Privacy Policy
Table of Contents
El Rincón de Andrea makes available to you through the website
www.elrincondeandrea.com
this privacy policy in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us. In case of introducing modifications in the future on it, we will communicate it through the website or through other means so that you can know the new privacy conditions introduced.
In compliance with Regulation (EU) 2016/679, General Data Protection and Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, we inform you of the following:
Responsible for the Treatment
Identity: El rincón de Andrea, with NIF 18162422N
Dir. Postcard: C/ Unión, 6 · 22630 – Biescas (Huesca)
Email: info@elrincondeandrea.com
Website: www.elrincondeandrea.com
For what purpose do we process your personal data?
The accommodation collects and processes your personal information in general to manage the relationship we maintain with you, being the main purposes that we have identified the following:
- Management and contracting of the services offered by our accommodation
- Channel requests for information, suggestions and complaints that you can send us
- Keep you informed about events, offers, products and services that may be of interest to you through different communication channels as long as you have given your consent.
- Management of the commercial relationship maintained with our suppliers
How do we collect your information?
We collect your personal information through different means:
- Contact form: to send information about the query made (name, surname and email), obtaining the corresponding legitimacy through the pre-contractual relationship of the parties;
- Services form: to maintain the contractual relationship, as well as the management, administration, information, provision and improvement of the service offered, obtaining the corresponding legitimacy through the contractual relationship between the parties, which will be sent once the client contacts us.
You will always be informed at the time of collection by means of informative clauses about the person responsible for the treatment, the purpose and legal basis of the same, the recipients of the data and the period of conservation of your information, as well as the way in which you can exercise the rights that assist you in terms of data protection.
In general, the personal information we process is limited to identifying data (name and surname, date of birth, address, ID, telephone and email).
The accommodation uses social media and this is another way to reach you. Information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies where they explain how they use and share your information, so we recommend that you consult them before using them to confirm that you agree with the way in which your information is collected, treated and shared.
Likewise, this website collects cookies, which you can consult at the following link: COOKIES POLICY
Responsibility of the user
By providing us with their data through electronic channels, the user guarantees that they are over 14 years old and that the data provided to the accommodation are true, accurate, complete and updated. For these purposes, the user confirms that he is responsible for the veracity of the data communicated and that he will keep this information conveniently updated so that it responds to his real situation, being responsible for the false and inaccurate data that he could provide, as well as the damages, direct or indirect, that may arise.
How long do we keep your information?
We will only keep your information for the period of time necessary to fulfill the purpose for which it was collected, comply with the legal obligations imposed on us and meet the possible responsibilities that may arise from compliance with the purpose for which the data was collected.
If at any time we have collected your data to address you as a potential user of our services or respond to a request for information made by you, said data will be kept for a maximum of 6 months from its collection, being deleted after that period if a contractual relationship has not been formalized or at the time you request it.
In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that binds us or you do not exercise your right of deletion and / or limitation of treatment, in which case, the information will be blocked without giving it use beyond its conservation, as long as it may be necessary for the exercise or defense of claims or some type of liability could arise that had to be addressed.
To whom do we communicate your data?
In general, we do not share your personal information, except for those transfers that we must make based on imposed legal obligations. Although it is not a transfer of data, to provide the requested service it may be that third companies, which act as our suppliers, access your information to carry out the service we have contracted them. These processors access your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality.- Hetzner Online GmbH, located in Industriestr. 25, 91710 Gunzenhausen, Germany, VAT Reg. No. DE 812871812, which provides hosting management services. You can consult the privacy policy and other legal aspects of this company at the following link: https://www.hetzner.com/legal/privacy-policy
- PayPal: The operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the data subject chooses “PayPal” as the payment method during the ordering process, we automatically transmit the data subject’s data to PayPal. By selecting this payment method, the data subject agrees to the transfer of the personal data required by the processing of the payment. The applicable privacy policy of PayPal can be found at https://www.paypal.com/es/webapps/mpp/ua/privacy-full
- STRIPE: Credit card payments are processed by Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. In Europe, Stripe services are provided by a subsidiary based in Ireland, Stripe Payments Europe Limited (“Stripe Payments Europe”). Stripe Payments Europe transmits personal data to Stripe, Inc. with EU-US certification. You can consult its privacy policy at the following link: https://stripe.com/es/privacy.
- Redsys: Redsys Servicios de Procesamiento, S.L.: company used to manage credit card payments on the website. Located at Francisco Sancha, 12 – 28034 Madrid. Privacy policy and other legal aspects of said company at the following link: http://www.redsys.es/legal/20200224_poli%CC%81tica_de_privacidad.pdf
- Google LLC, with registered office at 1600 Amphitheatre Parkway, 94043, Mountain View (California), United States, which provides services consisting of measurement, survey and mail services. They have adopted standard data processing clauses approved by the European Commission which can be consulted at: https://cloud.google.com/security/gdpr/resource-center. Privacy policy and other legal aspects of said company in the following link: https://www.google.com/intl/es/policies/privacy/
- KROSS BOOKING: Krossbooking is a software for vacation rental owners to which basic reservation data is sent for centralized management, which belongs to the company Solutions Plus SRL based in Str. Prov. Bitonto – Aerop. Palese, 28 – Bari, Italy. Link to Krossbooking’s privacy policy: https://www.krossbooking.com/privacy/
International data transfers
With our suppliers we have agreed that, for the provision of the contracted service, they make use of servers located in the EEA and if, in the future, we need to make use of servers located outside the territory of the EU, the appropriate measures will be adopted, which will be incorporated into this Privacy Policy, guaranteeing that there are adequate guarantees.
What are your rights in relation to the processing of your data and how can you exercise them?
The regulations on data protection allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to its treatment, as well as not to be subject to decisions based solely on the automated processing of your data, when appropriate.
These rights are characterized by the following:
- The exercise of them is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive nature), in which case the accommodation may charge a fee proportionate to the administrative costs incurred or refuse to act
- You can exercise the rights directly or through your legal or voluntary representative
- We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline can be extended by another two months.
- We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of opting for another means. If the request is submitted by electronic means, the information will be provided by these means where possible, unless you ask us to do otherwise.
- If we do not process the request, you will be informed, no later than one month, of the reasons for your non-action and the possibility of complaining to a Control Authority
In order to facilitate its exercise, we provide links to the application form for each of the rights:
Form exercise of the right of access
Form for exercising the right to rectification
Form for exercising the right to object
Form for exercising the right to erasure (right to be forgotten)
Form for exercising the right to restriction of processing
To exercise your rights we put at your disposal the following means:
- By written and signed request addressed to the postal address of the person responsible for the treatment with Ref. Exercise of LOPD Rights.
- Sending scanned and signed form to the email address of the person responsible for the processing of the data indicated above, indicating in the subject Exercise of Rights LOPD.
In both cases, you must prove your identity by attaching a photocopy or, where appropriate, a scanned copy, of your ID or equivalent document in order to verify that we only respond to the interested party or their legal representative, and must provide in this case a document accrediting the representation.
Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a claim with the national control authority by contacting the Spanish Agency for Data Protection, C / Jorge Juan, 6 – 28001 Madrid.
How do we protect your information?
We are committed to protecting your personal information.
We use measures, controls and procedures of a physical, organizational and technological nature, reasonably reliable and effective, aimed at preserving the integrity and security of your data and guaranteeing your privacy.
In addition, all staff with access to personal data have been trained and are aware of their obligations in relation to the processing of your personal data.
In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the order made, as well as to implement the technical and organizational security measures necessary to guarantee confidentiality, Integrity, availability and ongoing resilience of personal data processing systems and services.
All these security measures are reviewed periodically to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed and there is no security system that is impenetrable so, in the event of any information subject to treatment and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Control Authority and, Where appropriate, to those users who may have been affected to take appropriate measures.