PRIVACY POLICY

In accordance with personal data protection legislation in force, users of the website www.palacioarrilucehotel.com (hereinafter, the Site) are hereby informed of the Privacy and Data Protection Policy that will apply to processing of the personal data that the user voluntarily provides when accessing the Site.

The user, by providing their personal data, expressly consents to Palacio Arriluce Hotel processing these data in the terms of this clause of the Privacy and Data Protection Policy and for the purposes expressed herein, and they will be solely liable for the veracity of the data provided.

Users are hereby informed that their personal data may only be obtained for processing when they are appropriate, pertinent and not excessive in relation to the scope and specific, explicit and legitimate purposes for which they are obtained. They will be deleted when they cease to be necessary or pertinent to said purpose, or when this is requested by the data owner when exercising their right to erasure.

Palacio Arriluce Hotel hereby declares its commitment to complying with legislation in force at any given moment in matters of data protection.

The following is detailed information regarding processing of your personal data:

INFORMATION ON PERSONAL DATA PROTECTION

Data processor

Corporate name: HOTELES GAP, S.L. Tax ID number NIF: B88401773 Address: Carretera de Fuencarral a Alcobendas, Km. 3,8, Edif. 4 pl. 1, 28108 Alcobendas, Madrid. Email: info@palacioarrilucehotel.com

Purpose of processing

• Contact: attending to the request for information sent using the contact form.
• Newsletter: subscription to receive the latest news.
• Booking management: we will manage the bookings requested by clients through the “SynXis” booking engine.
• Cookies: analysis of website usage, traffic and gathering of information about preferences for advertising purposes, as well as for the control of spam, fraud and abuse. For further information, please see our Cookies Policy.

Legal basis

The basis for processing the data in contact and newsletter forms is the consent given by the user upon checking the acceptance box. The basis for processing the data collected to manage the booking is execution and fulfilment of the contractual relationship created between the hotel and the client. Consult our Cookies Policy for information on the cookies used by this website. We can assure you that the configuration of cookies will depend on the consent that you give, depending on the setting you select.

Storage period

• Contact data will be stored for the time necessary to address your query and while their erasure is not requested. In the case of the newsletter, the data will be stored until erasure is requested or opposition to processing is exercised.
• Consult our Cookies Policy to identify the term of each cookie.
• The data collected for the booking will be stored until the relationship ends and, in any case, until the legal terms and limitations of related actions have ended.

Expected transfers

• Management of the booking will involve the transfer of data to the payment gateway to check the card used and, if necessary, to make the payment according to the terms agreed in the Terms and Conditions and the Cancellation Policy set out on the Site.
• Similarly, your data will be passed to the Public Authorities when required to fulfil our legal obligations.

Expected international transfers

• Your data could be subject to international transfer. In relation to this, we inform you that the website uses the services of Google Analytics, provided by Google LLC, an entity located in the U.S.A., and compliant with the Commission’s Adequacy Decision, 10 July 2023, EU-USA Data Privacy Framework, which admits the possibility of European citizens’ personal data being passed to the U.S.A. Interaction with users through the said tool involves the use of analytical and technical data in relation to the Website, provided that the user has consented to the use of cookies through the settings panel. For further information, please see our Cookies Policy.

Rights of interested parties You have the right to withdraw the consent granted when processing is based on this. You have the right to file a claim with the control authority (Spanish Data Protection Agency: www.aepd.es) if you believe your rights have not been correctly addressed.

We implement the technical and organisational measures necessary to ensure the security of personal data and to prevent them from being altered, lost, processed or accessed without authorisation, bearing in mind the state of technology, the nature of the data and the risks to which they are exposed.

The Site has the SSL Certificate (Secure Socket Layer), with a view to ensuring security when transferring data between your browser and our Site.

The secure server establishes a connection such that the information is encrypted and sent, ensuring it may only be read by the user's device and the Site's device. As a result, by using the SSL protocol the following is guaranteed:

• The user is communicating their data to the Site's server and not any other server.
• The data are encrypted when they are sent between the user and the Site, preventing them from being possibly read or handled by third parties.

To check you are in a secure environment, you can:

• Check that the web address starts with https://
• Check that a padlock icon appears in the search bar of your browser.
• Check for the presence of the SSL certificate by checking the Site's properties in your browser; to do so, consult your browser's settings.

Any change made to the Privacy Policy and in information management practices will be noted accordingly; this Privacy Policy may be aggregated, amended or deleted when deemed necessary.

Under no circumstances will policies or practices be amended to make them less efficient in terms of personal data protection without the consent of the interested parties.

Last update: December, 11th 2023.