Lobby at Seaside Sandy Beach

Data protection policy

1.- Information for the user

“SEASIDE HOTELS S.L.”, hereinafter the CONTROLLER, is responsible for processing the user’s personal data and informs the user that such data shall be processed according to the provisions laid down in current legislation regarding personal data protection, Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of individuals with regard to the processing of personal data and the free movement of such data, and Organic Law (ES) 15/1999 of 13 December 1999 (LOPD) and implementing regulations, related to personal data protection, and; therefore, the following information regarding the processing of your data is provided:

Purpose of the processing: to maintain a business relationship with the user. The intended processing operations are:

To send commercial marketing communications by email, WhatsApp, SMS, MMS, social communities or any other electronic or physical medium, whether present or future, that enables commercial communications. These communications shall be carried out by the CONTROLLER and be related to its products and services, or the products and services of its partners or suppliers with whom they have a promotion agreement. In this case, third-parties shall never have access to personal data. To conduct statistical studies. To process orders, price quotes, applications or any type of request made by the user through any form of contact that is made available. To send the website newsletter.

Data storage criteria: Data shall be stored as long as there is a mutual interest to maintain the purposes for the processing and when said data is no longer necessary for those purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction.

Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation.
See your rights in section 7.

 

2.- “Contact” Section.

Purpose of the processing: to answer queries, information requests, requests, questions, suggestions or similar matters made by data subjects regarding our products or services. Legal basis: legitimate interest. Data storage criteria: Data shall be stored as long as there is a mutual interest to maintain the purposes for the processing and when it is no longer necessary for those purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction. A period of 4 months has been estimated. Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation.
See your rights in section 7.

 

3.- The “Book Now” tab.

Purpose of the processing: it has been designed as a customer service mailbox and its purpose is to enable and speed the booking process for our customers and to make comments and/or requests through any multichannel medium. Legal basis: contractual relationship and legitimate interest. Data storage criteria: Data shall be stored as long as there is a mutual interest to maintain the purposes for the processing and when it is no longer necessary for those purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction. Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation.

See your rights in section 7.

 

4.- The “Newsletter” tab.

Purpose of the processing: its purpose is to inform customers about any new developments related to the service provided by the company, and to send commercial and promotional communications. Said communications shall be sent by email. Legal basis: consent and legitimate interest. Data storage criteria: Data shall be stored as long as there is a mutual interest to maintain the purposes for the processing and when it is no longer necessary for those purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction. Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation.

See your rights in section 7.

 

5.- The “Events” Tab.

Purpose of the processing: its purpose is to answer any queries related to bookings and space or hall rentals or similar matters for the organisation of events. Data storage criteria: Data shall be stored as long as there is a mutual interest to maintain the purposes for the processing and when it is no longer necessary for those purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction. Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation.

See your rights in section 7.

 

6.- The “Jobs” Tab.

Purpose of the processing: to inform the data subject of staff selection processes, carrying out an analysis of the applicant’s profile in order to select the best candidate for the CONTROLLER’s vacant job. Legal basis: Consent. Data storage criteria: Data shall be stored for a maximum of one year, after that time data shall be deleted ensuring full respect for its confidentiality both during its processing and its subsequent destruction. In this regard, after the stated time has passed, if you wish to continue participating in selection processes carried out by the CONTROLLER, please send us your CV again. Data update: if your data changes in any way, please let us know in writing as soon as possible in order to keep your data duly updated. Data transfer: Data shall not be transferred to third parties, unless there is a legal obligation, and except to the companies that are part of the group of companies of Dunaoasis Palace, S.A. The companies that belong to said group are: “Ashi 85, S.L.” and “Seaside Hotels, S.L.”. In this regard, we inform you that Dunaoasis Palace, S.A., belongs to a business group and there is legitimate interest in sharing personal data within the group for internal administrative purposes, including the processing of our customers’ personal data. Therefore, any company that has participated in the process of receiving CVs may have your personal data and may contact you. On the different websites of the group, there is information available about said business group. You may withdraw your consent at any time, or you can let us know if you do not want any of the above-mentioned companies to have access to your data. CV registration: we inform you that this is the only formal procedure to accept your CV; therefore, CVs submitted in any other way shall not be accepted.

See your rights in section 7.

 

7.-User’s rights and how to exercise them.

  • You have the right to withdraw your consent at any time.

  • You have the right to access, modify, transfer and delete your data and to limit and oppose to its processing.

  • You have the right to file a claim with the supervisory authority (agpd.es) if you consider that the processing does not comply with current legislation. ;

How can you exercise your rights?

By writing to the following address and attaching a copy of your passport or Personal ID Card: “SEASIDE HOTELS S.L.”- Tax ID No.: A35081090 Address: Calle Avenida de Moya, 8. C.P. 35100. San Bartolomé de Tirajana. Las Palmas. España. Telephone no.: 928771766. Email: info@sandy-beach.es
WEBSITE: www.hotel-sandy-beach.com
Email address of our Data Protection Officer:dpd@seaside-collection.es

 

8.- “Social Networks” Links.

The links which redirect the website to the different social network accounts such as Facebook, Twitter, Instagram, Youtube, etc. and which belong to “SEASIDE HOTELS S.L.” are designed so that users can access those pages directly and thus be able to interact, express opinions, ideas and make other comments related to the company, its services or products. The company “SEASIDE HOTELS S.L.”, is not responsible for any comments made, photos or videos published by the user community, although it may veto, delete or remove comments, photos or videos that are unseemly or inappropriate. To learn more about any responsibility regarding the different social network platforms, please check their own Privacy Policy.

 

9.- Compulsory or optional nature of the information provided by the user.

By ticking the corresponding boxes and entering their data in the respective fields marked with an asterisk (*) in the contact form, or submitting their data through the downloadable forms, users expressly, explicitly and freely accept that their data is necessary for their requests to be answered by the provider. Filing out the rest of the fields is voluntary. The user guarantees that the personal data provided to the CONTROLLER is accurate and shall be responsible for informing the CONTROLLER of any changes in said data. The CONTROLLER expressly informs and guarantees users that under no circumstances their personal data shall be transferred to third parties without the user’s previous express, informed and unambiguous authorization. All data requested through our website is compulsory, as they are necessary to provide the best possible service to the user. If all requested data is not provided, we cannot guarantee that the information and services provided are completely tailored to your needs.

 

10.- Security measures

According to the provisions of the current legislation regarding personal data protection, the CONTROLLER fully complies with all the provisions laid down in the GDPR and LOPD (Spanish Organic Law on Data Protection) regulations related to the processing of the personal data for which it is responsible, and manifestly so with the principles outlined in article 5 of the GDPR and article 4 of the LOPD, by which data is to be processed fairly and lawfully and in a transparent manner in relation to the data subject and must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The CONTROLLER guarantees the implementation of the appropriate technical and organisational measures required by the GDPR and the LOPD regulations in order to safeguard the rights and freedoms of data subjects and that they have been adequately informed of how such rights and freedoms can be exercised.

 

11.-Links.

This privacy policy is only applicable to the https://www.hotel-sandy-beach.com website, and it is not guaranteed when accessing this site through external links, nor in the case of accessing other websites using links on this site.

 

12.-WEBSITE contents.

The full or partial reproduction of this website, including dumping the content on any medium, without the express authorisation of “SEASIDE HOTELS S.L.” is strictly prohibited.

 

 

“SEASIDE HOTELS S.L.” Data Protection Information Policy.

General Data Protection Regulation (GDPR)

 

1.- How do we obtain your personal data?

We collect personal data with your consent in the following situations:

  • When you show interest in a product or service.

  • When a price quote is made.

  • During the booking process.

  • When you contact us using data from apps, prize draws, contests, websites, landing page or social networks.

  • When you participate in prize draws, awards, events, promotions and marketing, promotional or informative events using data from apps, prize draws, contests, websites, landing page or social networks..

  • When you visit any of the hotels that are part of our business group.

 

    2.- What information can we collect from the data subject/customer?

    Contact data:

    Name, Surname(s), Postal Address, Sex, Email, Landline/Mobile Telephone Number. Date of Birth.

    Personal data:

    Family situation, family members. Date of birth. Place of birth. Occupation. Bank details. Requests made regarding information about products and services. The most frequently booked hotel, hobbies. Method of payment chosen. Account number.

    Identification data:

    Customer number or contract number

    Customer history:

    Customer satisfaction rates. Offers received or sent. Details of the booking holder, price, booking date, check-in date, check-out date. Information regarding additional purchases or reservations. Campaign history and responses to those campaigns. Event participation (place, company). All complaints and claims made by the customer.

    Data regarding the use of the room:

    About personal preferences, capacity, use.

    Data from the app, the website or social networks:

    All data entered by the customer/data subject when registering in any app, website, landing page or social network belonging to “SEASIDE HOTELS S.L.” or to other companies that are part of the business group.

    You may access the uses of the visited website of “SEASIDE HOTELS S.L.”. Data from cookies (depending on the approval of cookie policies). The use of social networks made by “SEASIDE HOTELS S.L.” (for instance, visits, messages, photos or videos posted), and by the different companies that belong to the business group.

     

    3.- For which purposes is your personal data used?

    General

    On behalf of the company, we process the information provided with the purpose of providing the service requested, performing its comprehensive administrative management and booking rooms. Also, to identify our customers, to make checking in and out at the hotel easier when staying at any of the hotels of our group of companies, as well as profiling customers, sending commercial communications and birthday wishes.

    All provided data shall be stored as long as the business relationship exists or for as many years as necessary to comply with the legal obligations. You may withdraw your consent at any time. We also remind you that in all business communications carried out by “SEASIDE HOTELS S.L.”, or by companies of our business group, you are always given the possibility of unsubscribing.

    You may also exercise your rights to access your personal data, to rectify any inaccurate information, to oppose or to request its deletion when such data is no longer necessary, through any of the different communication means where you receive business communications. Data shall be stored as long as a business relationship exists. After you withdraw your consent, we shall stop processing your customer profile and you shall not receive any new business communications. Through the same communication channels that you use to receive business communications, you can exercise the above-mentioned rights.

    Customer profiling: In order to offer you products and services according to your interests, as well as to improve our services, we create a commercial profile from the information provided and through statistical procedures. As a result of this statistical research, an analysis is carried out and more personalised marketing communications can be sent to you according to your preferences. The following data may be added to the profiles created for each customer, regardless of whether they have been provided personally or generated while using the products or services offered by “SEASIDE HOTELS S.L.”: contact information (such as their name, address, Personal ID Card no., email, mobile telephone no.); additional information (such as their preferred hotel, or the one that they use more frequently, or their hobbies); user identification information (such as customer number or contract number); customer history (such as the reception of offers, information about their accommodation, preferences); data from apps, prize draws, contests, webs, landing page or social networks. No automated decisions shall be taken based on said profile.

    Commercial communications: The consent is for commercial communications regarding the sale of products and services offered by “SEASIDE HOTELS S.L.”, always through multichannel means of communication (telephone, e-mail, postal mail, sms, mms, WhatsApp, etc.): newsletters, greetings on dates of general interest and celebrations: Christmas, Saint Valentine's Day, etc., events, contests and promotions. You may always withdraw your consent in every communication.

    Birthday wishes: You give your consent so that we can wish you a happy birthday with the aim of having a closer and more trustful relationship. Also, so that “SEASIDE HOTELS S.L.” can offer you a present, product, service, discount or anything similar, as well as send you a birthday card; always by using multichannel means of communication (telephone, email, postal mail, sms, mms, WhatsApp, etc.).

    Transferring data to other companies of our group.

    Data shall not be transferred to third parties unless there is a legal obligation to do so and also ask the companies of the business group of “SEASIDE HOTELS S.L.”. The companies that are part of the group are “Ashi 85, S.L.” and “DUNAOASIS PALACE S.A.”. In this regard, we inform you that “SEASIDE HOTELS S.L.” belongs to a business group and there is legitimate interest in sharing personal data within the group for internal administrative purposes, including the processing of our customers’ personal data. Therefore, any company that has been identified as a customer’s favourite or has participated in the purchase process may have your data and may contact you. On the different websites of the group, there is information available about said business group. You may withdraw your consent at any time, or you can let us know if you do not want any of the above-mentioned companies to have access to your data.

     

    Quality control, R&D&i regarding new products and services.

    “SEASIDE HOTELS S.L.”, may use any of the data received by our group of companies during the provision of the service, with the purpose of developing future products and services and of controlling the quality of the existing ones. Before using such data for any of these purposes, your data shall be immediately anonymized so that it cannot be directly linked to you. The legal basis for this processing is based on the legitimate interest of “SEASIDE HOTELS S.L.” thus, enabling a more personalized and tailored manner of meeting the present and future needs of our customers and the usual investment in research, development and innovation made by “SEASIDE HOTELS S.L.”.

     

    4.- Legal basis contained in the Directive and reproduced by the LOPD:

    The legal basis is the execution of a contract, in this case, the contract for accommodation in our hotel, for the rental of hotel accommodation, as well as the consent given by the data subject and legitimate interest.
    If you have ticked the corresponding box, the legal basis for the sending of commercial communications, customer profiling and birthday wishes, regarding other products and services, is your consent, which you can withdraw for such purpose at any time, without it conditioning the execution of the accommodation contract in the hotel.
    Consent. You have expressly given your consent, which you can withdraw at any time.

    • Contractual relationship. To manage and maintain a contract that has been signed, the hotel room reservation and/or additional services.

    • Vital interests of the data subject or of other persons. In case of sickness or anything similar.

    • A legal obligation to which the controller is subject.

    • Prevailing legitimate interests of the Controller or of third-parties to which the data is transferred.

     

    5.- Users’/Customers’ rights. Company data.

    You have the right to obtain confirmation as to whether we, at “SEASIDE HOTELS S.L.”, are processing your personal data; therefore, you have the right to access your personal data, to rectify any inaccurate information, to request its deletion when such data is no longer necessary, as well as to request its portability, and the limitation of its processing. You also have the right to withdraw your consent at any time and to file a complaint with the Supervisory Authority (www.agpd.es), if you consider that the processing of your data does not comply with the current legislation.

    In certain circumstances provided for in article 18 of the GDPR, data subjects may request the limitation of the processing of their data, in which case, we shall only store such data for the exercise or defense of legal claims.

    Data subjects may object to the processing of their data for marketing purposes including profiling. “SEASIDE HOTELS S.L.” shall stop processing their data except if there are compelling legitimate reasons for such processing or if it is necessary for the exercise or defense of legal claims.

    In accordance with the right to data portability, data subjects have the right to obtain their personal information in a structured, commonly used and machine-readable format and to transmit their data to another data controller, whenever possible. The data category used is: full name, Personal ID card no., Passport no., e-mail, and telephone no.

    What is the procedure to exercise the rights contained in the new regulation?

    The GRDP requires controllers to facilitate the exercise of the data subjects’ rights. This requirement establishes that procedures and methods to do so must be visible, accessible and simple. This obligation requires to set up procedures enabling data subjects to easily prove that they have exercised their rights by electronic means, which is not always viable at present.

    The exercise of rights shall be free of charge for the data subject unless:

    • Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge a reasonable fee taking into account the administrative costs of taking the action requested; or refuse to act on the request (such fee cannot represent additional income for the controller but should effectively correspond to the true cost of the processing of the request).

    • The controller shall provide information on the actions taken on a request to the data subject within one month (that period may be extended by two further months if requests are especially complex and the controller shall inform the data subject of any such extension within one month). If the controller decides not to take action on the request, the controller shall inform the data subject of the reasons for not taking action within one month of receipt of the request.

    • In accordance with the GDPR, controllers must use all reasonable measures to verify the identity of a data subject who requests access, and, in general, of data subjects that exercise the remaining ARCO rights.

    • When the controller processes a large quantity of information concerning a data subject, the controller may request that the data subject specify the information to which the request relates.

    • The controller may be assisted by processors to respond to requests made by data subjects exercising their rights, and such assistance may be included in the processing agreement.

     

      6.- Company details for the exercise of rights or regarding Data Protection.

      By writing to the following address and attaching a copy of your passport or Personal ID Card: “SEASIDE HOTELS S.L.” - Tax ID No.: A35081090 Address: Calle Avenida de Moya, 8. C.P. 35100. San Bartolomé de Tirajana. Las Palmas. España. Telephone no.: 928771766. Email: info@sandy-beach.es;

      Contact information of our Data Protection Officer.
      If you have any doubts or questions or need any explanation or anything similar, you may contact our Data Protection Officer at: dpd@seaside-collection.es

       

      7.- Business group.

      Below there is a list of the companies that are part of the group of companies of “SEASIDE HOTELS S.L.”
      “Ashi 85, S.L.” with Tax ID no. B-96199807, and registered address at Calle Avenida de Moya, 8. C.P. 35100. San Bartolomé de Tirajana. Las Palmas. Spain. “Dunaoasis Palace S.A.” with Tax ID no. A35014406, and registered address at Calle Avenida de Moya, 8. C.P. 35100. San Bartolomé de Tirajana. Las Palmas. Spain. “Seaside Hotels, S.L.” with Tax ID no. B35081090, and registered address at Calle Avenida de Moya, 8. C.P. 35100. San Bartolomé de Tirajana. Las Palmas. Spain.