The website owner reserves the right to modify this Policy in order to adapt it to new legislation, jurisprudence, sector practices, and/or in the interests of the company. Any modifications to the same will be announced with due warning in order to ensure your adequate knowledge of the content.
The data controller is PALLADIUM GESTIÓN S.L., with address for these purposes at: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands).
1.2 DPD contact details
The contact details of the DPD appointed by the data controllers are as follows: email@example.com
1.3 PROCESSING PURPOSE
The purposes of collecting and processing personal data, through the various forms that are owned by the data controller and made available to Users, is as follows, depending on the specific case:
1.4 STORAGE PERIOD
The personal data provided will be stored for the appropriate period to comply with legal obligations to during the period that may be required by a judge or magistrate’s court. Data based on consent will be stored as long as consent is not withdrawn or handling opposed. Additionally, with the aim of improving your experience for future stays in our hotels, we will maintain the data related with your past stays during a period of seven years, unless you would communicate the contrary. In that case it will be maintained the period according to legal obligations and during the period that may be required by a judge or magistrate’s court. CV data received as part of recruitment processes will be stored for a period of four years.
1.5 DATA LOCKING
In accordance with article 32 of Organic Act 3/2018 on Personal Data Protection and the Guarantee of Digital Rights, data controllers will proceed to block data when it is corrected or deleted.
The data lock consists of identifying and reserving the data in question, adopting technical and organisational measures to prevent it from being processed, except for to make the data available to the competent judges and courts, Public Prosecutor's Office or Public Administrations, and data protection authorities in particular, based on the requirements of potential obligations arising from the processing of the data and only for the limitation period required in these cases
The data controller is legitimately entitled to process personal data, on the basis of the following:
· If this has been requested, in accordance with the consent granted by the interested party for one of several specific purposes as set out in article 6.1 a) of the General Regulations for Personal Data Protection when they complete the forms and mark the box provided for that purpose.
· In order to execute a service provision contract, as set out in article 6.1 b) of the General Regulations for Personal Data Protection.
· In order to comply with a legal obligation imposed on the data controller, in accordance with Article 6.1.c) of the General Data Protection Regulation
· On the basis of a legitimate interest for security and access control purposes in accordance with article 6.1 f) of the General Regulations for Personal Data Protection. An assessment will be made of the extent to which this is proportionate and pertinent to the rights of the interested parties.
1.7 DATA SOURCE
The personal data is obtained from the booking made by the data subject or from the forms they fill in which have been made available by the data controller.
If the data does not come directly from the data subject, it will have come from the booking made by the data subject through a third party (such as a travel agency or a travel booking website)
1.8 DATA ACCURACY
On the other hand, in order for the data present in our files, whether in electronic or paper format, to always correspond to reality, they will need to be kept up to date. To this end, the User should make any necessary changes, either directly when this option is enabled or by informing the data controller's corresponding division or department by a reliable and traceable means.
The personal data you provide to the data controller, may be passed on to the following types of addressees:
· Third parties to whom the company is obliged to supply information, such as public authorities, for the purpose of complying with the requirements of such authorities and with applicable legislation.
· The companies that own the hotels, in order to make the reservation in them. The legitimate basis for processing the data in this case is the execution of a contract or pre-contractual measures (Art. 6.1.b of the GDPR)
Palladium Gestión S.L. does not market, sell or perform any other similar activity using your personal data. Your personal data will only be processed for the purposes indicated above and will only be used by the data controller.
The data controller uses service providers with access to the personal data (data processors). Among these service providers are companies located outside the European Economic Area, and as such there is the possibility of international transfers of data being made. This will, in all cases, be done in compliance with the relevant guarantees as per Articles 44 onwards of the GDPR. Suppliers of data controllers located in the USA are members of the Privacy Shield agreement
1.10 USER´S RIGHTS
However, the person to whom the personal data belongs may in any case exercise the rights granted to them by the General Regulations for Data Protection, namely:
· The right to request access to their own personal data
· The right to request rectification or deletion
· The right to request the limitation of their handling
· The right to oppose handling
· The right to data portability
The interested party may exercise these rights by issuing a written request accompanied by a copy of their national identity document, specifying which of the above rights they wish to exercise and sent to the following address: PALLADIUM GESTION S.L. Dirección: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Baleares) or by sending an e-mail to firstname.lastname@example.org
In the event the interested party considers their right to personal data protection to have been breached, they may send a complaint to the Spanish Data Protection Agency (www.agpd.es).