OBJECT

This Privacy Policy aims to inform you about how we collect, process, and protect the personal data you, as a User, have provided to us through our website or blog (hereinafter referred to as the Website) and to allow you to decide freely whether you want us to process this data.

It also aims to comply with the General Data Protection Regulation 2016/679 (hereinafter GDPR) and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter LOPDGDD).

IDENTIFICATION OF THE RESPONSIBLE PARTY / PROVIDER OF INFORMATION SOCIETY SERVICES

  • NAME / CORPORATE NAME: SESENTAYNUEVE
  • VAT/TAX ID: 14318988Q
  • ADDRESS: C/TIO PIPIRO 9, 41520 EL VISO DEL ALCOR
  • PHONE: +34 65826600
  • EMAIL: info@sesentaynuevecopas.com
  • WEBSITE: https://sesentaynuevecopas.com/
  • BUSINESS PURPOSE: Hospitality
  • REGISTERED DATA: Mari Ángeles Rodríguez Cadenas 14318988Q

PROCESSING OF PERSONAL DATA

The personal identifying and contact data you have provided us through our contact forms, email, etc., will be treated confidentially and only by personnel authorized by our organization.

All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our organization.

PURPOSE

In general, the processing of personal data carried out by our organization aims to maintain relationships with various groups of people, such as our customers, suppliers, our staff, job applicants, users of our website/blog or social media, and interested parties in general who contact our organization through our web forms, email, telephone, or in person.

This processing aims to fulfill existing relationships with each group of people. Depending on the relationship, the processing of your data serves different purposes, such as handling requests for information, complaints, claims, and other proactive communications received from interested parties. It is also done to fulfill our contractual, commercial, legal obligations, or to address the exercise of rights.

If you are a customer or supplier, your personal data will only be processed to maintain the business, contractual, or commercial relationship, either for service provision, accounting and billing management, or other purposes necessary to fulfill that relationship.

We do not send advertising without the prior consent of the interested parties, except to our clients with current relationships, and always regarding services or products related to those already provided or acquired.

If you are a potential customer or an information seeker, we will only process your data to address your requests, including providing commercial information related to your inquiry in our response.

If you are a job applicant, we will process your data to include you in our selection processes and job pool.

The purposes motivating the processing of personal data will be duly identified in the corresponding processing activities owned by our organization.

LEGAL BASIS

The processing of your personal data by our organization is based on the following legal grounds:

  • Your explicit, free, informed, and unequivocal consent. We inform you about this privacy policy, and after reading it and agreeing, you can voluntarily authorize us to process your data by ticking the boxes provided for this purpose on our forms. In this regard, we inform you that you can change your mind and withdraw your consent at any time by contacting us by post or email.
  • The fulfillment of the business, contractual, or commercial relationship with you, in case you are a customer, supplier, or part of our staff.
  • Compliance with our legal obligations.

In the event that the user is under 14 years old, it will be necessary to obtain the consent of parents, guardians, or legal representatives to process their data.

The user is solely responsible for the accuracy of the data submitted to us.

DATA RETENTION

The personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected, for the time required by laws, and as long as it is necessary to resolve potential liabilities arising from the processing activities mentioned in the purposes.

In the case of job applications, data will be retained for a maximum period of 1 year or until the interested party requests the deletion of their data.

PROFILING

We do not create profiles using your personal data, but if we do, you will be informed, and prior permission will be requested to do so.

Similarly, you have the right to object to this type of processing at any time.

DATA TRANSFER

As a general rule, our organization does not transfer personal data to third parties. However, there may be cases where this is necessary:

  • If you are a customer or supplier, your personal data may be transferred to third parties due to legal obligations (e.g., Tax Agency) or in those cases and entities necessary to provide our services or pay invoices (e.g., banks).
  • Also, your personal data as a customer or supplier may be processed by certain providers to whom we delegate some of our obligations (e.g., accounting advisors). All of them have committed, through a data processing agreement, to comply with the same security measures implemented by our organization, as well as to comply with the duty of confidentiality and secrecy regarding the personal data processed, among other obligations related to the protection of personal data.
  • If you are a job applicant, your data may be transferred to other companies in our group, although we will ask for your authorization to do so.
  • If you are an information seeker or a user of our website, your data will not be transferred to third parties, unless legally required to do so.

In the case of transfers to other entities or to countries outside the EEA, you will be informed, and your prior and express consent will be requested.

SECURITY MEASURES

Our organization has implemented all necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft, or unauthorized use.

These measures have been established based on the type of data processed and the purposes that motivate this processing. They are verified periodically in our internal controls for compliance with personal data protection regulations and through external audits.

RIGHTS OF THE INTERESTED PARTIES

You have the right to know if our organization is processing your personal data; therefore, you have the right to access your data, correct it if it is inaccurate, or request its deletion when the data is no longer necessary, provided it is legally possible.

You can also exercise your right to object, restrict, or portability if you deem it appropriate, and to do so, you can submit a written request via email to info@sesentaynuevecopas.com, attaching a copy of your ID to facilitate your identification.

Interested Party Attention Form

If the person wishing to exercise their rights is under 14 years old, they can do so through their parents, guardians, or legal representatives. If you wish to file a complaint because you believe your rights have been violated, you can do so before the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid, or at www.aepd.es.

COMMITMENT TO PERSONAL DATA PROTECTION

Scope

Our commitment to the protection of personal data is binding on all departments, employees of our organization, and those acting on our behalf.

Purpose

We have established protocols for the processing of personal data, in accordance with European and Spanish data protection regulations.

Principles

Lawfulness, Fairness, Transparency, Data Minimization, Accuracy, Limited Storage Period, Integrity, Confidentiality, and Active Responsibility.

Special Category of Data

The processing of personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, or data concerning sexual orientation is prohibited, except in legally authorized exceptions and with the prior consent of the data subject.

Rights of the Data Subjects

Data subjects have the right to access their personal data, as well as to correct inaccurate data, delete data that is no longer necessary, or if they do not wish to have their data processed, restrict certain processing activities, have the ability to receive their data easily and in a commonly used structured format from the data controller, as well as to have their data used for profiling and to object to processing at any time.

Record of Activities, Impact Assessment, and Security Measures

Our organization will keep a record of processing activities and will analyze the purposes of processing, categories of data subjects and data, recipients, international transfers, retention periods, etc., to assess the risks of processing and implement necessary security measures to ensure the confidentiality, integrity, and availability of personal data.

We have also analyzed the need to conduct an Impact Assessment and appoint a Data Protection Officer, establishing that the person designated for this position has sufficient knowledge and experience as required by current regulations.

Monitoring

We also have external consultants who monitor any publications made by the competent control bodies and other European and Spanish entities related to data protection regulations, in order to comply with this regulation at all times.

UPDATE OF THIS POLICY

Our organization reserves the right to modify this Policy without prior notice. Therefore, we recommend checking it each time you visit our website.