1. Identification and contact details of the controller
The following entities will process your personal data as Joint Controllers: – Hesperia World S.L.U., (hereinafter “Hesperia”), with Tax Identification Number B-67301242, and with registered address at Avenida Mare de Déu de Bellvitge, number 3, 08907 l’Hospitalet de Llobregat (Barcelona). – The commercial companies dedicated to the management and operation of the hotels that make up the Hesperia Group (hereinafter “the Hotels”), although not all of the aforementioned hotels will have access to and process your personal data, but only that specific hotel for which you make a reservation and/or in which you finally stay (hereinafter “the Hotel”). We also inform you that the Group to which Hesperia and the Hotels belongs has a Data Protection Delegate, whom you can contact at the following address: DPO@hesperiaworld.com.
2. Necessary and up-to-date information
All the fields marked with an asterisk [*] in the forms provided to you must be completed, so that the omission of any of them could make it impossible to deal with your request properly, to provide you with the services requested or to send you the communications requested or authorised. You must provide truthful information, and the use of aliases or any other means to conceal your identity is prohibited. So that the information provided is always up to date and does not contain errors, you must inform Hesperia, as soon as possible, of any modifications and corrections to your personal data that may occur, through the reception desk of our hotels or the following e-mail address: protecciondedatos@hesperiaworld.com. You also declare that the information and data you have provided are accurate and truthful.
3. Origin and provenance of your data
For the management of reservations we may contract with service providers who will be the ones to communicate your personal data to us. The categories of data that will be communicated to us and that we will therefore process are those corresponding to identification and bank details necessary for the correct management of your booking. No specially protected data are processed.
4. Detailed information on the treatments carried out
Below is a description of the different purposes for which Hesperia and the Hotels will process your personal data, the bases that legitimise such processing and the period for which such data will be kept. Hesperia and the Hotel may jointly process your personal data for:
- Manage the booking you make at one of our hotels through any channel. This processing is based on the pre-contractual measure requested by you when you make the reservation requesting our services. Your data will be kept until the date for which you make the reservation and, in the event that you finally stay at the hotel concerned, for the duration of our contractual relationship and until the end of your stay at the hotel, and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this treatment.
- To deal with requests, queries, complaints and/or claims submitted through the “do you need help?” form on this website, by telephone, e-mail or instant messaging when they are related to the services you have previously contracted, based on the execution of the contractual relationship or the adoption of pre-contractual measures if you are not yet a customer. In order to deal with requests and queries that are not related to the services you have previously contracted, the processing will be carried out on the basis of the consent that, where applicable, you provide when sending the corresponding request, query, complaint or claim. Your data will be kept until the resolution of the query, request, complaint and/or claim raised, and, when related to the services you have previously contracted, for as long as our contractual relationship is maintained. However, the data may subsequently be kept blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
- Manage check-in, accommodation and check-out, as well as process the payment of the contracted service. This processing of personal data will be carried out on the basis of your contractual relationship with us. Your data will be kept for the duration of our contractual relationship and until the end of your stay at the hotel, and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this processing.
- To manage your registration with Hesperia for the purpose of creating a global database of the entities that make up the Hesperia Group to facilitate check-in processes, based on the legitimate interest in transmitting intra-group personal data for internal administrative purposes. The data processed for this purpose will be kept for the duration of our contractual relationship, and may subsequently be kept blocked for the time periods arising from the prescription of legal actions related to this processing.
For its part, the Hotel may process your personal data in order to:
- Manage the sending, by any means, of communications related to the stay you have booked. Such processing is based on your contractual relationship with us. The data processed for this purpose will be kept for the duration of our contractual relationship, and may subsequently be kept blocked for the time periods arising from the prescription of legal actions related to this processing.
- Manage the sending of informative communications related to the opportunities offered by the city in which the hotel is located. Such communications are based on the legitimate interest of the Hotel in which you make a reservation, to keep our guests informed about matters that we believe may be of interest to you because they relate to or are related to your stay. The data processed for this purpose will be retained until you unsubscribe from such mailings or after 2 years have elapsed since your last interaction with us. However, also in this case, the data may subsequently be kept blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
- Manage the provision of extra services to the accommodation, such as requests for flowers, excursions, catering services, special services on special dates, that you may request at the time of check-in; as well as manage the payment of the same. This data processing is based on your contractual relationship with us. With regard to the processing of health data (mainly, among others, allergy data in the case of catering services or data related to your reduced mobility, to facilitate access to our facilities) for the provision of services, these will be processed on the basis of the consent that, where appropriate, you provide to the Hotel. The data processed for this purpose will be kept for the time necessary to provide you with the service requested during your stay at our hotel. However, the data may subsequently be kept blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
- Contacting the medical and care services when required. In cases of medical emergency, your data will be processed for the protection of your vital interests. In cases where it is not a medical emergency, the data will be processed on the basis of your contractual relationship with us. Your data will be kept for the duration of our contractual relationship. However, the data may subsequently be kept blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
- Conduct satisfaction surveys, based on the legitimate interest of the Hotel in which you make a reservation to know your degree of satisfaction with the services provided by the same. Your data will be retained until you object to the processing of your data, or after 2 years have elapsed since your last interaction with us. Subsequently, your data may be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing.
- Manage the requests you make through the use of the hotel’s helpdesk where you are staying via instant messaging applications. The data you provide when communicating with us through this channel will be processed for the sole purpose of attending to your request or providing you with the service you request in relation to your stay at the hotel. This data processing is based on the execution of your contract with the hotel. The data processed for this purpose will be retained for the duration of our contractual relationship. However, the data may subsequently be kept blocked for the periods of time resulting from the prescription of the legal actions related to this processing. Likewise, regardless of the aforementioned retention period, conversations held through these channels will be deleted 90 days after the cancellation of your account.
- Manage the sending of commercial communications through social networks based on the consent that, where appropriate, you have given us by being a “follower” or “friend” of our profiles. Your data will be kept until you revoke the consent, if any, given, or after 2 years have elapsed since your last interaction with us, and may subsequently be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing.
- To manage the sending, by any means, of commercial communications relating to news and/or offers related to the catering, insurance, entertainment, wellness and aeronautical sectors. These communications are made on the basis of the consent that, where applicable, you provide for such purposes. In the event that you have given your consent, your data will be kept until you revoke the consent, if any, given, or after 2 years have elapsed since your last interaction with us, and may subsequently be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing.
- To draw up commercial profiles based on the consent that, where appropriate, you give us. Your data will be kept until you revoke the consent, if any, given, or after 2 years have elapsed since your last interaction with us, and may subsequently be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing.
5. Recipients of your personal data
Your data may be transferred to the Public Administrations determined by the applicable legislation in force at any given time, such as the Tax Authorities, Judges and Courts, and Security Forces and Corps. The personal data that you provide us with for the purpose of managing your reservation, or for contracting extra services may be communicated, in turn, to the banking entity with which Hesperia and the Hotels work. Your personal data may be transferred to our business partner (AMResorts Hotels Europe) with whom Hesperia and the Hotels work for promotional and marketing activities, including sending and receiving commercial communications, operating the website and facilitating bookings.
With regard to the data you provide to us to manage your registration with Hesperia for the purposes of creating a global database of the entities that make up the Hesperia Group to facilitate the check-in process, they may be communicated to the companies of the Hesperia Group based on our legitimate interest in transmitting personal data within the group for internal administrative purposes. Likewise, your data may be transferred to the health care company with which the hotel you are staying at works when you require medical care services. In cases of medical emergency, such disclosure will be made to protect your vital interests. In cases that do not involve a medical emergency, the communication of data to the health care company will be done for the management of our contractual relationship. Notwithstanding the foregoing, in the event that you make use of the hotel service of the hotel you are staying at via the WhatsApp Business tool, WhatsApp Ireland Limited may have access to your personal data. In such cases, WhatsApp Ireland Limited will only access and process your personal data in its capacity as data processor and will do so solely for the purpose of providing the contracted messaging services in accordance with the terms of service published at this link.
6. International transfers
Your data will be transferred to countries outside the European Economic Area and, in particular, to:
- United States; as a result of the following services:
- search engine services that TravelClick, Inc. provides in relation to the location and selection of the specific payment gateways or suppliers that authorise payments related to the services provided by Hesperia. These international transfers are regulated by standard contractual clauses approved by the European Commission.
- marketing services for the Hotel provided by Mailchimp. These international transfers are regularised by means of standard contractual clauses approved by the European Commission.
Andorra, as a consequence of the communication of data to the companies of the Hesperia Group located in said territory for the provision of administrative management services of said group. Andorra has been declared by the European Commission as having an adequate level of protection in accordance with Decision 2010/625/EU of 19 October 2010.
7. Security and confidentiality
The Hotel has implemented and maintains the security levels required by the GDPR to protect your personal data against accidental loss and against unauthorised access, processing or disclosure, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed. However, although the Hotel makes its best efforts to protect the data it processes, it cannot in any case guarantee the process of communication of personal data from the users’ network to that of Hesperia. Therefore, once we receive your data, the Hotel will use rigorous procedures and security features to prevent any unauthorised access.
The personal data that we may collect will be treated confidentially, and we undertake to keep them secret in accordance with the provisions of the applicable legislation.
8. Exercising your rights
We inform you that you may exercise the following rights:
- the right of access to your personal data in order to know which personal data are being processed and the processing operations carried out on them;
- the right to rectify any inaccurate personal data;
- the right to erasure of your personal data, where this is possible;
- the right of objection, where possible;
- the right to request the restriction of the processing of your personal data where the accuracy, lawfulness or necessity of the data processing is in doubt, in which case we may retain the blocked data for the exercise or defence of claims;
- the right to portability of your personal data, where the legal basis enabling us to process your personal data is the existence of a contractual relationship or your consent; and
- the right to revoke consent at any time, where appropriate, given to the Hotel for the processing of your data, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
You may exercise your rights at any time by sending an e-mail to protecciondedatos@hesperiaworld.com, indicating the right you wish to exercise. Where there is reasonable doubt as to your identity (for example, when the communication is made from an e-mail address other than the one available to the Hotel), you will be asked to provide additional information to help us verify your identity. Furthermore, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency if you consider that a breach of data protection legislation has been committed with regard to the processing of your personal data.
9. Update of the privacy policy
This Privacy Policy may need to be updated; therefore it is necessary that you review this policy periodically and if possible each time you make your reservation, or contact us in order to be properly informed about the type of information collected and its treatment. We will notify you of any changes to this Privacy Policy that materially affect the processing of your personal data.
last updated: 30 April 2024