Privacy Policy
Privacy Policy
In this privacy policy, we inform you about the processing of personal data that you provide or will provide during your navigation, in case you continue browsing. It also includes our data protection policy for cases in which there is an explicit reference to it.
Data Controller
The data controller and the entity that owns the domain www.hotelgranadacentro.com (hereinafter referred to as the Website) is ALHAMBRA HOTELES 2001 SL, with its registered office at C/NAVARRETE 7 C.P: 18001 – GRANADA (SPAIN), and with VAT number: B18595959.
Contact Information: Phone: (+34) 958 27 88 24 – (+34) 679 550 000 Email: info@hotelgranadacentro.com
Purpose of Processing and Legitimacy
Below, we inform you of the different purposes of processing your data and their corresponding legal bases:
a) “Contact Form”: The data you provide through the contact form on the Website will be processed to address your inquiries or requests and provide the services requested by you. The legal basis for this processing is the consent provided.
b) “Reservations”: The personal data provided in this section will be processed to manage the reservations requested by you. The provided personal data will only be retained while our contractual relationship is in effect, and will be blocked once this relationship has ended, for the period established by legal requirements, and will be made available only to the Courts and Tribunals to address possible claims, after which, the data will be deleted. The legal basis for processing your data is the fulfillment of the contractual obligations assumed by you when requesting our services.
c) “Subscribe Form”: We inform you that the personal data provided may be processed to send you informative and other communications (offers, etc.) for which you must mark the checkbox provided for that purpose, accepting the privacy policy and giving us your consent. The data provided will be kept for this purpose until you request to stop receiving advertising. You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the legality of the processing based on consent before its withdrawal.
d) Responding to the inquiries you make regarding the exercise of the rights that we inform you about later. The legal basis is our compliance with legal obligations. In fulfilling these obligations, we may disclose your data to Public Authorities and Courts, whenever such information is required according to established legal processes.
e) If you send us your resume via email, you authorize us to analyze the data and documents contained in it. They will be kept for a maximum of six months unless you express otherwise. The legal basis is the consent provided.
f) We have profiles on the major social networks, the links to which you will find on the Website. We are responsible for the processing of data for our followers, fans, subscribers, commentators, and other user profiles (hereinafter, followers). The processing of this data will be, at most, what the social network allows. Therefore, we may inform you by any means permitted about our news, activities, and promotions. We will not extract data unless we obtain your specific and express consent to do so. When, due to the nature of social networks, the effective exercise of your rights as a follower is subject to the modification of your personal profile.
Additional Information: You can request additional and detailed information about Data Protection from our Records of Processing by sending an email to info@hotelgranadacentro.com.
In the case of the existence of services or applications, they will have their specific conditions with specific provisions regarding the protection of personal data. Their reading and acceptance are essential prior to requesting the service in question.
Accuracy of Data and Data Retention Period
You must provide accurate information when filling out the personal data forms on the Website and keep them up to date at all times to reflect your real situation. You will be solely responsible for false or inaccurate statements and for any harm caused to the Service Provider or third parties by the information you provide. Furthermore, you must be duly authorized to provide the data of third parties. Only if you have the consent of future guests can you provide this data to the Service Provider. As such, under your sole responsibility, you assume the duty of informing those individuals of the content of our Privacy Policy prior to providing personal information.
The data you provide will be kept as long as there is a mutual interest in achieving the purpose of processing. They will be blocked when they are no longer necessary for the purpose for which they were collected or when you exercise your right to delete, cancel, and/or limit the processing. After this period, the data will be deleted in accordance with data protection regulations, which includes their blocking. They will be made available exclusively to Judges and Courts, the Public Prosecutor, and competent authorities, particularly the Data Protection Authority, to address any liability arising from the processing during the limitation period. After the indicated period, they will be destroyed with appropriate security measures to ensure pseudonymization or complete destruction.
In addition to the general processing mentioned above, the retention period of four years (Article 66 and following of the General Tax Law) will be observed, as well as six years for accounting books and invoices (Article 30 of the Commercial Code).
Your Rights
Data protection regulations grant you the following rights concerning the processing of personal data:
- Right of access: the right to access your personal data to know what data is being processed and the processing operations carried out with them.
- Right to rectification: the ability to request the modification of your data if they are inaccurate or not truthful.
- Right to data portability: the ability to obtain a copy of the data being processed in an interoperable format.
- Right to restrict processing: in certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
- Right to erasure: the right to request the deletion of your data when the processing is no longer necessary.
- Right to object: the right to stop receiving commercial communications as specified.
- Right to withdraw the consent given.
To exercise these rights, you must send an express request, along with a copy of your ID card or equivalent valid identification document, through the following means:
- EMAIL sent to info@hotelgranadacentro.com with the subject “Data Protection.” This email should be sent from the email address you provided in our forms. Otherwise, your identity may not be considered sufficiently proven.
- BY POSTAL MAIL: Addressed to C/NAVARRETE 7 C.P: 18001 – GRANADA (SPAIN)
If you do not receive a response to your request from the Service Provider in a timely manner or are not satisfied with the response, please note that the competent supervisory authority is the Spanish Data Protection Agency (www.aepd.es). On their website, you can find a series of models to help you exercise your rights.
Recipients
Users are expressly informed that their personal data will not be transferred to third parties except when required by law. Any exception to this rule will require your prior informed, explicit, and unequivocal consent.
The hotel reservation you make is processed through a booking platform owned and managed by OPEN ROOM TOURISM TECHNOLOGY S.L., VAT number B57761470, with its registered office at C/Gremi d Hortalans 11 – Bloque 7 – 2ªPlanta – 07009, Palma de Mallorca (Baleares), telephone 971 227 997, and email commercial@open-room.com. This entity is registered in the Commercial Register of Illes Balears, Volume 2501, Folio 97, Section 1, H PM 69822.
However, during the reservation process with openROOM, you should be aware that all personal data you provide for managing your reservation is not used for any purpose of the said company but is limited to its management on behalf of the operating company of the establishment where you wish to make a reservation, which is Alhambra Hoteles 2001, S.L., the data controller.
Security Measures
In accordance with current regulations on the protection of personal data (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and Organic Law 3/2018, of December 5, on Personal Data Protection and Digital Rights Guarantee), the Provider complies with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility, and explicitly with the principles described in Article 5 of the GDPR, by which they are processed lawfully, fairly, and transparently in relation to the data subject and adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Appropriate technical and organizational policies have been implemented to protect your rights and freedoms, providing you with all the necessary information to exercise your rights. However, you should be aware that internet security measures are not impervious.
This website uses HTTPS (secure connection). This is a security protocol that ensures your data travels securely and in an encrypted format, meaning data transmission between a server and a web user, and vice versa, is entirely encrypted.
Minors
Minors (under 14 years old) may not use the services available through the Website without the prior authorization of their parents, legal guardians, or legal representatives, who will be solely responsible for all actions carried out through the Website by the minors in their care, including the completion of forms with personal data of such minors and, if applicable, the checking of the accompanying boxes. The Service Provider is not responsible for the truth and accuracy of the data you provide.
The processing of personal data of a minor may only be based on their consent if they are over fourteen years old.
Exceptions are made when the law requires the assistance of legal guardians or guardians to conclude the legal act or business in the context of obtaining consent for processing.
The processing of the data of minors under the age of fourteen, based on consent, is only lawful if the consent of the legal guardians or guardians is recorded, with the scope determined by them.
Duration and Modification of the Privacy Policy
The Provider reserves the right to modify this Privacy Policy, in whole or in part, by publishing the changes on the Website. Furthermore, the contents and services provided, as well as the way they are presented, can be changed, deleted, or added without prior notice. Consequently, the policies that are in force at the time of access will be considered current, and you should read them periodically.
Regardless of the above, access to the contents of the Website may be terminated, suspended, or interrupted at any time without prior notice, and the User will not be entitled to claim any compensation.