Below, we describe the processing of your personal data and your rights under current data protection regulations – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, hereinafter the “applicable data protection regulations”.

  • Data controller and contact details

The responsible entity is Hnos Colsa Gandara SC with address at Calle Callejuela N3, Llanos de Penagos.

If you wish, you can contact us by e-mail at the following address: [lacasadegandara@gmail .com]

  • For what purpose(s) will we process your data and on what legal basis?

Your personal data will be processed, in accordance with the provisions of the applicable data protection legislation, on the legal basis and for the purposes described below:

  • Execution or performance of contractual obligations or application of pre-contractual measures

Your data will be processed for the purpose of managing room reservations through the various channels provided by the hotel’s owner.

In this sense, in case you do not allow the processing of your personal data for this purpose, and since the processing of such data is necessary to fulfill contractual obligations or application of pre-contractual measures with the Responsible, you will not be able to formalize the reservation.

  • Consent of the person concerned

Provided you have given your consent, your personal data may be processed for the following purposes:

  • Web contact form. Your personal data will be processed, as long as you have given us your consent, to manage and respond to requests for information, queries, complaints or suggestions made through the web form.
  • Commercial communications. Your data will be processed to manage the sending of commercial communications regarding products, services, promotions or any other relevant news that may be attractive to you.
  • Wifi network access. Your data will be processed for the purpose of managing the guests’ connection to the Wifi network.
  • Newsletter management. Your personal data will be processed for the purpose of processing your subscription to the newsletters.
  • Sweepstakes and promotions. Your personal data will be processed for the purpose of managing your registration and participation in sweepstakes and promotions.

You may revoke your consent at any time. It should be noted that revocation of consent is not retroactive.

  • What categories of data will we process?

The possible categories of data to be processed are:

  • Execution or performance of contractual obligations or application of pre-contractual measures
  • Identifying data
  • Economic, financial and insurance data
  • Consent of the person concerned
  • Identification data: Name, surname, email and telephone number.
  • Social characteristics: Types of vacation trips
  • Potentially any type of data that the interested party includes in the contact made through the web form.
  • To which recipients will your data be communicated?

In order to carry out all the purposes described above, the Controller relies on the collaboration of third party service providers who may have access to personal data as a result of the execution of the contracted services. In any case, the Controller follows strict criteria for the selection of such third parties in order to comply with its data protection obligations and signs with them the corresponding data protection agreement, where these third parties undertake to comply with their data protection obligations, and specifically, to deploy those legal, technical and organizational security measures that are appropriate to ensure the security, integrity and confidentiality of the data of the interested parties, in relation to their processing for the purposes reported.

Your data will be transferred to other companies of the group that own the hotels in order to formalize your reservation. This transfer of data is legitimate in the execution or fulfillment of the contractual obligations established with the Responsible when requesting the reservation of a room. Your data may also be transferred to the companies owning the hotels in case it is necessary to manage your request for information, such transfer will be legitimized in your consent.

Additionally, The Responsible may disclose personal data and any other user information when required to do so by public authorities in the exercise of the functions legitimately attributed to them and in accordance with the provisions applicable in those cases where it is necessary.

  • Are your data transferred to third countries or international organizations?

International data transfers are made outside the European Economic Area under different circumstances:

  • To manage the availability of rooms to the company eRevMax Ltd. and its associated companies.
  • To manage the registration to the wifi network in case of using the “access with” functionality and for the management of registration and realization of sweepstakes and promotions to the companies Facebook Inc or Twitter.
  • Para el envío de comunicaciones comerciales y boletines informativos, así como gestión de subscripciones a los programas de fidelización a las compañías The Rocket Science Group y Salesforce.

In all transfers ensuring the adequate level of protection according to the Privacy Shield principles or the Standard Contractual Clauses approved by the EU Commission.

  • How long will we keep your data?

The Controller shall comply with the provisions of current legislation regarding the duty to delete personal information once the intended purpose has been achieved, or when you revoke your consent to the processing of the same, leaving the information duly blocked, to be made available exclusively to Judges and Courts, the Public Prosecutor or the competent Public Administrations for the attention of possible liabilities arising from the treatment, and only during the statute of limitations of such liabilities. Once these deadlines have elapsed, this information will be definitively deleted by secure methods.

  • How did we obtain your data?

The personal data that El Responsable treats are the personal data provided by you with the use of the web contact form, the reservation of rooms through the functionality of the web or through tour operators, the information you post on websites or social networks about the hotel or any other interaction you make on our website.

  • What are your rights when you provide us with your data?

In accordance with the provisions of the applicable regulations on data protection, as well as national regulations on data protection, you have the right to exercise, if you so wish, the rights of access, rectification and deletion of data, as well as to request that the processing of your personal data be limited, to oppose the processing, to request the portability of your data, as well as not to be subject to automated individual decisions.

In addition, in the event that the processing of personal data described above is based on the consent given by you, you may revoke such consent at any time. In this regard, it should be noted that the revocation of the consent given will not affect the lawfulness of the processing carried out prior to the withdrawal of such consent.

You may exercise the rights described above through the following channels, providing the necessary documentation that allows us to verify your identity (copy of ID card, passport, NIE, etc.):

  • In writing, by request addressed to C/ Francia 183 (pol Ind. Ciudad Transporte) 12006, Castellón, Spain.
  • By e-mail to the following address [info@alberguelacasadegandara .com]
  • Before whom can you exercise your claims?

If you believe that your data protection rights have been violated or if you have any complaints regarding your personal information, you may contact the data controller, whose contact information can be found in section 1.

In any case, the interested parties may always turn to the Spanish Data Protection Agency, supervisory authority on data protection,, C/ Jorge Juan number 6, 28001, Madrid.