Privacy Policy
Basic information on Data Protection | ||
Responsible | MARIA ESPERANÇA LLORENS JOVÉ | |
DPD | info@torrelloreta.com | |
Purpose | 1) Queries and requests for information from third parties: Manage and respond to queries and requests for information made through the contact methods available on the website. 2) Online booking: Manage the customer’s reservation. | |
Legitimation | 1) Queries and requests for information from third parties: Legitimate interest to manage and respond to queries and requests raised by the interested party by email and explicit consent in the contact form. 2) Online booking: Explicit consent given by the interested party through the booking form. | |
Conservation | Personal data will be retained for as long as necessary to fulfil the purpose for which it was collected. Once this purpose has been achieved, the data will be blocked and will be available only to meet possible legal, administrative or judicial liabilities during the applicable limitation periods. After this period, the data will be securely deleted. The specific retention periods applicable to each category of data are detailed in the second information layer. | |
Origin | 1) Queries and requests for information from third parties: The data is provided by the interested party or his/her legal representative through the contact methods provided. 2) Online booking: The data is collected directly from the interested party or their legal representative through the booking form, or via online travel agents. | |
Recipients | Personal data will be processed exclusively by “ Torrelloreta ”. They may also be shared with service providers acting as data processors, who assist us in providing the services necessary to fulfil the purposes. These processors have formalised the corresponding contract for the processing of data in compliance with article 28 of the GDPR, ensuring adequate protection and confidentiality measures. | |
International transfers | International transfers are not made. | |
Rights | Access, rectification, opposition, deletion, limitation of processing and portability of personal data, as explained in the corresponding section. | |
Additional information | You can consult additional and detailed information on Data Protection in the breakdown of sections presented below (second information layer). | |
General information
The purpose of this Privacy Policy is to make known the conditions that govern the collection and processing of your personal data by our entity in order to ensure your fundamental rights, honor and freedoms, all in compliance with current regulations governing the Protection of Personal Data: Regulation 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the circulation of these data, (hereinafter RGPD); and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD).
In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below we provide you with all the details of interest to you regarding how we carry out these processes, for what purposes, which other entities may have access to your data and what your rights are.
Controller. Who is responsible for the processing of your data?
The Data Controller is the natural or legal person, public or private, or administrative body, which alone or jointly with others determines the purposes and means of the processing of personal data.
We inform you that MARIA ESPERANÇA LLORENS JOVÉ (hereinafter “ Torrelloreta ”) is the owner of the website torrelloreta.com, with ID number: 38475743D and address at Masia Torre Lloreta , 17251, Calonge i Sant Antoni. You can contact us by email at info@torrelloreta.com or by phone at 607801042 .
The personal data collected will only be those strictly necessary to identify and manage the request made by the interested party. These data will be treated in a fair, lawful and transparent manner, and always in relation to the established purposes.
Data will be collected only for specific, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes. Furthermore, it will be ensured that it is adequate, relevant and limited to what is necessary for the applicable purposes, and will be updated when necessary.
Before data is collected, the interested party will be informed of the essential aspects established in this policy, so that they can give clear, informed and specific consent, if this is necessary.
Purpose. For what purpose do we process your personal data?
The personal information you provide us through emails and forms will be treated confidentially and with the maximum guarantees of protection. Under no circumstances will it be used for purposes other than those specified nor will it be communicated to third parties without the consent of the interested party, except under legal obligation, in accordance with the principles established in the GDPR (Regulation EU 2016/679) and Law 3/2018 on Data Protection and Guarantee of Digital Rights.
To ensure the security of your personal data, we have implemented different levels of protection and adopted all necessary technical and organizational measures to prevent its loss, misuse, alteration, unauthorized access or manipulation.
The specific uses and purposes of personal data are detailed below:
1) Queries and requests for information from third parties: Manage and respond to queries and requests for information made through the contact methods available on the website.
2) Online booking: Manage the customer’s reservation.
Legitimation. What is the legitimacy for the processing of your data?
The collection and processing of your personal data is always legitimised by one or more legal bases, which we detail below:
1) Queries and requests for information from third parties: Legitimate interest to manage and respond to queries and requests raised by the interested party by email and explicit consent in the contact form.
2) Online booking: Explicit consent given by the interested party through the booking form.
Conservation. How long will we retain your data?
We use your personal data only for the time necessary to fulfill the purposes mentioned above. The applicable retention periods depending on the type of information are detailed below:
DOCUMENT | TERM | LEGAL REF. |
Employment or social security related documentation | 4 years | Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infringements and Sanctions in the Social Order |
Accounting and tax documentation for commercial purposes | 6 years | Art. 30 Commercial Code |
Accounting and tax documentation for tax purposes | 4 years | Articles 66 to 70 of the General Tax Law |
Data for sending information about services | As long as the interested party does not request its deletion. | Not applicable |
Data of people who have contacted | As long as you do not request its deletion | Not applicable |
In any case, your personal data will be cancelled or blocked once the retention period established for each type of data has elapsed, in accordance with the applicable legal provisions.
Origin. How did we obtain your data?
Torrelloreta ” website does not imply that the user is obliged to provide information about himself, unless he decides to interact with the forms available on the website.
“ Torrelloreta ” expressly prohibits minors under eighteen years of age from providing personal data without the prior consent of their parents or guardians.
Below we indicate the origin of the data:
1) Queries and requests for information from third parties: The data is provided directly by the interested party or his/her legal representative, through the contact means enabled on the website (such as the contact form or email).
2) Online booking: The data is collected directly from the interested party or their legal representative using the quote request form provided for this purpose.
Security measures. What do we do to protect your data?
“ Torrelloreta ” adopts the necessary organizational and technical measures to guarantee the security and privacy of personal data, protecting them against alterations, loss, processing or unauthorized access. These measures are applied taking into account the state of the technology, the nature of the data stored and the risks to which they are exposed.
Among others, the following measures are implemented:
- Permanent confidentiality, integrity, availability and resilience of the systems and services that manage the processing of personal data.
- Rapid restoration of availability and access to personal data in the event of a physical or technical incident.
- Continuous evaluation of the effectiveness of the technical and organisational measures implemented to ensure the security of the processing, through periodic testing, audits and evaluations.
- Pseudonymisation and encryption of personal data, especially in the case of sensitive data, to protect user privacy.
- Restricted access to personal data, limiting access to employees or collaborators who need such information to perform their duties.
- Incident response plan : In the event of security incidents, established protocols will be activated to mitigate risks and ensure the protection of personal data.
Recipients. To which recipients will your data be communicated?
Personal data will be processed by “ Torrelloreta ” and, where appropriate, shared with service providers who support us in the management and execution of certain processes (data processors), with whom the necessary contract has been formalized in accordance with article 28 of the GDPR. These data processors will process the data only for the purposes established by “ Torrelloreta ” and under our instructions, guaranteeing the security and protection of personal data.
For reservation management we use the AvaiBook platform :
https://www.avaibook.com/politica_privacidad.php?lang=es
Rights. What are your rights when you provide us with your data?
Current data protection regulations protect you with a series of rights in relation to the use we give to your personal data. Each and every one of your rights are personal and non-transferable, meaning that they can only be exercised by the data owner, after verifying their identity.
Below we indicate your rights:
- Request access to your personal data
- Request rectification of your data
- Request the deletion or elimination of your data (right to be “forgotten”)
- Right to data portability for telecommunications or internet services.
- Limit or oppose the use we give to your data
- Right to withdraw your consent at any time
- Right to file a data protection complaint with the Control Authority: Spanish Data Protection Agency
How can you exercise your rights?
To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so in the following manner:
In person or by email at:
MARIA ESPERANÇA LLORENS JOVÉ
DNI: 38475743D
info@torrelloreta.com
In addition to the rights that assist you, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a claim with the Control Authority, whose contact details are provided below:
Spanish Data Protection Agency
C/ Jorge Juan, 6. 28001, Madrid.
Email: info@agpd.es
Telephone: 912663517
Web: https://www.agpd.es
Consent and acceptance
By accepting this privacy policy, you declare that you have read, understood and accepted its clauses . You also expressly authorize the processing of your personal data in accordance with the purposes and conditions set forth in this document.
