EIZASA HOTELES, S.L. PRIVACY POLICY
In accordance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation, hereinafter, RGPD) and the current Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, EIZASA HOTELES SOCIEDAD LIMITADA, with CIF B50768225 and registered address at Avda. César Augusto nº 12, 50004, Zaragoza (hereinafter, EIZASA HOTELES), informs the users of the website https://eizasahoteles.com/ (hereinafter, “website” ), about the processing of personal data that they have voluntarily provided during the registration process, access and use of the functions offered by the website.
In terms of data protection, EIZASA HOTELES must be considered Data Controller, in relation to the files/processing identified in this privacy policy.
The processing of user data is carried out with the following legal bases that legitimize it, as provided for in articles 6 and 7 of the RGPD: free, specific, informed and unequivocal consent of the user, making this policy available to them. of privacy, which must be accepted through a statement or a clear affirmative action, such as marking a box provided for this purpose, execution of a contract for the purchase of an EIZASA HOTELES product or a service offered by it.
Obtaining the user’s consent is a prior condition to give rise to the processing of personal data by EIZASA HOTELES. Therefore, the functions included in the website that require access to the user’s personal data may only be used after obtaining consent from the user.
As provided in article 7 GDPR, the user’s consent must reflect a free, specific, informed, and unequivocal expression of will when accepting the processing of their data by EIZASA HOTELES. For these reasons, when using the aforementioned functions, the User will have to check a box through which they will give their express consent to the processing of their personal data.
The processing of personal data of a minor user may only be based on their consent when they are over fourteen years of age. In this sense, the processing of data of minors under fourteen years of age, based on consent, will only be lawful if the consent of the holder of parental authority or guardianship is established (Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, hereinafter, LOPD).
EIZASA HOTELES will collect the data that is strictly necessary to achieve the purposes of obtaining the same, as provided for by the principle of data minimization and purpose limitation established by article 5 of the RGPD. That is why, if the User does not provide said data, some functions and content of the website based on that data cannot be offered.
The functions for which the website needs to collect the user’s personal data are the following:
The personal data collected by EIZASA HOTELES corresponds to any information that the User has provided when visiting the website, that is, their name, surname, email address and in certain cases the text of the message they have sent to EIZASA HOTELES. Additionally, when the User visits the website, certain information is automatically stored for technical reasons, such as the IP address assigned by your Internet access provider.
The personal data to which you have access will be processed and kept as long as a contractual relationship or the purpose for which it was collected is maintained. After that, EIZASA HOTELES will keep the personal data once their contractual relationship has ended or when they are no longer relevant for the purposes collected, duly blocked, for making them available to the competent Public Administrations, Judges and Courts or the Public Prosecutor’s Office during the prescription period for actions that may arise from the relationship maintained with the User and/or the conservation periods provided by law. EIZASA HOTELES will proceed to physically delete your data once these periods have passed.
In the event that the User has given their consent for those processing purposes informed in this Privacy Policy, EIZASA HOTELES will maintain their information as long as the User does not withdraw the consent first given, through the means indicated above.
The security measures adopted by EIZASA HOTELES are those required by the RGPD, in accordance with the provisions of its article 32. In this sense, EIZASA HOTELES, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
Likewise, EIZASA HOTELES has established additional measures in order to reinforce the confidentiality and integrity of the information in its organization. Continuously maintaining supervision, control and evaluation of processes to ensure respect for data privacy.
Although the Data Controller makes backup copies of the content hosted on its servers, it is not responsible for the loss or accidental deletion of data by users.
Users who have provided their data through https://eizasahoteles.com/ may contact the owner of the same in order to be able to freely exercise their rights of access to their data, rectification or deletion, limitation and opposition regarding the data incorporated in their files.
The interested party may exercise their rights by written communication addressed to EIZASA HOTELES with the reference “Data Protection”, specifying their data, proving their identity and the reasons for their request at the following address: EIZASA HOTELES SOCIEDAD LIMITADA, Avda. Cesar Augusto No. 12, 50004 – Zaragoza (Spain). You may also exercise your rights by email: info@eizasahoteles.com. Likewise, the User has the right to revoke the consent initially given, and to file rights claims with the Spanish Data Protection Agency (AEPD).
If you wish to contact our data protection officer, you can send an email to dpd@eizasa.com.
The data will not be communicated to any third party outside EIZASA HOTELES, except legal obligation or, in any case, prior request for the User’s consent. On the other hand, EIZASA HOTELES may give access to or transmit the personal data provided by the User to third-party service providers, with whom it has signed commissioned data processing agreements, and who only access said information to provide a service in favor and on behalf of the Data Controller.
Users’ personal data will not be shared with third parties outside the European Economic Area.
As a service to our visitors, our Website may include hyperlinks to other sites that are not operated or controlled by the Website. For this reason, EIZASA HOTELES does not guarantee, nor is it responsible for, the legality, reliability, usefulness, veracity and timeliness of the contents of such websites or their privacy practices.
This web page may include links and services related to different social networks (for example “Like” on Facebook). If the User is a member of a social network and clicks on the corresponding link, the social network provider may link their profile data with the information of their visit to this web page. Therefore, it is convenient for the User to find out about the functions and policies on the processing of personal data of the respective social network.
EIZASA HOTELES reserves the right to modify this policy to adapt it to new legislation or jurisprudence as well as industry practices. In such cases, the changes introduced will be announced on this page with reasonable anticipation of their implementation. If the changes introduced require the express consent of the User, they will be communicated directly to the User through an email through which they will have the possibility of withdrawing their consent to the processing of their data.
