of protecting your reservation enjoying the services and insurance products offered. Only the data strictly necessary for the activation of the insurance (name and surname, identity number, postal address and contact information) will be transferred, in our common interest. This entity will cancel your personal data when the service has ended and the legally established deadlines have been met. You can exercise your rights of access, rectification, deletion, limitation of treatment, data portability, and opposition