Privacy Policy

Privacy Policy

This legal text gives you details of how we collect and process your personal data through the use of our website http://www.hoteltobosoalmunecar.com , including any information you may provide us through the site when you contract a service, Register for our newsletter or provide your data through the form enabled for this purpose.

By providing us with the data, we inform you that our services are not possible for those people who are prevented by regulations from giving consent, so when you send us the forms you guarantee that you have sufficient capacity to grant consent.

Below we inform you about the data protection policy of: Formas Únicas, SL

1. Responsible for the treatment.

Contact details of the person responsible:

Formas Únicas, SL, with CIF: B29800216 and address at: Calle Cristo Number 12 29700 Vélez Málaga, Málaga and telephone: 952527474. Email: rgpd@tobosohotels.com

Commercial Registry of Malaga, Volume 1910, Book 823, Folio 112, Section 8, Sheet MA26523, Inscription 4 (04/05/2018)

Formas Únicas, SL , is responsible for your data. (Hereinafter we or our).

2. What data do we collect?

The General Data Protection Regulation defines personal data as any information about an identified or identifiable natural person, that is, any information capable of identifying a person. This would not include anonymous or percentage data.

The personal data that may be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding processing activities, owned by Formas Únicas, SL .

On our Website we may process certain types of personal data, which may include:

·       Identity data: name and surname.

·       Personal characteristics data: date of birth

·       Contact information: email and telephone.

·       Financial data: bank details and other details of purchases made

·       Marketing and communications data: preferences for receiving marketing communications from us and preferred means of communication.

We do not collect any data relating to special categories of personal data (those that reveal your ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership and information about your health, genetic or biometric data).

If you are required to collect personal data by law or under the terms of contract between us and you refuse to provide it to us, we may not be able to enter into said contract or provide the service, and you must notify us in advance.

3. How do we collect your personal data?

The means we use to collect personal data are:

·       Through the form on our website, through our contact emails, by phone or postal mail, when:

o    Request information about our products or services

o    Contract the provision of our services or products

o    Request quotes

o    You subscribe to one of our services or publications  

To ensure the quality of our portal, we reserve the right to reject any registration request or to suspend or cancel a previously accepted registration if we understand that it does not meet these requirements or any other law or regulation. If this happens, we will try to explain the reasons for our decision, but we cannot commit to doing so in all cases .

·        Through technology or automated interactions : On our site we may automatically collect technical data about your equipment, browsing actions and usage patterns. This data is collected through cookies or similar technologies. If you want more information, you can consult our cookie policy here .

·       Through third parties:

o    Google: analytics data or search data. Outside the European Union.

4. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

-        For the formalization of a contract betweenFormas Únicas, SL and you.

-        When you give your consent to the processing of your data.

-        When we need them to comply with a legal or regulatory obligation.

-        When necessary for our legitimate interest or that of a third party.

The User may revoke the consent given at any time by sending an email to rgpd@tobosohotels.com or by consulting the exercise of rights section below.

Below we attach a table in which you can consult the ways in which we are going to use your personal data and the legitimacy for its use, in addition to knowing what type of personal data we are going to process. We may process some personal data for some additional legal reason, so if you require details about this you can email rgpd@tobosohotels.com

Form

Purpose

Type of data

Legitimacy for your treatment

Contact

The purpose is to manage contacts and requests for information received via the web.

-  Name

-  Surnames

-  E-mail

-  Phone

 

Consent of the interested party (art. 6.1.a RGPD)

 

Pre-contractual measures (art. 6.1.b GDPR)

Processing is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1f GDPR)

 

Newsletter

The purpose is the management of the data provided to send information about our services and promotions.

-  E-mail

Consent of the interested party (art. 6.1.a RGPD)

Pre-contractual measures (art. 6.1.b GDPR)

Processing is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1f GDPR)

My reservations

The purpose is to manage my reservations

 

-  E-mail

-   

Consent of the interested party (art. 6.1.a RGPD)

 

Pre-contractual measures (art. 6.1.b GDPR)

Processing is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1f GDPR)

Bookings

The purpose is the management of reservations

-  Name

-  Surnames

-  E-mail

-  Phone

-  DNI/NIE/Passport

-  Birthdate

-  Bank data

Consent of the interested party (art. 6.1.a RGPD)

 

Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment (art. 6.1.c RGPD)

 

Processing necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures (art. 6.1b GDPR)

Processing is necessary for the satisfaction of legitimate interests pursued by the data controller (art. 6.1f GDPR)


Commercial Communications : You will only receive communications if

-        You requested information from us or made a contract with us for a product or service.

-        If you provided us with your data, accepting the box enabled in this regard on our form.

-        As long as you have not expressed your desire to stop receiving such communications.

We obtain your express consent before sending you any communication, and may request at any time that we stop sending you communications at the email address rgpd@tobosohotels.com

When you choose to stop receiving our communications, your personal data will continue to be stored as a result of the contract made by you to comply with legal requirements.

Purpose : We will only use your data for the purposes for which we collected it, unless we reasonably consider that we should use it for another reason, notifying you in advance so that you are informed of the legal reason for its processing and provided that the purpose is compatible with the purpose original.

5. How long will we keep your data?

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data. The provisions of the different regulations regarding the conservation period will apply, insofar as they are applicable to this treatment.

Subscriber data by email or form : From the moment the user subscribes until they unsubscribe.

6. Minors.

Formas Únicas, SL does not authorize minors under 14 years of age to provide their personal data through the means enabled on this website (completion of web forms to request services, contact or by sending emails). ). Therefore, people who provide personal data using such means formally declare that they are over 14 years of age, leaving Formas Únicas, SL exempt from any liability for non-compliance with this requirement.


If your child under the established age limit has provided personal information to Formas Únicas, SL , please contact us to request the exercise of your applicable rights.

In those cases in which the services offered byFormas Únicas, SL are intended for minors under 14 years of age, the means will be enabled to obtain authorization from the parents or legal guardians of the minor.

7. Exercise of Data Protection Rights:

How to exercise these rights? Users may send a communication to the registered office of Formas Únicas, SL or the email address rgpd@tobosohotels.com, including in both cases a photocopy of their ID or other similar identification document, to request the exercise of the following rights:

-        Access to your personal data: you can askFormas Únicas, SL if it is using your personal data.

-        To request their rectification , if they are not correct, or to exercise the right to be forgotten with respect to them.

-        To request the limitation of the treatment , in this case, they will only be kept byFormas Únicas, SL for the exercise or defense of claims

-        To oppose its processing:Formas Únicas, SL will allow the data to be processed in the manner you indicate, unless for legitimate reasons or for the exercise or defense of possible claims, these must continue to be processed.

-        To the portability of the data: in case you want your data to be processed by another firm,Formas Únicas, SL , will facilitate the portability of your data to the new controller.

You may use the models made available to you by the Spanish Data Protection Agency, to exercise your previous rights: Here

Complain to the AEPD: if you consider that there is a problem with the way Formas Únicas, SL is processing your data, you will be able to direct your complaints to the corresponding control authority, the competent authority for this being in Spain: Spanish Data Protection Agency.

We will ask you for specific information to help us confirm your identity and ensure your right to access your personal data (or exercise any other of the rights mentioned above). This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.

We will resolve all requests within the indicated legal period of one month. However, it may take us longer than a month if your request is particularly complex. In this case, we will notify you and keep you updated.

8. Data communication: provision of services.

It is possible that, in the performance of our work, we need the help of third parties, who will only process the data to provide the contracted service, and with whom we have the corresponding measures to guarantee their rights:

-        Service providers that provide information technology and systems administration services.

-        Professional advisors including attorneys, auditors and insurers providing banking, legal, insurance and accounting consulting services

All data processors to whom we transfer your data will respect the security of your personal data and will process it in accordance with the GDPR.

We only allow these processors to process your data for specific purposes and in accordance with our instructions. However, you can request from us, in compliance with transparency, a list of who these companies are that provide us with services, you can do so by email: rgpd@tobosohotels.com

9 . Data Security.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner, modified or disclosed. Additionally, we limit access to your personal data to those employees, contractor agents and other third parties who have a business need to know such data. They will only process your personal data in accordance with our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspected breach of your personal data and will notify you and the Supervisory Authority should a security breach occur, as regulated in the GDPR in articles 33 and 34.