PRIVACY POLICY
1. IDENTIFICATION AND CONTACT DETAILS OF THE CONTROLLER OF DATA
The following entities will process your personal data in their capacity as Joint Data Controllers:
- Hesperia World S.L.U., (hereinafter "Hesperia"), with (Spanish) Tax Identification Number B-67301242, and address of Avenida Mare de Déu de Bellvitge, number 3, 08907 l'Hospitalet de Llobregat (Barcelona).
- The commercial companies dedicated to the management and operation of the hotels that make up the Hesperia Group (hereinafter, "the Hotels"), although not all the aforementioned hotels will have access to and process your personal data, but only that specific hotel for which you make a reservation and/or in which you stay (hereinafter, "the Hotel").
We also inform you that the Group to which Hesperia and the Hotel belong has a Data Protection Delegate, whom you may contact at the following address:
DPO@hesperiaworld.com.
2. NECESSARY AND UPDATED INFORMATION
All the fields marked with an asterisk [*] on the forms provided to you must be completed, so that the omission of any of them could make it impossible to deal with your request properly, to provide you with the services requested or to send you the communications requested or authorised. You must provide truthful information, and the use of aliases or means to conceal your identity is prohibited. So that the information provided is always up to date and does not contain errors, you must inform Hesperia as soon as possible of any modifications and corrections to your personal data that may occur, through the reception desk of our hotels or the following e-mail address:
protecciondedatos@hesperiaworld.com. Likewise, you declare that the information and data you have provided are accurate and truthful.
3. ORIGIN AND SOURCE OF YOUR DATA
For the management of bookings we may contract with service providers who will be the ones to communicate your personal data to us. The categories of data that will be communicated to us and that we will therefore process are those corresponding to identification and bank details necessary for the correct management of your booking. We do not process specially protected data.
4. DETAILED INFORMATION ON THE PROCESSING CARRIED OUT
- Manage the reservation you make in one of our hotels through any channel. This processing is based on the pre-contractual measure requested by you when you make the reservation requesting our services. Your data will be kept until the date for which you make the reservation and, in the event that you finally stay at the hotel concerned, for the duration of our contractual relationship and until the end of your stay at the hotel, and may subsequently be kept blocked during the periods arising from the prescription of legal actions related to this treatment.
- To deal with requests, queries, complaints and/or claims submitted through the ‘do you need help?’ form on this website, by telephone, email or instant messaging when they are related to the services you have previously contracted, based on the execution of the contractual relationship or the adoption of pre-contractual measures if you are not yet a customer. To deal with requests and queries that are not related to the services you have previously contracted, the processing will be carried out on the basis of the consent that, where appropriate, you provide when sending the corresponding request, query, complaint or claim. Your data will be kept until the resolution of the query, request, complaint and/or claim raised, and, when related to the services you have previously contracted, for as long as our contractual relationship is maintained. However, the data may subsequently be kept blocked for the periods of time arising from the prescription of the legal actions related to this processing.
- Manage check-in, accommodation and check-out, as well as process the payment of the contracted service. This processing of personal data will be carried out on the basis of the contractual relationship you have with us. Your data will be kept for the duration of our contractual relationship and until the end of your stay at the hotel, and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this processing.
- To manage your registration with Hesperia for the purpose of creating a global database of the entities that make up the Hesperia Group to facilitate check-in processes, based on the legitimate interest in transmitting personal data within the group for internal administrative purposes. The data processed for this purpose will be kept for the duration of our contractual relationship, and may subsequently be kept blocked for the time periods arising from the prescription of legal actions related to this processing.
For its part, the Hotel may process your personal data in order to:
- Manage the sending, by any means, of communications related to the stay you have booked. This processing is based on the contractual relationship you have with us. The data processed for this purpose will be kept for as long as our contractual relationship is maintained and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this treatment.
- To manage the sending of communications of an informative nature related to the opportunities offered by the city in which the hotel is located. These communications are based on the legitimate interest of the hotel in which you make a reservation, to keep our guests informed about issues that we believe may be of interest to you because they are related to your stay. The data processed for this purpose will be retained until you unsubscribe from such mailings or after 2 years have elapsed since your last interaction with us. However, also in this case, your personal data may be subsequently blocked for the time periods resulting from the prescription of legal actions related to this processing.
- To manage the provision of extra services to the accommodation, such as requests for flowers, excursions, catering services, special services on special dates, which you may request at the time of check-in; as well as to manage the payment of the same. This data processing is based on the contractual relationship you have with us. With regard to the processing of health data (mainly, among others, allergy data in the case of catering services or data related to your reduced mobility, to facilitate access to our facilities) for the provision of services, these will be processed on the basis of the consent that, where appropriate, you provide to the Hotel. The data processed for this purpose will be kept for the time necessary to provide you with the service requested during your stay at our hotel. However, the data may subsequently be kept blocked for the time periods arising from the prescription of legal actions related to this processing.
- To contact the medical services when you require it. In cases of medical emergency, your data will be processed for the protection of your vital interests. In cases where it is not a medical emergency, the data will be processed on the basis of your contractual relationship with us. Your data will be retained for the duration of our contractual relationship. However, the data may subsequently be kept blocked for the time periods arising from the prescription of legal actions related to this processing.
- To carry out satisfaction surveys, based on the legitimate interest of the Hotel in which you make a reservation in knowing your degree of satisfaction with the services provided by the same. Your data will be kept until you object to their processing, or after 2 years have elapsed since your last interaction with us. Subsequently, your data may be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing.
- Manage the requests that you make through the use of the hotel's customer service service where you are staying via instant messaging applications. The data you provide when communicating with us through this channel will be processed for the sole purpose of attending to your request or providing you with the service you request in relation to your stay at the hotel. This data processing is based on the execution of the contract you have with the hotel. The data processed for this purpose will be kept for as long as our contractual relationship is maintained. However, the data may subsequently be kept blocked for the periods of time resulting from the prescription of legal actions related to this processing. Likewise, regardless of the aforementioned retention period, conversations held through these channels will be deleted 90 days after your account has been cancelled.
- Manage the sending of commercial communications through social networks based on the consent that, where appropriate, you have given us by being a ‘follower’ or ‘friend’ of our profiles. Your data will be kept until you revoke the consent, if any, given, or after 2 years have elapsed since your last interaction with us, and may subsequently keep them blocked for the periods arising from the prescription of legal actions related to this treatment.
- To manage the sending, by any means, of commercial communications relating to news and/or offers related to the catering, insurance, entertainment, wellness and aeronautical sectors. These communications are made on the basis of the consent that, where appropriate, you provide for this purpose. In the event that you have given us your consent, your data will be kept until you revoke the consent, where applicable, or after 2 years have elapsed since your last interaction with us, and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this processing.
- To draw up commercial profiles based on the consent that, where appropriate, you give us. Your data will be kept until you revoke the consent, if any, given, or after 2 years have elapsed since your last interaction with us, and may subsequently be kept blocked for the periods arising from the prescription of legal actions related to this treatment.
5. RECIPIENTS OF YOUR PERSONAL DATA
Your data may be transferred to the Public Administrations determined by the applicable legislation in force at any given time, such as the Public Treasury, Judges and Courts, and Security Forces and Corps. The personal data that you provide us with for the purpose of managing your reservation, or for the contracting of extra services may be communicated, in turn, to the banking entity with which Hesperia and the Hotels work. Your personal data may be transferred to our commercial partner (AMResorts Hotels Europe) with which Hesperia and the Hotels work for promotional and marketing activities, including the sending and receipt of commercial communications, the operation of the website and the facilitation of bookings.
With regard to the data you provide to us to manage your registration at Hesperia for the purpose of creating a global database of the entities that make up the Hesperia Group to facilitate the check-in process, they may be communicated to the companies of the Hesperia Group based on our legitimate interest in transmitting personal data within the group for internal administrative purposes. Likewise, your data may be transferred to the health care company with which the hotel you are staying at works when you require medical care services. In cases where a medical emergency is involved, such communication of data will be made to protect your vital interests. In cases where a medical emergency is not involved, the communication of data to the health care company will be done for the management of our contractual relationship. Notwithstanding the foregoing, in the event that you make use of the hotel service of the hotel you are staying at via the WhatsApp Business tool, WhatsApp Ireland Limited may have access to your personal data. In such cases, WhatsApp Ireland Limited will only access and process your personal data in its capacity as data processor and will only do so for the purpose of providing the contracted messaging services in accordance with the terms of service published at this link.
6. INTERNATIONAL TRANSFERS
Your data will be transferred to countries located outside the European Economic Area and, specifically to:
(i) The United States, as a consequence of the following services:
a) search engine services provided by TravelClick, Inc. in connection with the location and selection of specific payment gateways or providers that authorise payments related to the services provided by the Hesperia Group. These international transfers are regulated by means of standard contractual clauses approved by the European Commission.
b) marketing services for the Hotels provided by Mailchimp. These international transfers are regularised by means of standard contractual clauses approved by the European Commission.
(ii) Andorra, as a consequence of the communication of data to the companies of the Hesperia Group located in that territory for the provision of the administrative management services of that group. Andorra has been declared by the European Commission to have an adequate level of protection, in accordance with the provisions of Decision 2010/625/EU of 19 October 2010.
7. SECURITY AND CONFIDENTIALITY
The Hotel has implemented and maintains the security levels required by the GDPR to protect your personal data against accidental loss and unauthorised access, processing or disclosure, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed. However, although the Hotel makes its best efforts to protect the data it processes, it cannot guarantee in all cases the process of communication of personal data from the users' network to that of Hesperia. Therefore, once we receive your data, the Hotel will use rigorous procedures and security features to prevent any unauthorised access.
The personal data that we may collect will be treated confidentially, and we undertake to keep them secret in accordance with the provisions of the applicable legislation.
8. EXERCISING YOUR RIGHTS
We inform you that you may exercise the following rights:
i. the right of access to your personal data in order to know which personal data are being processed and the processing operations carried out on them;
ii. the right to rectify any inaccurate personal data;
iii. the right to erasure of your personal data, where this is possible;
iv. the right to object, where possible;
v. the right to request the restriction of the processing of your personal data where the accuracy, lawfulness or necessity of the data processing is in doubt, in which case, we may retain the blocked data for the exercise or defence of claims;
vi. the right to portability of your personal data, where the lawful basis for us to process your personal data is the existence of a contractual relationship or your consent; and
vii. the right to revoke consent at any time, where applicable, given to the Hotel for the processing of your data, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
You may exercise your rights at any time by sending an email to
protecciondedatos@hesperiaworld.com, indicating the right you wish to exercise. When there are reasonable doubts about your identity (for example, when the communication is made from an email address other than the one available to the Hotel), you will be asked to provide additional information to help us verify your identity. Furthermore, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency if you consider that a breach of data protection legislation has been committed with regard to the processing of your personal data.
9. UPDATING THE PRIVACY POLICY
This Privacy Policy may need to be updated; therefore it is necessary that you review this policy periodically and if possible each time you make a reservation, or contact us in order to be properly informed about the type of information collected and its processing. We will notify you of any changes to this privacy policy that materially affect the processing of your personal data.
Last updated: 30 April 2024.