WHO DOES THIS POLICY APPLY TO?
This policy applies to all natural persons who are users of the platform, whether or not they are party to any legal transaction with ILUNION HOTELS. Said persons are hereafter interchangeably referred to as “the user” or “the users”. By “personal data” we are referring to any information about an identified or identifiable natural person.
If you are already a customer or worker of ILUNION HOTELS or have entered into any other legal transaction with us, we advise you to refer to the information contained in this policy concerning specific privacy terms.
The users declare, on their own liability, that they have the sufficient legal capacity to enter into legal transactions with ILUNION HOTELS.
IF YOU BROWSE OR USE OUR ONLINE PLATFORM, WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA?
We are the data controller of your personal data:
Full name of the organisation: ILUNION HOTELS, S.A.
Registered address: c/ Albacete, 3, Edificio Torre Ilunion, 28027, Madrid
Physical location/headquarters: c/ Albacete, 3, Edificio Torre Ilunion, 28027, Madrid
Contact email: firstname.lastname@example.org
WHO IS THE ILUNION HOTELS DATA PROTECTION OFFICER (DPO)?
ILUNION HOTELS has a DATA PROTECTION OFFICER (DPO), whom users may contact for any queries or disputes relating to the treatment of their personal information, as provided in the GDPR. You can contact our DPO through the following contact details:
Contact email: email@example.com
WHAT TYPE OF DATA DO WE PROCESS?
The processing of your data is required to give you access to the content and/or features on the platform or, if you so wish, to be able to send you information or provide you with the services available on said platform. In this respect, we are firmly committed to processing your personal data legitimately and in line with the legal principles and obligations set out in current legislation regarding personal data protection.
When you browse our platform and, in particular, when you interact or register with us, you are directly providing us with data, for instance, when you fill out any forms or applications online in accordance with the purposes of processing indicated in each case (e.g., contact from, etc.).
The data you provide to us are in relation to those forms or applications on the platform and may vary depending on the type of form or application in question. Notwithstanding the foregoing, different categories of personal data may be collected by means of the platform and its different forms/applications. However, we always only request data that is appropriate, relevant and limited to what is necessary for the aforementioned purposes of processing (principle of data minimisation):
- Personal identifiable information (for example, your name and surname).
- Personal contact information (for example, your email address).
FOR WHAT PURPOSE DO WE USE YOUR DATA?
- To allow you to browse our platform and give you access to information and to the content available on said platform.
- To respond to your requests or applications in accordance with the contact forms you submit to us, particularly those used to set up legal transactions between the parties (e.g. work contracts, service provision agreements, etc.).
- To take all protective measures that apply in accordance with current regulations, including the possible anonymisation of your personal data by applying the appropriate methods for that purpose. Therefore, in this regard, anonymisation and pseudonymisation techniques may also be used to better protect your personal data.
- To apply the appropriate security, technical and/or organisational measures focusing on the risk that exists at any given time, including the pseudonymisation or encryption of personal data through our platform.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?
|Purposes of processing||Legal basis for processing|
|To allow you to browse our platform and give you access to information and to the content available on said platform.||Your consent and, where applicable, compelling legitimate grounds or those of a third party relating to the appropriate management, maintenance, development and evolution of the platform, tools, network and related IT systems for them to function properly and to enable the features, access to content and services, and the general security of all of the above.|
|To respond to your requests or applications in accordance with the forms or applications you submit to us.||Your consent|
|To take all protective measures that apply in accordance with current regulations, including the possible pseudonymisation and anonymisation of your personal data by applying the appropriate methods for that purpose.||Compliance with a legal obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at guaranteeing the security of the platform, the network and the related IT system, the compelling legitimate interest of ILUNION HOTELS or, where applicable, that of a third party, could be argued (recital 49 of the GDPR).|
|To apply the appropriate security, technical and/or organisational measures focusing on the risk that exists at any given time.||Compliance with a legal obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at guaranteeing the security of the platform, the network and the related IT system, the compelling legitimate interest of ILUNION HOTELS or, where applicable, that of a third party, could be argued (recital 49 of the GDPR).|
HOW LONG DO WE STORE YOUR DATA?
|Personal data associated with the mentioned purposes of processing||Storage period and criteria of your personal data|
|Data related to the user’s browsing on our platform||-Generally, your data will be stored for these purposes for as long as is required and necessary for you to be able to correctly browse and use our platform and the content available on said platform that you access.|
|To respond to your requests or applications in accordance with the forms or applications you submit to us.||-For the amount of time that is absolutely necessary to properly attend to your specific requests and/or applications as the case may be.|
-Should they consist of the execution of pre-contractual measures or the signing of a contract with ILUNION HOTELS at your request, your data will be stored for as long as is necessary to implement the pre-contractual measures or agreement between the parties, and also to prove to the authorities the legal liabilities deriving from the transaction in question.
|To take all protective measures applicable in accordance with current regulations.||While a user’s personal data are being processed, including the storage of said data during the legally stipulated period, and regardless of the legal basis for processing that ILUNION HOTELS puts forward.|
|To apply the appropriate security, technical and/or organisational measures focusing on the risk that exists at any given time.||While a user’s personal data are being processed, including the storage of said data during the legally stipulated period, and regardless of the legal basis for processing that ILUNION HOTELS puts forward.|
In any case, and notwithstanding the foregoing, the user should note the following:
- In accordance with current regulations governing personal data protection, as far as the correct processing of personal information by ILUNION HOTELS is concerned, this organisation may also securely store the information for four years from the time it is collected (statute of limitations in this context).
- In general, when personal data is no longer necessary for the purposes of processing for which they were collected, they will be blocked and will be available only to the relevant authorities for the purposes of ascertaining legal liability during the processing of said data, always in accordance with the applicable regulations. Such data may not be used for any other purposes other than the aforementioned. Once the legal period for blocking personal data has passed, said data will be deleted as per the applicable regulations, and may also be safely anonymised by ILUNION HOTELS, where applicable (anonymised/non-personal data).
WHAT HAPPENS IF YOU DON'T PROVIDE US WITH YOUR DATA?
We seek to request or apply the minimum amount of data strictly necessary for processing personal data in the pursuit of our business and social goals. And we do all of this in line with the principles set out in the applicable regulations.
Meanwhile, if you do not provide your personal data, this may have the following consequences: 1) you will be unable to properly browse our website (if you do not accept technical or session cookies); 2) we will be unable to process your application or specific request, making it impossible to set up the corresponding legal transaction (for example, if you do not provide sufficient details on the corresponding form or application).
In any event, the information and personal data that you provide in each case, should always be:
- Sufficient, albeit limited and adjusted, and provided for the legitimate purposes for processing as indicated in each specific case, fully respecting the principles of purpose limitation and data minimisation.
- Accurate, up-to-date, and truthful, in order to be able to properly verify your identity, capacity and, where applicable, representation, as well as to be able to adjust the processing of your data to your specific needs and situation, if required. All in line with the accuracy principle that applies to personal data.
Users will be fully responsible for the personal data and information they provide to ILUNION HOTELS on the platform, and in relation to the services they require or contract.
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
Generally speaking, we do not share your data with third parties, nor do we sell them or offer them to third parties. Nevertheless, as an ILUNION HOTELS customer, your personal data may be shared with other companies within the Group of Companies to which ILUNION HOTELS belongs for merely internal and administrative purposes, in accordance with recital 48 of the GDPR.
Likewise, if you have already consented to your personal information being supplied to other ONCE SOCIAL GROUP companies (list of companies available at https://www.ilunionhotels.co.uk/) in order to inform you of activities, events, promotions or other information potentially of interest to you, including advertising and promotions relating to the activities organised by said companies, your personal information will be supplied to same. You may withdraw your consent for that purpose at any time, although doing so will not affect the legitimacy of the processing of your personal data prior to said withdrawal, in accordance with the GDPR.
ILUNION HOTELS has different data processors for processing the personal data under its control, to whom it gives access to said data as trusted suppliers, and only when this is strictly necessary for the provision of the services contracted with said suppliers. These data processors operate under a service contract in accordance with the terms, conditions and guarantees set out in Article 28 of the GDPR. ILUNION HOTELS performs the necessary controls, inspections and audits in this regard to ensure that said processors are in strict compliance with the contracts signed to that end and with the applicable regulations.
ARE YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
We inform you that, generally speaking, there are no international transfers of your personal data planned, and ILUNION HOTELS takes the necessary measures and guarantees in this regard in accordance with the applicable personal data protection regulations.
WHAT ARE YOUR RIGHTS? WHAT DO THEY MEAN? AND HOW CAN YOU EXERCISE THEM?
|Your rights||What are they?||How can you exercise them?|
|Right of access|
Article 15 GDPR.
|The right to receive confirmation from ILUNION HOTELS as to whether or not they are processing your personal data, and to basic information relating to such processing, as well as to obtain a copy of the personal data being processed.||To exercise this right, send an email to firstname.lastname@example.org with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to rectification|
Articles 16 & 19 GDPR.
|The right to have your personal data rectified by ILUNION HOTELS without undue delay.||To exercise this right, send an email to email@example.com with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to erasure|
Articles 17 & 19 GDPR.
|The right to have your personal data erased by ILUNION HOTELS without undue delay.||To exercise this right, send an email to firstname.lastname@example.org with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to restrict processing|
Articles 18 & 19 GDPR.
|Right to restrict the processing of your data by ILUNION HOTELS when:|
-You contest the accuracy of your personal data, for a period that allows ILUNION HOTELS to verify their accuracy.
-The processing is illegal and you object to them being erased (and instead, you request to restrict their processing).
-ILUNION HOTELS no longer needs the personal data, but you need them to formulate, exercise or defend claims.
-You have objected to the processing of your information under Article 21.1 GDPR, while it is being examined whether the legitimate grounds of ILUNION HOTELS prevail
|Right to data portability|
Article 20 GDPR.
|The right to receive the personal data that concern you and that you provided to us in a structured, commonly used and machine readable format, or to transmit said data to another controller when this is technically possible.|
|Right to object|
Article 21 GDPR.
|The right to object at any time to the processing of your personal data, including any profiling of data, even when ILUNION HOTELS or a third party demonstrate compelling legitimate grounds.|
|Rights related to automated decision making (including profiling)|
Article 22 GDPR.
|The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.|
|Right to withdraw consent||You have the right to withdraw consent at any time. The withdrawal of consent will not affect the lawfulness of processing by ILUNION HOTELS based on your consent before its withdrawal.||Said withdrawal may be communicated by means of the forms, content, and privacy settings made available by ILUNION HOTELS (for instance, requesting to unsubscribe from the newsletter using the link provided for that purpose). Nevertheless, this withdrawal may also be communicated by emailing: email@example.com to attend to your right as per the applicable regulations.|
|Right to lodge a complaint with the competent supervisory authority (AEPD)|
Articles 13 & 14 GDPR
|The possibility of reporting any breach of your right to personal data protection to the competent authority.||We recommend that before filing any kind of complaint with the Spanish Data Protection Agency (AEPD), you contact us to analyse the situation in question and so that we can try to come up with an effective and amicable solution. Notwithstanding the above, the Spanish Data Protection Agency (AEPD) website also contains information on how to submit a claim www.aepd.es.|
ARE THERE MEASURES IN PLACE FOR THE SECURITY AND PROTECTION OF YOUR PERSONAL DATA?
Considering the nature, scope, context, and the indicated purposes of processing, as well as the varying degrees of probability and seriousness of risks to your rights and liberties, ILUNION HOTELS applies (and will continue to apply) suitable technical and organisational measures in order to guarantee the requisite security and protection of your personal data, meeting privacy criteria by design and by default, as well as applying a system that focuses on the concurrent risk, which will be revised and updated by ILUNION HOTELS whenever necessary.
This policy is valid from 1 June 2018.
ILUNION HOTELS reserves the right to modify this policy to adapt it to future legislative, doctrinal, or case law developments that apply, or due to technical, operating, commercial, corporate or business reasons, giving you reasonable, prior notice regarding the changes made whenever possible. In any case, we recommend that each time you access the platform, you read this policy carefully, as any changes will be published here.
Additionally, ILUNION HOTELS may personally inform you of any planned changes to this policy, before they come into force, whenever this is technically and reasonably possible, and particularly when you are a registered user or party to a legal transaction with ILUNION HOTELS.
WHAT ARE COOKIES?
Cookies are small files that are placed on your device (computer, mobile phone, tablet or other connected device) by the websites you visit. They are used to provide information to the owners of the site.
In general, and in accordance with the Spanish Data Protection Agency (AEPD) Cookie Guide, there are several types of cookies:
Depending on the entity that manages the device or domain from where the cookies are sent and the data obtained are processed, cookies can be:
- First-party cookies: Cookies that are placed on the user’s browser by a server or domain managed by the publisher of the platform from which the service requested by the user is provided, in this case ILUNION HOTELS.
- Third-party cookies: Third-party cookies are sent to the user’s browser from a server or domain not managed by the publisher of the platform, but by another agency that processes the data obtained through the cookies. If the cookies are installed from a server or domain managed by ILUNION HOTELS but the information collected is managed by a third party, said cookies cannot be considered as ILUNION HOTELS first-party cookies. In that regard, ILUNION HOTELS may hire the services of analysis and measurement companies that measure and/or analyse the browsing behaviour of users on the platform and act on their behalf by analysing the data obtained with these third-party cookies with the sole objective of improving the service provided by ILUNION HOTELS.
- Depending on the purpose for which the data obtained through the cookies is being processed, cookies can be:
- Technical cookies: Cookies that allow the user to browse the platform and use the different options or services available, such as control traffic and data communications, identify the session, access information with restricted access, remember the items included in an order, complete an event registration or participation form, use security components while browsing, store content to play videos or sounds, or share content on social media.
- Personalisation cookies: Cookies that allow the user to access the service with some general features defined by default according to a series of criteria on the user’s device, such as language, browser used to access the service, regional settings from which the service is accessed, etc.
- Analytical cookies: Cookies that allow the entity in charge of them to track and analyse the behaviour of users of the websites to which they are linked. The information collected by these cookies is used to measure the activity on the platform and to compile browsing profiles of its users in order to make improvements based on an analysis of the data on how users use the service.
- Advertising cookies: Cookies that allow the most effective use possible of the advertising space that the publisher has included on the website, application or platform used to provide the service, based on criteria such as edited content or how frequently advertisements are shown.
- Behavioural advertising cookies: Cookies that allow the most effective use possible of the advertising space that the publisher has included on the website, application or platform used to provide the service. These cookies store information on user behaviour obtained through the continuous monitoring of their browsing habits, so that a specific profile can be developed to display advertising accordingly.
- Depending on the time they remain activated in the device (duration), cookies can be:
- Session cookies: Cookies designed to collect and store data while the user visits the platform. Session cookies allow a website to recognise users.
- Persistent cookies:Cookies that are stored on the device and can be accessed and processed during a period of time defined by the entity in charge of the cookie, which can range from a few minutes to several years.
WHAT COOKIES DO WE USE ON THIS PLATFORM?
Some of the cookies we use are necessary in order to browse the platform and cannot be rejected by the user. Others do not affect how the website works; these ones can be accepted or rejected by the user, as set out under Point “3. Management and configuration of the cookies”. We now identify the types of cookies used on this platform and how they are used:
|Cookie||Type of cookie||Purpose||Management||Duration||Does deactivating this cookie affect how the platform works?|
|_dc_gtm_UA-105855859||Analytical||Cookie generated by Google Tag Manager to track visitors to the website||Up to 2 years||No|
|_ga||Analytical||Used to tell users apart.||Third party||2 years||No|
|_gid||technical||Used to tell users apart.||Third party||24 hours||No|
|_cfduid||technical||The ‘__cfduid’ cookie is used by the Cloudflare service to identify trusted web traffic. It does not correspond to any user ID in the website application and stores no identifiable personal data.||Third party||Persistent||No|
|Pardot||Analytical||This session cookie is only placed on your browser when you log on to the Pardot session as a user||Third party||Session||No|
|lpv597381||technical||Pardot helps everyLIFE Technologies to offer the perfect user experience for customers and users who create accounts with us to receive emails.||Third party||Session||No|
The analytical cookies used on this platform are not activated automatically but are only installed on your browser when you select the “Accept” option on the cookie banner, as explained in Point “3. Management and configuration of the cookies”.
In any case, you can stop Google Analytics from compiling and using data (cookies and IP address) by downloading and installing the Google Analytics Opt-out Browser add-on: https://support.google.com/analytics/answer/181881?hl=es
As indicated, third-party cookies are used, however the appropriate guarantees are in place in terms of any possible international personal data transfers, in accordance with current regulations. They are managed by entities that are either Privacy Shield certified (in force) or that are based in the European Economic Area (EEA).
MANAGEMENT AND CONFIGURATION OF THE COOKIES.
The first time you use our website, you will be asked whether or not you agree to analytical cookies being used while you browse. You may accept or reject cookies.
Remember that technical cookies are essential for the user to be able to browse the platform and so deactivating or disabling them will prevent the user from browsing said platform.
We show you how to manage and disable the cookies used on the platform through the different options available on the most commonly used browsers.
You may also manage how your browser stores cookies by using tools such as:
Your online choices: www.youronlinechoices.com