BIENVENIDOS
BOOK

Privacy Policy

1. Information for the User

1.1. Who is responsible for processing your personal data?

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO is the DATA CONTROLLER for the processing of the USER’s personal data and informs you that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).

2. Purpose and Basis of Processing and the Nature of the Data Provided.

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO will at all times process the Data for the specific purpose of the service that the Client has contracted or requested information about, and will only process such Data as is relevant to achieving that purpose. Specifically, HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO will process the Data in accordance with the basis and purposes indicated below:

2.1. For the fulfillment of contractual obligations (art. 6.1.b of the GDPR).

The Data is processed to provide the requested service to its Clients; to manage the commercial relationship with them and to ensure the correct provision of services, for example, by sending service-related inquiries to the Client or issuing invoices. The purposes of Data processing are directly related to the contracted service.

2.2 Based on the legitimate interest of the controller (art. 6.1.f of the GDPR).

Where appropriate and without unduly affecting the privacy interests or fundamental rights and freedoms of Clients, HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO will process the Data, in addition to fulfilling the contract, for the purpose of satisfying legitimate interests pursued directly by HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO or by a third party. These legitimate interests may include:

  • Providing its services including the issuance of the report if applicable and subsequent copies.
  • Sending commercial advertising communications by email, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that enables commercial communications. These communications will be made by the DATA CONTROLLER and will relate to its products and services, or those of its partners or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
  • Conducting market research and statistical analysis.
  • Evaluating claims and exercising defense.
  • Ensuring the IT infrastructure and security environment of HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO
  • Carrying out risk management and regulatory compliance tasks.
  • Processing orders, requests, responding to inquiries or any type of request made by the USER through any of the contact methods made available on the DATA CONTROLLER’s website.
  • Sending the online newsletter about news, offers and promotions in our activity.

2.3 Based on your consent (art. 6.1.a of the GDPR).

Insofar as you have given your consent for us to process the Data for specific purposes, such as your participation in contests or promotions organized by HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO, this processing will be lawful by virtue of such consent. Your consent is always optional and may be withdrawn at any time. For clarification purposes, the withdrawal of consent will not affect the lawfulness of Data processing carried out prior to such withdrawal.

2.4. Due to legal provisions (art. 6.1.c of the GDPR) or in the public interest (art. 6.1.e of the GDPR).

We are also subject to certain legal obligations, that is, legal and regulatory provisions, such as sending data requested to the corresponding Administration. The purposes of processing include compliance with control and reporting obligations set out in tax legislation or, in certain cases, due to mandatory accreditation, training and/or certification requirements.

• ORDER INT/321/2021, of 31 March, amending Order INT/1922/2003, of 3 July, on registration books and guest entry forms in hospitality establishments and similar establishments, regarding documentary registration obligations.
• ORGANIC LAW 4/2015, of 30 March, on the Protection of Public Safety. Article 25 – On documentary registration obligations.
• RESOLUTION OF 14 July 2003, of the State Secretariat for Security. Determining the conditions and form of use of the transmission of computer files, as well as the characteristics of the media referred to in Order INT/1922/2003, of 3 July, on registration books and guest entry forms in hospitality establishments and similar establishments.
• ORDER INT/1922/2003 of 3 July on registration books and guest entry forms in hospitality establishments and similar establishments.
• ORDER INT/502/2003, of 21 February. On the creation of a file for the processing of information sent by hotel facilities to the Civil Guard, in the prevention and investigation of terrorism and other serious forms of organized crime (parteviaje), in the Directorate General of the Civil Guard.

In cases where Data collection is carried out to comply with legal or regulatory obligations of HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO, to enter into a contract with its Clients or is necessary for legitimate purposes, if HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO cannot collect such personal data, we will not be able to commit to providing you with the agreed services and, therefore, fulfill contractual obligations (in which case you will be duly informed).

2.5. Who has access to the Data and with whom is it shared.

The Data may be communicated:

To provide our services to Clients and ensure a consistent level of service.

  • To third parties who need to carry out specific activities in relation to the Data according to the purposes of processing, or to suppliers who provide services to HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO such as information technology and hosting service providers and subcontractors, marketing providers, debt collection companies or subcontractors. In such cases, we take measures to ensure that our data security standards are met, so that the Data provided remains secure.
  • To authorities, entities and/or subjects to whom the Data must be communicated in accordance with mandatory legal or contractual provisions. Such authorities, entities, clients and/or interested parties will act as independent data controllers.

3. Categories and Types of Data We Collect and Process.

  • Contact information that the Client provides to us (such as name, address, telephone, email addresses)
  • Financial details (identification of tax numbers, financial transaction data, information relating to your credit or debit card and bank account details).
  • Electronic identification data such as cookies and IP addresses;
  • Any other personal data within the framework of our commercial relationship with the Client and as determined in the specific contractual terms.

3.1. How long will we keep your personal data?

It will be kept in paper and/or electronic format for no longer than necessary to maintain the purpose of processing or there are legal requirements that dictate its custody in accordance with the principles of necessity, minimization and adequacy, and when it is no longer necessary for this purpose, it will be deleted with appropriate security measures to ensure the anonymization of the data or its total destruction, respecting the principles of limitation of the retention period and data minimization set out in art. 5.1, paragraphs c) and e) of the GDPR.

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO may retain the Data after the termination of the contractual relationship to comply with regulatory, contractual and/or tax obligations or in the event of legal claims. Subsequently, when the reasons for the aforementioned processing cease to exist, the Data will be anonymized, deleted or destroyed.

4. What are your rights?

Any interested party may exercise the rights set out in articles 15 to 22 of the GDPR, indicated below, by sending a request through any of the contact channels mentioned above:

The rights available to the USER are:

  • Access: you may obtain information relating to the processing of your Data and a copy thereof.
  • Erasure: you may request the deletion of your Data, to the extent permitted by law.
  • Objection: you may object to the processing of your Data, for reasons related to your particular situation. In the event of objection to the processing of Data pursuant to art. 21 of the GDPR, HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO reserves the right to evaluate your request, which will not be accepted if there are legitimate reasons for processing that prevail over your freedoms, interests and rights.
  • Rectification: if you consider that your Data is inaccurate or incomplete, you may request that it be modified accordingly.
  • Restriction: you may request the restriction of the processing of your Data.
  • Withdrawal of consent: if you have given your consent for the processing of your personal Data, you have the right to withdraw it at any time.
  • Data portability: where legally applicable, you have the right to have the Data you have provided to us returned to you or transferred to a third party when technically possible.
  • Right to lodge a complaint with the supervisory authority (www.aepd.es) if you consider that the processing does not comply with current regulations, as provided in art. 77 of the GDPR.

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO undertakes to keep your Data accurate and up to date. Therefore, if your Data changes, please inform us of such change as soon as possible.

Contact details for exercising your rights:

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO – Calle Tostado, S/N – 16670 El Provencio (Cuenca). Email: hola@hospederianuestrasenoradelrosario.com

5. International Data Transfer

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO does not carry out international data transfers outside the European Economic Area (EEA) for the provision of services. In the event of transferring data internationally, we guarantee the adoption of measures to protect it before the transfer.

Any transfer of Data to international organizations and/or countries not located within the European Economic Area (EEA) will be carried out in accordance with one of the methods permitted by current legislation.

6. SECURITY MEASURES

In accordance with the provisions of current regulations on the protection of personal data, the DATA CONTROLLER is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility, and manifestly with the principles described in article 5 of the GDPR, whereby they are processed lawfully, fairly and transparently in relation to the data subject and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD for the protection of data against destruction, loss, alteration, misuse, communication or access of an accidental, unlawful or unauthorized nature, as well as against other unlawful forms of processing. Such security measures have been applied taking into account the state of the art, their cost of implementation, the risks involved in processing and the nature of personal data, with special precaution in the case of special categories of data. Specifically, there is adequate awareness, training and commitment to confidentiality to ensure that Data is not shared or communicated to unauthorized persons in order to protect the rights and freedoms of USERS and has communicated the appropriate information to them so that they can exercise them.

For more information on privacy guarantees, you may contact the DATA CONTROLLER through HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO, Calle Tostado, s/n, – 16670 El Provencio (Cuenca). Email: hola@hospederianuestrasenoradelrosario.com

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO applies appropriate technical and organizational measures

7. Status and Update of the Privacy Policy

This privacy policy was last updated in October 2024. HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO reserves the right to modify it when deemed appropriate. If the privacy policy has been updated, HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO will take appropriate measures to inform its Clients of the update through appropriate means.

8. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

USERS, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely and unequivocally accept that their data is necessary to fulfill their request by the provider, with the inclusion of data in the remaining fields being voluntary. The USER guarantees that the personal data provided to the DATA CONTROLLER is true and is responsible for communicating any modification thereof.

The DATA CONTROLLER informs that all data requested through the website is mandatory, as it is necessary for the provision of an optimal service to the USER. If all data is not provided, there is no guarantee that the information and services provided will be fully tailored to your needs.

SOCIAL MEDIA PRIVACY POLICY

1. INFORMATION FOR THE USER

Who is responsible for processing your personal data?

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO, hereinafter, DATA CONTROLLER, informs the USER that it has proceeded to create profiles on the Social Networks Facebook, Instagram, Twitter, LinkedIn, YouTube, or any other social network, that it is responsible for the processing of the user’s personal data carried out on said social networks and informs you that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD), for which the following processing information is provided:

Why do we process your personal data?

Purpose of processing: to maintain a relationship between the USER and the DATA CONTROLLER that may include the following operations:

  • Processing requests and inquiries submitted to the controller
  • Informing about activities and events organized by the controller
  • Informing about products or services offered by the controller
  • Interacting through official profiles

On what grounds may we process your personal data?

Legal basis for processing: article 6.1.a GDPR, the data subject has given consent for the processing of their personal data for one or more specific purposes. The USER has a profile on the same social network and has decided to join the DATA CONTROLLER’s social network, thus showing interest in the information published on it, therefore, when requesting to follow our official profiles, you provide us with your consent for the processing of such personal data published on your profile.

The USER may access at any time the privacy policies of the social network itself, as well as configure their profile to guarantee their privacy.

The DATA CONTROLLER has access to and processes that public information of the USER, in particular, their contact name. This data is only used within the social network itself and will only be incorporated into a DATA CONTROLLER file when necessary to process the USER’s request.

How long will we keep your personal data?

Data retention criteria: it will be retained as long as the USER does not revoke the consent given as indicated in this privacy policy.

To whom do we provide your personal data?

Communication of data: the information provided by the USER through the DATA CONTROLLER’s social networks, including their personal data, may be published, always depending on the services that the USER uses, and may therefore be made publicly available to other third-party users of social networks. From the profile of each social network, the USER can configure what information they want to make public in each case, view the permissions that have been granted, delete them or deactivate them, like any third-party application that is no longer desired to be used.

No communication of personal data to third parties outside the social network is planned unless, if it were essential for the development and execution of the purposes of processing, to our service providers related to communications, with whom the DATA CONTROLLER has signed the confidentiality and data processor contracts required by current privacy regulations.

What are your rights?

Rights available to the USER: may only be satisfied in relation to such information that is under the control of the DATA CONTROLLER.

  • Right to withdraw consent at any time
  • Right of access, rectification, portability and erasure of your data, and of restriction or objection to its processing
  • Right to lodge a complaint with the supervisory authority (www.aepd.es) if you consider that the processing does not comply with current regulations

Contact details for exercising your rights:

HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO, Calle Tostado, s/n, – 16670 El Provencio (Cuenca). Email: hola@hospederianuestrasenoradelrosario.com

2. USE OF THE PROFILE

The DATA CONTROLLER will carry out the following actions:

  • Access to the public information of the profile
  • Publication on the USER’s profile of all information already published on the DATA CONTROLLER’s social network
  • Sending personal and individual messages through the social network channels
  • Page status updates that will be published on the USER’s profile

The USER can always control their connections, remove content that is no longer of interest and restrict with whom they share their connections; to do so, they must access their privacy settings.

2.1. PUBLICATIONS

The USER, once a follower or having joined the DATA CONTROLLER’s social network, may publish comments, links, images, photographs or any other type of multimedia content supported by it. The USER, in all cases, must be the owner of the published content, enjoy copyright and intellectual property rights or have the consent of the affected third parties.

Any publication on the social network is expressly prohibited, whether texts, graphics, photographs, videos, etc. that violate or are likely to violate morality, ethics, good taste or decorum, and/or that infringe, violate or breach intellectual or industrial property rights, the right to image or the Law.

In these cases, the DATA CONTROLLER reserves the right to immediately remove the content, without prior notice, and may request the permanent blocking of the USER.

The DATA CONTROLLER will not be held responsible for content freely published by a USER.

The USER must bear in mind that their publications will be known to other users, so they are primarily responsible for their privacy.

Images that may be published on the social network will not be stored in any file by the DATA CONTROLLER, but will remain on the social network.

3. OUR WEBSITE MAY USE BUTTONS FOR THE FOLLOWING SOCIAL NETWORKS

• Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
• Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
• LinkedIn, Legal Department, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
• YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA

The buttons display the logos of individual social networks. However, the buttons are not standard social plugins, i.e., plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate actions (clicking). As long as you do not click on the buttons, no data will be transferred to social networks. By clicking on the buttons, you agree to communication with the social network servers, activating the buttons and establishing the link.

Once clicked, the button functions as a sharing plugin. The social network then obtains information about the site you have visited, which you can share with your friends and contacts. You must log in to share information. If you have not logged in, you will be redirected to the login page of the social network you clicked on, and will leave the pages of HOSPEDERIA NUESTRA SEÑORA DEL ROSARIO to the corresponding social network. If you have logged in, your “like” or recommendation of the article in question will be transmitted.

When you activate the button, social networks will also receive information that you accessed the respective page of our website and when you did so. In addition, information such as your IP address, details about the browser you used and your language settings may be transmitted. If you click on the button, your click will be transferred to the social network and will be used in accordance with its data policy.

When you click on the button, we have no control over the data collected and data processing operations. We are not responsible for this information, or processes, nor are we the “data controller” as defined in the GDPR. We also do not know the full extent of data collection, its legal basis, purposes and storage periods. For this reason, the information provided here is not necessarily complete.

Data will be transmitted regardless of whether you actually have an account with this provider or whether you have logged in there. If you have logged in with the provider, your data will be assigned directly to your account. Providers may also use cookies on your computers to track you.

As far as we know, these providers store this data in user profiles that they use for advertising, market research and/or demand-oriented website design. This type of analysis is carried out (also for users who have not logged in) to present demand-oriented advertising and inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right to object, please contact the corresponding provider. Consult the information provided by the following social network sites for details on the purpose and scope of data collection and subsequent processing and use of data by the respective social network, and your rights and privacy settings:

• Facebook: https://es-es.facebook.com/privacy/explanation
• Google: https://policies.google.com/privacy?hl=es-419
• Twitter: https://twitter.com/es/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=es_ES
• YouTube: https://www.youtube.com/intl/es/about/policies/#community-guidelines and that applicable to Google.

4. DATA OF MINORS OR PERSONS WITH SPECIAL CAPACITIES

Access and registration through the DATA CONTROLLER’s social networks is prohibited for persons under 18 years of age. For their part, if the USER has special capacities, the intervention of the holder of their parental authority or guardianship, or their legal representative, will be necessary through a valid document accrediting the representation.

The DATA CONTROLLER will be expressly exonerated from any liability that may arise from the use of social networks by minors or persons with special capacities. The DATA CONTROLLER’s social networks do not knowingly collect any personal information from minors, therefore, if the USER is a minor, they must not register, use the DATA CONTROLLER’s social networks or provide any personal information.