|
Basic information on the Processing of Personal Data Linked to the Booking Form |
|
|
Controller |
The controller of the website in question Hotelbeds USA Inc (hereinafter, the “Controller”), which is a company belonging to the Hotelbeds Group. |
|
Purpose |
|
|
Legitimate basis |
|
|
Intended recipients |
|
|
Rights |
Access, rectification, erasure, restriction of processing and revocation of consent. |
|
Additional information |
Further and more detailed information can be found in our Privacy Policy. |
|
Basic Information on the Processing of Personal Data Linked to the User Registration Form |
|
|
Controller |
The controller of the website in question Hotelbeds USA Inc (hereinafter, the “Controller”), which is a company belonging to the Hotelbeds Group. |
|
Purpose |
|
|
Legitimate basis |
|
|
Intended recipients |
|
|
Rights |
Access, rectification, erasure, restriction of processing and revocation of consent. |
|
Additional information |
Further and more detailed information can be found in our Privacy Policy. |
|
Basic Information on the Processing of Personal Data Linked to the Contact Form |
|
|
Controller |
The controller of the website in question Hotelbeds USA Inc (hereinafter, the “Controller”), which is a company belonging to the Hotelbeds Group. |
|
Purpose |
|
|
Legitimate basis |
The data subject’s consent |
|
Intended recipients |
|
|
Rights |
Access, rectification, erasure, restriction of processing and revocation of consent. |
|
Additional information |
Further and more detailed information can be found in our Privacy Policy. |
|
Basic Information on the Processing of Personal Data Linked to the Form for Sending News / the Newsletter Subscription Form |
|
|
Controller |
The controller of the website in question Hotelbeds USA Inc (hereinafter, the “Controller”), which is a company belonging to the Hotelbeds Group. |
|
Purpose |
|
|
Legitimate basis |
Consent |
|
Intended recipients |
Companies in the group to which the Hotelbeds Group belongs. |
|
Rights |
Access, rectification, erasure, restriction of processing and revocation of consent. |
|
Additional information |
Further and more detailed information can be found in our Privacy Policy |
Identification of the Controller
- Identity: Hotelbeds USA Inc, (hereinafter, “Hotelbeds USA” or the “Controller”), which belongs to the Hotelbeds Group.
- Tax No. (NIF): B-57218356
- Address: Complejo Mirall Balear, Torre B, 5ª. Planta, 4B, Camí de Son Fangos, 100, 07007, Palma de Mallorca (Spain)
- Data Protection Officer (DPO): dataprotection@hotelbeds.com
What is the purpose of the processing of your data, and what is its legitimate basis?
The personal data provided by users (hereinafter, “You” or the “User”) through the various forms made available on the website Hotelopia (hereinafter, the "Website") will be processed for the following purposes:
- To manage the contractual relationship with You and to ensure the supply/provision of the products/services, including the management of bookings and of the services offered by the Controller, and the legitimate basis is the performance of the pre-contractual/contractual relationship.
- To manage the billing of the products/services provided by the Controller, and the legitimate basis is the contractual relationship.
- To manage queries, as well as to process and respond to any possible requests for information made by Users through the channels provided, including the call centre, and the legitimate basis is the User’s consent.
- To send communications relating to the status of bookings made or products contracted, as well as updates thereto, and the legitimate basis is the contractual relationship.
- To send commercial information about our products and services by means of newsletters or other communication channels. The basis for such communications is your consent.
- To inform You about products/services offered by the Controller that are related to the ones purchased/contracted. The legitimate basis is the Controller’s legitimate interest.
- To manage and process any legal, out-of-court or insurance-related claims that may be received by the Controller in connection with You. The legitimate basis is the legal authorisation.
- To manage your subscription and registration on the Website. The legitimate basis is the User’s consent.
- To verify that You meet the requirements for registration within the chosen category, whenever deemed necessary or desirable by the Controller. The legitimate basis is its legitimate interest.
- To develop profiles taking into account the searches carried out on the Website in order to provide information about updates on the Website that may be of interest to You. The basis of the processing is your consent.
- To make it possible to download the content contained on the Website. The legitimate basis is your consent.
- To extract data for the purpose of conducting surveys and statistical and analytical analyses. The legitimate basis is the Controller’s legitimate interest.
- To comply with the Controller’s legal obligations. The basis of the processing is the fulfilment of such obligations, including dealing with any possible requests for the exercise of data protection rights.
- To enable us to prevent fraud in bookings and transactions. We will use data relating to the booking, as well as other data relating to the user’s navigation (by means of online identifiers, web beacons, etc.) on the Controller’s sites as well as those of other third parties on which bookings or transactions can be made or carried out on the Controller’s behalf. The services of Riskified will be used to achieve this purpose, based on Hotelbeds’ legitimate interest in the prevention of fraud in transactions.
The data requested on the forms appearing on the Website are generally mandatory (unless otherwise specified in the required field) in order to comply with the established purposes. Therefore, if such data is not provided or is not correctly provided, the said purposes may not be fulfilled. This is without prejudice to the fact that the content of the Website will still be freely visible to You.
What User data will be processed by the Controller?
The Controller will process the following categories of User data:
- Identification details: your name, surname(s).
- Contact details: postal address, e-mail address and telephone number.
- Financial details: credit card and billing details.
- Navigation data: online identifiers, cookies, IP, etc.
If You, the User, provide third-party data, You hereby state that You have such third parties’ consent and undertake to provide such third parties with the information set forth in the Privacy Policy, releasing the Controller from any liability in this regard. Notwithstanding the foregoing, the Controller may carry out periodic checks to confirm this fact, taking any due diligence measures that may be appropriate, in accordance with the data protection legislation.
Anyone over the age of 16 can navigate through the Website. However, registration is only open to over-18s. This means that You are expressly forbidden from registering if You are under 18.
We reserve the right to ask You for any information (such as a copy of your ID card) that allows us to check your age, as well as to delete or deactivate the account of any minors or of any Users who fail to provide therequested documents within the times established in the request.
With which recipients will User data be shared?
User data may be disclosed:
- To the Controller’s partner organisations in the hospitality sector for purposes related to the services contracted by You, such as management and administration services relating to a booking with the relevant hotel, management of travel packages with different agencies, etc.
- To companies in the group to which the Controller belongs, solely for internal administrative purposes and/or for the purposes mentioned above.
- Public bodies pursuant to legal obligations.
- Riskified for fraud prevention.
In addition, the data may be accessed by suppliers and other companies in the Controller’s group where such access is necessary for the proper fulfilment of legal obligations and/or the purposes mentioned above. Such suppliers will not process your data for their own purposes unless these have been previously communicated by any of the companies in the Hotelbeds Group.
If the disclosure of data to such third-party companies involves an international transfer of data, the Controller shall take the necessary steps in accordance with the data protection legislation to ensure that the said third parties process the data with all appropriate guarantees.
Retention of Data
The personal data will be retained for the duration of the contractual relationship between You and the Controller and, even after the said relationship has come to an end for any reason, for the applicable legal limitation periods, unless otherwise stated. In such case, the data will be processed for the purpose of proving compliance with our legal and/or contractual obligations. We will retain personal information for as long as may be necessary or permitted in accordance with the purposes for which it was obtained.
In relation to those purposes that require the User’s express consent, such consent may be revoked at any time through the channels whose details can be found in this Policy. Notwithstanding the foregoing, the withdrawal your consent will not affect the lawfulness of previous processing.
Security Measures
The Controller will at all times process your data in full confidentiality and in accordance with the mandatory duty of secrecy in relation thereto, as provided in the applicable legislation, adopting all necessary technical and organisational measures for that purpose, in both physical and logical environments, guaranteeing the security of the data and preventing its loss, alteration or unauthorised access or processing by internal staff or any other third parties, taking into account the state of the art, the nature of the data stored and the risks to which such data is exposed. Similarly, your information is stored in a secure environment and may only be accessed by authorised staff.
In relation to this, You are hereby informed that the Controller’s systems include encryption protocols in the communication of information transmitted by the Website. When the Website is contacted, it must be processed in accordance with the Secure Socket Layer (SSL) security parameters.
However, as no communications made over the Internet can be guaranteed to be 100% secure, we cannot fully guarantee that the information provided will remain secure at all times.
Exercise of Rights
You may write to the Controller at the address provided in the heading of this Policy, or send an e-mail to the address dataprotection@hotelbeds.com, attaching a photocopy of your identity document, at any time and free of charge, for the following purposes:
- To revoke the consents granted.
- To access your personal data.
- To rectify inaccurate or incomplete data.
- To request the erasure of your data when - among other reasons - such data is no longer necessary for the purposes for which it was collected.
- To request the limitation of processing of your data when any of the conditions set forth in the data protection legislation are fulfilled.
- To request the portability of your data.
Compliance with the CCPA
If You are a subject affected by California State law in relation to the processing of your personal data, You will find more information about the ability to prevent the sale of your personal data in this link(Do Not Sell My Data).
You may also contact the DPO at the address dataprotection@hotelbeds.com, and Youhave the right to file a complaint relating to the protection of your personal data with the Spanish Data Protection Agency (AEPD) at the address Calle de Jorge Juan, 6, 28001 Madrid (Spain) (www.aepd.com), if You, the data subject, consider that the Controller has infringed your rights as recognised in the applicable data protection legislation.
Last updated on: September 15th 2020.