SUCESORES DE URBISTONDO, S.L., hereinafter the HOTEL DE LONDRES Y DE INGLATERRA, according to the legal requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in particular, in application of Article 25 and Whereas note 78, recognises itself as the Controller responsible for personal data processing and pledges to process such data according to legal requirements and to the previously identified risks associated to their processing.
To guarantee the adequate management of personal data, all staff at the HOTEL DE LONDRES Y DE INGLATERRA involved in the processing procedures are aware of the data protection policies established at the entity, thereby ensuring the confidentiality, integrity, availability and resilience of personal data and the ability to restore personal data in a timely manner in the event of an incident.
1. Controller responsible for processing your personal data
Controller identification: SUCESORES DE URBISTONDO, S.L., Tax no. B20456430
Postal address: c/ Zubieta 2 -20007 Donostia – Gipuzkoa (Spain)
Tel.: +34 943 440 770
2. Purpose and duration of your personal data processing
Every time the HOTEL DE LONDRES Y DE INGLATERRA asks for your personal details, it will expressly inform you, when collecting said data, about the purpose of the processing for which you are giving your consent. Should the HOTEL DE LONDRES Y DE INGLATERRA wish to use your data for other purposes, we will ask for your express and prior consent. In cases where you have authorised us to send you commercial information, we inform you that we can create a “commercial profile” based on the data provided in order to send you information related to your interests; this said, we inform you that no exclusively automated decisions will be taken based on that profile.
Your personal data will be processed indefinitely unless you exercise your right to deletion. Should you exercise said right, we will remove your personal data, with the exception of those we are legally compelled to maintain for a stipulated period.
3. Authorisation to process your personal data
The legal basis authorising us to process your personal data is the consent you give for them to be processed. Generally speaking, HOTEL DE LONDRES Y DE INGLATERRA requests your consent for the primary purpose (being able to provide you with the service you request from us). Your refusal to give such consent means that we will be unable to provide the service in question.
4. Recipient of your personal data
Unless compelled by express legal obligation, the HOTEL DE LONDRES Y DE INGLATERRA does not envisage disclosing your personal data to third parties. In the event that this kind of disclosure is envisaged, you will be asked to give your express consent beforehand, informing you of the recipients of your data or, if such recipients are not clearly predetermined, of their category.
The HOTEL DE LONDRES Y DE INGLATERRA can contract third-party services which imply access to your personal data by a third party, but only in the scope of providing a service where such processing on our behalf meets the conditions stipulated in Articles 28 and 29 of the above-mentioned European Regulation. In such cases, the processing carried out on behalf of the HOTEL DE LONDRES Y DE INGLATERRA will be regulated by the corresponding confidentiality contract, which will clearly stipulate the commitments acquired by both parties with respect to the processing of your personal data, their confidentiality and security.
In the event of the data processing being carried out by an entity outside Europe, we will work which entities which, in the opinion of the Spanish Data Protection Agency, have a comparable level of security, demonstrable by the following means:
The company providing the service figures on the list of countries with a level of protection comparable to that of the European Union.
The company is expressly authorised to internationally transfer personal data by the Spanish Data Protection Agency.
The company providing the service works under the protection of the EU-US Privacy Shield.
5. Rights referring to the processing of your personal data
As the owner of the personal data processed by the HOTEL DE LONDRES Y DE INGLATERRA, and in application of Articles 15 and 21 of the above-mentioned European Regulation, you are free at any time to exercise your rights of access, rectification or deletion, restricted processing, objection and/or portability. To make a request for the right of your choice to be exercised, you must address yourself to the HOTEL DE LONDRES Y DE INGLATERRA by any of the commonly used communication channels, and especially by means of the contact details provided in point 1 of this Data Protection Policy. You will also have to previously provide unequivocal proof of your identity as the owner of the personal data with respect to which you wish to exercise the right. The HOTEL DE LONDRES Y DE INGLATERRA will execute said right in a timely manner and, in any event, without undue delay. If you have any doubts about your rights and how to exercise them, the HOTEL DE LONDRES Y DE INGLATERRA will be pleased to give you all of the necessary information and help you with the procedure.
If you feel that your request to exercise your rights has not been adequately dealt with, you can make a complaint to the competent Control Authority. Below you will find the main contact details for the Spanish Data Protection Agency:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
Tel.: 901 100 099 – 912 663 517
6. Data source
The source of the personal data processed by the HOTEL DE LONDRES Y DE INGLATERRA will be the owner of such data or their legal representative, or the person or persons expressly authorised by the owner. The categories of data processed will always correspond to data of an identification, economic, commercial information, academic and professional nature and, in general, to any kind of personal data not deemed to be specially protected data.