I.- What is the purpose and legitimation for us to process your data?
The Hotel hereby informs the customer that their personal data will be processed by Barceló for the following purposes:
1. Managing bookings and services. In order to manage the booking received by the central office or through a channel outside Barceló Hotel Group (for example: Expedia, Booking, etc.), the Hotel requires certain customer information, such as: name, surname(s), address, ID, passport or equivalent identification document, email, telephone number or date of birth. This information will be used to assign them the requested stay or other requested service other than the accommodation service (e.g., events, celebrations, conferences).
In the event that customers request specific services from the Hotel (e.g., spa or medical services) and provide data related to their health, said Hotel understands that such information is voluntarily communicated by the customer, as there is no prior request for this information. These personal data will only be processed to manage the customer’s request. However, the Hotel will request the interested party’s consent in order to process this data.
Legitimation: This data processing is necessary for the execution of the contract.
2. Processing of data related to minors. In the event that personal data related to a minor must be processed in order to manage the service, the Hotel will request the proper authorisation from their legal representatives when said minor is under the age of 13, even if the processing of their personal information is necessary to satisfy the services requested by the legal representatives of the minor. This authorisation shall be deemed to extend to the processing of the minor’s data that is necessary for the provision of the services that concern them (e.g., entertainment services, mini-club, nursery).
Legitimation: This data processing is necessary for the execution of the contract. However, in the event that the minor is under the age of 13, the Hotel will request the authorisation of their legal representative for the processing of their personal data.
3. For the fulfilment of accounting, legal, tax and administrative obligations.
Legitimation: This data processing is necessary for the execution of the contract.
4. Management of customer complaints. The Hotel will process the data included in the complaints filed by the customer in order to process such complaints and they may offer discounts or more beneficial conditions in subsequent stays to compensate for any losses that the customer may have suffered in the Hotel. Where appropriate, the information related to the complaint can be communicated to Barceló Gestión Hotelera in order to offer a satisfactory solution to the customer. For the same purpose and in the event that the customer has suffered indemnifiable damages, BGH will communicate this information to the hired insurance company in order to manage the loss suffered by the customer.
Legitimation: This processing is necessary to deal with the complaint generated by the customer.
5. Communication of data to Barceló Gestión Hotelera for customer service purposes. Barceló Gestión Hotelera provides a customer support service to handle the requests generated by the customers or potential customers of the hotels, regarding both information requested prior to the booking process as well as queries arising in relation to bookings already made or services offered by the hotels. Where appropriate, requests submitted by customers to the Hotel may be referred to Barceló Gestión Hotelera in order to ensure centralised management at the Group level.
Legitimation: This processing is necessary to address the request made by the customer.
6. Submission of quality surveys. Customers have forms at their disposal. They can fill out surveys anonymously or identify themselves. In the latter case, the Hotel will process the information related to the parties completing the survey and their opinion in order to improve the services provided in the Hotel, and may communicate this to Barceló Gestión Hotelera in order to improve our services at the Group level, both in the referenced Hotels as well as in other hotels. This information can also be communicated for commercial purposes, based on what is established in paragraphs 3 and 4.
Legitimation: This processing is based on the legitimate interest of the Hotel. Customers can always choose not to receive this type of communication by following the instructions in section V.
7. Implementation of controls for the detection of fraudulent activities. In order to control and monitor activity that may be fraudulent, the Hotel would like to inform customers that it performs an analysis of the transactions that are carried out in the Hotel in order to identify and conduct a more in-depth analysis of those transactions that it detects as suspicious of being fraudulent. Where appropriate, the Hotel may grant access to this information to Barceló Gestión Hotelera as legal adviser of the hotel.
Legitimation: This processing is based on the legitimate interest of the Hotel given that it involves the control and monitoring of all the operations carried out by its customers in order to detect possible fraudulent behaviour in the transactions that are carried out during the booking process. Customers can oppose the processing of their data by following the instructions set out in section V.
8. Communication of data to Law Enforcement. As legally required, the Hotel must communicate data related to guests staying in its rooms to Law Enforcement, who in turn will process that data for their own purposes and under their own bases and legitimations.
Legitimation: This processing will be carried out under the Hotel’s legal obligation, as established by Order INT/1922/2003 of 3 July on registry books and entry reports for travellers in hotels and other similar establishments, along with the Schengen Agreement.
9. Legal or administrative procedures. The Hotel, in the event of possible legal or administrative proceedings that may arise from services offered or provided by them, shall process the necessary information to submit the relevant allegations, exercise its lawful right to defence, or file any claims deemed appropriate based on the facts.
Legitimation: This processing is based on legal obligations established by administrative regulations (mainly, the Common Administrative Litigation Procedure Act) or, if required, to ensure that the Hotel may exercise its legitimate right to effective legal protection, both in terms of its right to defence and its right to file any judicial claims deemed necessary, based on the Law of Civil Procedure or Law of Criminal Procedure.
10. Incident management system. The Hotel will process its customers’ information that is necessary to manage any reported incident or any incident that the Hotel itself detects by its own means (including those incidents that its service providers may detect). Such data processing will only be performed to solve the incident and resolve any problems derived from it. The Hotel understands that it has a legitimate interest in anticipating the safety of its IT assets, as well as resolving any incidents that put said safety, or the continuity of the provision of the services offered to customers, at risk.
Legitimation: Such processing is required to satisfy the legitimate interests of the Hotel. Customers can object to the processing of their data for such purposes by following the instructions set out in section V.
11. Processing of data related to video surveillance. This processing will be carried out in accordance with the informational clause related to video surveillance, available from reception at the customer’s request.
II.- How long will we keep your data?
The personal data to which we have access will be processed while the contractual relationship exists. After this, the Hotel will keep the personal data, duly blocked, once the contractual relationship is terminated, in order to make them available to the competent Public Authorities, Judges and Courts or the Public Prosecutor during the statutory limitation period for claims that may arise from the relationship maintained with the customer and/or the legally established storage periods. Once these periods have elapsed, the Hotel shall physically erase the data.
III.- Who will we share your data with?
The Hotel may share data with: · Barceló Gestión Hotelera. · Competent Public Bodies, Judges and Courts, and in particular, Law Enforcement. · As well as the aforementioned data sharing, the Hotel works with third parties who provide services and have access to the customers’ personal data, which they process in representation and on behalf of BGH as a result of providing said services. In particular, the Hotel hires third parties to supply, including but not limited to services in the following sectors: legal counsel, and companies providing multidisciplinary professional services, tech services, and IT services.
IV.- What rights do you have when providing us with your data?
Customers may, if they so wish, exercise their right to access, rectification and erasure of their data, as well as request that the processing of their data be restricted, object to said processing, request the portability of their data, and request that they not be subject to individualised decision-making based on automated processes, by sending a written request to firstname.lastname@example.org
In any event, the customer is hereby informed that any request to exercise their rights related to personal data shall be managed by the Data Protection Officer located at c/ Josep Rover Motta, 27, 07006, in Palma de Mallorca, or by sending an email to email@example.com, attaching to this request, in both cases, a copy of their National Identity Document, Tax ID number, or an official document that identifies them. In this way, customers can direct their request to the hotel address indicated or directly to the Data Protection Officer.
Customers may, in relation to the processing requiring their consent, withdraw their consent through the procedure detailed in the previous paragraph.
V.- How have we obtained your data?
The personal data that the Hotel processes is personal data provided by customers or collected through the following:
· Our direct channels:
· Website (www.barcelo.com).
· Call centre for telephone enquiries.
· Tour operators in the Barceló Hotel Group network.
· Barceló Gestión Hotelera.
· Third parties who compare accommodation services, including, for example: Booking, Expedia.
VI.- To which public authority may I submit complaints?
Customers may file a claim with the Spanish Data Protection Agency regarding the reply they received from the hotel and Barceló Gestión Hotelera in addressing their rights. In any event, the customer is hereby informed that any claim relating to the handling of personal data shall be managed and processed by [contacting] the Data Protection Officer of Barceló Hotel Group, named by Barceló Gestión Hotelera and located at c/ Josep Rover Motta, 27, 07006, in Palma de Mallorca, or by sending an email to: firstname.lastname@example.org, attaching to this request, in both cases, a copy of your National Identity Document, Tax ID number, or an official document that identifies you. In this way, customers can direct their request to the hotel address indicated or directly to the Data Protection Officer from Barceló Hotel Group.