Last modified: February 2022
This privacy policy relates to the website www.grupotel.com.
Please read it carefully. It contains important information on the processing of your personal data, as well as your rights contained in current applicable legislation in this area.
We reserve the right to update our privacy policy at any time as a result of business decisions and to comply with any changes in legislation or case law. If you have any queries or would like us to clarify any aspect of our privacy policy or your rights, please get in touch with us using the contact details given below.
You hereby state that the information you provide us with, now or in the future, is correct and truthful. You also agree to let us know of any changes to this information. In the event that you are providing personal data belonging to third parties, you agree to obtain consent from the data subject(s) prior to doing so and to inform them of the content of this privacy policy.
The fields in our forms that are indicated as mandatory must be filled in for us to be able to handle your request.
- Who is responsible for processing your data? The data controller for your personal data obtained on this website is:
Data controller:GRUPOTEL DOS, S.A. (hereinafter, GRUPOTEL), entity responsible for the processing of the personal data affecting the booking management and brand of GRUPOTEL HOTELS & RESORTS.
Address: Crta. Artá-Pto. Alcúdia, 68 de (07458) Can Picafort. Santa Margarita, Spain.
Telephone no.: +34 971 85 00 61.
Email of the Privacy Officer of GRUPOTEL HOTELS & RESORT: protecciondedatos@grupotel.com.
- Why do we process your data and on what legal basis?
Management of our relationship with our users: We process the data our customers and users provide when making queries, such as identification and contact data, in order to answer their requests.
This processing is necessary for the application of pre-contractual measures at the request of the data subjects themselves.
Booking management and service provision: We process the data provided on the booking form in order to manage the booking. The personal data processed to this end is as follows:
- Identification and contact data of the lead name on the booking;
- Details of the booking itself (arrival and departure dates, number and age of guests);
- Data in relation to payment methods;
- Transaction data in relation to goods and services.
This data is obtained either directly from you or from third parties who have processed the booking in your name.
This processing is necessary for the fulfilment of the contract or for the application of pre-contractual measures requested by the customer.
The service financial and transactional data generated by your booking shall be processed for accounting and administrative purposes and compliance with GRUPOTEL´s legal obligations in terms of accounting and taxation.
Sending out of marketing material and management of our mailing list: We process the identification and contact data provided by our customers, people who sign up to our mailing list and users who request information using our contact form, in order to send them non-personalised marketing material for the GRUPOTEL HOTELS & RESORTS group.
The sending of marketing material to our customers via electronic means is based on art. 21.2 of Law 34/2002, of 11 July, on information society and e-commerce services, which transposes directive 2002/58/EC (e-privacy directive) in Spain.
For its part, the sending of marketing material via electronic means to users who have not made a booking on the website is based on their consent, expressed upon signing up to our mailing list or marking the corresponding box on the contact form.
You can request to be removed from the mailing list of GRUPOTEL HOTELS & RESORTS at any time by sending an email to webmaster@grupotel.com.
In order to manage the mailing list, GRUPOTEL classifies the recipients of its communications based on whether or not they are customers, language and market of origin. This processing is based on GRUPOTEL´s legitimate interest in segmenting the recipients of its communications.
To weigh up this interest with respect to your rights and freedoms the following has been determined:
- The processing is compatible with the reasonable expectations of the data subjects, as it is processing that is complementary to the sending of marketing material and allowing the recipients to receive this in a format and with content adapted to their language and market.
- The processing does not represent a significant threat to the privacy of the data subjects as it consists of a simple classification based on objective criteria that do not allow the inference of new information on the data subjects, as technical and organisational measures have been adopted to prevent the creation of marketing profiles, predictions or individualised behavioural analysis regarding the customer data as a whole. Likewise, the data subjects retain control of their information as they can opt out of the receipt of marketing material at any time.
Statistical and quality management purposes: In order to assess and manage the quality of our services, we produce statistics based on aggregate data obtained from transaction data and website browsing data, e.g., IP address, weblogs, pages visited or action taken on the Website (more information in our cookies policy).
This processing is based on our legitimate interest in assessing and managing the quality of our services. To weigh up this interest with respect to your rights and freedoms it has been determined that the processing had a limited impact on the privacy of the data subjects, met their reasonable expectations and did not represent a significant threat.
Website administration and security: We process browsing data (IP addresses and logs) to administrate and manage the security of the website. This processing is based on our legitimate interest in guaranteeing the website´s security. This interest is expressly recognised in whereas clause no. 49 of the RGPD. To weigh up this interest with respect to your rights and freedoms it has been taken into account that this processing corresponds to generalised security practices and does not represent a significant threat for the data subjects.
- How long will we keep your data for? Generally speaking, we keep your data for the entire duration of your relationship with us and for the time stipulated by applicable legislation, for example in the area of accounting and tax legislation, as well as for the time necessary for us to be able to respond to any liability arising from said processing. Your data will be deleted when it is no longer needed or relevant for the purposes for which it was obtained.
Information relating to browsing will be deleted once you leave the website and statistics have been collected.
Data processed for marketing purposes will be kept indefinitely or until you withdraw your consent.
- Who can we pass your data on to? We will only share your personal data with third parties where we are required to do so by law, where you have given us your consent to do so or where the nature of your request makes this necessary. In this regard, we inform you that for your booking to be handled correctly and for the provision of the services contracted, the data provided must be shared with the hotels and/or companies that provide the products/services you have purchased.
- What are your rights? You are entitled to request confirmation of whether or not we are processing your personal data and, if we are, to access it. You may also request that your data be corrected when it is inaccurate or that incomplete data be completed. You may also request data be deleted when, amongst other reasons, it is no longer needed for the purposes for which it was provided.
In certain circumstances, you may request that the processing of your data be restricted. In this case, we will only process data necessary for the establishing or exercising of or defence against legal claims or to protect the rights of other persons. In certain circumstances and for reasons relating to a particular situation, you may also object to your data being processed. In such an event, we will cease to process your data, except for legitimate and compelling reasons relating to your interests, rights and freedoms, or for the establishing or exercising of or defence against legal claims. Moreover, under certain circumstances you may request the portability of your data in order for it to be sent to another data controller.
You may withdraw the consent you provided us with for specific purposes. However, this will not affect the legal basis for data processing carried out prior to said withdrawal. You may also submit a complaint to the Spanish Data Protection Agency.
You also have the right to oppose the adoption of automated individual decision-making that has legal effects for you or significantly affects you in a similar way, when this right applies in accordance with the provisions of article 22 of Regulation (EU) 2016/679.
In order to exercise your rights, you must send us your request, along with a copy of your national identification document or any other document valid for identification purposes, to the address or email address given in the section "Who is responsible for processing your data?".
For more information on your rights and how to exercise them, please visit the Spanish Data Protection Agency website at www.aepd.es.