DATA PROTECTION POLICY
I.- Who is the your data controller?
The data controller is ABAMA TERRACES, S.L. with registered office at Carretera General TF-47, km 9, 38687, Guía de Isora– Tenerife – Islas Canarias, España. If you have any queries on data protection you can write to the Data Protection Officer at email@example.com
II.- For what purpose and on what legal basis is your data processed?
The customer is notified that their data will be processed by the Hotel, for the following purposes:
1. Handling bookings and purchased services.
To formalise and manage the purchase of products and provision of services offered by the Hotel, the customer has two direct means available to them: (i) electronic means through the webpage https://www.lasterrazasdeabama.com/?lang=en or (ii) by phone directly calling the Hotel (call centre).
In case of the purchase being made by phone, the Hotel will proceed to record the call in order to confirm and verify the purchase made by the customer. The Hotel will always inform about the call being recorded, with the customer understanding that continuing on with the call means they agree to the aforementioned recording and them taking into account that lack of consent will mean the impossibility of managing the booking request that the customer intends to make.
To manage the booking requested by the customer, the Hotel will process the personal data which that customer has provided through the information gathering forms that the Hotel has available for that purpose.
Similarly, the Hotel will process the information which is necessary for managing modification or cancellation requests for requested bookings by the customer.
Legal Basis: This processing is required for the enforcement of the agreement.
In the case where in the text box fields or by express request to the tour operator or to the staff of the Hotel, the customer provides data on their health in order to manage specific services, the Hotel understands that this data is freely provided by the customer, given that there is no prior request for this information and it will only be processed to manage the customer request (for example, rooms adapted for special needs).
Legal Basis: It is considered that, to provide that personal data, the customer consents to the use of their data for that purpose.
2. Fulfilment of accounting, legal, tax, and administrative duties.
Legal Basis: This processing is required for the enforcement of the agreement.
3. Sending commercial communication by any means with offers concerning products and/or services offered by the Hotel, that may be of interest to the customer.
The personal data will be able to be processed for preparing data profiling based on internal sources (ex: data generated in the Hotel, logs and statistics) whose results will permit the preparation and analysis of customised products and/or services, through segmenting into different groups based on common patterns. These profiles may only be used to send you personalised communications about products and/or services offered by the Hotel.
Legal Basis: This processing will only be performed if the customer consent is given. The customer will be able to withdraw their consent at any time for their data processed for this purpose following the instructions stated in section V.
4. Handling signing up for a newsletter for sending, by electronic means, information on deals and promotions for products and services offered by the Hotel.
When the customer signs up for the newsletter using the section available for that purpose on the site https://www.lasterrazasdeabama.com/?lang=en, the Hotel will be able to send them commercial communication about products and services offered by the Hotel, as well as events organised by it.
Legal Basis: Regarding the sending of commercial communication by the Hotel on products and/or services offered by it, it is understood that by subscribing to the newsletter the customer gives their consent for that purpose. On the other hand, as far as sending commercial messages on products and/or services offered by other entities that are not the Hotel, they will have to have the consent of the customer.
5. Transfer of the customers personal data to Gestión de Hoteles y Complejos Turísticos, S.L. to send them commercial communication.
In the case where the Hotel has the consent of the customer to do so, it will be able to communicate their data to Gestión de Hoteles y Complejos Turísticos, S.L. in order for that company to be able to send commercial communication about their products and/or services.
Legal Basis: This processing will only be done if the Hotel has the consent of the customer. The customer will be able to withdraw their consent at any time for their data processed for this purpose following the instructions stated in section V.
6. Handling customer complaints.
To handle the complaints the customer files about purchased services in a centralised fashion, the Hotel will receive the information about the customer complaint, in order to process that complaint and to be able to offer an appropriate solution for the customer, being able to offer discounts or better conditions on future stays to compensate for damage suffered. Thus the Hotel needs to access the information generated by the customer to properly attend to the complaint filed.
If applicable, if for the complaint the conclusion is reached that compensable damages are to be paid to the customer, the Hotel will inform the Hotels insurance company for handling the claim event suffered by the customer.
Legal Basis: This processing is needed to handle the complaint generated by the customer. It is considered that, to provide that personal data, the customer consents to the use of their data for that purpose.
7. Customer service.
The Hotel provides customer service for handling requests made by customers or potential customers, concerning both the provision of information prior to paying for bookings as well with issues that could arise on a booking made or the services offered by the hotel.
Legal Basis: This processing is required to handle the request made by the customer or potential customer. It is understood that by providing that aforementioned personal data, the customer or potential customer consents to the use of it for that purpose.
8. Legal or administrative proceedings.
Facing possible legal or administrative proceedings that could result from the services offered or provided by the Hotel, the Hotel will process the information which is necessary for presenting the pertinent allegations, exercise its right of defence or file the complaints it deems appropriate based on the events that took place.
Legal Basis: The processing is based on legal obligations, set out by the administrative regulations (mainly, the Law on Common Administrative Procedure) or is necessary for the Hotel to be able to exercise its legitimate right to effective and timely judicial review, both its right to defence as well as making a legal claim that it deems pertinent, based on the Law of Civil Procedure or the Criminal Procedure Act.
9. Handling of system incidents.
The Hotel will process the information necessary on its customers in order to be able to handle any incident reported or that the Hotel detects by its own means. That data processing will only be done for the purpose of resolving the incident and solving problems resulting from it. The Hotel understands that it holds a legitimate interest in protecting the security of its information technology assets, as well as to resolve incidents that put that security at risk or the continuity of the provision of the services offered to its customers.
Legal Basis: This processing is needed to satisfy the legitimate interests of the Hotel. At any time the customer will be able to object to their data being processed for this purpose by following the instructions set out in section V.
10. Performance of monitoring to detect fraudulent activities.
To perform monitoring and tracking of acts that may constitute fraud in present or future purchases, the Hotel informs that it performs an analysis of the transactions which are undertaken for the purpose of identifying and analysing the ones it detects as suspect to being fraudulent during the purchasing, preparing, if applicable, temporary limited purchasing exclusion lists.
Legal Basis: This processing is based on the legitimate interest of the Hotel, given that it undertakes monitoring and tracking of all the operations performed by its customers to detect possible fraudulent conduct in transactions made during the purchasing process. The customer will be able to object to the processing of their data according to the instructions set out in section V.
11. Data processing related to the Wi-Fi network access provided by the Hotel.
Legal Basis: This processing is necessary to be able to manage customer access to the Hotels Wi-Fi service. It is understood that, by provided that aforementioned personal data, the customer consents to its use for that purpose.
III. - How long will we keep your personal data?
Any personal data to which access is given will be processed for as long as the contractual relationship lasts or for the purpose it was collected for. After this period, the Hotel will retain your personal data, duly blocked, after the contractual relationship has come to an end or when it is no longer relevant for the purposes the data was collected for, in order to make it available to the competent Public Administrations, Judges and Courts or the Prosecutors Office until any actions that might derive from the relationship with the customer become time-barred and/or the retention periods established by law. The Hotel will proceed to physically erase your data once these deadlines have elapsed.
Additionally, if the customer has not withdrawn their consent to receive commercial communication, the Hotel will be able to process their personal data in accordance with what is set out in section V and the customer will be able to unsubscribe from receiving this communication by the process provided for this in those messages.
IV. - To whom will we transfer your data?
The Hotel can communicate the data:
• If it has the customer& consent, to Gestión de Hoteles y Complejos Turísticos, S.L. for the purpose of that company being able to send them commercial communication.
• Insurance brokerage and the insurance company of the Hotel in the case where the customer suffers compensable harm.
• Competent Public Bodies, Judges and Courts.
• In addition to the previous communication of the data, the Hotel works with third-party service providers that have access to customers' personal data and process that data for and on behalf of the Hotel as a result of their provision of services. In particular, the Hotel will contract the provision of services from third party providers that perform their activity, including without limitation, in the following sectors: legal advice, multidisciplinary professional services, companies which provide technological services, IT service provision companies.
V. - What rights do you have when you give us your data?
The customer may exercise, if they so wish, their rights of data access, rectification, and deletion, as well as request that the processing of their personal data be restricted and that they not be subject to individual automated decisions, and withdraw consent, by the following means
• By sending a request in writing to the post address: * Carretera General TF-47, km 9, 38687, Guía de Isora– Tenerife – Islas Canarias, España.
• By sending electronic mail: firstname.lastname@example.org
The customer must in both cases attach a copy of their National Identity Document (DNI), Tax Identification Number (NIF), or an official document identifying them, to their request.
The customer will be able to, as far as the processing based on having obtained their consent, withdraw their consent through the procedure specified in the previous paragraph.
Additionally, the customer may object to processing based on the legitimate interest of the Hotel.
VI.- How have we obtained data?
The personal data the Hotel processes is personal data collected via:
• Our direct channels:
• Website: https://www.lasterrazasdeabama.com
• Tour Operators working in collaboration with the Hotel.
• Third parties separate from the Hotel.
VII. - Before which authority may you bring your claims?
The customer can file a claim with the Spanish Data Protection Agency concerning the response they have received from the Hotel having attended to their rights.
In all cases, the customer is informed that the claims concerning the processing of its data will be processed by the Hotel Data Protection Officer, and the customer will be able to send the data to the addresses indicated in section V.