1. INFORMATION FOR USERS
ILUNION HOTELS S.A., holder of CIF [Tax ID Code] A-80546088 (hereinafter, the “CONTROLLER”), is the Controller of the User's personal data and informs the User that these data will be processed in accordance with the provisions set forth in regulations in force on personal data protection: Regulation (EU) 2016/679 of 27 April 2016 (GDPR), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in Organic Law (ES) 15/1999 of 13 December (LOPD), on the protection of personal data. The User is therefore provided with the following information on processing:
a) The CONTROLLER states that the purpose of the processing is to maintain a commercial relationship with the User. The planned operations for processing are: • Sending commercial advertising communications via e-mail, fax, SMS, MMS, social networks or any other electronic or physical medium, whether current or arising in the future, that makes it possible to send commercial communications. These communications will be made by the CONTROLLER and will be related to its products and services or to its employees or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. • Conducting statistical studies. • Processing orders, requests or any other petition that may be made by the user through any of the means of contact placed at their disposal. • Sending the news bulletin of the web page.
b) Criteria for storing data: data will be stored as long as there is mutual interest in maintaining the purpose of the processing. When the data are no longer necessary for that purpose, they will be erased according to adequate security measures to assure the pseudonymisation of the data or the complete destruction of the same.
c) Communication of data: The User authorises and agrees that the CONTROLLER may transmit the necessary data to third parties. A necessary condition for transmission is the proper development of its business activity, as long as transmission takes place in a controlled manner and the User is previously informed of the recipient of their information and the contact addresses of the recipient or recipients.
d) Rights of the User: The right to withdraw consent at any time. The right of access to, rectification of and erasure of their data and the right to the limitation of or objection to the processing thereof. The right to lodge a complaint with the supervisory authority if the User deems that the processing is not compliant with legislation in force.
f) Contact data for exercising the User's rights: Postal address: Torre ILUNION - Calle Albacete 3, 28027 Madrid. E-mail: firstname.lastname@example.org
2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER Users, by checking the corresponding boxes and entering data in fields marked with an asterisk (*) in the contact form or submitted in downloaded forms, expressly, freely and unequivocally accept that their data are necessary in order for the provider to take care of their request and that the inclusion of data in all other fields is voluntary. The User assures that the personal data provided to the CONTROLLER are true, and the User is responsible for notifying any modification of those data.
The CONTROLLER hereby informs and expressly assures users that their personal data will not, in any event, be transferred to third parties and that whenever any type of transfer of personal data is made, the express, informed and unequivocal consent of the Users will be previously requested. All data requested through the website are mandatory, given that they are necessary for providing optimum service to the User. In the event that not all data are provided, there is no assurance that the information and services provided are completely compliant with the User's needs.
3. SECURITY MEASURES In accordance with the provisions set forth in legislation in force on personal data protection, the CONTROLLER complies with all the provisions of the GDPR and LOPD regulations for processing the personal data for which it is liable. It manifestly complies with the principles described in Article 5 of the GDPR and in Article 4 of the LOPD, wherefore the data are processed legally, fairly and transparently regarding the data subject, and they are adequate, pertinent and limited to what is necessary regarding the purposes for which they are processed.
The CONTROLLER assures the implementation of appropriate technical and organisational policies for applying the security measures established by the GDPR and the LOPD in order to protect the rights and freedoms of Users, who have been provided with adequate information so that they can exercise those rights.