Company Name: HOTEL MITICA, S.L.
Address: C/ Viena 2, 03503, Benidorm, Alicante(Spain)
Other companies that act as “Co-Controllers,” as defined in Article. 26 of European Regulation 2016/679, are:
- AQUALANDIA, an entity in charge of a park that bears the same name and with which we share a common interest to send marketing information by electronic means.
- TERRA MÍTICA, an entity in charge of a hotel that bears the same name and with which we share a common interest to send marketing information by electronic means and, at times, to manage hotel stays.
- MUNDOMAR, an entity in charge of a park that bears the same name and with which we share a common interest to send marketing information by electronic means.
Data We Collect
That data provided to us by the users of our website or from the different social networks on which we have a professional profile may be used for different purposes, all of which can easily be identified from the context. For example, if a user fills in a contact form and/or participates in a certain promotion, their data will obviously be used for those purposes and to subsequently keep them informed of any possible news in relationship with our services and/or the promotion being offered. Under no circumstance will we collect more data than what is strictly necessary to fulfill the purposes listed for each case. Generally, we always limit ourselves to collecting the following types of data:
- Identifying Data: first name, surname(s), email address, and contact telephone.
- CV Data: this data will be used solely to assess the hiring of different professional profiles at our entity. Under no circumstance will this data be used for other purposes, nor will it be disclosed to third parties.
- Contractual Data: for example, if a user contracts a service online and/or makes an online purchase (the same is true for any contracting which takes place via telephone and is initiated by the client), we will collect personal data to formalize the sale contract (for park tickets, hotel stays, or both services together). It is important to remember that the company does not store the data related with the payment methods used (debit or credit cards), as these are used by the bank’s payment system and said system only send us confirmation of acceptance of the transaction (confirmation that the payment has been made).
Purposes for which we Process / Use your Personal Data
The purposes for which we collect personal data from the users of our website and the different social networks will always be listed in a clear and transparent way. For example, in the case of contact forms, the data will be processed solely to answer requests for information and to keep the data owner informed of future activities, services, and products related with the request made. In any event, the data owner may exercise any of the rights set forth by law (see below) –at any time and for free– by simply writing an email to our Data Protection Officer: email@example.com.
In the event that GRAND LUXOR HOTELS wishes to use your data for more than one purpose, consent will always be collected for each of the purposes for which your data is to be used. For example, the user may be free to provide consent to participate in a promotion for services related with a certain season (summer) by opting to participate (or not) in a promotion or newsletter whose frequency varies and/or continues over time. Under no circumstance will the company oblige the user to provide consent for one service through consent for a second service; our users will always be able to choose, at any time, the information that they want to receive, how they want to receive it, and when they want to receive it.
The term “Legal Grounds” can be defined as the reason why we are able to process our users’ personal data. For example, if a user decides to purchase certain products or services via our website, the legal grounds for personal data processing would be, obviously, the contract for said products or services. GRAND LUXOR HOTELS will use a contract to manage the order’s preparation, its shipment, receipts, admission tickets, payment, returns, guarantees, etc.
In other cases, the legal grounds allowing for personal data processing may be consent from the users themselves. This is true for the processing of CV data belonging to those who wish to work with us.
Users can find a summary of the legal grounds which cover the different data processing schemes at the beginning of this section.
In the event that the legal grounds for personal data processing was based on consent (as in the CV example), said consent can be withdrawn at any time and in a very easy way. Withdrawing consent is just as easy as it was to send us your CV to us initially via email. To withdraw consent, you simply need to send an email to our Data Protection Officer.
Obviously, withdrawal of consent cannot have retroactive effect and it will enter into force when the user notifies us of his/her desire to withdraw personal data processing consent.
Amount of Time Data will be Kept
Below, we will note how long GRAND LUXOR HOTELS intends to keep the personal data belonging to the users of the different online services.
There is no “one size fits all” amount of time that data is kept, as the data processing types and purposes are different and vary. In any event, the company will always respect the following guidelines:
- For CV Data: the maximum period of time allowed is two years from the time the CV is received from the applicant. In reality, the normal period of time will typically be less than one year, due to the seasonality that is inherent to the company, and the aforementioned period of two years has been given for the sake of being cautious. In the event there is a professional profile tied to seasonality and/or positions that vary throughout the year, the period may be slightly longer. For example, if a CV is received in the month of October, normally it will be kept by the company until the end of the two following years.
- For Contractual Data: the period, in this case, is set by applicable law on the matter. Generally, the company will keep users’ data until the statute of limitations runs out for any liabilities stemming from the contract (generally, ten years).
- For Contact Data: the period this data is kept is 10 years, to be counted from the last time there was interaction between the user and the company. For example, if a user requests information on the company’s services and products and subscribes to our newsletter, the company will keep the user’s data until the user unsubscribes from the newsletter, and the user’s data will be locked so that it may be destroyed after the aforementioned term for contractual liability has finalized.
Please, do not hesitate to get in touch with our Data Protection Officer to better understand the details of our policies for keeping personal data.
“Computerized Decisions” are those decisions made by the Data Controller without human intervention and based on personal data provided by the user – whether manually (for example by filling out a form) or through the study of browsing habits.
GRAND LUXOR HOTELS hereby notes that it does not make any computerized decisions by analyzing the browsing habits of its users on its website or on its social networking profiles.
GRAND LUXOR HOTELS does not, under any circumstance transfer the data belonging to website users and social network users to any company that is not one of those mentioned in the section entitled “About Us.” The company may have, at times, external collaborators; these relationships will always be covered by a Data Processing Agreement.
Data Owners’ Rights
GRAND LUXOR HOTELS hereby makes known the following rights which all data owners have. In the event of any questions, you may contact our Data Protection Officer. Data owners can exercise their rights by sending an email to: firstname.lastname@example.org.
Right to Access: The user may request to find out what data is held by the company – both in terms of the online and the possible offline relationship between the company and the user. For example, a user can ask to access the data in relationship with his/her registering for a newsletter, or he/she may ask for information on his/her medical history. In any event, the company will ask the individual making the request to identify himself/herself, depending on the importance of the data to which access is being requested. More specifically, the user has the right to find out:
- The purposes for his/her personal data’s processing
- The categories of data included in the different processing schemes
- Any possible data recipients
- The periods of time for which data is kept
- The existence of the right to file a complaint before the supervisory authority (the Spanish Data Protection Agency)
Right to Rectify: In the event that the company has made a mistake in noting some of the data, or also in the event that the user fully or partially changes his/her data (for example, a change in the email address where information is to be sent), the user will merely have to send us an email noting the data he/she wishes to rectify and the changes that need to be made.
Right to Delete: In this case, the data owner can exercise the so-called “Right to Be Forgotten” so that the company, once the legally established timeframes for the different types of data to be kept have expired, can permanently delete said data. In any event, while said timeframes for data conservation are in force, any data whose deletion is requested will be locked and not used in any way other than its simple conservation.
Right to Limit Processing: The data owner may request that that the processing of his/her data be limited under the following circumstances:
- If there is a question as to the accuracy of the data belonging to the data owner
- If processing is unlawful
- If the company no longer needs the data to fulfill the purposes for which it was originally collected
- For the amount of time that it takes for the prevalence of the company’s legitimate interests to be verified so that the data may be legally used
Right to Request Data Portability: The data owner can request a copy of his/her data in a structured format that is commonly used and machine readable. This copy may be sent directly to the data owner or to any person chosen thereby – provided that it is technically possible to do so.
Right to Oppose: The data owner can ask that the company undertake the processing of his/her data based on the company’s legitimate interests. Likewise, the data owner may exercise his/her right to oppose processing for the purposes of direct marketing and profiling.
Right to not be subjected to computerized decisions: In the event that the company undertakes this type of activity (making computerized decisions that may affect the rights or interests of those involved in any way and without human intervention), the data owner may request not to be subjected to these practices, making said request at any time.
We understand the term “legitimate interest” to be the interest that Grand Luxor Hotels has in using the personal data belonging to data owners for legitimate purposes and purposes related to the ones for which data was originally collected. For example, when we collect data from customers buying tickets, stays, or the two packages together, we use that data to formalize the contract but, also to send relevant marketing information related with the theme parks and hotels included in the “About Us” section.
We do not feel that this legitimate interest violates in any way the rights and freedoms of the data owners who, additionally, can always exercise the rights set forth in current legislation by sending an email to the Data Protection Officer.
Final Rules and Guidelines
This website’s users understand that all the information provided via social networks (posts, mentions, comments, links, chats, videos, photos, etc.) may be public and, as such, used by third parties that the company has no technical restrictive measures against. Said third parties, without authorization from GRAND LUXOR HOTELS, may use the data published by users for purposes that are not directly related to the interests of the company, doing so without there being any authorization, concession, consent, or even knowledge of such actions. Therefore, users must be aware of this fact, which is inherent to the use of information published on social networks.
All opinions and, in general, information published by users solely represents the opinion of those providing such information and does not imply participation by our company.
In terms of the users who create links to, comment on, or write posts and contributions (text, video, photos, etc.) on behalf of the companies that manage and own the so-called “Social Network” platforms, the company cannot ensure that they respect current data protection law and recommends that users check the privacy policies of each social network.
As for any content published on the social networks used by GRAND LUXOR HOTELS, users are asked to respect the aforementioned guidelines.