AL
Enter your code

Privacy Policy


CONTENTS:

1. Identity and contact details of the controller
2. Detailed information on the processing carried out
3. General information on disclosures of personal data and on data storage periods
4. Necessary, up-to-date information
5. Exercise of your rights
6. Confidentiality
7. Minors
8. Updates to the privacy policy
9. Additional privacy information

1. Identity and contact details of the controller

Lopesan Hotel Management, S.L., domiciled at C/ Concepción Arenal 20, 2º Cial., 35006, Las Palmas de Gran Canaria (Las Palmas, Spain), with employer identification number B-76261130, and telephone number 928402418 (“Lopesan”) is the controller of the personal data. This clause provides information on the use that Lopesan will make of your personal data.
The purpose of this Privacy Policy is to provide information on your rights under the General Data Protection Regulation (“GDPR”). If you have any questions regarding the processing of your data, please contact Lopesan at the following address: dpo@lopesan.com.

We also inform you that the Group to which Lopesan belongs has a data protection officer designated at a Group level who you may contact at the following address: DPO@grupoinversorhesperia.com.

2. Detailed information on the processing carried out

Through its website, Lopesan will process your personal data as follows:

a) In order to manage your reservation and/or purchase on our website (to manage your reservation and/or purchase; to send the reservation confirmation; to process, where applicable, payment for the reservation and pre-authorizations; to send quality surveys) throughout the contractual relationship and for up to 10 years after your reservation and/or purchase on our website. We process your personal data because they are necessary for managing the contractual relationship derived from provision of the services as a result of the reservation requested.
In addition to the recipients indicated in section 3 of this Policy, your data may be disclosed to repayment management entities and insurance companies in order to make the pertinent claims against tour operators or customers given Lopesan’s legitimate interest in managing payment of the services provided and securing outstanding amounts. We will also disclose your data to the establishment at which you have decided to make the reservation/purchase since such disclosure is necessary in order to provide our services. In this regard we inform you that the hotel’s processing of the reservation data is limited to the actual management of such data, which will be performed on the same terms as those indicated in this privacy policy.

As regards international transfers of data, your data may be accessed by technology and information systems service providers, by entities that perform surveys and manage personal data located outside the European Economic Area. Lopesan will adopt the relevant standard contractual clauses or additional safeguards. In addition, your data may be transferred to countries outside the European Economic Area should you decide to receive services at our establishments located outside the EU, since we must disclose your data to the hotel at which you are staying in order to for it to be able to provide the services requested. For further information on the transfers and safeguards adopted please write to dpo@lopesan.com.

b) In order to manage your registration as a user of the Lopesan website and/or member of the individual or group loyalty program (to manage the registration and subsequent relationship; to send confirmation of registration; to send commercial communications with offers and advantages associated with the loyalty program) during the contractual relationship, i.e., until you unsubscribe as user of the website. We will process your personal data because they are necessary for managing the contractual relationship consisting of providing the registration service as user of the website or member of a loyalty program
In addition, as regards the categories of data disclosees and service providers that may access your data indicated in section 3 of this Policy, if you decide to register through a social media log-in (sharing data from platforms such as Facebook or LinkedIn), the owner of the platform you have voluntarily chosen will be the co-controller in relation to management of the registration and will keep the data regarding your subscription to Lopesan’s loyalty program.

As regards international transfers of data, your data may be accessed by data management service providers established outside the European Economic Area. Lopesan will adopt the relevant standard contractual clauses or additional safeguards. In addition, if you register as user of Lopesan’s website from a country located outside the European Union, we inform you that from that perspective, international transfers of your data to Spain are performed. For further information on the transfers and safeguards adopted please write to dpo@lopesan.com.

c) In order to manage and maintain your company’s registration in the loyalty program for groups (to manage the relationship with the company signing the agreement; to send communications regarding maintenance of the contractual relationship with your company/group) during the contractual relationship, i.e., until the company unsubscribes or its representative for liaising with Lopesan changes. We process your personal data on the basis of Lopesan’s legitimate interest in maintaining the contractual relationship with your company in order to offer exclusive advantages to its members.
The categories of data disclosees and service providers that may access your data are indicated in section 3 of this Policy.

As regards international transfers of data, your data may be accessed by data management service providers established outside the European Economic Area. Lopesan will adopt the relevant standard contractual clauses or additional safeguards. In addition, if you register as user of Lopesan’s website from a country located outside the European Union, we inform you that from that perspective, international transfers of your data to Spain are performed. For further information on the transfers and safeguards adopted please write to dpo@lopesan.com.

d) In order to respond to requests and queries made via the contact form until the query, incident or claim has been resolved. Your personal data will be processed on the basis of Lopesan’s legitimate interest in responding to requests for information or claims made by users of the website.
As regards the recipients, the categories of data disclosees and service providers that may access your data are indicated in section 3 of this Policy. We will also disclose your data to the establishment in which you have received the services since this disclosure is necessary to reply to possible complaints or claims. In this regard we inform you that the establishment’s processing of your reservation data is limited to resolving the compliant, which will be performed on the same terms as those indicated in this privacy policy.

As regards international transfers of data, your data will be transferred to countries outside the European Economic Area only if we provide services to you at establishments located outside the European Union, since we must disclose your data to the hotel at which you are staying in order to for it to be able to respond appropriately to your claims or complaints. These international transfers are regulated by standard contractual clauses approved by the European Commission. You can obtain a copy of this information by writing to dpo@lopesan.com.

e) If you so consent, in order to send commercial communications and to manage your subscription to the newsletter (this includes the sending of marketing communications, invitations to events, promotion of our products, sending of sector news and sending of information of interest regarding Lopesan) until you unsubscribe from the service or make clear that you are not interested in receiving our commercial communications.

As regards the recipients, the categories of data discloses and service providers that may access your data are indicated in section 3 of this Policy.

As regards international transfers of data, your data may be accessed by systems and information technology and marketing service providers established outside the European Economic Area. Lopesan will adopt the relevant standard contractual clauses or additional safeguards. For further information on the transfers and safeguards adopted please write to dpo@lopesan.com.

3. General information on disclosures of personal data and on data storage periods

Your data may be disclosed to third parties (tax authorities, judges and the courts and law enforcement agencies) where there is a legal obligation to do so, and to the bank to manage the registration or if we expressly indicate that we do so in section 2 of this Policy. In addition, data processors of Lopesan, i.e., service providers who need to access your data in order to perform their functions, may have access to your data. The service providers accessing your data generally operate in the information systems and technology, payment gateway, marketing and hotel industries. The other industries in which Lopesan’s service providers that have to access your data operate are set out in section 2 of this Policy.
You may request more detailed information on the recipients of your data by sending an email to dpo@lopesan.com, indicating the specific processing for the recipients in relation to which you require information.

In addition, we inform you that we will store your personal data for the time periods indicated in section 2 of this Policy and, in any event, for the entire duration of the contractual relationship or for longer if you have authorized us to do so. We also inform you that your data will subsequently remain blocked for the purposes of handling legal, administrative or tax claims, for the periods stipulated in each applicable law.

4. Necessary, up-to-date information

Completion of all the fields marked with an asterisk (*) or regarding which the system requires completion in the forms provided is compulsory. Failure to fill out any of these fields could prevent you receiving the services. You must provide truthful information; using an alias or other methods to hide your identity is prohibited.
In order to ensure that the information provided is always up to date and does not contain errors, you should inform Lopesan as soon as possible of any amendments to or changes in your data at reception or via the following email: dpo@lopesan.com.

By accepting this document, you state that the information and data you have provided are accurate and true.
If you provide third parties’ data when making the reservation, you must comply in full with data protection legislation in force and specifically with the provisions of the GDPR and Organic Law 3/2018, of December 5, 2018, on Data Protection and the Safeguard of Digital Rights, with respect to the third-party data that you disclose to us. In this regard, you should inform such third parties in each case that their data have been disclosed to Lopesan and to the hotel entity of Lopesan Hotel Group owner of the hotel where the third parties will be staying.

5. Exercise of your rights

You may exercise the following rights:
(i) the right of access to your personal data to know which data are being processed and the processing operations that are being performed with that data;
(ii) the right to rectification of any inaccurate data;
(iii) the right to erasure of your personal data, where possible;
(iv) the right to request the restriction of the processing of your personal data where the accuracy, legality or need to process the data is doubtful, in which case we may store your data duly blocked for the exercise or defense of claims;
(v) the right to object to the processing of your personal data, when the legal basis that enables us to process them, of those indicated in section 2, is legitimate interest. Lopesan will cease to process your data unless it has a compelling legitimate interest to do so or it is necessary for the defense of claims; and
(vi) the right to data portability, when the legal basis that enables us to process your data, of those indicated in section 2, is the existence of a contractual relationship or your consent.
You may exercise your rights at any time, without charge, by sending an email to dpo@lopesan.com, indicating the right you wish to exercise and your personal particulars.
You may also lodge a complaint with the Spanish Data Protection Agency if you consider that data protection legislation has been breached in the processing of your personal data.

6. Confidentiality

The personal data we may collect will be treated as confidential and we undertake to keep such data confidential in accordance with applicable legislation.

7. Minors

Minors under the age of 18 may not make reservations at the hotel, and minors under 14 years’ of age may not use the other services available on the website without prior authorization from their parents, guardians or legal representatives. Such parents, guardians or legal representatives have exclusive responsibility for the conduct of the minors in their care, including completing forms with the personal data of such minors and ticking the accompanying boxes, where applicable.

8. Updates to the privacy policy

This Privacy Policy may need to be updated. You should therefore review this policy periodically and if possible every time you make a reservation with us in order to ensure that you are duly informed of the type of information collected and its processing. We will inform you of any changes to this privacy policy that affect the processing of your personal data.

9. Additional privacy information

If you visit our website as representative of a travel agency, you can find detailed information on the processing of your data at the following link: Privacy Policy of Travel Agencies .