Below, we describe how your personal data is processed and your rights under the current data protection regulations – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, hereinafter, the „applicable regulations on data protection“.
1. Data controller and contact details
The data controller is Elba II, S.L. (hereinafter „the Data Controller“), with business address at Avda. Ferrandis Salvador, 188. 12560 Benicaism. Castellón. España.
If you wish, you can contact us by e-mail at the following address: email@example.com.
2. For what purpose(s) will we process your data and on what legal basis?
Your personal data is processed in accordance with the provisions of the applicable regulations on data protection, and will be processed legitimately and for the purposes we indicate below:
- Execution or fulfilment of contractual obligations or application of pre-contractual measures
Your data will be processed in order to manage the booking of rooms through the different channels provided by the entity that owns the hotel.
Accordingly, in the event you do not allow the processing of your personal data for such purpose, and since the processing thereof is necessary to comply with the contractual obligations or application of pre-contractual measures with the Data Controller, you will not be able to make the booking.
- Consent of the interested party
Provided you have given your consent, your personal data may be processed for the following purposes:
- Website contact form. The processing of your personal data will be done, provided you have given your consent, to manage and respond to requests for information, inquiries, complaints or suggestions made through the website form.
- Commercial communications. Your data will be processed to manage the sending of commercial communications related to products, services, promotions or any other relevant news that may be of interest to you.
- Loyalty programme. Personal data will be processed in order to manage the registration of users in the Club Intur loyalty programme.
- Access to the Wi-Fi network. Your data will be processed in order to manage guests’ Wi-Fi connection.
- Newsletter management. The processing of your personal data will be done with the purpose of managing your subscription to the news bulletins.
- Prize draws and promotions. The processing of your personal data will be done in order to manage your registration and participation in prize draws and promotions.
You may withdraw your consent at any time. It should be noted that the withdrawal of consent is not retroactive.
3. What categories of data will we process?
The possible categories of data that will be processed are:
a) Execution or fulfilment of contractual obligations or application of pre-contractual measures
- Identifying data
- Economic, financial and insurance data
b) Consent of the interested party
- Identifying data: Name, surname, e-mail and phone number.
- Social characteristics: Types of holidays.
- Potentially any type of data that the interested party includes in the contact made through the website form.
4. To which recipients will your data be communicated?
To carry out all the purposes described above, the Data Controller works with third-party service providers who may have access to personal data as a result of the execution of the contracted services. In any case, the Data Controller follows strict selection criteria of said third parties in order to comply with their obligations in data protection and signs their relevant data protection agreement with them, where these third parties are obliged to comply with their obligations in data protection, and in particular, to deploy those legal, technical and organisational security measures that are deemed appropriate to guarantee the security, integrity and confidentiality of the data of the interested parties, with regard to its processing for the purposes stated.
Your data will be transferred to other companies belonging to the hotel group to make your booking. The legal basis for transferring said data is the execution or fulfilment of the contractual obligations that are established with the Data Controller when requesting the booking of a room. Your data may also be transferred to the owners of the hotels in the event it is necessary to manage your request for information, and the legal basis for said transfer is your consent.
Additionally, the Data Controller may disclose the personal data and any other information of the user when required by public authorities in exercising the functions that are legitimately allocated to them and in accordance with the provisions that are applicable in those cases in which it is deemed necessary.
5. Will your data be transferred to third-party countries or international organisations?
International data transfers can be made outside the European Economic Area under different circumstances:
- To manage room availability of the company eRevMax Ltd., as well as of its associated companies.
- To manage Wi-Fi registration in the event of using the „access with“ functionality and to manage registration and carry out prize draws and promotions of the companies Facebook Inc and Twitter.
- To send commercial communications and newsletters, as well as manage subscriptions of the loyalty programmes to the companies The Rocket Science Group and Salesforce.
In all transfers the appropriate level of protection is guaranteed in accordance with the principles of the Privacy Shield or the Standard Contractual Clauses approved by the EU Commission.
6. For how long will we store your data?
The Data Controller will comply with the provisions of current legislation regarding the duty to delete personal information once the purpose has been reached, or when consent for the processing thereof has been withdrawn, leaving the information duly blocked, making it solely available to Judges and Courts, the Public Prosecutor’s Office or the relevant Public Administrations for the attention of the possible responsibilities arising from the processing, and only during the statutes of limitations of the aforementioned responsibilities. Once these deadlines have elapsed, the information will be safely disposed of permanently.
7. How have we obtained your data?
The personal data that the Data Controller processes is the personal information you have provided by using the website contact form, when booking rooms through the website feature or through tour operators, or through the information published on websites or social networks related to the hotel or any other activity you may have on our website.
8. What are your rights when you provide us with your data?
In accordance with the provisions of the applicable regulations on data protection, as well as the national regulations on data protection, you have the right to exercise, if you wish, the rights of access, rectification and deletion of data, as well as request the restriction of the processing of your personal data, directly object to it, request the right to data portability, as well as not to be the subject of automated individual decisions.
Additionally, in the event that the personal data processing described is based on the consent given by you, you may withdraw the aforementioned consent at any time. Likewise, it should be noted that the withdrawal of the consent given will not affect the legality of the processing carried out prior to the withdrawal of said consent.
You can exercise the rights described above through the following channels, providing the necessary documentation that allows us to verify your identity (copy of ID, passport, Foreigner’s Card, etc.):
- By written request to: Avda. Ferrandis Salvador, 188. 12560 Benicaism. Castellón. España.
- By e-mail to the following address: firstname.lastname@example.org
9. Before whom can you exercise your claims?
If you understand that your data protection rights have been violated or if you have any complaint regarding your personal information, you can contact the data controller, whose contact details can be found in section 1.
In any case, the interested parties can always go before the Spanish Agency for Data Protection, control authority in matters of data protection, http://www.agpd.es, C/ Jorge Juan number 6, 28001, Madrid.