At APARTAMENTOS ONDOLOIN we are committed to the protection of privacy and the correct use of the personal data that we process and that you provide to us, both online on this website and, where appropriate, any of its sub-domains and microsites, and offline.
Please read this policy carefully and make sure you understand and agree with it, before providing us with your personal data. If you do not agree with it, do not use this website or its services or provide us with your details.
Accessing this site, using any of its services or providing us with your data, whether online or offline, will be understood as a clear affirmative action by which you give us your consent (where required) to process your data for the purposes indicated below.
Who we are?
How did we get your data?
Obtaining from the person concerned himself:
If you are a customer (current or potential), or a user of our website, you have provided them, either off-line or on-line, when requesting our products or services, or contacting us for information.
By providing us with your data, you guarantee that you are qualified to do so, and that the information is true, up to date, and does not infringe any contractual restrictions or third party rights. You are responsible for keeping your details and your profile correct and up to date, and APARTAMENTOS ONDOLOIN declines all responsibility if you fail to do so. You undertake not to impersonate other Users by using their registration details for the various services and/or content of the Website.
Obtained automatically when visiting our website:
Communication by the data subject of data from third parties:
With respect to other people’s data, you must respect their privacy by taking special care when communicating or publishing their personal data. Only the owner of the data can authorise the processing of his or her personal data. The publication of data on third parties without their consent may, in addition to data protection regulations, infringe the right to honour, privacy or self-image of such third parties.
What kind of data do we process?
The categories of data that we process may be:
Your contact details, including first and last name, address (for billing or delivery), email address and optionally your telephone number. We need your email address and (optionally) your telephone number so that we can contact you if we have any questions or information about your booking.
Also other information necessary to process your booking, such as payment information (bank, credit card…).
What do we process your data for?
The data you provide us with, as well as all the data generated during the development of the relationship we have with you, can be treated for different purposes:
If you are a current or potential client: to maintain contact and communication with you, and manage the contractual and/or commercial relationship.
If you are a user of our website, or a sender or recipient of an email: to manage the requests you make to us online, and to contact you.
To carry out opinion and/or satisfaction surveys…
To offer you products and services in accordance with your interests: we can draw up a commercial profile based on the information provided in order to improve your user experience. For example, we may use certain criteria (such as your customer history, your browsing behaviour, your participation, your interactions on our website, or your newsletter subscriptions), to offer you personalised products and prices, loyalty programmes, etc. ….. No automated decisions will be made based on this profile.
To send you, by means of electronic communications, information about our activities, products and/or services similar to those requested, including advertising and/or commercial communications for the purposes of art.21 LSSICE 34/2002. If we already have a previous contractual relationship, we will send these communications on the basis of our legitimate interest. In the case of not having a previous contractual relationship, we will only send you this type of communication if you authorise us to do so by checking the option expressly included for this purpose in the corresponding forms. The electronic communications that we send you will include, in the communication itself, the option to stop receiving them.
How long will we keep your data?
The personal data that you provide us with will be kept for the duration of the contractual, pre-contractual or commercial relationship and, once this has ended, for as long as the person concerned does not request that it be deleted. Even if you have requested their deletion, we may keep them for the time necessary and limit their processing, solely for:
Comply with the legal/contractual obligations to which we are subject,
and/or during the legal periods foreseen for the prescription of any responsibility on our part,
and/or the exercise or defence of claims arising from the relationship with the person concerned.
In coordination with the above criteria, the deletion of personal data either in computer records or on paper may be carried out, at the discretion of the organisation, depending on logistical needs and/or storage space that make it advisable to delete information or documentation.
What is the legitimacy for the processing of your data?
The legal basis that legitimizes us to process your data may be different:
Compliance with the existing contractual or commercial legal relationship if you are already a customer, supplier, or participant in our activities If you are a customer or potential supplier, it is the pre-contractual relationship that binds us.
The provision of the requested data is obligatory as it is essential to formalise and/or maintain the contractual or pre-contractual relationship and to comply with the legal obligations arising from it; if you do not provide them, we will not be able to provide the service arising from that relationship.
Consent: your consent can also be given if you have made a request or petition, or have given us your consent for a specific purpose: For example: to send commercial communications, if you have entered our website, if you have sent us your curriculum vitae, if you have given your consent to take photographs, etc.
You give us this consent unequivocally when you provide us with your data online or offline, and such provision is considered a clear affirmative act of consent. The provision of the requested data is obligatory as it is essential to meet your request; if you do not provide it, we will not be able to carry it out. You may withdraw this consent at any time by sending us an e-mail to firstname.lastname@example.org . This withdrawal does not condition the treatment of your data for the rest of the purposes described, but it may mean that we cannot answer your request.
Compliance with a regulation or legal obligation: such as those established in the fiscal, tax, consumer and user regulations …
Our legitimate interest as an organisation also provides a legal basis for processing your data. In accordance with recital 47 of the RGPD, we have an interest in:
To inform you about our activities, products and/or services, including by means of electronic communications.
If we already have a previous contractual relationship, we will send such communications on the basis of our legitimate interest. Otherwise, we will only send you such communications if you give us your consent by checking the option expressly included for this purpose in the corresponding forms.
In any case, the indicated treatment of your data is considered to be proportionate and to have a minimum impact on your privacy, but your interests, rights or freedoms will always prevail over our legitimate interest. Therefore, if you do not wish us to treat your data for these purposes, please send us an e-mail to email@example.com , and we will do so.
To carry out opinion and/or satisfaction surveys.
To which recipients can we communicate your data?
We inform you that the data you provide may be communicated to third parties for purposes directly related to legitimate functions of transferor and transferee as:
To banking institutions for the management of collections and payments, as well as to the different institutions that are necessary at any given time to provide the different payment services and manage the collections and payments made through this website, as well as the obligations at any given time derived from the payment systems that facilitate them; all in compliance with the functions that are specific to these institutions for the provision of these services.
To the entities or bodies to which there is a legal obligation to communicate data (tax authorities, account auditing companies, etc.)
To insurance companies for the management and insurance of commercial risks.
To the agents or distributors of our commercial network. In the event that this involves an international transfer of data to a country outside the European Economic Area, the data subject gives his/her unequivocal consent to such a transfer by providing his/her data.
International Data Transfers
We will ensure that personal data are always processed and located in the European Economic Area. However, under certain circumstances, we may make international transfers of data, for example if this is necessary for the conclusion or performance of a contract, in the interest of the data subject, between APARTAMENTOS ONDOLOIN and another natural or legal person; or if it is necessary for the performance of a contract between the data subject and APARTAMENTOS ONDOLOIN, for example when using service providers located outside the European Union, who may have access to personal data, for the provision of services ancillary to our activity (hosting, housing, SaaS, remote backup, computer support or maintenance services, e-mail managers, e-mail and e-mail marketing, file transfer, etc.) or for the performance of pre-contractual measures taken at the request of the data subject.
These entities may be different and vary over time but, we will try to choose entities, either belonging to countries that have an equivalent level of protection to the European one in terms of data protection, or that have adequate guarantees to reach that level, or they will be made on the basis of one of the exceptions provided for to this effect in the RGPD.
Apart from those cases which have just been indicated, in the event of having to make transfers to a country which does not have that level of protection comparable to the European one, for example because it does not have a data protection authority or regulations which protect the rights of the data subjects, we will inform you of that risk so that you may explicitly authorise those transfers, giving your consent to them.
What are your rights when you provide us with your data?
Right of access: You can ask us what personal data we are processing and even request a copy of it.
Right of rectification: You can ask us to rectify inaccurate personal data or to complete those that are incomplete, including by means of an additional statement.
Right of deletion (right to forget): You may ask us to delete your personal data when: it is not necessary for the purposes for which it was collected, you withdraw your consent, there has been an unlawful processing of it or for compliance with a legal obligation.
Right to limit processing: You may ask us to limit the processing of your data, in which case we will only keep them for the exercise or defence of claims.
Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the data controller or is for advertising purposes.
Once we have received any of the above requests we will respond within the legally established deadlines. You can complain to the Spanish Data Protection Agency. If you would like more information about the rights you can exercise and to request model forms to exercise your rights, you can visit the Spanish Data Protection Agency website, www.aepd.es.
This post is also available in: Español