PALLADIUM GESTION, S.L.U. reserves the right to modify this Policy in order to adapt it to new developments in legislation, jurisprudential criteria, industry practices or the entity’s own interests. Any modification thereto will be announced with due notice in order for its contents to be adequately known.
PALLADIUM GESTION, S.L.U. is the controller, with registered address for this purpose at: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands). The processing activities carried out on our websites and for our guests’ stays in our hotels imply personal data processing, performed by the grouping of entities linked to PALLADIUM GESTIÓN, S.L.U. You can obtain more information about all of these entities in the following link.
The controllers may process your personal data for the following purposes:
1. Management of the accommodation booking in one of the hotels managed by PALLADIUM GESTIÓN, S.L.U., which includes:
• Responding to the booking request made through our website, our Call Center or through a third party.
• Responding to special requests and preferences associated with the booking, as included in the observations field within the form available on our website.
• Sending the booking confirmation guaranteed with a credit card.
• Responding to contact requests to manage, cancel or modify your booking through the “Bookings Contact” or through our Call Center.
2. Managing stays in all our hotels to offer you our best service and best possible attention in each and every one of them. With this purpose, the controllers may:
• Attend to your needs, special requests and references that you stated during your stay at the hotel.
• Take into account the products and services you have contracted and enjoyed to offer you products and services that could be of interest to you, depending on the statistical data we elaborate.
• Analyse data on personal preferences, interests and requests made to hotel personnel, through the information gathered during your stay, to make your current and future stays and experiences in the hotels of PALLADIUM HOTEL GROUP optimal, thanks to the personalised services we provide.
3. Managing the “Online check-in”: The controllers may send an email for the data subject to voluntarily carry out initial formalities regarding your check-in at the hotel.
4. Managing information and contact requests through the specific channels and/or forms made available for this purpose. This includes:
• Answering contact requests sent to PALLADIUM HOTEL GROUP.
• Responding to information requests regarding the activities that the PALLADIUM HOTEL GROUP carries out.
• Managing the subscription and unsubscription, when necessary, to the PALLADIUM COMMUNITY newsletter in order to send you up-to-date information about the activities, products and services of PALLADIUM HOTEL GROUP, and to receive exclusive promotions.
• Sending promotional messages through any means (including electronic means) to inform you about new developments, offers, events and our products and services that could be of interest to you.
5. PALLADIUM GESTION S.L.U. manages the “Palladium Rewards” loyalty programme. This includes:
• Managing the account registration and closure, when necessary, in the “Palladium Rewards” programme, as well as managing the collection and redemption of user points within its framework.
• Managing the booking made in one of our hotels through the “Palladium Rewards” programme web page.
• Informing and signing users up, when necessary, for drawings organised by the controller or in which it participates.
• Sending communications related to your account, including but not limited to your points balance, card or level category, notifications and any other factor that would keep the titleholder informed about his/her account status.
6. Gathering the opinions of guests through customer satisfaction surveys.
7. Informing and signing users up, when necessary, for fairs and events organised by the controller or in which it participates.
8. Managing employment applications by collecting CVs, in order to contact the data subject and carry out the selection process.
9. Sending “shopping basket pending” reminders: the controller may send the data subject communications to remind him/her that he/she has not finished the order or booking process that he/she started. The information that the user included on the website will be considered. This purpose will only be carried out if the user has expressly consented to it.
The controller has a legitimate basis to process your personal data based on:
• The performance of a service agreement, under Article 6.1.b) of the General Data Protection Regulation, in order to formalise and execute the booking.
• The explicit consent that you grant for the “Palladium Rewards” programme, in accordance with the provisions of Article 6.1.a) of the General Data Protection Regulation, as well as the performance of a service agreement, under Article 6.1.b) of the above-cited Regulation.
• The legitimate interest of PALLADIUM GESTION, S.L.U., as well as the rest of the companies that own hotels under its management, in accordance with Article 6.1.f) of the General Data Protection Regulation, with regard to data about hotel stays and experiences. In this case, the proportionality and applicability of such interest have been weighed with the rights of the data subjects.
• The explicit consent that you grant us in the cases that it has been requested for one or multiple purposes, such as those included in Article 6.1.a) of the General Data Protection Regulation, when filling out forms and marking the box provided to this effect. In these cases, the data subject has the right to withdraw his/her consent at any time, without this affecting the lawfulness of the processing based on the consent given prior to its withdrawal.
• Compliance with a legal obligation for the controller, in accordance with Article 6.1.c) of the General Data Protection Regulation, when a legal standard applies obliging it perform a specific means of personal data processing.
SOURCE OF THE DATA
Personal data come from the booking that the data subject carries out, from the forms that the controller makes available to him/her and that he/she completes, or from the user experience data gathered during his/her stay at the hotels managed by PALLADIUM GESTION, SLU.
In the case that the data do not come directly from the data subject, these would come from the booking made for the data subject by a third party (by a travel agency, for example, or a travel booking website).
The personal data that are provided will be stored for the corresponding term in order to meet legal obligations or respond to possible claims during the statute of limitations for civil suits.
Currently, with the purpose of improving your experience in future stays at our hotels, we maintain the data related to your stay history for a term of seven years, unless you express your opposition, in which case they will be maintained for the stipulated legal periods and throughout the term in which a judge or court could request them. To find out more information about all of the storage periods, you can contact our Data Protection Officer.
PALLADIUM HOTEL GROUP has adopted security measures aimed at protecting the confidentiality, integrity and availability of the data, both through measures on an organisational level and those of a technical nature. The entity applies the following measures, among others:
a) Data blocking procedures. In accordance with the provisions of Article 32 of Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, the entity blocks data to prevent their processing.
b) Data Breach management procedures The entity has technical measures aimed at detecting security incidents that could affect the data processing that is carried out. Once a security incident is detected, PALLADIUM HOTEL GROUP has established measures to resolve the incident and, when applicable, notify the competent authorities and/or the data subjects.
c) Personal data pseudonymisation and encryption procedures With this measure, PALLADIUM HOTEL GROUP guarantees that the data subjects’ data are kept within a sphere of maximum confidentiality.
d) Procedures to restore availability and access to personal data in case of a technical or physical incident.
PALLADIUM HOTEL GROUP regularly carries out evaluations on the effectiveness of the technical and organisational measures to guarantee secure processing.
The personal data that you provide to the controller may be transferred to the following categories of recipients:
• Third parties to whom the entity is obliged to send information, such as public authorities, with the aim of complying with the requirements from those authorities and applicable regulations, if necessary (art. 6.1.c) GDPR).
• The companies who own hotels belonging to the PALLADIUM HOTEL GROUP, in order to carry out the booking with them through the performance of a contract or pre-contractual measures (art. 6.1.b) GDPR), and to show them personal preferences, interests and requests from the information gathered during prior stays, in order to provide them with a personalised service, based on the legitimate interest of the controller (art. 6.1.f) GDPR) and, when applicable, the consent granted through the “Palladium Rewards” programme.
The entities acting as controllers will not market, sell or carry out any similar activity with your personal data. They will only process your personal data for the purposes mentioned herein. The entities have service providers who can access the personal data (processors). These service providers include companies located outside of the European Economic Area, which could entail international data transfers, which in all cases would provide adequate guarantees, in accordance with Articles 44 et seq. of the GDPR. To carry out international transfers with PALLADIUM GESTION, S.L.U. service providers located in the USA, the standard contractual clauses adopted by the European Commission are used as a guarantee.
RIGHTS OF USERS
Nonetheless, the data subject in any case can exercise the rights to which he/she is entitled, in accordance with the General Data Protection Regulation, which are the following:
• Right to request access to the data subject’s personal data
• Right to request their rectification or erasures
• Right to request the restriction of their processing
• Right to object to the processing
• Right to data portability
The data subject can exercise these rights through a request that includes a copy of his/her national identity card and must specify which of these rights he/she wishes to exercise, sent to the controller at the address: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Baleares) or through the email address email@example.com
If you believe your data protection rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
Data of update: 1 January 2022