Privacy Policy
Basic Information on Data Protection
Controller: GRAND HOTEL CENTRAL BARCELONA SLU. Purposes: Provision of online services. Management of website users. Commercial communications related to our services. Legal basis: Explicit consent and legitimate interest. Recipients: Data will not be disclosed to third parties, except where legally required. Rights: Access, rectification and erasure of data, as well as other rights, as explained in the information below.
At GRAND HOTEL CENTRAL BARCELONA SLU we work to offer you, through our products and services, the best possible experience. In some cases, it is necessary to collect information in order to achieve this. Your privacy matters to us and we believe that we must be transparent about it.
Therefore, for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, the “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, the “LSSI”), GRAND HOTEL CENTRAL BARCELONA SLU informs the user that, as controller, it will incorporate the personal data provided by users into an automated file.
Our commitment begins by explaining the following:
Your data is collected so that the user experience improves, taking into account your interests and needs.
We are transparent regarding the data we obtain about you and the reason why we do so.
Our intention is to offer you the best possible experience. Therefore, whenever we use your personal information, we will always do so in compliance with the regulations, and whenever necessary, we will request your consent.
We understand that your data belongs to you. Therefore, if you decide not to authorize us to process it, you may request that we stop processing it.
Our priority is to ensure your security and to process your data in accordance with European regulations.
If you would like more information about the processing of your data, please consult the different sections of the privacy policy set out below:
1. IDENTITY OF THE CONTROLLER
In compliance with the regulations in force on personal data protection, users are informed that the data they provide through this website will be processed by:
• Owner: Grand Hotel Central SLU
• Tax ID (CIF): B65256877
• Address: Via Laietana, No. 30, 08003 Barcelona (Spain)
• Telephone: 932 957 900
• Email: info@grandhotelcentral.com
Hereinafter, the “Controller”.
2. PURPOSE OF THIS POLICY
The purpose of this Privacy Policy is to explain clearly and transparently:
• What personal data is collected
• For what purpose it is used
• What the legal basis for its processing is
• How long it is retained
• What rights users have
3. DEFINITIONS
For the purposes of this policy, the following shall be understood as:
• Personal data: any information that identifies or may identify a natural person (name, email, telephone number, etc.).
• Processing: any operation carried out on personal data (collection, storage, use, disclosure, etc.).
• User: a person who accesses, browses or uses the website.
• Controller: the entity that decides how and for what purpose personal data is processed.
4. DATA COLLECTED
The Controller may collect the following categories of data:
4.1 Data
• Name and surname
• Email address
4.3 Booking or stay data
• Booking information
• Data necessary for the provision of services
4.4 Financial data
Payment information (managed through secure gateways)
4.5 Browsing data
• IP address
• Information about the device
• Browsing habits (cookies)
5. PURPOSES OF PROCESSING
Personal data will be processed for the following purposes:
5.1 Management of bookings and services
To enable the management of bookings, stays and services contracted at the hotel.
5.2 Customer service
To respond to queries, requests or incidents raised by users.
5.3 Compliance with legal obligations
To comply with the applicable regulations, especially regarding traveller registration, taxation and security.
5.4 Commercial communications
To send information about the hotel’s services, promotions or offers, provided that prior consent exists or there is a contractual relationship.
5.5 Service improvement
To analyse the use of the website and improve the user experience.
6. LEGAL BASIS FOR PROCESSING
The processing of data is based on:
• Performance of a contract: management of bookings and provision of services
• Compliance with legal obligations: tourism, tax and security regulations
• Consent of the data subject: sending commercial communications and use of cookies
• Legitimate interest: service improvement and customer service
7. DATA RETENTION
Data will be retained for the time necessary to fulfil the purpose for which it was collected and, subsequently, for the periods required by the applicable legislation.
In particular:
• Customer data: during the contractual relationship and subsequent legal periods
• Contact data: until the user requests its deletion
• Tax data: according to tax regulations
8. DATA RECIPIENTS
Data may be disclosed to:
• Public administrations, when required
• Necessary service providers (hosting, web management, payments, etc.)
• Law enforcement agencies, in compliance with regulations
• Under no circumstances will personal data be sold to third parties.
9. INTERNATIONAL TRANSFERS
If providers located outside the European Economic Area are used, compliance with the appropriate safeguards in accordance with the GDPR will be ensured.
10. USER RIGHTS
You may send your communications and exercise your rights by submitting a request to the following email address: info@grandhotelcentral.com
Pursuant to the GDPR, you may request:
• Right of access: you may request information about the personal data we hold about you.
• Right to rectification: you may notify any change in your personal data.
• Right to erasure and to be forgotten: you may request deletion after the prior blocking of personal data.
• Right to restriction of processing: this entails the restriction of the processing of personal data.
• Right to object: you may withdraw consent to the processing of data, objecting to further processing.
• Right to data portability: in some cases, you may request a copy of your personal data in a structured, commonly used and machine-readable format for transmission to another controller.
• Right not to be subject to individual decisions: you may request not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect the data subject.
• In some cases, the request may be refused if you request the deletion of data necessary to comply with legal obligations.
• Likewise, if you have any complaint regarding the processing of data, you may lodge a complaint with the data protection authority.
• To exercise these rights, you may send a request to: info@grandhotelcentral.com
• Indicating: name, surname, the right you wish to exercise, and a copy of an identification document.
Likewise, you have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
11. SECURITY MEASURES
The Controller applies the technical and organisational measures necessary to ensure a level of security appropriate to the risk, in accordance with the provisions of Regulation (EU) 2016/679 (GDPR).
These measures are intended to protect personal data against risks such as loss, alteration, destruction, unauthorized access or unlawful processing.
In particular, the Controller has adopted, among others, the following measures:
11.1 Organisational measures
• Control and limitation of access to personal data only to authorised personnel
• Establishment of internal data protection and confidentiality policies
• Training and awareness of personnel in matters of data protection
• Signing of confidentiality agreements with employees and collaborators
• Periodic assessment of the risks associated with data processing
11.2 Technical measures
• Use of IT systems protected by secure passwords and authentication
• Implementation of security protocols in networks and systems (firewalls, antivirus, etc.)
• Encryption of data when necessary, especially in sensitive transmissions
• Periodic backups to ensure the recovery of information
• Monitoring of access and activities to detect possible incidents
11.3 Management of security incidents
The Controller has procedures in place to:
• Detect and manage possible security breaches
• Notify, where appropriate, the competent supervisory authority
• Inform data subjects when there is a risk to their rights and freedoms
11.4 Principle of minimisation and limitation
Measures are adopted to ensure that:
• Only strictly necessary data is processed
• Data is not retained longer than necessary
• Controls are applied to prevent improper access
11.5 Evaluation and updating of measures
Security measures are reviewed periodically and adapted according to:
• Technological developments
• The nature of the data processed
• The risks identified
However, the user should be aware that Internet security measures are not absolutely invulnerable. Therefore, the Controller will continue working to strengthen security and reduce any risk as much as possible.
12. DATA OF MINORS
This website is not intended for minors. If data relating to minors is collected, the consent of their parents or legal guardians will be required.
13. CHANGES TO THE POLICY
The Controller reserves the right to modify this Privacy Policy in order to adapt it to legislative developments or changes in the activity. In the event of relevant changes, users will be informed.
14. ACCEPTANCE
Use of this website implies acceptance of this Privacy Policy.
