Privacy Policy

Please read this document carefully. It contains important information about the processing of your personal data and the rights granted to you under current legislation.

In general, the fields in our forms marked as mandatory must be completed in order for us to process your requests.

1. Who is responsible for the processing of your data?

The entity responsible for processing your data is HOTEL TORRE DEL MAR, S.A. (hereinafter, THE HOTEL), with registered address at Carles Román Ferrer Street s/n, 07800 Playa d’en Bossa, Ibiza, Balearic Islands, Spain; Telephone: +34 971 303 050; Email: bookings@hoteltorredelmar.com

1. For what purposes will we process or disclose your data, and on what legal basis?

Reservation management and provision of requested services. We process the data provided in reservation or service requests to manage such reservations and provide the requested services. The categories of data processed for these purposes are as follows:

• Identification and contact details of the person making the reservation or requesting/contracting the service;
• Data relating to the reservation or service request (dates of stay, number and age of guests, and requested services);
• Payment details;
• Transaction data related to goods and services.

This data is obtained either directly from you, or from third parties who processed the reservation or requested the service on your behalf, such as the travel agency where you booked your stay.

The data provided by guests at check-in or during their stay will also be processed for management purposes.

This processing is necessary for the execution of the accommodation contract, the provision of the requested services, or the application of pre-contractual measures at your request.

Financial and transactional data generated during your stay will be processed for accounting and administrative management purposes, as well as for compliance with legal obligations in accounting and tax matters.

Guest registration: In compliance with current traveller control and public safety legislation, we are obliged to collect and record, among other details, identification, contact, and reservation data of our guests, including minors. All data collected during check-in will be included in a traveller entry form, which will be used to communicate this information to the competent authorities. We must also verify that the information provided matches the identity document presented. Verification is carried out as follows:

• Online check-in: The data required to prepare the entry form will be obtained from the online check-in form. Since we do not have staff on site to verify the authenticity of the data entered in the identity document, during the check-in process an image of the passport or ID card will be requested in order to validate the guest’s identity and ensure the accuracy of the entry form. Processing of the identity document image is based on compliance with legal obligations imposed by traveller registration regulations.

Identity verification is carried out by scanning the MRZ (Machine Readable Zone) included in all identity documents. The MRZ contains encoded information in a standardised format, readable by machines and specialised software. Data obtained from the MRZ is automatically transferred to the entry form, allowing the guest to complete and sign it. The image of the identity document is deleted once the system has verified the guest’s identity and transferred the data to the entry form.

• In-person check-in: Upon arrival at the hotel, presentation of an identity document at reception will be required to complete the entry form. To speed up the process, you may provide your identity document for a copy to be kept. This copy will only be retained for the time necessary to complete registration and, in any case, for no more than 24 hours, after which it will be deleted. The processing of this data is based on our legitimate interest in validating the identity of our guests and facilitating hotel registration procedures. In balancing this interest against your rights and freedoms, it has been determined that the impact on your privacy is limited, since:

– This measure benefits guests by expediting the check-in process, allowing them to begin their stay sooner while staff verify the data, thereby ensuring compliance with the hotel’s legal obligation to confirm accuracy.
– The identity document image is retained for a limited time only, never more than 24 hours.
– Additional security measures have been implemented to protect the image of your identity document, including restricting access to the devices where it is stored to reception staff on duty at the time of arrival. The image is stored locally on the device and never saved in an online folder.
– You may object to this processing at any time by informing reception staff and presenting your identity document solely for identification purposes.

Special needs assistance: Health data you provide in order to address special needs, such as food or skin allergies or other health-related information necessary to adapt SPA services, will be processed solely for this purpose. Requesting special assistance or providing health data implies your explicit consent for processing such data in order to adjust the service to your needs.

This data will be deleted at the end of your stay. You may revoke your consent to the processing of your health data at any time by notifying reception, although doing so may mean that the requested assistance or service cannot be provided.

Quality management: To evaluate and improve the quality of our services, we may conduct quality surveys during or after your stay, contacting you via the email address you provided when making your reservation or during check-in. You may opt out of receiving post-stay surveys by emailing: bookings@hoteltorredelmar.com

This processing is based on our legitimate interest in improving the quality of our services and products. In balancing this interest against your rights and freedoms, it has been determined that:

• The processing is necessary to know our guests’ opinions of their stay and to identify areas for improvement;
• The processing aligns with the reasonable expectations of guests, as they are or have been hosted at our establishment, and such surveys are common practice in the sector. Post-stay surveys are sent to the email address provided by the guests themselves;
• The impact on privacy is limited, since surveys and suggestion forms are anonymous and their completion is optional.

If you provide identifying information (e.g. name, room number) in suggestion forms or satisfaction surveys, such information will be processed so that we may contact you regarding the complaint or suggestion submitted.

This processing is also based on our legitimate interest in improving the quality of our services and products and customer care. In balancing this interest against your rights and freedoms, it has been determined that:

• The processing aligns with the reasonable expectations of guests, as they voluntarily submitted a complaint or suggestion related to the service received and provided identifying information;
• The impact on privacy is limited, since contact is limited to resolving complaints or discussing suggestions, which also benefits guests by improving service quality and customer care.

Sending commercial communications: We process the identification and contact details of our customers in order to send them commercial communications about our establishment, services, and promotions.

To manage our distribution lists, we segment recipients of our communications according to the sector they belong to and the type of relationship they maintain with us. This processing involves simple classification based on objective criteria and is not intended for the creation of commercial profiles, predictions, or behavioural analysis.

This processing is based on our legitimate interest in promoting our services to our customers. In balancing this interest, it has been determined that the processing has a limited impact on guests’ privacy, aligns with their reasonable expectations, and does not pose significant risks. This processing is also based on your consent to receive such communications electronically. Refusal or withdrawal of consent does not affect reservation management or the provision of contracted services.

You may revoke your consent and request to unsubscribe from commercial communications at any time by clicking the link provided in the communications themselves or by sending an email with “unsubscribe” in the subject line to: bookings@hoteltorredelmar.com

1. To whom may we disclose your data?

Your data will only be disclosed to third parties by legal obligation or when necessary for the provision of requested services. For example, if your reservation includes additional services provided by third-party suppliers, or if your availability request involves such services, the necessary personal data will be shared with the relevant suppliers for that purpose only.

In accordance with current public safety legislation, we are obliged to provide information about your stay to law enforcement authorities.

1. How long will we keep your data?

In general, we keep your data for the duration of your relationship with us, and in all cases for the periods set by applicable legal provisions, as well as for the time necessary to address potential liabilities arising from processing. We will delete your data once it is no longer necessary or relevant for the purposes for which it was collected.

Financial and transactional data generated during your stay will be retained for the period required by applicable accounting and tax regulations.
Guest data included in traveller registration books will be kept for three years from the date of the last entry.
Data included in any complaints or claims will be retained for up to one year after resolution.
Data processed for commercial purposes will be retained until deletion is requested. Records evidencing your consent for such processing—such as signed forms, logs of electronic form submissions, or check-in sheets—will be kept throughout the duration of processing and applicable limitation periods.

1. What are your rights?

You have the right to obtain confirmation of whether we are processing your personal data, and, if so, to access it. You may also request rectification of inaccurate data, completion of incomplete data, or deletion of data when, among other reasons, it is no longer necessary for the purposes for which it was collected.

In certain circumstances, you may request the restriction of the processing of your data. In such cases, we will only process the affected data for the establishment, exercise, or defence of legal claims, or for the protection of the rights of others.

Under certain conditions and for reasons related to your particular situation, you may also object to the processing of your data. In such cases, we will stop processing your data unless there are compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

You may revoke your consent at any time for specific purposes and object to the processing of your data for direct marketing, including the creation of commercial profiles. In such cases, we will stop processing your personal data for those purposes. Withdrawal of consent does not affect the lawfulness of processing based on prior consent.

You may also, under certain conditions, request the portability of your data so it is transmitted to another controller.

You also have the right to lodge a complaint with the Spanish Data Protection Agency or any other competent supervisory authority.

To exercise your rights, you must send us a request accompanied by a copy of your national identity card or another valid identification document, by post or email, to the addresses indicated in the section “Who is responsible for the processing of your data?”.

You may obtain more information about your rights and how to exercise them at the website of the Spanish Data Protection Agency: www.aepd.es.