PALLADIUM GESTIÓN S.L. reserves the right to modify this Policy in order to adapt it to new legislation, jurisprudence or sector practices, or in the interests of the company. Any modifications to the same will be announced with due notice in order to ensure you are fully aware of its content.
1.1 DATA CONTROLLER
The data controller is PALLADIUM GESTIÓN S.L., with address for these purposes at: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands).
1.2 DATA PROTECTION OFFICER CONTACT DETAILS
The contact details of the DPO appointed by the data controller are as follows: email@example.com
1.3 PURPOSES OF DATA PROCESSING
The purposes of collecting and processing personal data, through the various forms that are owned by the data controller and made available to Users, are as follows, depending on the specific case:
- To manage registration for the "Palladium Rewards" programme, and manage the acquisition and redemption of user points within the programme.
- Booking management: to manage bookings made via the "Palladium Rewards" website at one of our hotels.
- To take into consideration the products and services you have contracted and enjoyed in order to offer you products and services that may be of interest to you, based on statistical data developed by us.
- To manage your contact requests through the channels and/or form available for this purpose.
- To provide information and, where applicable, registration for organised draws in which the data controller participates.
- Sending communications related to your account, including, among others, points balance, your card category or level, notifications and any other item that keeps the account holder informed of their account status.
- To send commercial communications by any means (including electronic ones) to inform you about news, events, and our products or services that may be of interest to you, unless you opt out.
1.4 DATA RETENTION
The personal data provided will be kept as long as required to comply with legal obligations or for the period that a judge or court may order.
Data held on the basis of your consent will be kept as long as you do not revoke your consent or oppose their use.
In order to improve your experience of future stays in our hotels, we will keep data related to a record of your visits for seven years, unless you indicate otherwise, in which case data will be kept for the legally prescribed periods or for any period ordered by a judge or court.
1.5 DATA LOCKING
In accordance with article 32 of Organic Act 3/2018 on Personal Data Protection and the Guarantee of Digital Rights, data controllers will proceed to block data when they are corrected or deleted.
The data lock consists of identifying and reserving the data in question, adopting technical and organisational measures to prevent them from being processed, except for making the data available to judges and courts, the Public Prosecutor's Office or government bodies, and data protection authorities in particular, in order to determine any liabilities that may arise from the use of the data and only for the limitation period specified for such cases.
1.6 LEGAL BASIS
The data controller is legitimately entitled to process personal data, on the basis of the following:
- In cases where it has been requested, on the basis of the consent given by the interested party, when filling in the forms and checking the relevant box, for one or more specific purposes, as stipulated in Article 6.1. a) of the General Data Protection Regulation (GDPR).
- Based on the execution of a service provision contract in accordance with the Terms and Conditions of the Palladium Rewards Programme, as stipulated in Article 6.1. b) of the General Data Protection Regulation.
- In order to comply with a legal obligation imposed on the data controller, in accordance with Article 6.1.c) of the General Data Protection Regulation.
1.7 DATA SOURCE
Personal data are obtained from the booking made by the interested party or from forms completed by the latter which have been made available by the data controller.
1.8 DATA ACCURACY
So that the data stored in our files, whether in electronic or paper format, are always accurate, they will need to be kept up to date. To this end, the User should make any necessary changes, either directly, when this option is enabled, or by informing the data controller's corresponding division or department by a duly authenticated means.
The personal data you provide to the data controller may be disclosed to the following categories of recipients:
- Third parties to whom the Company is obliged to disclose information, such as public authorities, in order to comply with the requirements of said authorities and applicable regulations.
- The companies that own the hotels, in order to make the reservation in them. The legitimate basis for processing the data in this case is the execution of a contract or pre-contractual measures (Art. 6.1.b of the GDPR)
Palladium Gestión S.L. does not market, sell or perform any other similar activity using your personal data. Your personal data will only be processed for the purposes indicated above and will only be used by the data controller.
The data controller uses service providers with access to the personal data (data processors). Among these service providers are companies located outside the European Economic Area, and as such there is the possibility of international transfers of data being made. This will in all cases be done in compliance with the relevant guarantees as per Articles 44 onwards of the GDPR. Suppliers of data controllers located in the USA are members of the Privacy Shield agreement.
1.10 RIGHTS OF USERS
Notwithstanding the above, the data subject may exercise the following rights, in accordance with General Data Protection Regulations:
- The right to request access to personal data relating to the subject,
- The right to request rectification or deletion of the data,
- The right to request a limitation to their use,
- The right to oppose their use,
- The right to data portability.
Subjects can exercise these rights by sending a request with a photocopy of their ID card, specifying which of the rights they wish to exercise, to the Data Controller at the following address: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands), or by e-mail to firstname.lastname@example.org
If you believe there has been a violation of your right to the protection of your personal data, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).