PRIVACY POLICY
- IDENTIFICATION AND CONTACT DETAILS OF THE DATA CONTROLLER.
The following entities will process your personal data as Joint Controllers: – Hesperia World S.L.U., (hereinafter “Hesperia”), with VAT number B-67301242, and registered office at Avenida Mare de Déu de Bellvitge, number 3, 08907 l’Hospitalet de Llobregat (Barcelona). – The commercial companies dedicated to the management and operation of the hotels that make up the Hesperia Group (hereinafter “the Hotels”), although not all mentioned hotels will have access to and process your personal data, only the specific hotel for which you make a reservation and/or where you finally stay (hereinafter “the Hotel”). Also, we inform you that the Group to which Hesperia and the Hotels belong has a Data Protection Officer, whom you can contact at the following address: DPO@hesperiaworld.com.
- NECESSARY AND UPDATED INFORMATION
All fields marked with an asterisk [*] in the forms provided to you are mandatory, so the omission of any of them could result in the inability to properly handle your request, provide the requested services, or send the requested or authorized communications. You must provide truthful information, and the use of aliases or means to conceal your identity is prohibited. To ensure that the information provided is always up-to-date and free of errors, you must communicate to Hesperia, as soon as possible, any modifications and corrections to your personal data that may occur, through the reception of our hotels or the following email address: protecciondedatos@hesperiaworld.com. Likewise, you declare that the information and data you have provided are accurate and truthful.
- ORIGIN AND SOURCE OF YOUR DATA
For the management of reservations, we may contract with service providers who will communicate your personal data to us. The categories of data that will be communicated to us and, therefore, processed are those corresponding to identifying and banking data necessary for the correct management of your reservation. No special categories of data are processed.
- DETAILED INFORMATION ON THE PROCESSING CARRIED OUT.
Next, the different purposes for which Hesperia and the Hotels will process your personal data, the legal bases legitimizing such processing, and the retention period of such data are described. Hesperia and the Hotel may jointly process your personal data to:
- Manage the reservation you make at one of our hotels through any channel. This processing is based on the pre-contractual measure requested by you when formalizing said reservation by requesting our services. Your data will be stored until the date for which you make the reservation, and, if you finally stay at the corresponding hotel, for the duration of our contractual relationship and until the end of your stay at the hotel, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- Handle requests, inquiries, complaints, and/or claims submitted through the “need help?” form on this website, by telephone, email, or instant messaging when they are related to services that you have previously contracted, based on the execution of the contractual relationship or the adoption of pre-contractual measures if you are not yet a client. To handle requests and inquiries unrelated to services you have previously contracted, the processing will be based on the consent that you may give when submitting the corresponding request, inquiry, complaint, or claim. Your data will be stored until the resolution of the query, request, complaint, and/or claim raised, and, when related to services you have previously contracted, for as long as our contractual relationship lasts. However, the data may subsequently be stored blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage the check-in, accommodation, and check-out process, as well as process the payment for the contracted service. This processing of personal data will be based on the contractual relationship you have with us. Your data will be stored during the duration of our contractual relationship and until the end of your stay at the hotel, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage your registration at Hesperia for the purpose of creating a global database of the entities that make up the Hesperia Group to facilitate the check-in processes, based on the legitimate interest in transmitting intragroup personal data for internal administrative purposes. The data processed for this purpose will be retained throughout our contractual relationship, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
On the other hand, the Hotel may process your personal data to:
- Manage the sending, by any means, of communications related to the reserved stay. This processing is based on the contractual relationship you have with us. The data processed for this purpose will be retained for the duration of our contractual relationship, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage the sending of informational communications related to the opportunities offered by the city where the hotel is located. These communications are based on the legitimate interest of the Hotel where you make a reservation, in keeping our guests informed about issues that we believe may be of interest to them due to their relevance or connection to their stay. The data processed for this purpose will be retained until you unsubscribe from such communications or after 2 years have passed since your last interaction with us. However, in this case as well, your personal data may be subsequently stored blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage the provision of extra services in addition to accommodation, such as flower requests, excursions, catering services, special attentions on special dates, which you may request at the time of check-in; as well as manage the payment for these services. This data processing is based on the contractual relationship you have with us. Regarding the processing of health data (mainly, among others, allergy data in case of catering services or data related to reduced mobility, to facilitate access to our facilities) for the provision of services, they will be processed based on the consent you may provide to the Hotel. The data processed for this purpose will be retained for the necessary time to provide the requested service during your stay at our hotel. However, the data may subsequently be stored blocked for the periods derived from the prescription of legal actions related to this processing.
- Contact medical assistance services when needed. In cases of a medical emergency, your data will be processed for the protection of your vital interests. In cases where it is not a medical emergency, the data processing will be based on the contractual relationship you have with us. Your data will be retained for the duration of our contractual relationship. However, the data may subsequently be stored blocked for the periods derived from the prescription of legal actions related to this processing.
- Conduct satisfaction surveys, based on the legitimate interest of the Hotel where you make a reservation, to know your satisfaction level with the services provided by the Hotel. Your data will be retained until you object to the processing, or after 2 years have passed since your last interaction with us. Subsequently, your data may be stored blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage the requests made through the hotel’s service assistance using Instant Messaging applications. The data you provide when communicating with us through this channel will be processed solely for the purpose of handling your request or providing the service you request related to your stay at the hotel. This data processing is based on the execution of the contract you have with the hotel. The data processed for this purpose will be retained for the duration of our contractual relationship. However, the data may subsequently be stored blocked for the periods derived from the prescription of legal actions related to this processing. In addition, regardless of the aforementioned retention period, the conversations held through these channels will be deleted 90 days after your account is canceled.
- Manage the sending of commercial communications through social networks based on the consent you may have given by being a “follower” or “friend” of our profiles. Your data will be retained until you revoke the consent, if given, or after 2 years have passed since your last interaction with us, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- Manage the sending, by any means, of commercial communications related to news and/or offers related to the restaurant, insurance, entertainment, wellness, and aeronautical sectors. These communications are made based on the consent you may give for this purpose. If you have given your consent, your data will be retained until you revoke the consent, if given, or after 2 years have passed since your last interaction with us, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- Develop commercial profiles based on the consent you may give for this purpose. Your data will be retained until you revoke the consent, if given, or after 2 years have passed since your last interaction with us, being able to subsequently store them blocked for the periods derived from the prescription of legal actions related to this processing.
- RECIPIENTS OF YOUR PERSONAL DATA
Your data may be disclosed to the Public Administrations determined by the current applicable legislation, such as the Tax Administration, Courts, and Security Forces. The personal data you provide us for the purpose of managing your registration at Hesperia to create a global database of the entities that make up the Hesperia Group to facilitate check-in processes may be communicated to the banking entity with which Hesperia and the Hotels work. Your personal data may be transferred to our commercial partner (AMResorts Hotels Europe) with whom Hesperia and the Hotels work for the performance of promotional and marketing activities, including sending and receiving commercial communications, operating the website, and facilitating reservations.
Regarding the data you provide us to manage your registration at Hesperia to create a global database of the entities that make up the Hesperia Group to facilitate check-in processes, they may be communicated to the companies of the Hesperia Group based on our legitimate interest in transmitting intragroup personal data for internal administrative purposes. Also, your data may be transferred to the healthcare company working with the hotel where you stay when you require medical services. In cases of a medical emergency, this data communication will be carried out to protect your vital interests. In cases that are not medical emergencies, the data communication to the healthcare company will be carried out for the management of our contractual relationship. Notwithstanding the above, in the event that you use the hotel’s service assistance tool through the WhatsApp Business tool, WhatsApp Ireland Limited may have access to your personal data. In these cases, WhatsApp Ireland Limited will only access and process your personal data as a data processor, meaning that it will only do so to provide the contracted messaging services, in accordance with the service conditions published at this link.
- INTERNATIONAL TRANSFERS
Your data will be transferred to countries located outside the European Economic Area, specifically to:
- United States; as a result of the following services:
- search engine services provided by TravelClick, Inc. in relation to the location and selection of specific payment gateways or providers authorizing payments related to the services provided by Hesperia. These international transfers are regulated through standard contractual clauses approved by the European Commission.
- marketing services for the Hotel provided by Mailchimp. These international transfers are regulated through standard contractual clauses approved by the European Commission.
- Andorra, as a result of the data communication to the Hesperia Group companies located in that territory for the provision of administrative management services of said group. Andorra has been declared by the European Commission to have an adequate level of protection, in accordance with Decision 2010/625/EU of October 19, 2010.
- SECURITY AND CONFIDENTIALITY
The Hotel has implemented and maintains the security levels required by the GDPR to protect your personal data against accidental loss and unauthorized access, processing, or disclosure, taking into account the state of the technology, the nature of the data stored, and the risks to which they are exposed. However, despite the Hotel’s best efforts to protect the data it processes, it cannot guarantee the communication process of personal data from users’ networks to Hesperia’s network. Therefore, once your data is received, the Hotel will use rigorous security procedures and functions to prevent any unauthorized access.
The personal data we may collect will be treated with confidentiality, committing ourselves to keep them secret in accordance with the provisions of applicable legislation.
- EXERCISE OF YOUR RIGHTS
We inform you that you may exercise the following rights:
- right of access to your personal data to know which are being processed and the processing operations carried out with them;
- right to rectification of any inaccurate personal data;
iii. right to erasure of your personal data, when possible;
- right to object, when possible;
- right to request the restriction of the processing of your personal data when the accuracy, legality, or necessity of the data processing is in doubt, in which case we may keep the data blocked for the exercise or defense of claims;
- right to data portability, when the legal basis that enables us to process your data is the existence of a contractual relationship or your consent; and
vii. right to revoke your consent at any time if given to the Hotel for the processing of your data, without affecting the lawfulness of the treatment based on the consent given before its withdrawal.
You can exercise your rights at any time by sending an email to protecciondedatos@hesperiaworld.com, indicating the right you wish to exercise. If there are reasonable doubts about your identity (for example, when the communication is made from an email address different from the one available to the Hotel), you will be asked to provide additional information to help us verify your identity. Furthermore, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency if you believe that there has been a breach of data protection legislation regarding the processing of your personal data.
- UPDATE OF THE PRIVACY POLICY
This Privacy Policy may need to be updated; therefore, it is necessary to review this policy periodically and if possible every time you make a reservation, or contact us in order to be adequately informed about the type of information collected and its processing. We will inform you of any modifications to this Privacy Policy that substantially affect the processing of your personal data.
Last update: April 30, 2024