Virgen de Gracia Apartments is committed to due diligence and compliance with data protection regulations. Below is detailed information on our privacy and personal data protection policy, in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPD GDD).

Data Controller and Data Protection Officer (DPO) Contact Information:

Company Name: Virgen de Gracia Apartments

Address: C/ Virgen de Gracia, 3 - 06260 Monesterio (Badajoz), Spain

Telephone: +34 615 066 872

Email: virgendegraciaapartments@gmail.com

DPO Contact Information: virgendegraciaapartments@gmail.com

Purposes of Processing

Virgen de Gracia Apartments will process the information provided by interested parties for the following purposes:

To manage your visit, booking, and meeting at our facilities.

To manage the provision and delivery of contracted hotel and tourism services, including: Physical and online booking process. Registration as a guest of Virgen de Gracia Apartments. Management and improvement of your stay. Wi-Fi service.

To manage any type of request, reservation, suggestion, or petition submitted by interested parties.

Informative and commercial communications: processing your data to inform you about activities, articles of interest, and general information related to our business and the services you have contracted.

To guarantee the security of the facilities and people through access controls, video surveillance systems, and other access control/identification systems.

To comply with the legal provisions applicable to Virgen de Gracia Apartments and its activities regarding health, equality, and occupational risk prevention.

To manage and monitor the operation of the internal mechanisms, policies, and protocols established by Virgen de Gracia Apartments for regulatory compliance and to manage the reporting channels for this purpose.

All other processing activities that are applicable to us for the proper compliance with the official/sectoral regulations and requirements to which our business is subject.

For the proper execution and development of your request and the management of the aforementioned purposes, the processing of your data for the corresponding purposes will be carried out in strict compliance with Data Protection regulations and the Policy detailed herein. You may exercise your rights at any time (see specific section).

Data Retention Criteria

Management of services contracted with Virgen de Gracia Apartments: the personal data provided in contracts, offers, and/or service proposals, as well as that of any other individuals whose involvement is necessary, will be retained for the duration of the contracted services. Upon termination of the contracted service(s), personal data will be retained in cases where liabilities may arise with Virgen de Gracia Apartments and/or in compliance with other applicable legal frameworks or a law requiring their retention. Personal data will be stored in a manner that allows for the identification and exercise of the rights of data subjects, and under the necessary technical, legal, and organizational measures to guarantee its confidentiality and integrity.

Other: All other data and information provided by the user by any means will be kept for as long as necessary to fulfill the purpose for which it was collected.

Legal Basis for Processing

The legal basis that allows Virgen de Gracia Apartments to process the personal data of users, clients, and potential clients is based on the following:

The consent of the data subjects for the processing and management of any request for information or inquiry about our services.

The framework for pre-booking, provision, and/or contracting of services with Virgen de Gracia Apartments.

The legitimate interest in sending you informational, commercial, and/or promotional offers related to the activities of Virgen de Gracia Apartments and the services contracted via email or any other means.

Compliance with legal obligations and internal regulatory compliance procedures.

The legitimate interest in ensuring the safety of the facilities and people.

Recipients

Virgen de Gracia Apartments, whenever necessary to achieve the purposes described above, will share personal data with the following third parties:

Partner entities: when their participation is required within the framework of a contract and/or agreement for the provision of products and services established with our clients.

Suppliers: personal data may be communicated to various suppliers due to the provision of services by them that require access to and processing of personal data.

Legal representatives: if their intervention is required due to legal proceedings.

Public administrations or bodies in compliance with applicable regulations (labor, occupational risk prevention, tax, accounting, data protection, etc.).

Courts and Tribunals and State Security Forces: personal data will be communicated to these entities whenever officially required. The personal data of guests and clients provided upon registration at the apartments will be subject to documentary registration and reporting obligations, in compliance with the provisions of Article 25 of Organic Law 4/2015, of March 30, on the Protection of Public Safety.

Source

Personal data is obtained directly from the data subjects and our partners, as well as from online booking platforms. The categories of personal data provided to us are as follows:

Identification and contact information.

Postal or email addresses.

Bank details.

Data provided and/or consented to by the data subjects themselves, related to and necessary for the management and provision of the requested service.

Rights

Right of Access, Rectification, and Erasure: Data subjects have the right to obtain confirmation as to whether or not Virgen de Gracia Apartments is processing personal data concerning them. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Restriction and Objection: In certain circumstances, interested parties may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defense of legal claims. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. Virgen de Gracia Apartments will cease processing the data in this case, except for compelling legitimate grounds, or for the exercise or defense of possible legal claims.

Right to Withdraw Consent: Interested parties have the right to withdraw their consent at any time, except in the case of personal data processing provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require such consent. However, this withdrawal has no retroactive effect, and therefore will not affect the lawfulness of processing based on previously given consent.

These rights may be exercised through our Data Protection Channel, the access details of which are provided at the beginning of this Policy.

Security and Control Measures

General

In compliance with data protection regulations, Virgen de Gracia Apartments will process personal data using appropriate technical, legal, organizational, and security measures to guarantee the confidentiality and integrity of the information it manages, in accordance with current regulations. We would appreciate it if you would inform the Data Protection Officer, using the contact information/channel provided in this Privacy Policy, of any security risks you suspect or are aware of that could compromise the integrity and confidentiality of personal data and/or confidential information, so that we can take the necessary measures to prevent unauthorized processing, loss, destruction, or accidental damage.

Cybersecurity

As a specific and complementary measure to the above, Virgen de Gracia Apartments implements cybersecurity measures to prevent and manage potential attacks and fraud by cybercriminals who threaten the privacy and protection of the data that our organization processes and accesses in the course of its activities and operations. In this regard, we wish to alert you that in the event of any potentially risky situations involving communications whose content and/or format raise doubts about their authenticity, we recommend disregarding them and contacting the Data Protection Officer using the contact information provided in this Privacy Policy. Likewise, any request you receive from our organization regarding changes to payment methods, requests for contact information or individuals, or confidential (non-public) information, bank details, credit card details, and/or other official data, should not be acted upon without direct confirmation from our organization through another alternative means. We appreciate and require your cooperation in reporting any notifications concerning these types of requests and other potential cyberattack risks in which our organization may be used, as well as any other potential security risks you may become aware of.

Data Protection Channel

Virgen de Gracia Apartments has implemented a channel, demonstrating the highest commitment, rigor, and professionalism in security matters, along with experience, independence, and expertise in handling received communications. The channel, which includes its use in the area of ​​Data Protection, has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our aforementioned commitments. Through this channel, you can communicate and process the exercise of your Rights (see previous section) and report any indication or knowledge you may have of possible security breaches, cyberattacks, and/or possible non-compliance or irregularities regarding Data Protection regulations, this Virgen de Gracia Apartments Policy, and all the aforementioned aspects of confidentiality and trade secrets. Access details for the channel are provided at the beginning of this Policy.

Supervisory Authority

In the event of any disagreement with Virgen de Gracia Apartments regarding the processing of your data, you have the right to file a complaint with the relevant Data Protection Supervisory Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).

Customer Service and Support

Interested parties may contact Virgen de Gracia Apartments with any questions regarding the processing of their personal data or the interpretation of our Policy by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this Policy.