DATENSCHUTZBESTIMMUNG

DATENSCHUTZBESTIMMUNG

This Privacy Policy applies to personal data processed at HOTELS VIVA & RESORTS. Please, read it carefully because it contains important information about your personal data processing and legal rights.

This Policy can be found at the hotel reception, where you can ask for a copy.

Compulsory fields of our forms shall be fulfilled to process your request.

1. WHO IS YOUR PERSONAL DATA CONTROLLER?

The Company who operates the hotel where you stay (hereinafter, the HOTEL), whose contact details are as follow (also available at the hotel reception):

INVERSIONES PASCUAL S.L., with CIF: B07461767, with address at Calle Agustín Argüelles, No. 1, 07400 Alcudia, Illes Balears, Spain (hereinafter HOTELS VIVA & RESORTS), being the scope of the respective responsibilities of the HOTEL and HOTELS VIVA & RESORTS the following:

The HOTEL is responsible for its management necessary customers data processing, i.e. Administrative and accounting operations, managing of bookings and stays, contracted service provision and claims customer care.

HOTEL VIVA & RESORTS is liable for hotel management personal data processing including:

The hotels management control and business data analysis.

The HOTELS VIVA & RESORT quality assurance and improvement.

Commercial management of customers personal data for sending of commercial communications, management of loyalty programs, preparation of commercial profiles or services personalization.

For more information about your personal data processing or your legal rights exercise regarding it, you may send an e-mail to the HOTEL Data Protection Officer: dpd@hotelsviva.com

2. PURPOSE AND LEGAL BASIS FOR THE PERSONAL DATA PROCESSING

Personal data will be processed for:

2.1. Reservations management and provision of the requested services.

2.2. Record and control of travellers.

2.3. Recording activities.

2.4. Attention to the special needs.

2.5. Quality assurance.

2.6. WIFI use.

2.7. Queries and claims customer care.

2.8. Customers personal data consolidation.

2.9. Sending of non-personalized commercial communications and lists of distribution segmentation.

2.10. Commercial profiling for services and commercial communications personalisation.

2.1.- Reservations management and provision of the requested services.

The categories of data collected by the HOTEL for those purposes are the following:

Identification data and contact details of the reservation holder.

Reservation data or request for service (stay dates, number of guests, customer´s age, requested service).

Payment methods data.

Goods and services transactions data.

These data are obtained directly from you or the person who made the reservation or requested the service on your behalf.

The processing of such data is required for the execution of accommodation contract, the provision of the requested services or the application of precontractual measures requested by the data subject.

The economic data and goods and services transactions data will be processed for accounting and administrative management purposes and the HOTEL compliance with its legal obligations.

Some of the Hotels of HOTELS VIVA & RESORTS has a virtual butler service. This service is provided through WhatsApp, developed by WhatsApp Ireland Limited. More information in https://www.whatsapp.com/legal/privacy-policy-eea#G1Di6og0cz0BSJDBp. The virtual butler is devoted to the effective delivery of our services. Specifically, customers may ask for information, book at our restaurants and spas and request our services. For these purposes, we will use your mobile pone number. This use is based on your consent. Withholding your consent does not affect your reservation or requested services. You can cancel this service by WhatsApp or at the Hotel reception at any time.

All the collected data will be in the HOTEL VIVA & RESORT database.

2.2.- Traveller´s record and control.

In accordance with the current traveller´s control law, HOTEL must register guests information. This information is included at the check-in form fulfilled by the guest, retained by the HOTEL and made available to the competent authorities.

Which data are processed for this purpose?

Name and surname (s), sex, date of birth, nationality, identity card type, number and date of issue, date of entry, signature.

If necessary, by the health regulations in force, the HOTEL will provide a record of people that Access the HOTEL.

2.3. Activities recording.

Activities or entertainment organized by the HOTEL could be photographed or recorded for internal dissemination. You will previously be asked for your consent. Your consent does not condition participation in the activities or entertainment. Your consent may be revoked by asking it at the reception or by contacting the HOTEL Data Protection Officer: dpd@hotelsviva.com

2.4. Attention to special needs.

Health data provided for attention to special needs, e. g. allergies or medication intake, will be processed by the HOTEL solely for that purpose. Those date processing is based on the explicit consent provided by the applicant of the special need, or when that information is provided by enrolling a child at VIVA KIDS ONLY CLUB or by asking for a spa treatment. Your consent may be revoked by asking it at the reception, but the service could not be provided.

2.5. Quality control.

The HOTEL may conduct satisfaction surveys. These surveys are completed anonymously and are not compulsory.

However, if identification data were provided, HOTELS VIVA & RESORTS may contact you. This processing is based on the HOTEL VIVA & RESORTS legitimate interest in assessing its services and products quality and improve its customer attention.

How has this interest been weighed with regard to your rights?

The processing is compatible with the customer reasonable expectations who has willingly provide his identifying data and contact details.

The impact of the processing on customer privacy is limited because its only purpose is resolve complaints and discuss suggestions, improving our service quality and customer attention.

2.6. WIFI use.

Your identification and contact data will be processed for the WIFI access management and the HOTEL systems security.

We do not control your WIFI connections unless essential to prevent or manage a threat to our systems security or to investigate a violation against WIFI Terms of Use or current laws. However, in those cases, we will opt for the less customer privacy burdensome system.

The processing of your data is based on the requested WIFI service provision and our legitimate interest on our systems security.

2.7. Advice and complaints service.

Data provided on your queries or complaints will be processed to manage your requests and complaints. This processing is necessary for the performance of the lodge contract, to take pre-contractual measures with regard to your request or to defence against unjustified customer claims.

Health data related to a complaint are processed based on the General Data Protection Regulation, article 9.2. f).

2.8. Customer´s data consolidation.

Data provided by customers, together with data gathered during your stay, are consolidated in data bases owned by HOTEL VIVA & RESORTS.

Which data are consolidated?

- IIdentification data: Name, surname (s), identification document (kind, number, date of issue), country of residence, postal address, shipping address, billing address, e-mail, telephone.

- Personal details: Sex, date of birth, country of birth, nationality, family data (kids, date of birth, couple), language.

- Booking details: dates, services, and consumptions.

 -Advice and complaints data.

- Goods and services transactions data.

-  Financial and insurances data.

- Butler service data.

These data are consolidated in the E.U. located HOTEL VIVA & RESORTS´s systems, in order to have a customer record, standardize formats, codify information and allow centralized management, i.e. authorities entry reports. This consolidation is based on GDPR 48th recital, that recognises companies legitimate interest in sharing customers personal data for internal administrative purposes.

How has been balanced this legitimate interest regarding your rights?

- Data processing is compatible with the reasonable expectations of the parties, being the customers parties of the HOTEL.

- The impact of the treatment on the privacy of the parties is limited, having into account purposes, data limited storage time and technical and organisational measures adoption to avoid the use of those data with commercial purposes without express consent.

Consolidated data are also used for the following purposes:

2.9. Non personalised commercial communications sending and distribution lists management (segmentation)

HOTEL VIVA & RESORTS process customers identification and contact data, together with the rest of data, for sending non personalised commercial communications regarding the HOTEL products and services and distribution lists management.

This information consolidation is based on the HOTEL legitimate interest in operating a commercial database for direct marketing purposes.

How has been balanced this legitimate interest regarding your rights?

- GDPR 47th recital considers that personal data processing for direct marketing purposes is considered legitimated. GDPR 48th recognizes the legitimate interest of companies in sharing customer personal data for internal administrative purposes.

- Data processing is compatible with the reasonable expectations of the parties, being previously the parties customers of the HOTEL.

- The impact of the treatment on parties privacy is limited, having into account that you object to the processing when data are collected or through commercial communications.

Commercial communications sending through electronic means is based on article 21.2, Spanish Law 34/2002 transposing Directive 2002/58/EU.

You can decide, at any time, to cancel your registration on distribution lists, through the link at our commercial communications or by sending an e-mail to: dpd@hotelsviva.com

To manage distribution lists, the HOTEL classifies the recipients by language or home market. This processing is based on the HOTEL legitimate interest in segmenting recipients.

How has been balanced this legitimate interest regarding your rights?

- The processing is compatible with customers reasonable expectations because it is secondary to commercial communications sending, allowing to be received in a suitable format and with the appropriate language.

- The processing is not a privacy significant threat, because it is a ranking based on objective criteria that do not support new information about customers; Technical and organizational measures have been taken to avoid commercial profiling, predictions, or individualized behavioural analysis without express customers authorisation. Customers can decide, at any time, to object to the processing for receiving commercial communications.

2.10. Commercial profile elaboration to personalize HOTEL VIVA & RESORTS services and commercial communications.

Which data are included in the profile?

- Identification and contact data: Name, surname (s), country of residence, postal address, e-mail, telephone.

- Personal data: Gender, country of birth, date of birth, nationality, family, language.

 -Goods and services transactions data: Booking data (dates, number and age of guests, services included) and consumptions (purchases, services, food and beverages, use of the hotel facilities).

 -Preferences expressed during the stay (i.e., a special pillow)

 -Claims, complaints, and surveys data.

Health data or another special category of data, such as religion or payment means, will never be incorporated to your profile.

HOTEL VIVA & RESORTS will use you profile for:

 -Personalize the treatment and services; This personalisation occurs when you contact us through the HOTEL Customer Relationship Management tool (CRM) connexion based on the E.U. Your profile data are not incorporated to the HOTEL systems.

 -Personalise our offering regarding your consumption; This profile is used to make special offers regarding your Booking frequency, contracted products and amounts spent.

Although individualised decisions having legal effects are not taken based on this profile, you have right to object that decision making according to GDPR article 22nd.

This processing is based on your consent. Do not give your consent or withdraw it does not condition your booking or your contracted services. You can revoke your consent at any time by sending an e-mail to gdpr@hotelsviva.com.

3. TO WHOM ARE YOUR DATA COMMUNICATED?

Your data will only be communicated to the HOTEL companies as stated above or to third parties by legal obligation, with your prior consent or when required for the contracted services. In particular:

The HOTEL will submit check in forms to the competent authorities when required by the health security or traveller´s control current regulations.

If your booking includes additional services provided by third parties, personal data required for this request will be communicated to providers solely for this purpose. These communications are needed to provide required services or to apply pre-contractual measures to your request.

4. HOW LONG ARE YOUR DATA KEPT?

In general terms, customers data will be kept for the duration of the HOTEL relationship and, in any case, during the required time for dealing with any liabilities arisen from the processing. Your data will be cancelled when they are no longer necessary for the purposes for which they were collected, specifically:

- The HOTEL will keep your stay economic and goods and services transactions data during the accounting and tax current regulation required time.

- The HOTEL will keep the guest registry as required by Spanish Law 4/2015.

- Health data provided for special needs attention, will be daily cancelled for non-hosted customers or hosted ones once they have finished their stay.

- Butler service chats will be cancelled once the customer has finished its stay.

- Consolidated customer data management tool (PMS, Property Management System) will be kept during six (6) years.

- Data processed for commercial purposes, including commercial profiles, will be kept unless you oppose or request its suppression. The means including your consent will be kept for the processing whole duration and applicable prescription terms.

- Data processed for control and business data analysis purposes will be kept without time limit. Data from customers who did not consent for profiling will be anonymized once the conservation period at the PMS expires.

5. WHICH ARE YOUR RIGHTS?

You have right to obtain confirmation about if we are processing your personal data and to access to them. You can equally ask for rectify your data if not accurated or completed, as well as ask for its erasure if they are not needed for the purposes for which they were collected.

In certain circumstances, you will be able to ask for the data processing limitation. In such case, we will only process your data for complaints or protection of rights of others. In certain cases, you might be able to object to the processing of your personal data; If this is the case, we will not process your personal data except for compelling legitimate grounds that prevail over your rights, or for complaints.

Moreover and, under certain conditions, you will be able to ask for the portability of your data to be passed to another data controller.

You can revoke your consent for certain purposes without invalidating the lawfulness of the processing based on your previous consent.

You can revoke your consent anytime or oppose to your data processing with direct marketing purposes, including commercial profiling; In that case, we will not process your personal data for those purposes. You can equally oppose to automated individual decisions that affect you, according to GDPR, article 22nd.

To stop receiving commercial communications you can use the ad hoc link or send an e-mail to gdpr@hotelsviva.com

To delete your commercial profile, you can send an e-mail to gdpr@hotelsviva.com

You can equally make a complaint before the relevant supervisory authority; You can get more information about your rights in the Spanish Data Protection Agency https://www.aepd.es