DATA PROTECTION POLICY
European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Both data privacy and confidentiality of information are important aspects for ECO HOSTAL GRAU, S.L. This data protection policy establishes the way in which personal data obtained from its customers, contacts and suppliers are treated and may vary over time due to possible changes in legislation, jurisprudence or the criteria followed by the Spanish Data Protection Agency and/or the competent authority at any given time. That is why the company reserves the right to modify this policy to adapt it to legislative or jurisprudential developments that are in force at the precise moment in which you access the web.
Date of last update: 1/05/2022
1.- Who is responsible for the processing of your data?
ECO HOSTAL GRAU, S.L.
B66907643
Ramelleres street nº 27, 08001 Barcelona, Spain
E-mail: monica@hostalgrau.com
2.- For what purpose do we process your data, what is the legal basis for its processing and for how long do we keep it?
The personal data collected by the hotel, are those necessary to provide the service, being adequate, relevant and not excessive, limited to the necessary in relation to the purposes for which they are treated.
In order to keep the data current, accurate and up to date, please inform us of any changes or modifications that may have occurred.
At the hotel we process personal data for the following purposes:
1.- BOOKINGS: We manage reservations, and relations prior to your accommodation.
Legitimation: The legal basis to be able to treat your data is your consent given with the acceptance of this data protection policy and/or the existence of a pre-contractual relationship based on the request for a reservation.
Retention period: the data will be deleted if the reservation is not formalized.
2.- CUSTOMERS: We treat customer data for the management of hotel services and accommodation contracted, as well as collection management and the billing of the same.
Legitimation: The legal basis for the treatment is the existence of a contractual relationship (check-in) for the provision of the requested services.
The retention period: Your data will be kept for the duration of the established contractual relationship, and thereafter, during the legally established periods for the resolution of possible liabilities arising from it. Data relating to payments and invoicing will be kept for the periods established in the corresponding accounting and tax regulations.
3.- COMMERCIAL ACTIONS and MARKETING: The hotel will use the contact data to send you commercial communications about services, activities and promotions that may be of interest to you when you have previously obtained your unequivocal consent. Such consent may be revoked at any time through the systems indicated in each communication you receive.
Legitimation: The legal basis for the aforementioned treatment is your consent that is considered given through the acceptance of the box enabled for this purpose.
Conservation period: the data will be kept as long as the interested party does not request their deletion.
4.- DATA OF SUPPLIERS AND COLLABORATORS: We process the data of our suppliers for the management of orders and payments, as well as to maintain a database of contacts for possible future contracts and / or collaborations.
Legitimation: The legal basis for the treatment is the existence of a contractual relationship and the consent that is considered given with the voluntary delivery of your data to the company.
The retention period: the data will be kept in any case for the duration of the contractual relationship and thereafter for the legal periods established in the civil legislation for the prescription of contractual obligations and in the accounting and tax legislation.
5.- VIDEO SURVEILLANCE: The hotel has video surveillance cameras duly signposted and installed for security reasons and surveillance of the building.
Legitimation: The legal basis for the treatment of surveillance and security is the legitimate interest of the company in preserving the safety of persons, property and facilities.
Conservation period: the images collected will be kept for a maximum period of one month and then deleted.
3.- To whom will we communicate your data?
The hotel will communicate your personal data to third parties in the following cases:
By legal obligation, the data of guests will be communicated to the forces and security forces of the state. (Law 4/2015, Protection of Public Safety).
They may also be communicated to the tax administration for payment of taxes, to judges, courts that request it through judicial channels.
The international transfer of data is not foreseen.
4.- What are your rights?
Any person has the right to obtain information on what data is being processed.
Below, we indicate your rights:
Right of access
Right of access to your personal data to know if personal data is being processed and to obtain a copy of it.
Right of rectification
The right to request the rectification of inaccurate data.
Right of erasure
Right to request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to restriction
You may request the limitation of the processing of your data, in which case they will only be kept for the exercise or defense of claims.
Right of opposition
Under certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. The company will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
Right to portability
You have the right to receive personal data concerning you that you have provided in a structured, commonly used and machine-readable format when: a) the processing is based on consent or a contract, and b) the processing is carried out by automated means.
Right to complain
We inform you of your right to file a complaint with the supervisory authority (AEPD.- www.agpd.es) in the event that you have not been satisfied with the exercise of your rights indicated here.
To exercise the aforementioned rights you can contact our data protection officer by e-mail monica@hostalgrau.com indicating the following information:
Name and surname,
DNI number (if applicable)
Contact e-mail address,
Right you wish to exercise,
Data on which you are making your request
Within a maximum period of one month we will resolve your request by notifying you at the e-mail address you have indicated.
5.- Security in the treatment
Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons, the company will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized disclosure of or access to such data.