Customer policy

Please read it carefully, as it contains important information regarding the processing of your personal data and the rights granted to you by current legislation on the matter.

In general, the fields in our forms that are marked as mandatory must necessarily be completed in order to process your requests.

1. Who is responsible for the processing of your data?

The entity responsible for processing your data is HOTEL TORRE DEL MAR, S.A. (hereinafter, THE HOTEL), with registered address at Carles Román Ferrer Street s/n, 07800 Playa d’en Bossa, Ibiza, Balearic Islands, Spain; Telephone: +34 971 303 050; Email: bookings@hoteltorredelmar.com

1. For what purposes will we process or disclose your data, and on what legal basis?

Reservation management and provision of requested services. We process the data provided in reservation or service requests for the management of such reservations and the provision of the requested services. The categories of data processed for these purposes are as follows:

• Identification and contact details of the person making the reservation or requesting/contracting the service;
• Data relating to the reservation or service request (dates of stay, number and age of guests, and requested services);
• Payment details;
• Transaction data related to goods and services.

This data is obtained either directly from you or from third parties who have processed the reservation or requested the service on your behalf, for example, the travel agency where you booked your stay.

The data provided by guests at check-in or during their stay will be processed for its management.

This data processing is necessary for the execution of the accommodation contract, the provision of the requested services, or the application of pre-contractual measures at your request.

Financial and transactional data generated during your stay will be processed for accounting and administrative management purposes and for compliance with legal obligations in accounting and tax matters.

Guest registration: In compliance with current laws on traveller control and the protection of public safety, we are obliged to collect and record, among others, identification, contact, and reservation data of our guests, including minors. All data collected during the check-in process will be included in the traveller entry form, which will be used for communication of this information to the competent authorities. We must also verify that the data provided matches that on the relevant identity document. Verification will be carried out as follows:

• Online check-in: The data required to prepare the entry form will be obtained from the online check-in form. Since we do not have staff on site to verify the authenticity of the data entered in the identity document, during the check-in process an image of the passport or ID card will be requested to validate the guest’s identity and ensure the accuracy of the data recorded in the entry form. Processing of the identity document image is based on compliance with legal obligations imposed by traveller registration regulations.

The verification of the guest’s identity is carried out by scanning the MRZ (Machine Readable Zone) included in all identity documents. The MRZ is a section containing encoded information in a standardised format, readable by machines and specialised software. The data obtained from the MRZ is automatically transferred to the entry form, allowing the guest to complete and sign it. The image of the identity document is deleted as soon as the system has verified the guest’s identity and transferred the data to the entry form.

• In-person check-in: Upon arrival at the hotel, presentation of an identity document at reception will be required to complete the entry form. To expedite the registration process, you may provide your identity document for us to keep a copy. This copy will be retained only for the time necessary to complete registration and, in any case, no more than 24 hours. It will then be deleted. The processing of this data is based on our legitimate interest in validating the identity of our guests and facilitating registration procedures at the hotel. In assessing this interest against your rights and freedoms, it has been determined that the processing has a limited impact on your privacy, since:

– This measure benefits customers themselves by speeding up the check-in process at the hotel, avoiding waiting at reception while registration is completed, enabling them to begin their stay sooner, while staff verify the data and ensure compliance with the hotel’s legal obligation to confirm that the data entered in the form is accurate.

– The image of the identity document is kept for a limited period, in any case only until registration is complete and never longer than 24 hours.

– Additional security measures have been implemented to safeguard the image of your identity document, including restricting access to the devices where the image is stored to reception staff on duty at the time of your arrival. The image is stored locally on the device and is never saved to an online folder.

– You may in any case object to this processing by informing the reception staff and presenting your identity document solely for identification purposes.

Special needs assistance: Health data you provide in order to meet special needs, such as food allergies, skin conditions, or other health information necessary to adapt SPA services, will be processed only for this purpose. Requesting special assistance or providing health data implies your explicit consent for their processing to adjust the service to your needs.

This data will be deleted at the end of your stay. You may revoke your consent to the processing of your health data at any time by notifying reception, though doing so may mean that we cannot provide the special assistance or requested service.

Quality management: In order to evaluate and manage the quality of our services, we may conduct quality surveys both during and after your stay, contacting you via the email you provided when making your reservation or during check-in. You may opt out of receiving post-stay surveys by emailing: bookings@hoteltorredelmar.com

This processing is based on our legitimate interest in improving the quality of our services and products. In assessing this interest against your rights and freedoms, it has been determined that:

• The processing is necessary to understand customers’ opinions of their stay and to identify areas for improvement.
• The processing is consistent with the reasonable expectations of data subjects, as they are customers who have stayed or are staying at our establishment and such surveys are a common practice in the sector. Additionally, any post-stay surveys are sent to the email address provided by the guests themselves as contact information.
• The impact on the privacy of data subjects is limited, since the surveys and suggestion forms are anonymous and their completion is always optional.

If you provide identifying information in suggestion forms or satisfaction surveys (e.g. your name or room number), such information will be processed so we can contact you regarding the complaint or suggestion you submitted.

This processing is based on our legitimate interest in improving the quality of our services, products, and customer service. In assessing this interest against your rights and freedoms, it has been determined that:

• The processing is consistent with the reasonable expectations of data subjects, as they are customers who voluntarily submitted a complaint or suggestion related to the service received, providing identifying information voluntarily.
• The impact on the privacy of data subjects is limited, since the purpose of the contact is strictly to resolve complaints or discuss suggestions, and this also benefits customers by improving service quality and customer care.

Sending commercial communications: We process identification and contact details of our customers in order to send them commercial communications related to our establishment, services, and promotions.

To manage our mailing lists, we segment recipients of our communications based on their sector and type of relationship with us. This processing involves a simple classification according to objective criteria and is not intended to create commercial profiles, predictions, or behavioural analyses.

These processing activities are based on our legitimate interest in promoting our services to our customers. In assessing this interest, it has been determined that the processing has a limited impact on the privacy of the data subjects, corresponds to their reasonable expectations, and does not pose significant risks. This processing is also based on your consent to receive such communications electronically. Refusing or withdrawing your consent does not affect the management of your reservation or the provision of contracted services.

You may revoke your consent at any time and unsubscribe from commercial communications by clicking the link provided in the communications themselves or by sending an email with “unsubscribe” in the subject line to: bookings@hoteltorredelmar.com

1. To whom may we disclose your data?

Your data will only be disclosed to third parties when legally required or when necessary for the provision of requested services. For example, if your reservation includes additional services provided by third-party suppliers, or if your availability request involves such services, the personal data necessary to process the reservation/request will be communicated to the relevant suppliers for this purpose only.

In accordance with current legislation on the protection of public safety, we are obliged to provide information about your stay to law enforcement authorities.

1. How long will we retain your data?

In general, we retain your data for as long as your relationship with us continues and, in any case, for the periods set forth in applicable legal provisions and for the time necessary to address potential liabilities arising from processing. We will delete your data when it is no longer necessary or relevant for the purposes for which it was collected.

Financial and transactional data generated by your stay will be retained for the time required by applicable accounting and tax regulations.

Guest data included in traveller registration books will be kept for three years from the date of the last entry they contain.

Data included in any complaints or claims will be kept for up to one year after their resolution.

Data processed for commercial purposes will be retained as long as deletion is not requested. Evidence of your consent for processing your data for these purposes, such as signed forms, logs of electronic form submissions, or check-in sheets, will be retained for the duration of processing and the applicable statutory limitation periods.

1. What are your rights?

You have the right to obtain confirmation as to whether or not we are processing your personal data, and, if so, to access it. You may also request that your data be rectified when inaccurate, or completed when incomplete, as well as request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, you may request the restriction of the processing of your data. In that case, we will only process the affected data for the establishment, exercise, or defence of legal claims, or for the protection of the rights of others.

Under certain conditions and for reasons related to your particular situation, you may also object to the processing of your data. In that case, we will stop processing your data, unless there are compelling legitimate grounds overriding your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

You may revoke your consent at any time for specific purposes and object to the processing of your data for direct marketing, including the creation of commercial profiles. In such case, we will stop processing your personal data for those purposes. The withdrawal of your consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

You may also, under certain conditions, request the portability of your data so that it is transmitted to another controller.

You likewise have the right to lodge a complaint with the Spanish Data Protection Agency or any other competent supervisory authority.

To exercise your rights, you must send us a request accompanied by a copy of your national identity card or another valid identification document, by post or email, to the addresses indicated in the section “Who is responsible for the processing of your data?”

You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency at www.aepd.es.