Who is the Controller for your personal data?
The controller for the personal data is the company BAY HOTELS & LEISURE SOCIMI, S.A, holder of tax identification number A-57869513 with address for these purposes at Edificio Sarrià Forum. Avda. Sarrià 102-106, Planta 11. 08017 Barcelona. To guarantee adequate management of the processing of your data, BAY HOTELS has appointed a Data Protection Officer, whom you may address for any matter that might arise and who can be contacted at the email address firstname.lastname@example.org.
What is the purpose of processing your personal data?
The personal data provided by users of this Website may be processed by BAY HOTELS for the following purposes, depending on the type of data provided by the user, as well as on the interactions between the user and BAY HOTELS through the Website.
Contact and management and processing of website users' queries and requests: The personal data of users who contact BAY HOTELS through any of the contact channels made available through the Website in order to receive queries and/or requests from users will be processed to maintain contact between the parties, manage Website users, provide customer or user service, and manage and process user requests or queries sent via the channels provided for this purpose on our Website.
What data are processed by BAY HOTELS and what are their sources?
The data processed by BAY HOTELS as a result of the user's interactions through our Website come from the following sources:
- Data provided by the user by filling in the forms made available by BAY HOTELS or by any other means by which the user communicates with BAY HOTELS.
- Data generated as a result of the development, processing, and maintenance of the relationship established between the user and BAY HOTELS.
BAY HOTELS may process personal data of the following types, depending on the relationship established with the user:
- Identification and contact data (e.g. name and surname, email, postal address, telephone, IP address, etc.)
- Other data types. Only if the Website user provides other types of data in their interactions with BAY HOTELS, mainly through the reports issued through the Whistleblower's Channel made available online by the Company, will these data be processed by BAY HOTELS, only if their processing is required for the purpose sought. Otherwise, the data will be erased without having been previously stored by BAY HOTELS.
What is the legal basis for the processing of your data by BAY HOTELS?
BAY HOTELS processes the personal data provided by the users of its Website on the following legal bases, depending on the type of data provided by the user, as well as on the user's interactions with BAY HOTELS:
The processing of your data for the purpose of "Contact and management and processing of Website users' queries and requests" is based on the management and processing of the legal relationship established between the user and BAY HOTELS, that is, on the management of the request, on the maintenance of the contact between the parties, and, if applicable, on the provision of the service requested by the user, as well as, in the legitimate interest of BAY HOTELS to respond to queries and requests from users.
Who are the recipients of your data?
How long will we keep your personal data?
BAY HOTELS will keep your personal data for as long as required for the provision of the service requested and/or to achieve the purpose of the processing sought.
Later, provided that the user has not exercised its right of removal, their data will be duly kept during the applicable legal periods, taking into account the type of the data as well as the purpose of their processing.
In any case, the user may request detailed information about the data retention periods applied at BAY HOTELS by contacting our Data Protection Officer, who can be contacted at email@example.com.
What personal data should be provided in each case?
BAY HOTELS informs users that, when personal data are obtained through a form made available on our Website, the user must provide at least the data specified as mandatory, with an asterisk (*), in the form in question. If at least those data, which are regarded as mandatory, are not provided, BAY HOTELS will be unable to manage the service or the query made by the user.
What should you warrant by providing your personal data?
The user warrants that the information provided is true, accurate, complete, and up-to-date, and is responsible for any harm or loss, direct or indirect, that may be caused as a result of a breach of this obligation.
BAY HOTELS informs you that, you must be older than 18 in order to provide your personal data in any way through our Website. Users who provide data to BAY HOTELS through this Website represent and warrant that they are older than 18, and are entirely responsible for this statement.
What measures do we take to protect your personal data?
Given BAY HOTELS’s interest in ensuring the security and confidentiality of your data, the security measures required for personal data protection have been taken and the technical measures at its disposal have been implemented to prevent loss, misuse, alteration, unauthorised access, and theft of the personal data provided through the Website. In any case, it should be borne in mind that online security measures are not unassailable.
What are your rights over your personal data?
BAY HOTELS informs you that you have the right to receive the confirmation of whether we are processing personal data affecting you or not.
BAY HOTELS also informs you that you have the following rights over your personal data:
- Accessing your data: You have the right to access your data to find which personal data concerning you we are processing.
- Requesting the rectification or removal of your data: Under certain circumstances, you have the right to rectify those personal data that you regard as inaccurate and concern you, and are processed by HISPANIA, as well as the right to request the removal of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- Requesting the limitation of the processing of your data: Under certain circumstances, you will have the right to request that we limit the processing of your data, in which case we inform you that we will only keep the data, the limitation of processing of which has been requested for the exercise or defence of claims.
- To the portability of your data: Under certain circumstances, you will have the right to receive the personal data that concern you and that you have provided to us, in a commonly used structured format that is automatically read, as well as to their transfer by BAY HOTELS to another controller.
- Objecting to the processing of your data: Under certain circumstances and for reasons connected to your specific situation, you will have the right to object to the processing of your data, in which case we will cease to process them unless we must continue to do so for legitimate imperative reasons or for the exercise or defence of potential claims.
We also remind you that you have the right to withdraw any of the consents given for the processing of your data, without this affecting the lawfulness of the processing based on the consent prior to their withdrawal.
BAY HOTELS informs you that you may exercise your rights over personal data by means of a written message sent to BAY HOTELS & LEISURE SOCIMI, S.A., with the subject line "Data Protection", together with your national identification document or an equivalent document, on both sides, which may be sent to either of the following addresses:
- Edificio Sarrià Forum. Avda. Sarrià 102-106, Planta 11, 08017, Barcelona.
BAY HOTELS will provide the information requested within one month from the reception of the request. This period may be extended by an additional two months if necessary, taking into account the complexity and volume of requests.
You may file a complaint with the Data Protection Officer, who will resolve the complaint within a maximum period of one month. Likewise, BAY HOTELS notifies you that you may file a claim with the competent Control Authority as regards data protection.