PRIVACY POLICY

  1. DATA CONTROLLER

The data controllers of your personal data may vary according to the data processed in each case.

The details are given below of the different companies that may process your data and that will be identified every time your data are processed.

  1. CATALONIA HOTELS & RESORTS (“Catalonia”)

Company name: Promotora Kasde, S.A.

Postal address: Calle Castellnou 61, Barcelona.

Telephone no.: +34 93 236 00 00.

  1. HOTELS or HOTEL

The hotels in which you stay may process your personal data in different ways. You can find information about the companies that manage the Hotels that act as the data controllers of your personal data here.

  1. CATALONIA REWARDS

Company name: Duques de Bergara, S.L.U.

Postal address: Calle Bergara, 11, Barcelona.

Telephone no.: +34 93 236 00 00.

In any event, whenever you have questions about the processing of your data, you may contact us by email at lopd@cataloniahotels.com.

 

  1. DATA PROCESSING

2.1 BOOKINGS ON DIRECT CHANNELS

DATA CONTROLLER

When you make a booking on our website (www.cataloniahotels.com) or through the bookings call centre, the data controller is Promotora Kasde, S.A., as the company that manages online (www.cataloniahotels.com) and telephone bookings, and as the holding company of the Catalonia Hotels & Resorts chain (hereinafter, “Catalonia”).

Furthermore, booking details will be processed by the management company of the Catalonia Hotels & Resorts chain that owns the hotel in which you stay (hereinafter, the “Hotel”), whether you book online or, more specifically, when you directly make a booking by telephone or in person at a hotel. You can consult the details of the corresponding data controller here.

PURPOSE

Catalonia will only process your personal data to handle online bookings and ensure they are properly executed, respond to any request or query you may make regarding your booking, room or services offered by the Hotel, as well as to provide assistance by our customer service in the event of an incident in your booking (an error in the details entered, the dates specified, etc.).

The Hotel in question will process your data so that the services engaged are properly dealt with and to handle any questions or queries, as well as to respond to any possible mistakes in your booking at the Hotel.

In addition, whenever a booking is made through the bookings call centre, your personal data will be processed for the abovementioned purposes. However, when the requirements of a booking so require, the email address provided during the call may also be used to direct you to our online payment portal.

Furthermore, both Catalonia and the Hotel may send you messages, including by electronic media such as email, text messages or instant messaging apps, for the sole purpose of sending you reminders of your booking, technical notifications and updates on the services engaged, amongst others.

The above will also apply in those cases in which the person making a booking is not the person who will actually stay at the Hotel. In such cases, it is the responsibility of the person who makes the booking to send the details of whoever is going to stay at the Hotel, notwithstanding the information that the latter may be asked to provide at the time of check-in.

DISCLOSURE OF PERSONAL DATA

The personal data associated with bookings will not be disclosed to any third party, unless this is required to book a service provided by this third party.

LEGAL BASIS

Catalonia and the Hotel will process the personal data collected from your booking based on the performance of the contractual obligations arising from your booking and stay, including sending you messages related to your booking.

RETENTION PERIOD

The data processed for handling your booking will be kept on record for as long as they are required for handling it and to comply with any statutory deadlines in place or the limitation periods for such procedures. Notwithstanding the foregoing, some of the data processed may require retention periods other than those stated, as described in this privacy policy.

2.2 SHOPPING CART ABANDONMENT

DATA CONTROLLER

Catalonia will be the data controller for any booking or the engagement of a service whose confirmation status remains pending.

PURPOSE

When you are in the process of making a booking or engaging a product or service on our website, but you do not complete it (for whatever reason, whether because you intended to continue it later, due to an error in the system, on your PC, etc.), we may temporarily store the data you have provided to us, or those collected by cookies, to be able to provide you with the means to retrieve the transaction at a later date (for example, by displaying pop-ups on our website so that you are able to retrieve it, including reminders on third-party websites).

In addition, if you entered your email address, we may send you reminder emails. These emails will never have advertising or content that are not directly related to the transaction started but not finished by you, and under no circumstances will receiving such content imply your subscription to our newsletter or Rewards Programme, if you have not consented to this.

DISCLOSURE OF PERSONAL DATA

The personal data related to such data processing will not be disclosed to any third party.

LEGAL BASIS

The legal basis for this data processing is the performance of pre-contractual obligations between us arising from starting a booking that for whatever reason has not been completed.

RETENTION PERIOD

The personal data associated with the processing of an unfinished transaction will be processed for a period of one week in order to be able to handle the relevant reminders.

Once this period has elapsed, the details of this unfinished booking may be added to your user profile, as described below in the section “Profiling”.

2.3 CHECK-IN AT THE HOTEL

DATA CONTROLLER

The controller of your personal data is the company that manages the Catalonia Hotels & Resorts chain, which owns the hotel at which you will be staying (hereinafter, the “Hotel”). You can consult the details of the corresponding data controller here.

PURPOSE

The Hotel in question will process your personal data during the check-in process at the reception of the Hotel in order to correctly identify the people who will be staying there.

DISCLOSURE OF PERSONAL DATA

We do not usually disclose your personal data to third parties. However, in the case of the check-in and accommodation at the Hotel, it is possible that the regulations applicable in each country oblige us to disclose them to the relevant law enforcement agencies and bodies.

LEGAL BASIS

This processing is carried out both for the performance of the obligations arising from your booking (to check the identity of the people who stay at the hotel), as well as in compliance with the regulations on this matter in countries in which they apply, including the disclosure of data to the competent authorities in each case.

RETENTION PERIOD

As a general rule, the Hotel only processes your personal data associated with your check-in during your stay. After your stay, we will keep them on record for the period to which we are subject pursuant to the different regulations in force, as well as to exercise or defend our legal interests (for example, in case of suspected fraud, the data could be processed for up to 10 years, in accordance with the Criminal Code in force in Spain).

2.4 ONLINE PRE-CHECK-IN

DATA CONTROLLER

The parties responsible for the processing of your data are, on the one hand, Catalonia as defined in section 1 of the Privacy Policy, as the provider of the centralized online pre-check-in service, and on the other hand, the management company of the Catalonia Hotels & Resorts chain, owner of the hotel in which you are staying (hereinafter, the "Hotel"). 

PURPOSE

The "online pre check-in" is a type of registration that is carried out through the Internet in order to speed up the process at the Hotel, verify your identity when accessing the facilities and receive your room key automatically from a "Kiosk" located at the reception of the Hotel, without having to go through the reception desk. 

As this type of registration is voluntary and involves the processing of your biometric data, you will be asked to accept this privacy policy and to give your express consent to process your data for this purpose. 
If you accept the above, by means of a link that you will have previously received in your email or WhatsApp, you will be able to start the online pre check-in process on the Catalonia website, who will directly process your personal identification data (name, surname, telephone number, bank details if applicable and email), which will be requested at the beginning.

The rest of the personal data required from that moment on, including your signature, will be processed by the data processor, Veridas Digital Authentication Solutions, s.l., (hereinafter "Veridas"), and by the sub-processor, Amazon Web Services, (hereinafter Amazon), which have the OCR and facial recognition technology necessary to carry out this process without the need to go through Catalonia. 

Please note that, although you are apparently carrying out the entire online pre check-in process on the Catalonia website, once you have entered the personal data indicated in the previous paragraph, you will be leaving the website and entering the digital environment of the data processor, Veridas Digital Authentication Solutions, s.l., (hereinafter "Veridas"), which has the OCR and facial recognition technology necessary to carry out the online pre check-in process.

Using OCR technology, Veridas will access those personal data resulting from scanning your identification documents, such as ID card, passport or driver's license, among other documents that may be valid or mandatory, in accordance with applicable laws.  Unlike the rest of the data indicated below, these data will be sent to the Hotel, as they are necessary both to comply with the obligations arising from the contract, and to comply with public safety regulations requiring the communication of data to the competent authorities in each case, who will retain and process them for these purposes.

Likewise, the biometric data necessary to identify you digitally through facial recognition techniques will also be processed by Veridas, which will obtain them from the photographs ("selfies") that you provide when you register.
If you would like more information about how Veridas carries out this processing or the relationship it has with the Amazon sub-processor, you can consult the information here.

Once you have completed the online pre check-in process, you can go to the "Kiosk" located at the entrance of the Hotel where you are staying so that you can be identified upon arrival by facial recognition devices and your room key will be issued from the "Kiosk" without having to go to the reception.

However, if you have not completed the online pre check-in process or if there is no "Kiosk" at the hotel where you are staying, you will have to go to the front desk. 
Please note that if you are the one who made the reservation, you will be offered the possibility to send invitations to other guests staying at the Hotel, so that they can also access the online pre check-in process, if they wish to do so. By sending the invitations, you acknowledge that you have the guests' authorization to send them the corresponding invitation and you undertake to make good use of the personal data, exempting the Catalonia Hotels & Resorts group from any claim due to the sending and/or misuse of the guest-guest data that may arise.

DISCLOSURE OF PERSONAL DATA

We do not usually share your personal information with third parties. However, in the case of pre check-in, it is possible that the regulations applicable in each country may require us to communicate them to the corresponding law enforcement agencies if you end up staying at the hotel. 

BASIS OF LEGITIMACY 

This processing is carried out in order to comply with the obligations arising from the contract, both by Catalonia and by the Hotel (to manage the provision of the requested service and to ensure the identity of the people staying at the hotel), as well as in compliance with the regulations in this regard in those countries where applicable, including the communication of data to the competent authorities in each case.  

In addition, as indicated above, if you give us your consent, we may keep a copy of the information and documentation proving identity for future check-in processes. 

RETENTION PERIOD

As a general rule, the Hotel only processes your personal data linked to the online check-in from the time you request it and provide us with your data, until the end of your stay. At the end of your stay, we will keep them for the period of time that the various regulations may require us to do so, as well as to exercise or defend our legal interests (for example, in case of suspicion of fraud, the data could be processed for up to 10 years, in accordance with the Criminal Code in force in Spain). 
On the other hand, the average time that Veridas treats your data is approximately 30 minutes. After that time the data is permanently deleted.

2.5 SUBSCRIPTION TO OUR NEWSLETTER

DATA CONTROLLER

Catalonia is the data controller of the data collected on any form for subscribing to our newsletter, whether on the website at www.cataloniahotels.com, on social media and even on paper or electronic devices (e.g., at the time of check-in at any hotel belonging to the Catalonia Hotels & Resorts chain by signing the welcome pack), as well as when you make a purchase or booking on our website or other channels and you have not objected to this.

Moreover, please note that if you register for the Loyalty Rewards Programme, the processing of data for sending marketing messages by electronic media will be governed as described below, the terms and conditions on data processing described in the section “Management of the Catalonia Rewards Programme”, the General Terms and Conditions of Membership of the Rewards Programme (which you can consult here), and by the provisions on the processing of “Profiling” described below.

PURPOSE

The purpose of processing your data is to keep you informed, via electronic media, such as email, text messages and instant messaging apps, by sending you marketing messages and advertisements.

These messages may occasionally contain information about the leisure and travel services and promotions provided by the hotels in the chain, provided you have given your consent to do so.

As a general rule, when marketing messages and newsletters are referred to, this means sending emails to the address that users have provided. However, within the broader scope of online advertising, there are now other tools that allow us to send messages to our users via other media, such as social media and instant messaging apps (such as Facebook, Twitter, WhatsApp and Telegram) and text messages.

Catalonia and Catalonia Rewards use these services to ensure that the interaction with our community of users allows us to reach all of them, including on social media.

To use these services we always disclose as little information as possible, but it is highly likely that Catalonia and Catalonia Rewards, as well as social media and other third-party networks or apps, already have this information. Your email address or phone number is normally used to do this. Based on this information, social media and apps verify whether a user has an account on their platforms, thus allowing us to set up what is known as a “custom audience” with those users who have registered with Catalonia or Catalonia Rewards and who in turn have an account with these social media and apps.

A set of users is thus created on the corresponding social media and apps, to which we do not have direct access, that is, we know the number of people in that set and some statistical information, but we are unable to see the identity of the users. These social media and apps allow us to directly display advertising to this set of users, as well as enabling us to directly engage with our users on these social media and apps.

This type of activity can be carried out on different media, the most prominent of which are social media such as Facebook (custom audiences), Twitter (tailored audiences) and Google (Customer Match), and we only target such activities at users who have agreed to receive advertising from Catalonia and Catalonia Rewards.

Furthermore, these social media and apps allow the same user data to be shared to find or identify what is called “similar audiences”, that is, users who have a similar profile to the users of Catalonia and Catalonia Rewards on these social media and apps, but who are not Catalonia or Catalonia Rewards users.

This type of activity is mostly carried out through social media such as Facebook (lookalike audiences), Twitter (tailored audiences) and Google (similar audiences). Based on our legitimate interest, as neither Catalonia nor Catalonia Rewards users are directly impacted by advertising in such cases, nor do they generate databases of their users on social media or third-party platforms, the basic data (email or telephone number) of all users are used, even of those who have not accepted to receive advertising from Catalonia or Catalonia Rewards.

In relation to the data provided to these third parties, as described above, only your email or telephone number will be disclosed. In addition, the data shared is encrypted, thus safeguarding the confidentiality and security of the data. The entire process is protected through the tool provided on the platform, which will allow it to identify you in its database.

In any event, as this advertising is posted on social media and third-party apps, the settings that the user has selected on receiving advertising on these social media and apps will always prevail. Namely, even if users have agreed to receive marketing messages from Catalonia or Catalonia Rewards when they register for any of our services, or have not objected to them, as the case may be, they will never receive them on these social media through the abovementioned services if they did not accept that their personal data could be processed for advertising purposes by these social media and apps. Therefore, we recommend that all users who do not wish to receive advertising through social media or third-party platforms should adjust their user profile settings or use other available tools to restrict it, and that they consult the current terms and conditions in the privacy policies of each of the platforms.

The data required to send you marketing messages or advertising will be processed for as long as you have a subscription to our newsletters or a user account with the Catalonia Rewards Loyalty Programme and, having given your consent for this processing, you had not subsequently withdrawn it or objected to receiving such materials, as the case may be. In any event, if you reject or object to receiving marketing messages this will not mean that any data will be deleted, as they form part of your profile, but it will prevent us from using them for this purpose.

Bear in mind that you may in any event see Catalonia and Catalonia Rewards advertising on social media, as they allow advertising to be shown to their users without us having previously disclosed any personal data to them. In these cases, the display of this advertising will depend solely and exclusively on the settings of your user profile on these social media and apps.

All of our messages may be customised and adapted to your preferences, as described in the section “Profiling” below.

You should also bear in mind that our website has a number of forms that you can use to subscribe to our marketing messages and newsletters. You can also subscribe to them by signing the welcome pack that will be given to you when you check in at hotels or on any other media where consent is requested. You can give your consent to receive messages on any of these media and you can unsubscribe whenever you wish through the link available that you will find in each message that you receive or, whenever applicable, by email to the addresses given in this privacy policy. Therefore, once you have subscribed, you will not be unsubscribed from these messages by not checking the subscription box on subsequent occasions.

DISCLOSURE OF PERSONAL DATA

We will not disclose your personal data to any third parties, not even to the Hotels, that will allow them to send you marketing messages. As stated above, you may receive information about third parties, but we will always send such messages.

LEGAL BASIS

Whenever you voluntarily register for our newsletters as described above, the legal basis for processing your personal data will be your consent.

When you make a booking on our website, or engage any other product or service with us, we consider that we have the legal authorisation and legitimate interest to send you these messages, provided that you have not objected to this at the time your data were collected, as required by the regulations in Spain.

The use of advertising services on social media and third-party apps is based on our legitimate interest in improving our way of engaging with our users and ensuring their effectiveness, in the most transparent way possible.

In any event, you may at any time object to your personal data from being processed and unsubscribe from our newsletters, either via the link that you will find in each newsletter, or by following the instructions that we provide in the section “Your rights” below.

You may also object to us using your personal data to use the advertising services of social media and other third parties, as well as to set up your user profile on all social media and third-party apps, and customise your advertising preferences.

RETENTION PERIOD

We keep your personal data on record that are associated with marketing messages for as long as you do not unsubscribe from them, or until we are able to ascertain that you are no longer interested in them (because the email account you provided no longer exists, or because we are certain that you do not open advertisements or interact with them, for example).

Once you request to unsubscribe, we will no longer use your data, notwithstanding the fact that we may keep them on record locked, as required by Spanish regulations and as described in section 3 below, “Data retention period”.

2.6 MANAGEMENT OF THE CATALONIA REWARDS PROGRAMME

DATA CONTROLLER

The company that is the data controller of the personal data related to our Catalonia Rewards Loyalty Programme is Duques de Bergara, S.L.U. (Catalonia Rewards).

PURPOSE

The purpose of processing your personal data is to ensure your membership of the Loyalty Programme is properly processed and allow you to enjoy all its advantages.

Therefore, membership of the Catalonia Rewards Loyalty Programme means that we must process personal data to:

  • Handle the acceptance of and monitor compliance with this Privacy Policy, the General Terms and Conditions of Use of the Website, the General Terms and Conditions of the Rewards Programme, as well as any other matter related to your status as a member of Catalonia Rewards.
  • Handle and confirm your bookings through Catalonia Rewards.
  • Streamline the process for confirming future bookings by keeping your personal data on record.
  • Inform you of your membership status and the amount of Travel Cash you have accumulated.
  • Respond to any enquiries or requests that you may have submitted to Catalonia Rewards.

Furthermore, at the time of registration you will be able to object to receiving our marketing messages. Should you accept them, the provisions of the sections “Subscription to our messages” and “Profiling” available in this privacy policy will apply. You may therefore receive, among others, offers, promotions and competitions run by or in which Catalonia Rewards is involved.

However, please note that not accepting messages related to Catalonia Rewards when you register will not cancel your subscription to other messages that you had accepted in the past (a direct subscription to our newsletter on our website or when you check in at a hotel). Cancellations of our messages are managed solely and exclusively through the link available in each message or, whenever applicable, by email sent to the addresses provided in this privacy policy.

The matters described in the “Fraud Prevention” section will also apply to any issues related to fraudulent behaviour in respect of the Catalonia Rewards Loyalty Programme.

DISCLOSURE OF PERSONAL DATA

The data related to the Loyalty Programme will not be disclosed to any third parties, unless required for the proper rendering of a service that has been requested by a registered member and is executed by a third party, but not when this third party directly provides its service to the registered member.

LEGAL BASIS

The legal basis is the full performance of the contractual obligations of the Loyalty Programme, in accordance with the provisions of the General Terms and Conditions of the Rewards Loyalty Programme, which is available here.

Furthermore, by signing up to the Loyalty Programme, we consider that we have the legal authorisation and legitimate interest to send you these messages, provided that you have not objected to this at the time your data were collected, as required by the regulations in Spain.

RETENTION PERIOD

The personal data associated with the Catalonia Rewards Loyalty Programme are kept on record until you unsubscribe from it, until we consider that you are no longer interested in it (because a reasonable period of time has elapsed without you having logged in or interacted with the Loyalty Programme in any way whatsoever, for example), or if Catalonia Rewards terminates a contract (due to a breach of the contractual obligations by a registered member, the Loyalty Programme comes to an end, etc.).

Once you unsubscribe from the Loyalty Programme, we will no longer use your data, notwithstanding the fact that we may keep them on record locked, as required by Spanish regulations and as described in section 3 below, “Data retention period”

2.7 PROFILING

DATA CONTROLLER

The data controller of the profiles drawn up of our customers is Catalonia, which is also the data controller of the website, cookies and bookings made online or through the chain’s bookings call centre.

If you register for the Rewards Loyalty Programme, your data will be processed jointly by Catalonia and Catalonia Rewards, which will do so as joint data controllers, in accordance with the contractual obligations that both companies have subscribed to for this purpose.

PURPOSE

We create profiles of our customers and users based on their preferences, with the sole purpose of being able to deliver better offers and promotions specially adapted to their interests.

We can thus target the content of our messages according to the information we gather from: (i) your browsing history on our website, and the hotels, destinations and services you usually check out; (ii) the information we may collect from cookies, provided you have accepted them (for more information, see our cookie policy); (iii) the products or services you engage or book, both on the website and, whenever applicable, at the hotels (in which case, the hotel in which you are staying will collect the data for both Catalonia and Catalonia Rewards should you be a member of the Loyalty Rewards Programme); (iv) the campaigns and advertising that we may post on third-party websites or social media (interaction with advertisements, banners and published content, for example); and (v) any other information that you may provide to us or that may be inferred from any other contact (for example, via chats, email, instant messaging apps or phone).

Moreover, based on the information of your profile we may customise the content of our website, thus being able to show you relevant information based on your preferences.

All the profiles we create are fed as you interact with us, whether by browsing the website, engaging products or services, subscribing to our marketing messages or registering for the Catalonia Rewards Loyalty Programme. Therefore, by way of example, if you register for the Catalonia Rewards Loyalty Programme but we already have a profile of you from previous interactions or bookings, the information we already have about you will be added to your Catalonia Rewards user profile.

Under no circumstances will these profiles, even if they are automated, have legal or similar consequences for customers or users, as they will never block access to our products or services, but simply allow us to be able to provide them with information that we consider relevant to them (if they usually search for hotels in a particular city or area, for example, we will prioritise providing them with offers, promotions and information about that city or area, or if they usually engage a specific service, we can offer them information about it or similar services).

In addition to the above, we may use your personal data for statistical purposes, even if you have not accepted to receive marketing messages electronically or have objected to them. We do this in order to have a better overall knowledge of our customers and improve our products and services, so this information only would be used, as stated above, for statistical and market research purposes. However, when you subscribe to our messages by any means we may use all the information collected to date to customise and adapt them to your interests.

In any event, you may object to the creation of profiles at any time by exercising the right of objection, as described in the section “Your rights” below.

DISCLOSURE OF PERSONAL DATA

The data from profiles will never be disclosed to any third parties.

However, when you register for the Rewards Loyalty Programme, the data linked to your user profile will be processed by both Catalonia and Catalonia Rewards as joint data controllers, as set forth in the “Data Controller” section above.

In such cases, the data from your profile will initially be disclosed by Catalonia to Catalonia Rewards, so that both companies can process your data jointly thereafter.

This disclosure takes place to avoid sending duplicate marketing messages. When you register for Catalonia Rewards, you will no longer receive general messages from Catalonia, and we will focus on your relationship with us based on your membership of the Loyalty Programme.

This disclosure of data may also include the information collected by the cookies on the website, which is also owned by Catalonia, provided that you have accepted them.

LEGAL BASIS

The legal basis for profiling is the legitimate interest of Catalonia and Catalonia Rewards to ensure that we send more relevant information to our users, customers and members of the Loyalty Programme.

Catalonia and Catalonia Rewards have duly deliberated their legitimate interest, as a result of which it was concluded that our interests are legitimate, as they do not affect the rights and freedoms of data subjects, nor have any legal rulings been handed down on them or on any activity that affects them in a similar way.

Furthermore, the disclosure of data by Catalonia to Catalonia Rewards to establish their status as joint data controllers in respect of the profiles of members of the Loyalty Rewards Programme is based on the contractual obligations of the Rewards Programme (which you can consult here)

RETENTION PERIOD

The data of your user profile will be kept on record for as long as you (i) are a user of our website; (ii) do not delete the cookies that you have accepted, if applicable; (iii) are a subscriber of our newsletter; (iv) are a member of our Rewards Programme; and (v) have not expressly objected to profiling.

Please note that even if you had requested to unsubscribe from marketing messages, we will continue to update your user profile for the other purposes described above. If at any time you resubscribe to our newsletter, they will be customised to include the profile information generated so far.

In any event, your personal data may also be stored for other purposes, as stated in our general “Data retention period” section below.

2.8 FRAUD PREVENTION

DATA CONTROLLER

The data controller for fraud prevention will be Catalonia for all matters related to the use of the website, as well as to the products and services that are engaged or booked online.

With regard to fraud prevention related to the Loyalty Programme, the data controller will be Catalonia Rewards.

PURPOSE

We process the personal data of our users, customers and members of Rewards in order to ensure compliance with the obligations established in the use of our services and with the laws in force.

We may thus put controls in place to detect any inappropriate use of the website, the use of fraudulent personal data, unlawful means of payment (fake or stolen cards, for example) and fraud in the use of the benefits provided by the Rewards Programme.

To do so, we may process the personal data of a user who engages in fraud, not only to take measures to prevent it, but also to take legal actions to which we may be entitled in any given case.

DISCLOSURE OF PERSONAL DATA

Should fraud be detected that affects the interests and rights of Catalonia, we may disclose your data to law enforcement agencies, as well as to judges and courts in the country in which the fraud occurred or in the relevant jurisdiction in each case. Likewise, Catalonia may also disclose data to Catalonia Rewards and vice versa should either of them detect fraud.

LEGAL BASIS

The legal basis for this processing is the performance of the terms and conditions applicable to each case, whether the obligations arising from the use of the website established in the disclaimer, the terms and conditions on engaging services or those of the Rewards Programme.

In addition, we may process your personal data due to a legal obligation, provided that a fraud involves the breach of any applicable law in any country in which we operate.

RETENTION PERIOD

Data related to fraud prevention will be processed for as long as this may be required for Catalonia to defend its interests and rights and, whenever applicable, in accordance with the limitation periods established in any applicable legislation or if there is a lawsuit in progress that justifies this. For example, data could be processed for up to 10 years in cases of suspected fraud, pursuant to the Spanish Criminal Code.

2.9 CORPORATE CONTACT

DATA CONTROLLER

Whenever you contact us to request any information, your personal data will be processed by Duques de Bergara, S.L.U.

PURPOSE

You can contact us for different purposes by using our various information channels, whether the forms on the website, on social media, by telephone, via email or by post.

In these cases we may process your data, for example, to:

  • Handle any requests for information without obligation related to our products and services.
  • Handle any information requests related to expansion projects.
  • Send the latest news updated from the press room.
  • Handle any information requests related to our commitment to social responsibility.
  • Use your personal data, if relevant and timely, to enhance your Rewards user, customer or member profile, as set out in the description of data processing in the “Profiling” section above.

DISCLOSURE OF PERSONAL DATA

As a general rule, we do not disclose any personal data received. However, if the purpose of your enquiry is related to other companies associated with the Catalonia Hotels & Resorts chain, we may disclose the content of your enquiry and, if strictly necessary to provide you with a response, your personal data (so that you can be directly contacted, for instance).

LEGAL BASIS

The legal basis for responding to any request for information is the legitimate interest of Duques de Bergara, S.L.U. in ensuring contact with data subjects and providing a response to any request.

Should any information be used that has been provided to feed a Rewards user, customer or member profile, the legal basis will be that specified in the description of data processing in the “Profiling” section above.

RETENTION PERIOD

The data related to requests sent to Duques de Bergara, S.L.U. will be processed for as long as they are required to provide an appropriate response, for up to five years at most, to keep a record of past requests that allow us to improve our products and services or to retrieve a previous conversation, as well as until the limitation period established in any regulations that may be applicable in those cases in which we may be notified of an incident or breach by any company associated with Catalonia Hotels & Resorts.

2. 10 STAFF SELECTION

DATA CONTROLLER

When you apply for a vacancy (i) published by the Human Resources Department on job portals or by recruitment companies, such as, but not limited to, LinkedIn and InfoJobs, the data processor of your personal data will be Duques de Bergara, S.L.U.; (ii) when you apply for a vacancy on the “Work for us” section on the Catalonia corporate website, the data controller will be Promotora Kasde, S.A.; (iii) when you submit your CV in person at any of the hotels in the Catalonia Hotels & Resorts chain, the data processor of your personal data will be the company in the chain that manages the hotel in question.

Your personal data will be processed by the above data controllers, notwithstanding the fact that they can be exchanged between the companies in the group to which they belong (see the section “Data disclosures”).

PURPOSE

When we handle staff selection processes, we process personal data for the following purposes:

  • Evaluating your academic background and previous work experience in relation to the vacancy you are applying for.
  • Conducting the necessary interviews, both general by human resources and specific by the corresponding heads of department.
  • Depending on the position for which you apply, taking general, level, language, skills and aptitude tests.
  • Requesting references from the people you have given to us as sponsors.
  • Any other procedure that we consider appropriate to assess your candidacy.

We will also process your contact details in order to be able to contact you throughout the selection process.

If you are not selected, we may keep your personal data on record, as well as the results of interviews, tests, etc. to be able to offer you and consider you for other job offers or vacancies that we may consider to be of interest to you and that match your employment profile.

DISCLOSURE OF PERSONAL DATA

As a general rule, we do not disclose any personal data received. However, some of our core services are provided by other companies. Hotels that belong to the Catalonia Hotels & Resorts chain may also form part of other companies. Therefore, whenever necessary to handle your application, all of your personal details may be disclosed to the company that has published the vacancy.

LEGAL BASIS

The legal basis for selection processes is the execution of pre-contractual measures prior to your potential recruitment as an employee.

RETENTION PERIOD

The personal data that you send us for a vacancy for which you have not been finally selected may be kept on record for a period of not more than 2 years, in order to propose new vacancies that may be of interest to you, unless you object to this at any time

  1. DATA RETENTION PERIOD

Your personal data may be processed in accordance with what is described in each of the data processing sections set forth in this privacy policy.

Notwithstanding these retention periods, your personal data may be kept on record anonymised for statistical or market research purposes, whenever possible, or duly locked to comply with any legal obligation that may apply in each case.

For example, for the exercise or defence of legal actions related to consumer and user regulations, any relevant personal information may be processed for a period of 3 years. As mentioned above, in cases of fraud your personal data may be processed in certain cases for a period of up to 10 years, pursuant to the Spanish Criminal Code. There may be additional legal obligations in the different countries in which we operate that may require us to retain data for longer periods.

 

  1. INTERNATIONAL TRANSFERS

As a general rule, we always endeavour to process personal data in Europe or the European Economic Area, thus ensuring compliance with the GDPR by both us and our service providers that process data on our behalf under our instructions.

However, we provide our services globally, so we may need to process your data in other countries, which may or may not provide the same safeguards as the GDPR. Should it be necessary to make international transfers from the EU to countries outside the EU that do not provide such safeguards, we undertake to always carry them out by ensuring that they are protected by appropriate safeguards, which may include (i) standard clauses approved by the EU; (ii) third-party certifications; (iii) binding corporate rules; and (iv) any other valid mechanism in accordance with the laws in force or regulations passed by the competent authorities.

 

  1. RIGHTS

What rights do you have when you provide us with personal data?

You are entitled to obtain confirmation about whether or not the data controller is processing your personal data. 

You also have the right to access your personal data and to request the rectification of inaccurate data or, where applicable, request their erasure when, among other reasons, the data are no longer required for the purposes for which they were collected.

In certain circumstances, you may request that the processing of your data be restricted, in which case we will only keep them on record to exercise or defend ourselves against claims.

Furthermore, under certain circumstances and for reasons related to your personal circumstances, you may object to the processing of your data. The data controller will no longer process your data, unless there are compelling legitimate grounds for doing so, or to lodge or defend itself against potential claims. 

You may likewise exercise your right to data portability in accordance with the regulations in force. 

Should you wish to exercise any of your rights, you may contact us by sending an email to lopd@cataloniahotels.com. Alternatively, you can write to us at the following postal address: Atención al Cliente, Bergara 323, 08037 Barcelona, and writing “Protección de Datos” on the envelope. Remember to supply as much information as possible about your request: your full name, email address used for your account and the website your request concerns.

Finally, we hereby inform you that you can address the Spanish Data Protection Agency and other competent public organisations for any claim arising from the processing of your personal data.

 

Updated in May 2023