Let’s start your Holidays

Book your roomX

Privacy Policy

1. Information for the user

“DUNAOASIS PALACE S.A.”, hereinafter the data CONTROLLER, is the party responsible for processing the user’s personal data and informs users that their data will be processed in accordance with the provisions laid down in current regulations on personal data protection, European Regulation EU 2016/679 of 27 April 2016 (GDPR). Organic Law

3/2018 of 5 December 2018 on Personal Data Protection and Guarantee of Digital Rights [Protección de Datos Personales y Garantía de los Derechos Digitales] and Internet Law, Law 34/2002 of 11 July 2002, on Information Society Services and Electronic Commerce [Ley de Servicios de la Sociedad de la Información y Comercio Electrónico or LSSICE, as per its Spanish acronym], and, therefore, we provide you with the following information on how your data is processed:

Purpose of data processing: To maintain a business relationship with the User. The intended processing operations are:

Legal Basis: GDPR: 6.1.a) The data subject consents to the processing of his or her personal data for one or more specific purposes.

To send commercial marketing communications by email, fax, SMS, MMS, social media or any other electronic or physical medium, existing now or in the future, which makes it possible to send commercial communications. These communications shall be carried out by the CONTROLLER and be related to its products and services, or the products and services offered by its partners or suppliers with whom they have reached a promotion agreement. In this case, third-parties shall never have access to any personal data. To conduct statistical studies. To process orders, price quotes, applications or any type of request made by the user through any means of contact available. To send the website newsletter.

Data storage criteria: Data shall be stored for the time necessary to fulfil the purpose of data processing. When said data is no longer necessary for said purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction.

Data disclosure: Data shall not be disclosed to third parties, unless there is a legal obligation to do so. There is no international data transfer.

User’s rights:

  • You have the right to withdraw your consent at any time.
  •  You have the right of access, the right to rectification, the right to data portability and erasure and the right to restrict processing or to object to the processing of your data.
  • You also have the right to lodge a complaint with the supervisory authority (https://www.aepd.es/reglamento/derechos/index.html) if you consider that the processing does not comply with the regulations in force. www.agpd.es. Calle Jorge Juan 6, 28001. Madrid.

If you want to exercise your rights, please contact: See Section 7

2. The Contact tab. Additional Information

Purpose of the processing: To answer queries, information requests, requests, questions, suggestions or similar matters made by data subjects regarding our products or services.

Legal Basis: GDPR: 6.1.a) The data subject consents to the processing of his or her personal data for one or more specific purposes.

Data storage criteria: Data shall be stored for the time necessary to fulfil the purpose of data processing. When said data is no longer necessary for said purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction.

Data disclosure: Data shall not be disclosed to third parties, unless there is a legal obligation to do so. There is no international data transfer.

User’s rights:

  • You have the right to withdraw your consent at any time.
  •  You have the right of access, the right to rectification, the right to data portability and erasure and the right to restrict processing or to object to the processing of your data.
  • You also have the right to lodge a complaint with the supervisory authority (https://www.aepd.es/reglamento/derechos/index.html) if you consider that the processing does not comply with the regulations in force. www.agpd.es. Calle Jorge Juan 6, 28001. Madrid.

If you want to exercise your rights, please contact: See Section 7

3.- The Work with Us tab. Additional Information

Purpose of the processing: to inform the data subject of staff selection processes, carrying out an analysis of the applicant’s profile in order to select the best candidate for the CONTROLLER’s vacant job.

CV registration: we inform you that this is the only formal procedure to accept your CV; therefore, CVs submitted in any other way shall not be accepted.

Data storage criteria: Data shall be stored for a maximum of one year, after that time it shall be deleted ensuring that privacy is fully respected both during its processing and its subsequent destruction. In this regard, after the specified time has passed, if you wish to continue participating in selection processes carried out by the CONTROLLER, please send us your CV again.

Data update: Should your data change in any way, please let us know in writing as soon as possible in order to keep your data duly updated.

Data disclosure: Data shall not be disclosed to third parties, unless there is a legal obligation to do so, and with the exception of the companies that belong to the group: "ASHI 85, S.L.” holder of Tax Id. No. B96199807, "SEASIDE HOTELS, S.L." holder of Tax Id. No.  B35081090, and "DUNAOASIS PALACE, S.A.", holder of Tax Id. No.  A35014406, which are engaged in a joint economic activity. There is no international transfer of data.

User’s rights:

  • You have the right to withdraw your consent at any time.
  •  You have the right of access, the right to rectification, the right to data portability and erasure and the right to restrict processing or to object to the processing of data.
  • You have the right to file a claim with the supervisory authority (agpd.es) if you consider that the processing does not comply with current legislation.

If you want to exercise your rights, please contact: See Section 7

4.- The Newsletter tab. Additional Information

Purpose of the processing: Newsletter subscription.

Legal Basis: GDPR: 6.1.a) The data subject consents to the processing of his or her personal data for one or more specific purposes.

Data storage criteria: Data shall be kept for as long as there is a mutual interest to keep the newsletter subscription.

Data disclosure: Data shall not be disclosed to third parties, unless there is a legal obligation to do so. There is no international data transfer.

User’s rights:

  • You have the right to withdraw your consent at any time.
  •  You have the right of access, the right to rectification, the right to data portability and erasure and the right to restrict processing or to object to the processing of data.
  • You also have the right to lodge a complaint with the supervisory authority (https://www.aepd.es/reglamento/derechos/index.html) if you consider that the processing does not comply with the regulations in force. www.agpd.es. Calle Jorge Juan 6, 28001. Madrid.

If you want to exercise your rights, please contact: See Section 7

5.-The Bookings tab. Additional Information

Purpose of the processing: It has been designed as a customer service mailbox and its purpose is to facilitate and to accelerate the booking process for our customers, as well as to be able to make comments and/or requests through any multichannel medium. The sending of commercial communications, if so requested, by ticking the corresponding box at the time of booking.

Legal Basis: GDPR: 6.1.a) The data subject consents to the processing of his or her personal data for one or more specific purposes.

Data retention criteria: Data shall be stored for the time necessary to fulfil the purpose of data processing. When said data is no longer necessary for said purposes, it shall be deleted using appropriate security measures to guarantee data pseudonymisation or its total destruction.

Data disclosure: Data shall not be disclosed to third parties, unless there is a legal obligation to do so. There is no international data transfer.

User’s rights:

  • You have the right to withdraw your consent at any time.
  •  You have the right of access, the right to rectification, the right to data portability and erasure and the right to restrict processing or to object to the processing of data.
  • You also have the right to lodge a complaint with the supervisory authority (https://www.aepd.es/reglamento/derechos/index.html) if you consider that the processing does not comply with the regulations in force. www.agpd.es. Calle Jorge Juan 6, 28001. Madrid.

If you want to exercise your rights, please contact: See Section 7

6.-Complaints Channel. Additional Information.

Purpose of the processing: Carry out comprehensive administrative management of the complaints made, as well as guarantee the protection of people who report regulatory violations.

Legal Basis: Art. 6.1.e. Public interest or exercises of public powers.

Data retention criteria: They will be kept for no longer than necessary, to maintain the purpose of the treatment and when it is no longer necessary for this purpose, they will be deleted with appropriate security measures to guarantee the confidentiality of the data and preserve identity. of the affected persons, through the pseudonymization of the data or the total destruction of the same. Even so, it will be kept for three (3) months from the time it is reported and is not anonymous, unless the conservation of said data is necessary to demonstrate the proper functioning of the model for preventing the commission of crimes. And they will be deleted or anonymized, within one (1) month, in case the complaint is filed or not processed.

Data disclosure: Treatment Managers. Judicial Authority, Prosecutor's Office, Judicial Bodies, Competent Authorities, Lawyers and other interveners. Those necessary for the adoption of disciplinary measures or the processing of judicial procedures that, where appropriate, apply. There is no international data transfer.

User’s rights:

• Right to withdraw consent at any time.
• Right of access, rectification, portability and deletion of your data and the limitation or opposition to its processing.
• Right to file a claim with the supervisory authority (https://www.aepd.es/reglamento/derechos/index.html) if you consider that the treatment does not comply with current regulations. www.agpd.es. Calle Jorge Juan 6, 28001. Madrid.

If you want to exercise your rights, please contact: See Section 7

7. If you want to exercise your rights, please contact:

“DUNAOASIS PALACE S.A.”- Tax ID No.: A35014406 Address: Avenida de Moya 8, 35100 San Bartolomé de Tirajana, Gran Canaria - Spain. Telephone no.: 928771766.

Or send an email to: dpd@seaside-hotels.com

8. Social Networks links

The links which redirect the website to the different social network accounts such as Facebook, Twitter, Instagram, Youtube, etc. and which belong to “DUNAOASIS PALACE S.A.” are designed so that users can access those pages directly and thus be able to interact, express opinions, ideas and make other comments related to the company, its services or products. The company “DUNAOASIS PALACE S.A.”, is not responsible for any comments made, photos or videos published by the user community, although it may veto, delete or remove comments, photos or videos that are unseemly or inappropriate. To learn more about any responsibility regarding the different social network platforms, please check their own Privacy Policy.

9. Compulsory or optional nature of the information provided by users

By ticking the corresponding boxes and entering their data in the respective fields marked with an asterisk (*) in the contact form, or submitting their data through downloadable forms, users expressly, explicitly and freely accept that the service provider needs their data to process their requests. Filling in the remaining fields is voluntary. Users guarantee that the personal data provided to the CONTROLLER is accurate and they shall be responsible for informing the CONTROLLER of any changes in said data. The CONTROLLER expressly informs and guarantees users that under no circumstances their personal data shall be disclosed to third parties without their previous express, informed and unambiguous consent. It is compulsory to provide all data requested on our website, as it is necessary in order to provide the best possible service to users. If all requested data is not provided, we cannot guarantee that the information and services provided are completely tailored to the user’s needs.

10. Security measures

In accordance with the provisions laid down in the regulations in force on personal data protection, the CONTROLLER fully complies with all the provisions of the GDPR and LOPDGDD (Spanish Organic Law on Personal Data Protection and Guarantee of Digital Rights) regulations regarding the processing of the personal data for which the Controller is responsible. The Controller also expressly complies with the principles outlined in section 5 of the GDPR and section 4 of the LOPDGDD, by which data is to be processed fairly and lawfully and in a transparent manner in relation to the data subject and must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are being processed. The CONTROLLER guarantees the implementation of the appropriate technical and organisational measures required by the GDPR and the LOPDGDD regulations in order to safeguard the rights and freedoms of data subjects and that they have been adequately informed of how such rights and freedoms can be exercised.

11. Links

This privacy policy is only applicable to the http://www.hotel-palm-beach.com website, and it is not guaranteed when accessing this site through external links, nor in the case of accessing other websites using links on this site.

12. WEBSITE content

The full or partial reproduction of this website, including dumping the content on any medium, without the express authorisation of “DUNAOASIS PALACE S.A.” is strictly prohibited.

“Dunaoasis Palace S.A.” Data Protection Information Policy. General Data Protection Regulation (GDPR)

1.- How do we obtain your personal data?

- We collect personal data with your consent in the following situations:
- When you show interest in a product or service.
- When a price quote is made.
- During the booking process.
- When you contact us using data from apps, prize draws, contests, websites, landing page or social networks.
- When you participate in prize draws, awards, events, promotions and marketing, promotional or informative events using data from apps, prize draws, contests, websites, landing page or social networks.
- When you visit any of the hotels that are part of our business group.

2.- What information can we collect from the data subject/customer?

Contact data:
Name, Surname(s), Postal Address, Sex, Email, Landline/Mobile Telephone Number. Date of Birth.

Personal data:
Family situation, family members. Date of birth. Place of birth. Occupation. Bank details.  Requests made regarding information about products and services. The most frequently booked hotel, hobbies. Method of payment chosen. Account number.

Identification data:
Customer number or contract number

Customer history:
Customer satisfaction rates. Offers received or sent. Details of the booking holder, price, booking date, check-in date, check-out date. Information regarding additional purchases or reservations. Campaign history and responses to those campaigns. Event participation (place, company). All complaints and claims made by the customer.

Data regarding the use of the room:
About personal preferences, capacity, use.

Data from the app, the website or social networks:
All data entered by the customer/data subject when registering in any app, website, landing page or social network belonging to “Dunaoasis Palace S.A.” or to other companies that are part of the business group.

You may access the uses of the visited website of “Dunaoasis Palace S.A.”. Data from cookies (depending on the approval of cookie policies). The use of social networks made by “Dunaoasis Palace S.A.” (for instance, visits, messages, photos or videos posted), and by the different companies that belong to the business group.

3.- For which purposes is your personal data used?

General
On behalf of the company, we process the information provided with the purpose of providing the service requested, performing its comprehensive administrative management and booking rooms. Also, to identify our customers, to make  checking in and out at the hotel easier when staying at any of the hotels of our group of companies, as well as profiling customers, sending commercial communications and birthday wishes. 

All provided data shall be stored as long as the business relationship exists or for as many years as necessary to comply with the legal obligations. You may withdraw your consent at any time. We also remind you that in all business communications carried out by “Dunaoasis Palace S.A.”, or by companies of our business group, you are always given the possibility of unsubscribing.

You may also exercise your rights to access your personal data, to rectify any inaccurate information, to oppose or to request its deletion when such data is no longer necessary, through any of the different communication means where you receive business communications. Data shall be stored as long as a business relationship exists. After you withdraw your consent, we shall stop processing your customer profile and you shall not receive any new business communications. Through the same communication channels that you use to receive business communications, you can exercise the above-mentioned rights.

Customer profiling: In order to offer you products and services according to your interests, as well as to improve our services, we create a commercial profile from the information provided and through statistical procedures. As a result of this statistical research, an analysis is carried out and more personalised marketing communications can be sent to you according to your preferences. The following data may be added to the profiles created for each customer, regardless of whether they have been provided personally or generated while using the products or services offered by “Dunaoasis Palace S.A.”: contact information (such as their name, address, Personal ID Card no., email, mobile telephone no.); additional information (such as their preferred hotel, or the one that they use more frequently, or their hobbies); user identification information (such as customer number or contract number); customer history (such as the reception of offers, information about their accommodation, preferences); data from apps, prize draws, contests, webs, landing page or social networks. No automated decisions shall be taken based on said profile.

Commercial communications: The consent is for commercial communications regarding the sale of products and services offered by “Dunaoasis Palace S.A.”, always through multichannel means of communication (telephone, e-mail, postal mail, sms, mms, WhatsApp, etc.): newsletters, greetings on dates of general interest and celebrations: Christmas, Saint Valentine's Day, etc., events, contests and promotions. You may always withdraw your consent in every communication.

Birthday wishes: You give your consent so that we can wish you a happy birthday with the aim of having a closer and more trustful relationship. Also, so that “Dunaoasis Palace S.A.” can offer you a present, product, service, discount or anything similar, as well as send you a birthday card; always by using multichannel means of communication (telephone, email, postal mail, sms, mms, WhatsApp, etc.).

Transferring data to other companies of our group. 
Data shall not be transferred to third parties unless there is a legal obligation to do so and also ask the companies of the business group of “Dunaoasis Palace S.A.”. The companies that are part of the group are “Ashi 85, S.L.” and “Seaside Hotels, S.L.”. In this regard, we inform you that “Dunaoasis Palace S.A.” belongs to a business group and there is legitimate interest in sharing personal data within the group for internal administrative purposes, including the processing of our customers’ personal data. Therefore, any company that has been identified as a customer’s favourite or has participated in the purchase process may have your data and may contact you. On the different websites of the group, there is information available about said business group. You may withdraw your consent at any time, or you can let us know if you do not want any of the above-mentioned companies to have access to your data.

Quality control, R&D&i regarding new products and services.
“Dunaoasis Palace S.A.”, may use any of the data received by our group of companies during the provision of the service, with the purpose of developing future products and services and of controlling the quality of the existing ones. Before using such data for any of these purposes, your data shall be immediately anonymized so that it cannot be directly linked to you. The legal basis for this processing is based on the legitimate interest of “Dunaoasis Palace S.A.” thus, enabling a more personalized and tailored manner of meeting the present and future needs of our customers and the usual investment in research, development and innovation made by “Dunaoasis Palace S.A.”.

4.- Legal basis contained in the Directive and reproduced by the LOPD:
The legal basis is the execution of a contract, in this case, the contract for accommodation in our hotel, for the rental of hotel accommodation, as well as the consent given by the data subject and legitimate interest.
If you have ticked the corresponding box, the legal basis for the sending of commercial communications, customer profiling and birthday wishes, regarding other products and services, is your consent, which you can withdraw for such purpose at any time, without it conditioning the execution of the accommodation contract in the hotel.
Consent. You have expressly given you consent, which you can withdraw at any time.
• Contractual relationship. To manage and maintain a contract that has been signed, the hotel room reservation and/or additional services.
• Vital interests of the data subject or of other persons. In case of sickness or anything similar.
• A legal obligation to which the controller is subject.
• Prevailing legitimate interests of the Controller or of third-parties to which the data is transferred.

5.- Users’/Customers’ rights. Company data.
You have the right to obtain confirmation as to whether we, at “Dunaoasis Palace S.A.”, are processing your personal data; therefore, you have the right to access your personal data, to rectify any inaccurate information, to request its deletion when such data is no longer necessary, as well as to request its portability, and the limitation of its processing. You also have the right to withdraw your consent at any time and to file a complaint with the Supervisory Authority (www.agpd.es), if you consider that the processing of your data does not comply with the current legislation.
In certain circumstances provided for in article 18 of the GDPR, data subjects may request the limitation of the processing of their data, in which case, we shall only store such data for the exercise or defense of legal claims.
Data subjects may object to the processing of their data for marketing purposes including profiling. “Dunaoasis Palace S.A.” shall stop processing their data except if there are compelling legitimate reasons for such processing or if it is necessary for the exercise or defense of legal claims.
In accordance with the right to data portability, data subjects have the right to obtain their personal information in a structured, commonly used and machine-readable format and to transmit their data to another data controller, whenever possible. The data category used is: full name, Personal ID card no., Passport no., e-mail and telephone no.

What is the procedure to exercise the rights contained in the new regulation?
The GRDP requires controllers to facilitate the exercise of the data subjects’ rights. This requirement establishes that procedures and methods to do so must be visible, accessible and simple. This obligation requires to set up procedures enabling data subjects to easily prove that they have exercised their rights by electronic means, which is not always viable at present.

The exercise of rights shall be free of charge for the data subject, unless:

- Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge a reasonable fee taking into account the administrative costs of taking the action requested; or refuse to act on the request (such fee cannot represent additional income for the controller but should effectively correspond to the true cost of the processing of the request).
- The controller shall provide information on the actions taken on a request to the data subject within one month (that period may be extended by two further months if requests are especially complex and the controller shall inform the data subject of any such extension within one month). If the controller decides not to take action on the request, the controller shall inform the data subject of the reasons for not taking action within one month of receipt of the request.
- In accordance with the GDPR, controllers must use all reasonable measures to verify the identity of a data subject who requests access, and, in general, of data subjects that exercise the remaining ARCO rights.
- When the controller processes a large quantity of information concerning a data subject, the controller may request that the data subject specify the information to which the request relates.
- The controller may be assisted by processors to respond to requests made by data subjects exercising their rights, and such assistance may be included in the processing agreement.

6.- Company details for the exercise of rights or regarding Data Protection.
By writing to the following address and attaching a copy of your passport or Personal ID Card: “Dunaoasis Palace S.A.” - Tax ID No.: A35014406 Address: Avenida de Moya 8, 35100 San Bartolomé de Tirajana, Gran Canaria - Spain. Telephone no.: 928771766. Email: info@hotel-palm-beach.com 

Contact information of our Data Protection Officer.
If you have any doubts or questions or need any explanation or anything similar, you may contact our Data Protection Officer at: dpd@seaside-collection.es
 
7.- Business group.
Below there is a list of the companies that are part of the group of companies of “Dunaoasis Palace S.A.”
“Ashi 85, S.L.” with Tax ID no. B-96199807, and registered address at Avenida de Moya 8, 35100 San Bartolomé de Tirajana, Gran Canaria - Spain. “Dunaoasis Palace S.A.” with Tax ID no. A35014406, and registered address at Avenida de Moya 8, 35100 San Bartolomé de Tirajana, Gran Canaria - Spain. “Seaside Hotels, S.L.” with Tax ID no. B35081090, and registered address at Avenida de Moya 8, 35100 San Bartolomé de Tirajana, Gran Canaria - Spain.

Activado

SEASIDE HOTELS NEWSLETTER