Legal Policy
The Privacy Policy forms part of the General Conditions that govern the www.hiddenawayhotels.com Website together with the Cookies Policy and the Legal Notice.
HIDDEN AWAY HOTELS SL, reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that the user has registered on the website and accesses his/her account or profile, upon accessing the same, he/she will be informed in the event that there have been substantial modifications in relation to the processing of his/her personal data.
Who is responsible for the processing of your data?
The data that is collected or that you voluntarily provide us with through the Website, whether by browsing it, as well as any data that you may provide us with in the contact forms, via email or by telephone, will be collected and processed by the Data Controller, whose data is indicated below:
HIDDEN AWAY HOTELS SL, CIF: B57676108
C/ Echegaray, 8, 28014, Madrid.
HOTEL POSADA TERRA SANTA, C/De la Posada Terra Santa, 5, 07001, Palma de Mallorca, Illes Balears.
SUITE SAMARITANA, C/ Pes de Sa Farina, 2, 07001, Palma de Mallorca, Illes Balears.
Registered in the Mercantile Register of Palma de Mallorca, Volume 2433, Folio 106, Page 66229.
DANDA PATRIMONIO E INVERSIONES SL, CIF: B57900029
C/ Echegaray, 8, 28014, Madrid
GRAN HOTEL INGLÉS, C/ Echegaray, 8, 28014, Madrid.
Registered in the Mercantile Register of Madrid, Volume 40134, Folio 138, Page M-713215.
URIBEN SERVICES SL, CIF: B95817318
C/ Gravina 51, 41001, Sevilla.
HOTEL GRAVINA 51 C/ Gravina, 51, 41001, Sevilla.
Registered in the Mercantile Register of Seville, Volume 5566, Folio 199, Page BI-66816.
WANA INVERSIONES SA, CIF: A83057174
C/ Echegaray, 8, 28014, Madrid.
SEDA CLUB HOTEL
Plza De la Trinidad, 1801, Granada.
Registered in the Mercantile Register of Madrid, volume 16743, page 43, sheet M-285986.
Contact at HIDDEN AWAY HOTELS S.L, for the protection of your personal information
Tel: 910 56 93 54
Data Protection Officer Contact: lopd@hiddenawayhotels.com
If, for any reason, you wish to contact us on any matter relating to the processing of your personal data or privacy (with our Data Protection Officer), you may do so by any of the means indicated above.
What data do we collect through the website?
By the simple fact of browsing the Website, HIDDEN AWAY HOTELS SL, will collect information relating to:
IP address.
Browser version.
Operating system.
Duration of the visit or browsing of the Website.
Such information is stored by Google Analytics, so we refer to Google's Privacy Policy, as Google collects and processes such information. http://www.google.com/intl/en/policies/privacy/
Similarly, the Website provides the utility of Google Maps, which may have access to your location, if you allow it to do so, in order to provide you with greater specificity about the distance and/or paths to our headquarters. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and processing of such data. http://www.google.com/intl/en/policies/privacy/
The information we handle will not be related to a specific user and will be stored in our databases for the purpose of statistical analysis, improvements to the website, our products and/or services and to help us improve our business strategy. The data will not be communicated to third parties.
User registration on the website/ Submission of forms
In order to access certain services, such as booking, the user must fill in a form. To do so, in the registration form, a series of personal data is requested. The data are necessary and obligatory to carry out such registration. If these fields are not provided, the registration will not be carried out.
In this case, the browsing data will be associated with the user's registration data, identifying the specific user browsing the website. In this way, it will be possible to personalise the offer of products and/or services that, in our opinion, best suits the user.
The registration data of each user will be incorporated into the databases of HIDDEN AWAY HOTELS SL, together with the history of transactions carried out by the same, and will be stored in the same as long as the registered user's account is not deleted. Once the account has been deleted, this information will be removed from our databases, and the data relating to transactions carried out will be kept for 10 years, without being accessed or altered, in order to comply with the legal deadlines in force. The data that is not linked to the transactions carried out will be kept unless you withdraw your consent, in which case it will be deleted immediately (always taking into account the legal deadlines).
The legal basis for the processing of your personal data is the performance of a contract between the parties.
In relation to the sending of communications and promotions by electronic means and the response to requests for information, the legitimacy of the processing is the consent of the user.
The purposes of the processing shall be the following:
- Manage your access to the Website.
- Manage the purchase of the services made available to you through the Website.
- Keep you informed of the processing and status of your requests, purchases and/or bookings.
- Respond to your request for information.
- Manage all the utilities and/or services offered by the platform to the user.
Thus, we inform you that you will be able to receive communications via email and/or on your telephone, in order to inform you of possible incidents, errors, problems and/or the status of your applications.
For the sending of commercial communications, the user's express consent will be requested at the time of registration. In this regard, the user may revoke the consent given by contacting HIDDEN AWAY HOTELS SL, using the means indicated above. In any case, in each commercial communication, you will be given the opportunity to unsubscribe from receiving them, either by means of a link and/or e-mail address.
Newsletter Sending
On the Website, you have the option of subscribing to the HIDDEN AWAY HOTELS SL Newsletter. To do so, you must provide us with an e-mail address to which the newsletter will be sent.
Such information will be stored in a database of HIDDEN AWAY HOTELS SL, in which it will remain registered until the interested party requests the cancellation of the same or, where appropriate, HIDDEN AWAY HOTELS SL ceases to send the same.
The legal basis for the processing of this personal data is the express consent given by all interested parties who subscribe to this service by ticking the box provided for this purpose.
The data from e-mails will only be processed and stored for the purpose of managing the sending of the Newsletter by users who request it.
In order to send the Newsletter, the user's express consent will be requested when registering for the Newsletter by ticking the box provided for this purpose. In this regard, the user may revoke the consent given by contacting HIDDEN AWAY HOTELS SL, using the means indicated above. In any case, in each communication, you will be given the opportunity to unsubscribe from receiving them, either by means of a link and/or e-mail address.
If you are one of the following groups, please see the information below:
+ CONTACTS FROM THE WEB OR EMAIL
For what purposes will we process your personal data?
- Respond to your queries, requests or petitions.
- Manage the requested service, answer your request, or process your request.
- Information by electronic means, concerning your application.
- Commercial or event information by electronic means, subject to express authorisation.
What is the legitimacy for the processing of your data?
Acceptance and consent of the interested party: In those cases where it is necessary to fill in a form and click on the send button in order to make a request, the completion of the form will necessarily imply that the interested party has been informed and has expressly given their consent to the content of the clause attached to said form or acceptance of the privacy policy.
All our forms have a checkbox with the following formula in order to send the information: "□ I have read and accept the Privacy Policy".
+ CUSTOMERS
- Preparation of the budget and monitoring of the budget through communications between both parties.
- Information by electronic means, concerning your application.
- Commercial or event information by electronic means, subject to express authorisation.
- Manage the administrative, communications and logistical services provided by the Head.
- Carry out the relevant transactions.
- Invoicing and declaration of the appropriate taxes.
- Control and recovery management.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS
For what purposes will we process your personal data?
- Information by electronic means, concerning your application.
- Commercial or event information by electronic means, subject to express authorisation.
- Manage the administrative, communications and logistical services provided by the Head.
- Billing.
- Carry out the relevant transactions.
- Invoicing and declaration of the appropriate taxes.
- Control and recovery management.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or alternatively your consent to contact us or offer us your products by any means.
+ SOCIAL MEDIA CONTACTS
For what purposes will we process your personal data?
- Respond to your queries, requests or petitions.
- Manage the requested service, answer your request, or process your request.
- Engage with you and create a community of followers.
What is the legitimacy for the processing of your data?
Acceptance of a contractual relationship in the relevant social network environment, and in accordance with its privacy policies:
- Facebook http://www.facebook.com/policy.php?ref=pf
- Instagram https://help.instagram.com/155833707900388
- Twitter http://twitter.com/privacy
- Linkedin http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
- Whatsapp: https://www.whatsapp.com/legal/#privacy-policy
How long will we keep personal data?
We can only consult or remove your data in a restricted way when you have a specific profile. We will treat them for as long as you let us by following us, being a friend or by "liking", "following" or similar buttons.
Any rectification of your data or restriction of information or publications must be made through the configuration of your profile or user in the social network itself.
+ VIDEO SURVEILLANCE
For what purposes will we process your personal data?
- Video surveillance of our facilities.
- Control of our employees.
- They may sometimes be transferred to courts and tribunals for the exercise of legitimate claims.
What is the legitimacy for the processing of your data?
The unequivocal consent of the data subject upon accessing our facilities after viewing the information sign of the video-surveilled area.
+ JOB SEEKERS
For what purposes will we process your personal data?
- Organisation of selection processes for the recruitment of employees.
- Call you for job interviews and evaluate your application.
- If you have given us your consent, we may pass it on to collaborating or related organisations, with the sole aim of helping you to find employment.
What is the legitimacy for the processing of your data?
The legal basis is your unambiguous consent, by submitting your CV and receiving and signing information regarding the processing we will carry out.
How long will we keep personal data?
The CV will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
+ HR
For what purposes will we process your personal data?
- Management of the employment relationship and the employee's file.
- To carry out all the administrative, tax and accounting procedures necessary to comply with our contractual commitments, obligations in terms of labour regulations, social security, occupational risk prevention, tax and accounting.
- Management of payroll payments through a financial institution.
- Time control via fingerprint/card access control system (if applicable).
- Management of the entity's group insurance / pension plan.
To carry out training activities both for subsidised and non-reimbursed training.
What is the legitimacy for the processing of your data?
The legal basis for processing your data is the performance of your employment contract. Compliance with the relevant legal obligations. The consent of the data subject.
Do we include personal data of third parties?
No, as a general rule we only process the data provided to us by the owners. If you provide us with data of third parties, you must inform and request their consent beforehand, otherwise you exempt us from any liability for failure to comply with this requirement.
What about data on minors?
We do not process data from children under 14 years of age, so please refrain from providing it if you are under 14 years of age.
Will we communicate electronically?
- They will only be used to process your request, if it is one of the means of contact you have provided us with.
- If we send commercial communications, they will have been previously and expressly authorised by you.
What security measures do we apply?
You can rest assured: We have adopted an optimal level of protection for the personal data we handle, and have installed all the technical means and measures at our disposal, according to the state of technology, to prevent the loss, misuse, alteration, unauthorised access and theft of personal data.
To what extent will decision-making be automated?
HIDDEN AWAY HOTELS SL, does not use fully automated decision-making processes to enter into, develop or terminate a contractual relationship with the user. Should we use such processes in a particular case, we will keep you informed and inform you of your rights in this respect if prescribed by law.
Will profiling take place?
In order to be able to offer you products and/or services according to your interests and to improve your user experience, we may create a "marketing profile" based on the information provided. However, no automated decisions will be made on the basis of this profile.
To which recipients will your data be communicated?
Your data will not be disclosed to third parties, unless legally obliged to do so. Specifically, they will be communicated to the State Agency of Tax Administration and to banks and financial institutions for the collection of the service provided or product purchased, as well as to the data processors necessary for the execution of the agreement.
In case of purchase or payment, if you choose any application, website, platform, bank card, or any other online service, your data will be transferred to that platform or processed in its environment, always with maximum security.
In the event that you have given us your consent for the processing of your name and images and other information related to the activity of HIDDEN AWAY HOTELS SL, they will be disclosed in the various social networks and website of HIDDEN AWAY HOTELS SL.
International transfers
Should it be necessary for HIDDEN AWAY HOTELS SL to carry out international data transfers, it shall ensure that such transfers are possible in accordance with the General Data Protection Regulation or any other requirement established by the applicable regulations. To this end, the company shall adopt the necessary agreements to guarantee a level of data protection equivalent to that provided for in European regulations.
In case of working in a system of shared folders in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc., an international transfer to the United States will be carried out under the authorisation of article 49.c) of the General Data Protection Regulation or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
Do you want a form for exercising your rights?
- We have forms for the exercise of your rights, ask us for them by email or if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.
- These forms must be electronically signed or be accompanied by a photocopy of the ID card.
- If someone is representing you, you must attach a copy of their ID card, or have them sign it with their electronic signature.
- The forms can be submitted in person, by letter or by mail to the address of the Responsible at the beginning of this text.
You have the right to lodge a complaint with the Spanish Data Protection Agency if you consider that your rights have not been adequately addressed.
HIDDEN AWAY HOTELS S.L. has a maximum period of one month from the date we receive your request.
You have the right to withdraw your consent at any time for any of the processing operations for which you have given your consent.
Do we process cookies?
If we use other types of cookies that are not necessary, you can consult the cookie policy in the corresponding link at the top of our website.
How long will we keep your personal data?
- Personal data will be kept for as long as you remain connected with us.
- Once you unsubscribe, the personal data processed for each purpose will be kept for the legally stipulated periods, including the period in which a judge or court may require them in accordance with the statute of limitations for legal actions.
- The data processed will be kept until the expiry of the aforementioned legal periods, if there is a legal obligation to keep them, or, if there is no such legal period, until the data subject requests their deletion or revokes the consent granted.
- We will retain all information and communications relating to your purchase or the provision of our service, for the duration of product or service warranties, to address potential claims.
- For each processing or type of data, we provide you with a specific period, which you can consult in the following table:
| Category | Type of Documentation | Conservation period | Regulations |
|---|---|---|---|
| Customers and suppliers | Invoices, contracts, correspondence, banks, expenses | 6 years (minimum) | Art. 30 Commercial Code |
| General recommendation | Up to 10 years | Organic Law 7/2012 | |
| Prosecutor | Declarations, supporting documents, contracts, invoices | 4 years (minimum) - recommended 10 | Arts. 66-68 Ley General Tributaria (General Tax Law) |
| Prevention of money laundering | Supporting documentation | 10 years | Law 10/2010 art. 25 |
| HR | Payrolls, TC1/TC2, contracts, termination payments | 10 years | RDL 5/2000 |
| CVs | Candidate documents | Up to 2 years after trial | Express consent |
| Training | Training records | 4 years | Order TAS/2307/2007 |
| Working hours | Time records | 4 years | Art. 34.9 ET |
| Labour file | Worker's file | 5 years after cessation | RDL 5/2000 |
| Marketing | User data, cookies, leads | During treatment | RGPD / LOPDDGDD |
| Video surveillance | CCTV images/systems | 30 days | AEPD Instructions |
| Accounting | Accounting books, accounts, audits | 6 years | Art. 30 Commercial Code |
| Corporate documentation | Minutes, articles of association, deeds, books, etc. | During the life of the company + 6 years after dissolution | Doctrinal recommendation |
| Health and safety | Medical data, prevention | 5 years | Law 41/2002 |
| Insurance | Policies and claims | 2 to 10 years (depending on type) | Sectoral regulations |
| Intellectual property | Contracts, rights | 5 years | CC / LPI |
| Permits/licences | Certificates and licences | 6 to 10 years | According to forfeiture and possible criminal liability |
| Data protection | Consents, rights exercised | 3 years after completion of treatment | RGPD / LOPDDGDD |
| Logs and systems | Access to systems, logs | 2 years | GDPR / National Security Scheme |
| Biometric data | Fingerprint, facial (with legal basis) | Max. 4 years / 30 days (non-employees) | Art. 34.9 ET / AEPD |
| Guests | Check-in registers | 3 years | LO 4/2015 / RD 933/2021 |
| Area | Type of Document | Conservation period |
|---|---|---|
| Clients | Invoices | 10 years |
| Forms and coupons | 15 years | |
| Contracts | 5 years | |
| Human Resources | Payrolls, TC1, TC2, etc. | 10 years |
| CVs | Up to 1 year after the process with consent | |
| Compensation documents | 4 years | |
| Contracts / Temporary | 4 years | |
| Employee file | Up to 5 years after sick leave | |
| Marketing | Databases and web visitors | For the duration of treatment |
| Suppliers | Invoices | 10 years |
| Contracts | 5 years | |
| Access / Video surveillance | Visitor registration | 30 days |
| Recordings | 30 days blocking / 3 years destruction | |
| Accounting | Accounting books, minutes, balance sheets, audits, subsidies | 6 years |
| Prosecutor | Tax administration and dividends | 10 years |
| Intra-group transfer pricing | 18 years | |
| Intra-group price agreements | 8 years | |
| Health and Safety | Medical history | 5 years |
| Accident reports | 5 years | |
| Environment | Chemical or hazardous substances | 10 years |
| Environmental permits | For the duration + 3 years after cessation | |
| Environmental crime | 10 years (criminal statute of limitations) | |
| Waste and recycling | 3 years | |
| Cleaning subsidies | Supporting documents, payments, fees | 4 years |
| Insurance | General insurance | 6 years |
| Damage | 2 years | |
| Personal | 5 years | |
| Life | 10 years | |
| Shopping | Registration of goods/services supplied (VAT) | 5 years |
| Legal | Intellectual and industrial property | 5 years |
| Contracts and agreements | 5 years | |
| Licences and certificates | 6 years after expiry / 10 years (criminal) | |
| Confidentiality | NDA and non-compete agreements | For the duration of the obligation |
| Data Protection | Processing operations not notified to the AEPD | 3 years |
