Privacy Note


Hotel Santa Rosa is a company registered in Spain as Macià SA, whose registered office is at Calle Sènia de Barral, 39 17310- Lloret de Mar (Spain), telephone +34 972 36 43 62 and email info@hotelsantarosa.es.
Hotel Santa Rosa (Macià SA) is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the General Data Protection Regulations (GDPR) in Spain. www.hotelsantarosa.es is a name domain owned by MACIÀ S.A., whose VAT id is: A-17014820, and it is registered in the commercial registry of Girona, volume 104, Book 38 Sec. 3a, folio 32, sheet 720, inscription 1a.
The purpose of this statement is to explain to you what personal information we collect, and how we may use it under the new General Data protection Regulations (EU) 2016 / 679 (GDPR). We have reviewed and updated our policies, processes and procedures to comply with the GDPR and have updated this Privacy Notice accordingly.

Data protection and privacy policy
In compliance with current regulations on data protection: Regulation 2016/679 (EU) of the European Parliament and Council of April 27, 2016, known as General Data Protection Regulations (GDPR); Organic Law 15/1999, of December 13, on the Protection of Personal Data; Spanish Royal Decree 1720/2007 of December 21, which approves the Regulation for the development of Spanish Organic Law 15/1999, we inform you that the Policy of Data Protection and Privacy Policy of our company refers to the processing of your personal data, and it is as follows:

Who are we?
The person in charge for processing your personal data is the individual or legal entity, public authority, service or other body that, alone or together with others, determines the purpose and means of data processing.
In this case, the data controller is the following:

Identity: Macià SA
VAT id: A-17014820
Mailing Address: Apartat correus 21 17310 LLoret de Mar
Phone: +34 972 36 43 62
Email address: info@hotelsantarosa.es

What is personal information?
Personal data is any information about an identified or identifiable natural person ("the interested party"). Any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or several elements of the identity, will be considered an identifiable physical, physiological, genetic, psychic, economic, cultural or social trait of said person.
There is a wide variety of information that is considered personal data, for example, the name, contact information, identification number, computer IP, etc.
To expand this information you can consult the website of the Spanish Agency for Data Protection (http://www.agpd.es) or the Catalan Autoritat de Protecció de Dades (http://apdcat.gencat.cat/), among others.

Treatment of personal data
Personal data processing is any operation or set of operations performed on personal data, either by automated procedures or not, such as: collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of access authorization, collation or interconnection, limitation, suppression or destruction of data.

How we use your information
We will use your personal information to manage bookings, provision of services, offers, surveys and newsletters you have requested. Specifically:

  • To keep you informed of any special offers, company news, updates, product information or events that we believe might be of particular interest to you

  • To administer and operate your account and to fulfill bookings placed through our website

  • For payment processing associated with the fulfillment of bookings

  • To respond to your customer service requests

  • To track activity on our website

  • For record-keeping purposes

  • For market research and statistics

  • To confirm your identification when you contact us

  • We will not treat your personal data for any other purpose except those included in this section, except in cases where there is a legal obligation or judicial requirement.
    We do not undertake any automated decision, excluding Google Analytics, using your data, nor do we use your data for profiling or any other investigative purposes.

    How long will we keep your personal information?
    The personal data you have provided us will be kept for the time necessary to carry out the service requested or contracted, and up to a maximum period of 5 years from the last confirmation on your part of the existence of interest in maintaining your data.
    This is understood without prejudice to a possible longer preservation for the purpose of eventual compliance with legal obligations and for the exercise and follow-up of legal and judicial actions that may be relevant.
    Once the indicated periods have elapsed, the personal data will be deleted.

    Legitimation for the processing of your data
    The legal basis for the treatment of your personal data responds to the free and legitimate acceptance of the legal relationship by the user at the time of acceptance of this Policy of protection of personal data and privacy.
    Likewise, the legitimation for the treatment of your data for each of the purposes of the processing of personal data that have been previously identified is detailed below:

    Booking, registration and contracting of products: The legal basis for the processing of your personal data is the contractual relationship and, where appropriate, pre-contractual established between the parties for the execution of the provision of services and / or products contracted or requested by the interested parties, and in particular, for the execution of the reservation of the services and products of our establishment that has been made, according to the terms and conditions that appear in the section of Terms and Conditions of Contracting, as well as the fulfillment of the obligations mercantile, fiscal and accounting that correspond. All this based on the provisions of article 6.1, sections a) and b) of the RGPD.
    The refusal to provide the personal data requested for the reservation will therefore make it impossible to carry out the contract or the reservation requested. For more information on the contracting of our products and services, see the section Terms and Conditions of Contract. Once the reservation is made, the interested party will receive a confirmation email with the details of the reservation.

    Record book of entries of travelers in catering establishments: The legal basis for the treatment of their personal data is the legal obligation established in this regard of the collection, management and referral to the competent security bodies established in the Organic Law 4/2015 , March 30, Protection of Citizen Security and other development regulations. This is based on what is established in article 6.1 section c) of the RGPD.
    The refusal to provide the requested personal data will therefore make it impossible to stay in the establishment.

    Consultations: The legal basis for the processing of your personal data is the possibility of responding to inquiries freely raised by the interested parties. This treatment is carried out based on what is established in article 6.1, sections a) and b) of the RGPD.
    The refusal to provide the requested personal data will therefore make it impossible to stay in the establishment.

    Advertising of own products and services: In the event that the interested party has checked the appropriate box to accept receiving commercial communications (newsletters), the legal basis for sending advertising about products and services is the free and express consent of the interested party, which can withdraw at any time, without the withdrawal of consent for this purpose condition the execution of the contract of reservation of room, where appropriate. This processing of personal data is based on what is established in article 6.1 section a) of the RGPD.
    The refusal to provide the requested personal data will therefore make it impossible to subscribe to the newsletter or receive commercial communications with information about our products or services.
    We inform you that you have the right to withdraw your consent for this treatment at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal. If you wish to withdraw your consent, see the section "Right of interested persons".

    Communicate changes in the privacy policy: The legitimacy to process personal data in this case is based on the convenience of communicating to interested parties the changes that may occur in the privacy policy of the company, as well as its free acceptance and consent for this treatment, based on what is established in article 6.1, sections a) and b) of the RGPD.

    Statistics: The legitimacy to process data to conduct market studies and statistics of our products and services, without in any case making decisions in an automated manner with legal effects for the interested party, is the free acceptance and consent of the interested party for this treatment, based on what is established in article 6.1 sections a) of the RGPD.
    We inform you that you have the right to withdraw your consent for this treatment at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal. If you wish to withdraw your consent, see the section "Right of interested persons".

    Your rights under GDPR
    The GDPR provides the following rights for individuals, and please click here for further information:
    • The right to be informed
    • The right of access
    • The right to rectification
    • The right to erasure – complete deletion of your personal data
    • The right to restrict processing: in certain circumstances foreseen in Article 18 of GDPR the interested parties can request the limitation of the treatment of their data. In this case, we will only keep them to exercise or defend claims. In particular, you have the right to restrict the treatment in cases in which:

    - the interested party challenges the accuracy of the personal data, for a period that allows the company to verify the accuracy of the same;
    - the treatment is unlawful and the interested party opposes the deletion of personal data and requests instead the limitation of its use;
    - the person in charge no longer needs the personal data for the purposes of the treatment, but the interested party needs them for the formulation, exercise or defense of claims;
    - the interested party has opposed the treatment for reasons related to their particular situation to which their personal data are subject to a treatment based on the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the controller; and/or the treatment is necessary for the satisfaction of legitimate interests pursued by the data controller or by a third party, while verifying if the legitimate reasons of the responsible party prevail over those of the interested party.

    • The right to data portability
    • The right to object

    If you want additional information about their rights, find it on the website of the Spanish Agency for Data Protection (http://www.agpd.es) or in the Catalan Autoritat de Protecció de Dades (http://apdcat.gencat.cat/).
    You may exercise your rights by submitting a Subject Access Request. If you would like to exercise any of your rights under GDPR and need assistance, please email our Data Protection Officer on info@hotelsantarosa.com

    How can you exercise your rights?
    You may exercise your rights by submitting a Subject Access Request. If you would like to exercise any of your rights under GDPR and need assistance, please email us at info@hotelsantarosa.es, with the subject "Personal Data" enclosing a photocopy of your identity document or any other means established in law.

    Your right to complaint
    If you are dissatisfied with our handling of your requests about the protection of your data you have the right to complain to the Spanish Data Protection Agency or with any competent control authority.

    Information treated. What categories of personal data do we deal with?
    We try to ensure that the information we request is kept to the minimum necessary for the management and purpose stated in this Data Protection and Privacy Policy.
    Our company may deal with the following categories of personal data:
    • Identifying data: name and surname, identification number, country, etc.
    • Postal or electronic address and telephone number.
    • Financial economic information, for the management of the reservation and subsequent invoicing and collection of the requested service.
    • Data regarding the contracted products and services (reserved hotels, frequency, length of stay, hotels previously booked, etc.).
    • Navigation data on the website. For more information, see the section Cookies.
    • Specially protected data or special categories of data are not treated.

    The interested party guarantees that the personal data provided is true and is responsible for informing the company of any change or error in the same, thereby answering the veracity and accuracy of the data provided at any time.
    In the event that the interested party intends to communicate personal data of third parties, he must previously have informed and obtained his consent, in accordance with our Data Protection and Privacy Policy. That is why, in case the user has entered personal data of a third party, he/she declares and guarantees that he/she has the third party's consent for the communication of their data and their subsequent treatment by our company, as well as that previously informed the third party whose data provide the content of this Privacy Policy and Privacy Policy.

    Personal data that we collect automatically
    When the interested party visits our web sites, we collect certain information automatically, even if in the end no reservation or contract is made. This information may include the IP address, the date and time that our services have been accessed, information about the hardware, the software or the internet browser that you use, the selected language, among others.
    This information allows us to improve the services and the user's experience on the website, and to identify possible fraudulent uses and possible attacks on the website's security, as well as to make statistics on the use and effectiveness of the website. Unless a fraudulent use or against the security of the web is detected, these data will not be preserved. In no case will automated decisions be made with legal effects for the user based on this information.
    For more information, see the section on Cookies or computer cookies.

    Sending communications
    Whenever the interested party makes a reservation or hires a service or product, an email will be sent to him in which the confirmation of booking or contracting will be communicated, with information of the same. Likewise, we can contact the interested party in order to inform him of any modification or novelty related to it.
    On the other hand, the company may send commercial communications related to the products or services it offers provided that it has expressly and specifically consented to by validating the box enabled for that purpose or by any express consent in this regard.
    The interested party may withdraw his consent to receive any type of commercial communication at any time by sending communication in the terms set out in the section "Right of interested persons". Likewise, this possibility will be offered to the interested party also in every commercial communication received via email or SMS.

    Data communication by minors
    The services offered through the website are only available for adults. Therefore, those who do not comply with this condition should refrain from providing personal information on the website.

    Links to third-party websites
    Our website may contain links to websites of companies and third-party entities. Since we cannot be responsible for the way in which these companies treat the protection of the privacy and personal data of their users, we advise you to read carefully the privacy policy statements of these web pages that are not owned by the company in relation to the use, processing and protection of personal data.

    Social media
    Our company uses social networks to publicize its services and products and share information and experiences with its users and followers.
    Since we cannot be responsible for the way in which these companies deal with the protection of privacy and personal data, and that each of them has its own policy on the matter, we advise you to read carefully each social network’s Privacy policy statements regarding the treatment they perform with the personal data of their users, before using them.

    Changes to this privacy policy
    We may update this Privacy Policy from time to time, to ensure full compliance with the current and any future GDPR regulations.

    Questions and doubts
    If you have any questions or doubts about this privacy policy, please contact us by sending an email to info@hotelsantarosa.es with the subject "Privacy Policy".