Privacy policy - Hotel la Torre
Privacy policy - Hotel la Torre

Privacy policy

PERSONAL DATA PROTECTION POLICY

1. Introduction

EL CHAPARRO SECO S.L. (the “Company”) is an organization that processes personal data, which entails a significant responsibility in designing and organizing procedures in compliance with current data protection regulations.

To establish the general principles governing the processing of personal data within the Company, this Personal Data Protection Policy is approved, communicated to employees, and made available to all stakeholders.

2. Purpose

The purpose of the Personal Data Protection Policy is to ensure compliance with applicable legislation in this area and, consequently, to uphold the right to honor and privacy in the processing of personal data of all individuals interacting with the Company.

This Policy defines the principles governing data processing within the organization, as well as the procedures, organizational measures, and security protocols that data controllers must implement. Management will assign corresponding responsibilities to personnel involved in data processing operations.

3. Scope of Application

This Policy applies to the Company, its administrators, executives, employees, and all individuals associated with it, including service providers with access to data (the “Data Processors”).

4. Principles of Personal Data Processing

As a general principle, the Company will strictly comply with data protection laws and must be able to demonstrate such compliance (“proactive responsibility” principle). Special attention will be given to processing activities that pose higher risks to the rights of data subjects (“risk-based approach” principle).

The Company will ensure compliance with the following principles:

  • Lawfulness, fairness, transparency, and purpose limitation: Data processing must be communicated to the data subject and is only considered lawful if consent is obtained or another valid legal basis exists. Additionally, the purpose must align with applicable regulations.
  • Data minimization: Data processed must be adequate, relevant, and limited to what is necessary for the intended purposes.
  • Accuracy: Data must be accurate and kept up to date, with necessary measures taken for correction or deletion when required.
  • Storage limitation: Data will be retained only for as long as necessary for the intended purposes.
  • Integrity and confidentiality: Data will be processed with appropriate security measures, including protection against unauthorized access, unlawful processing, accidental loss, or destruction.
  • Data transfers: The purchase or acquisition of data from unlawful sources or in violation of the law is strictly prohibited.
  • Engagement of data-processing providers: Only providers offering sufficient guarantees to implement appropriate security measures for data processing will be contracted. These agreements will be documented.
  • International data transfers: Any data transfer outside the European Economic Area must comply with the requirements established by applicable law.
  • Rights of data subjects: The Company will facilitate the exercise of access, rectification, erasure, restriction of processing, objection, and data portability rights through the necessary internal procedures.

The Company will promote the consideration of these principles in the design and implementation of all work procedures, products, services, contracts, and systems involving access to or processing of personal data.

5. Employee Commitment

Company employees will be informed of this Policy and commit to the following:

  • Undergoing the Data Protection training provided by the Company.
  • Applying relevant security measures in their respective roles, without prejudice to their specific responsibilities within the organization.
  • Using the established formats for handling data subjects’ rights requests and notifying the Company of any deviations from this Policy, particularly “personal data security breaches.”

6. Monitoring and Evaluation

The Company will conduct an annual evaluation or an assessment whenever there are significant changes in data processing to verify the effectiveness of technical and organizational measures ensuring data security.