Book

Booking is handled by our partner Debenaps.

PRIVACY POLICY

  • Identification of the Data Controller

    • POINT-FAIR-COST, S.L. is the DATA CONTROLLER for the processing of the USER’s personal data and informs them that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).

    You can contact the Data Controller via the email address info@hotelmastrader.com.

    The address for complaints purposes corresponds to the address indicated as the Owner’s registered address.

    1. Purposes of Processing

    a. To respond to queries that the data subject sends to the Data Controller.

    Retention period: Data will be retained until the query raised by the data subject is resolved. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

    Legal basis: Legitimate Interest of the Data Controller and Consent of the Data Subject.

    b. To process accommodation or seminar reservations made by the user, as well as any orders for products from the data controller’s bar/restaurant.

    Retention period: Data will be processed for as long as there is an interest on the part of the data subject, based on the contractual relationship existing upon contracting the accommodation service. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

    Legal basis: Contractual relationship.

    c. To send the data subject commercial communications about our services that may be of interest to them (newsletter).

    Retention period: Data will be retained until the data subject revokes the consent given. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

    Legal basis: Express consent of the data subject.

    d. To manage the publication of user content or opinions about their level of satisfaction with their experience using our services or our hotel’s facilities.

    Retention period: Data will be retained until the data subject revokes the consent given. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

    Legal basis: Express consent of the data subject.

    f. To organise competitions or other promotional activities.

    Retention period: Data will be retained until the data subject revokes the consent given. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

    Legal basis: Consent of the data subject and legitimate interest of the data controller.

    1. Recipients of your data

    The Data Controller contracts with third-party data processors in order to provide its services. With the exception of these entities, your data will not be communicated to other third parties. If for any reason it is necessary to communicate such data to third parties, you will be informed in advance and, where applicable, your consent will be requested and the purposes of the communication and the identity of the third party to whom they will be communicated will be specified.

    All of the above, except in cases where a legal requirement obliges the communication of such data to a third party.

    1. Rights

    Persons who provide us with their data have the following rights in relation to them:

    a. Right of access

    b. Right of rectification or erasure

    c. Right to restriction of processing

    d. Right to data portability

    e. Right to object

    f. Right to withdraw consent

    a. Right of access: Any person has the right to obtain from the Data Controller confirmation of whether or not personal data concerning them are being processed and, if so, the right of access to such personal data.

    b. Right of rectification: This is the right to obtain the rectification of personal data in our possession that concern you.

    c. Right of erasure: This is the right to obtain the erasure of your personal data.

    d. Right to restriction of processing: This is the right to have your data cease to be subject to the corresponding processing operations when any of the following conditions is met:

    • When you have exercised the rights of rectification or objection and the Data Controller is in the process of determining whether the request is admissible. If the processing of data is unlawful, which implies the erasure of the data, but you do not wish your data to be erased by the Data Controller.
    • When the data are no longer necessary for processing, which implies their erasure, but you wish the Data Controller to restrict their processing and retain them in order to formulate, exercise or defend claims.

    e. Right to data portability: This is the right to obtain from the Data Controller, in the case of automated processing of your data, a copy thereof in a structured, commonly used and machine-readable format, or for that copy to be transmitted directly to the Data Controller you indicate. Please note that this right will not apply to:

    • Data of third parties that you have provided to the Data Controller.
    • Data concerning you, but which have been provided to the Data Controller by third parties.

    f. Right to object: This is the right to object to your personal data being processed. With regard to the processing carried out by the Data Controller, you may object to the sending of commercial communications, both of the Data Controller’s own and those of third parties.

    If you wish to obtain more information about your rights, we suggest you visit the website of the Spanish Data Protection Agency, as well as the European Data Protection Regulation.

    The exercise of these rights may be carried out by sending an email to info@hotelmastrader.com, clearly indicating which right you wish to exercise and providing a copy of your identity document to verify your identification. You may also write by post to the Data Controller’s registered address indicated in point 1 of this Privacy Policy.

    Additionally, we inform you of the possibility of filing a complaint with the competent Supervisory Authority, in this case the Spanish Data Protection Agency, particularly if you have not obtained satisfaction in the exercise of your rights. You can contact the Spanish Data Protection Agency by phone on 901 100 099 and 912 663 517 or by visiting them at C/ Jorge Juan, 6. 28001 – Madrid.

    1. Security Measures

    The Data Controller guarantees the user that the processing carried out complies with all the provisions of the data protection regulations mentioned above, GDPR and LOPDGDD, and that the data are processed in a lawful, fair and transparent manner in relation to the data subject, and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

    Likewise, the Data Controller guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and LOPDGDD in order to protect the rights and freedoms of USERS and has communicated adequate information to them so that they can exercise these rights.

    1. Origin and Accuracy of Data

    All data collected come from the data subject. The User, by accepting this Privacy Policy, declares and undertakes to guarantee the accuracy and correctness of the data provided, as well as being the legitimate owner thereof.

    Likewise, the User undertakes to keep their data up to date at all times, and to promptly inform the Data Controller of any significant changes, such as a change in their bank account ownership, or a modification of the email address provided through the relevant forms hosted on the website.

    In this regard, the User will be solely responsible for failure to comply with the above, exempting POINT-FAIR-COST from all liability with respect to data that the User has not previously communicated to them.