EIZASA HOTELES, S.L.

PRIVACY POLICY

In accordance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation, hereinafter, RGPD) and the current Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, EIZASA HOTELES SOCIEDAD LIMITADA, with CIF B50768225 and registered address at Avda. César Augusto nº 12, 50004, Zaragoza (hereinafter, EIZASA HOTELES), informs the users of the website https://eizasahoteles.com/ (hereinafter, “website” ), about the processing of personal data that they have voluntarily provided during the registration process, access and use of the functions offered by the website.

 

  1. Identification of the Data Controller

In terms of data protection, EIZASA HOTELES must be considered Data Controller, in relation to the files/processing identified in this privacy policy.

 

  1. Legitimation

The processing of user data is carried out with the following legal bases that legitimize it, as provided for in articles 6 and 7 of the RGPD: free, specific, informed and unequivocal consent of the user, making this policy available to them. of privacy, which must be accepted through a statement or a clear affirmative action, such as marking a box provided for this purpose, execution of a contract for the purchase of an EIZASA HOTELES product or a service offered by it.

 

  1. Consent to the processing of personal data

Obtaining the user’s consent is a prior condition to give rise to the processing of personal data by EIZASA HOTELES. Therefore, the functions included in the website that require access to the user’s personal data may only be used after obtaining the user’s consent. As provided in article 7 GDPR, the user’s consent must reflect a free, specific, informed, and unequivocal expression of will when accepting the processing of their data by EIZASA HOTELES. For these reasons, when using the aforementioned functions, the User will have to check a box through which they will give their express consent to the processing of their personal data.

 

  1. Minors

The processing of personal data of a minor user may only be based on their consent when they are over fourteen years of age. In this sense, the processing of data of minors under fourteen years of age, based on consent, will only be lawful if the consent of the holder of parental authority or guardianship is established (Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, hereinafter, LOPD).

 

  1. Purpose of data processing

EIZASA HOTELES will collect the data that is strictly necessary to achieve the purposes of obtaining the same, as provided for by the principle of data minimization and purpose limitation established by article 5 of the RGPD. That is why, if the User does not provide said data, some functions and content of the website based on that data cannot be offered. The functions for which the website needs to collect the user’s personal data are the following:

  • attend to the requests and orders made by the User;
  • the sending of commercial and/or promotional communications by electronic means.
  • To use the listed functions, the User must voluntarily provide personal data (essentially, identification and contact), which will be incorporated into automated media owned by EIZASA HOTELES.
  • The personal data provided by the User may be used to send newsletters, as well as commercial communications regarding promotions and/or advertising from EIZASA HOTELES, only when the User has previously given their express consent to receive these communications via electronics.
  • The collection, storage, modification, structuring and, where appropriate, elimination, of the data provided by users, will constitute processing operations carried out by the Data Controller, with the purpose of guaranteeing the correct functioning of the page. website, maintain the service provision and/or commercial relationship with the User, and for the management, administration, information, provision and improvement of the service.

 

  1. Categories of personal data collected

The personal data collected by EIZASA HOTELES corresponds to any information that the User has provided when visiting the website, that is, their name, surname, email address and in certain cases the text of the message they have sent to EIZASA HOTELES. Additionally, when the User visits the website, certain information is automatically stored for technical reasons, such as the IP address assigned by your Internet access provider.

 

  1. Preservation of personal data

The personal data to which you have access will be processed and kept as long as a contractual relationship or the purpose for which it was collected is maintained. After that, EIZASA HOTELES will keep the personal data once their contractual relationship has ended or when they are no longer relevant for the purposes collected, duly blocked, for making them available to the competent Public Administrations, Judges and Courts or the Public Prosecutor’s Office during the prescription period for actions that may arise from the relationship maintained with the User and/or the conservation periods provided by law. EIZASA HOTELES will proceed to physically delete your data once these periods have passed. In the event that the User has given their consent for those processing purposes informed in this Privacy Policy, EIZASA HOTELES will maintain their information as long as the User does not withdraw the consent first given, through the means indicated above.

 

  1. Security measures

The security measures adopted by EIZASA HOTELES are those required by the RGPD, in accordance with the provisions of its article 32. In this sense, EIZASA HOTELES, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk. Likewise, EIZASA HOTELES has established additional measures in order to reinforce the confidentiality and integrity of the information in its organization. Continuously maintaining the supervision, control and evaluation of the processes to ensure respect for data privacy. Although the Data Controller makes backup copies of the content hosted on its servers, it is not responsible for the loss or accidental deletion of data by users.

 

  1. Exercise of User rights

Users who have provided their data through https://eizasahoteles.com/ may contact the owner of the same in order to be able to freely exercise their rights of access to their data, rectification or deletion, limitation and opposition regarding the data incorporated in their files. The interested party may exercise their rights by written communication addressed to EIZASA HOTELES with the reference “Data Protection”, specifying their data, proving their identity and the reasons for their request at the following address: EIZASA HOTELES SOCIEDAD LIMITADA, Avda. Cesar Augusto No. 12, 50004 – Zaragoza (Spain). You may also exercise your rights by email: info@eizasahoteles.com. Likewise, the User has the right to revoke the consent initially given, and to file rights claims with the Spanish Data Protection Agency (AEPD). If you wish to contact our data protection officer, you can send an email to dpd@eizasa.com.

 

  1. Recipients

The data will not be communicated to any third party outside EIZASA HOTELES, except legal obligation or, in any case, prior request for the User’s consent. On the other hand, EIZASA HOTELES may give access to or transmit the personal data provided by the User to third-party service providers, with whom it has signed commissioned data processing agreements, and who only access said information to provide a service in favor and on behalf of the Data Controller.

 

  1. International transfers

Users’ personal data will not be shared with third parties outside the European Economic Area.

 

  1. Links or external links

As a service to our visitors, our website may include hyperlinks to other sites that are not operated or controlled by the Website. For this reason, EIZASA HOTELES does not guarantee, nor is it responsible for, the legality, reliability, usefulness, veracity and timeliness of the contents of such websites or their privacy practices.

 

  1. Social plugins

Links and services related to different social networks may be included on this website (for example, Facebook “Like”). If the User is a member of a social network and clicks on the corresponding link, the social network provider may link their profile data with the information about their visit to this website. Therefore, it is advisable that the User inform themselves about the functions and policies on the processing of personal data of the respective social network.

 

  1. Changes to this privacy policy

EIZASA HOTELES reserves the right to modify this policy to adapt it to legislative or jurisprudential developments as well as industry practices. In such cases, the changes introduced will be announced on this page with reasonable advance notice of their implementation. If the changes introduced require express consent from the User, they will be communicated directly to the User through an email through which they will have the possibility of withdrawing consent to the processing of their data.