Privacy policy

Hotel

Agents privacy policy

Please read this privacy policy carefully. In it you will find important information about the processing of your personal data and the rights recognised by the current legislation regarding the matter. We reserve the right to update our privacy policy at any time due to business decisions or to comply with possible legislative or jurisprudential changes. If you have any questions, or need any clarification regarding our Privacy Policy or your rights, you may contact us through the channels listed below.

You declare that any information with which you may provide us, now or in the future, is correct and truthful and that you shall undertake to alert us to any changes to the same. Where personal data of third parties is provided, you shall undertake to obtain the prior consent of those affected, and to inform them about the content of this policy.

Who is responsible for processing your data?

Manager: HORRACH MOYA HOTELS S.L. (HM HOTELS)

Address: Avenida Jaume III, 26 – Entresuelo 2, 7012 – Palma De Mallorca (Balearic Islands).

Email: dpo@hmhotels.com

Why will we process your data?

Data from the agencies registered for our programme for professionals will be processed to facilitate the administrative and economic management of the relationships they maintain with us and the fulfilment of our legal obligations. We will also process your data in order to keep you informed about our promotions and services.

How long will we keep your data?

In general, we will keep your data for the duration of your relationship with us and, in any event, for the periods provided for in the applicable legal provisions and for as long as is necessary to fulfil any possible responsibilities arising from the processing. We will delete your data when it is no longer necessary or relevant for the purposes for which it was collected. Data processed for commercial purposes will remain on-file as long as you do not request their deletion.

Legal basis for the processing

The legal basis for the processing of your personal data is the management of the contractual relationship with agencies enrolled in our programme for professionals, the fulfilment of our legal obligations, and our legitimate interest in promoting our products or services and, if you have indicated so, your authorisation to receive our communications by electronic means.

To whom may we disclose your data?

Your data will only be communicated to third parties by legal obligation or when it is necessary for the provision of the requested services.

What are your rights?

You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to access them. You can also request that your data be rectified when they are inaccurate or that incomplete data be supplemented, as well as request their deletion if, among other reasons, the data are no longer necessary for the purposes for which they were collected.

In certain circumstances, you may request that the processing of your data be limited. In such cases, we will only process the data in question for the formulation, exercise or defence of claims or with a view to protecting the rights of others.

Under certain conditions, and on grounds relating to your particular situation, you may also object to the processing of your data. In this case we will stop processing the data, except where there are compelling legitimate reasons that prevail over your interests, rights and freedoms, or for the formulation, exercise or defence of claims.

You may revoke the consent you have given for certain purposes, without affecting the lawfulness of the processing based on the consent prior to its withdrawal, and file a complaint with the Spanish Data Protection Agency.

We hereby inform you that the European Personal Data Protection Regulation also recognises your right to the portability of your data.

To request the cancellation of processing of your data for commercial purposes you can send an email to the following email address: dpo@hmhotels.com

In order to exercise your rights, you must send us a request accompanied by a copy of your National Identity Document (or another valid document that can identify you) by post or e-mail to the addresses indicated in the ‘Who is responsible for processing your data?’ section.

You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency at: http://www.aepd.es/

Marketing Privacy Policy

This privacy policy applies to our commercial communications.

Please read it carefully. In it you will find important information about the processing of your personal data and the rights recognised by the current legislation regarding the matter.

We reserve the right to update our privacy policy at any time due to business decisions or to comply with possible legislative or jurisprudential changes. If you have any questions or need any clarification regarding our Privacy Policy or your rights, you may contact us through the channels listed below.

1. Who is responsible for processing your data?

The data controller is Horrach Moyà Hotels, S.L., C.I.F. B-57088510, based at Avenida Jaume III, 26 – Entresuelo 2, 7012 – Palma De Mallorca (Balearic Islands), Spain.

You can contact the Data Protection Officer of GRUPO HM HOTELS at dpo@hmhotels.com

2. What personal data do we obtain?

The categories of data we process typically consist of:

3. For what purposes do we process your personal data?

We use them to send you commercial communications to the email addresses provided, for statistical purposes, and to improve the quality of our services.

4. To whom may we disclose your data?

Your data will only be disclosed if required by law or with your prior consent.

5. Legal basis for the processing.

The dispatch of non-personalised commercial communications, such as newsletters, and the collection of quality statistics and surveys is based on our legitimate interest in evaluating and promoting our services and on your consent to receive such communications electronically.

6. How long will we keep your data?

Data processed for commercial purposes will be stored until such time as the data subject revokes his or her consent or requests its deletion and, in any event, for the periods stated in the applicable legal provisions and for the time necessary to fulfil any possible responsibilities arising from the processing. The media confirming your consent to the processing of your data for these purposes, such as signed forms or logs for sending electronic forms, will be kept for the duration of the processing and the applicable statutory timeframes.

7. What are your rights?

You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to access it. You can also request that your data be rectified when it is inaccurate or that incomplete data be supplemented, as well as request its deletion if, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, you may request that the processing of your data be limited. In such cases, we will only process the data in question for the formulation, exercise or defence of claims or with a view to protecting the rights of others.

However, you may at any time revoke your consent and object to the processing of your data for direct marketing purposes, including commercial profiling. In such cases we will no longer process your personal information for such purposes. Withdrawal of your consent shall not affect the lawfulness of processing based on prior consent.

Likewise, under certain conditions, you may request the portability of your data so that it can be transmitted to another data controller.

You also have the right to file a complaint with the Spanish Data Protection Agency or any other competent control authority.

In order to exercise your rights, you must send us a request accompanied by a copy of your National Identity Document (or another valid document that can identify you) by post or e-mail to the addresses indicated in the ‘Who is responsible for processing your data?’ section.

To revoke your consent to the dispatch of our commercial communications, simply send an email to: dpo@hmhotels.com

You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency: http://www.aepd.es.

Video surveillance privacy policy

Please read this privacy policy carefully. In it you will find important information about the processing of your personal data and the rights recognised by the current legislation regarding the matter. We reserve the right to update our privacy policy at any time due to business decisions or to comply with possible legislative or jurisprudential changes. If you have any questions or need any clarification regarding our Privacy Policy or your rights, you may contact us through the channels listed below.

This policy is published on the URL.

Who is responsible for processing your data?

The data controller is Horrach Moyà Hotels, S.L., Avenida Jaume III, 26 – Entresuelo 2, 7012 – Palma De Mallorca (Balearic Islands), Spain.

What personal data do we obtain?

We process the data obtained from the video surveillance cameras installed for the security of our facilities.

For what purposes do we process your personal data?

We use captured data for the purposes of video surveillance and the security of our facilities.

How long will we keep your data?

The data will be erased within a maximum term of one month as of the day on which it was captured, without detriment to its conservation during the time stipulated in the applicable legal provisions, for example, to substantiate crimes against the integrity of people, property or facilities.

Legal basis for the processing.

The legal basis for the processing of data captured by the video surveillance system is the legitimate right to ensure the security of facilities.

To whom may we disclose your data?

Your data will not be passed to third parties, except for legal protection.

What are your rights?

You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to access it. You can also request that your data be rectified when it is inaccurate or that incomplete data be supplemented, as well as request its deletion if, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, you may request that the processing of your data be limited. In such cases, we will only process the data in question for the formulation, exercise or defence of claims, or with a view to protecting the rights of others. In certain circumstances, and for motives pertaining to your particular situation, you may object to the processing of your data. In such cases we will no longer process your data, unless there are compelling legitimate grounds that take precedence over your interests, rights and freedoms; or for the formulation, exercise or defence of legal claims. Likewise, under certain conditions, you may request the portability of your data so that it can be transmitted to another data controller. In order to exercise your rights, you must send us a request accompanied by a copy of your National Identity Document (or another valid document that can identify you) by post or e-mail to the addresses indicated in the ‘Who is responsible for processing your data?’ section. You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency: http://www.aepd.es.

WiFi privacy policy

This Privacy Policy applies to the use of HM HOTELS’ wifi by guests and patrons

Please read it carefully. The Policy contains important information concerning the processing of your personal data and your rights under data protection laws.  We reserve the right to amend our privacy policy at any time to take account of commercial decisions and to comply with any changes in legislation or case law. Please contact us using one of the methods set out below if you need any information or clarification concerning your Privacy Policy or your rights.

Who are the data controllers for the processing of your personal data?

The data controller for the processing of the personal data of WiFi users is the COMPANY or BUSINESS that operates the hotel at which you stay (the “ACCOMMODATION”). The identifying details and contact information of the ACCOMMODATION are shown on the registration slip signed by you when you check in.

A list of the companies in the HM HOTELS Group is set out below:

You can contact the Data Protection Officer of the HM HOTELS Group at dpo@hmhotels.com.

What personal data will with collect?

The personal data used is the information given by you when registering to use the Hotel’s internet over WiFi service.

The categories of personal data that we process typical consist of:

For what purposes is personal data processed?

The personal data that we collect will be used for provision of the WiFi service, and for management of the safety and performance of the service. We will also use personal data to send commercial communications to the email addresses you provide and to collect usage statistics and for the improvement of our products and services via client satisfaction surveys, albeit completion of such surveys is voluntary.

Who will we disclose your personal data to?

We will only disclose your personal data when required to do so by law or with your prior consent.

Legal basis for processing

The legal basis for the processing of personal data is performance of the contractual relationship and our legitimate interest in managing our systems to ensure their correct operation and safety. The sending of offers and commercial communications to the email addresses provided is based on your consent. The withdrawal of such consent will not affect the provision of any services contracted.The carrying our of satisfaction surveys and the collection of statistics  are based on our legitimated interest in evaluating and improving the quality of our products and services.

 

 

For how long will we retain your personal data?

Personal data used for the management of the service will be retained while required for management of your connection.

Personal data processed for commercial purposes will be retained for the periods stated in our Privacy Policy for Guests and Patrons.

Personal data processed for statistical purposes obtained from surveys will be retained in an active condition during the lifetime of our relationship with you.

We will in any event retain your personal data for the periods envisaged in relevant statutory provisions and for the time required to deal with possible liabilities arising from processing. We will delete your personal data when it is no longer required or relevant for the purposes for which it was collected. 

What rights do you have?

You have the right to obtain confirmation of whether or not we are processing your personal data and, if we are, to access the personal data.  You can also request rectification of your personal data when it is inaccurate and to have your personal data completed and to request its deletion when the personal data are no longer required for the purposes for which it was collected and for other reasons.

In certain circumstances, you can request restriction of processing of your personal data. In that event, we will only process personal data affected by the establishment, exercise or defence of claims or with a view to the protection of the personal data of other data subjects.

In certain circumstances and on grounds relating to your particular situation, you can object to the processing of your personal data. In that case, we will cease to process the personal data except on compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise and defence of legal claims.

Nonetheless, you may at any time withdraw your consent and object to the processing of your personal data for purposes of direct marketing, including the drawing up of commercial profiles. In that case, we will cease to process your personal data for such purposes. The withdrawal of your consent will not affect the legitimacy of any processing on the basis of your consent prior to its withdrawal.

You may also in certain circumstances request data portability of your personal data to transfer them to another data controller.

You also have the right to bring a complaint before the Spanish Data Protection Agency or any other competent supervisory authority.

You may request exercise of any of your rights by written request accompanied by a copy of your national identity document or equivalent identifying document by ordinary post or email to the addresses set out in the section headed Who is the data controller for the processing of your personal data?

You can find further information about your rights and how to exercise them on the website of the Spanish Data Protection Agency at http://www.aepd.es.

Guest and Patron Privacy Policy

Please read this Privacy Policy carefully. The Policy contains important information concerning the processing of your personal data and your rights under data protection laws.

This Policy is published on our website and is available in Reception at the Hotel, where you can pick up a copy for your own records.

The fields marked as required on our forms must be completed in order for your requests to be handled.

WHO IS THE DATA CONTROLLER FOR THE PROCESSING OF YOUR PERSONAL DATA?

The data controllers for the processing of the personal data of the hotel’s guests and patrons are:

Firstly, the company that manages the hotel at which you stay (the “HOTEL”), whose identifying details and contact information are available at Reception in the Hotel. We set out below a list of the companies in the HM HOTELS Group that manage our hotels:

And, second, HORRACH MOYA HOTELS, S.L., with registered office at Avda. Jaime III n.º 26, 07012 – Palma de Mallorca, Islas Baleares, Spain, VAT No B-57088510, (“GRUPO HM HOTELS” or “HM HOTELS”,). The respective roles of HOTEL and HM HOTELS Group are as follows:

The HOTEL is the data controller for the processing of the personal data of guests and patrons required for the operational management of the hotel, such as administration and accounting, management of bookings and stays, the provision of requested services and handling queries from guests and patrons.

HM HOTELS GROUP is the data controller for the processing of personal data in relation to the HM HOTELS brand and the management of the hotels as a chain, including:

The hotels in the HM HOTELS chain and the HM HOTELS group have entered into an agreement to regulate the processing of the personal data of patrons and guests in order to ensure an appropriate level of protection of personal data, wherever a particular hotel may be located. The key provisions of that agreement in terms of the respective roles and relationships of each HOTEL and the HM HOTELS GROUP with guests and patrons are reflected in this Policy.

Please contact the Data Protection Officer of the HM HOTELS Group at dpo@hmhotels.com for any query concerning the protection of personal data.

WHAT ARE THE PURPOSES AND LEGAL BASIS OF THE PROCESSING OF YOUR PERSONAL DATA?

The personal data of guests and patrons of the hotels in the chain are processed for the following purposes:

Each of those purposes is described in greater detail below.

Management of bookings and provision of services requested.

The HOTEL will process personal data provided on booking or request for services for management of such bookings and the provision of the services requested.

What personal data will be processed for this purpose and how are they obtained?

The categories of personal data that the HOTEL will process for these purposes are as follows:

Such personal data is obtained directly from you or from third party booking or service managers, when a booking is made or services are requested on your behalf, such as the bookings line or travel agency through which your stay is booked.

The processing of this personal data is necessary for performance of the contract for your stay, the provision of services required and the pre-contractual management of your request.

Financial information and information about  transactions for goods and services generated by your stay for purposes of accounting and administration and compliance with the legal obligations of the HOTEL in relation to accounting and tax.

Personal data collected at the time of your registration at the hotel and information generated in the course of your stay will be consolidated in the databaes of the HM HOTELS GROUP. + info in para 2.5 Consolidation of customer databases of the group for purposes of internal management and 2.6 Purposes of publicity and commercial profiles, in this Policy.

Registration and monitoring of travellers.

In accordance with laws relating to the monitoring of travellers in the countries in which the hotels in the chain are located, the personal data of guests staying in those hotels must be recorded. Such information is collected through the registration skip that guests complete and is consolidated in a traveller log required to be maintained by the HOTEL and made available to competent authorities.

What personal data is processed for this purpose?

If the HOTEL is located within the Schengen  Area the information recorded to comply with this obligation consists in personal identifying information and date of birth, nationality, passport or ID document and date of stay (you can find further information about the Schengen Area here).

If the HOTEL is located outside the Schengen Area and local laws concerning the monitoring of travellers are different, you will be informed as to the specific legal requirements at the time of registration at the hotel.

When local public health legislation at the location of a HOTEL in which you stay so require, the HOTEL will maintain a register of people using the establishment for purposes of epidemic control by competent public health authorities. You will be notified on arrival as to the specific public health obligations in force at the location of each hotel.

Meeting special needs

 The health-related personal data that you provide in connection with your special needs, such as allergies or that you are taking certain medications, will be processed by the HOTEL exclusively for this purpose. The processing of such personal data is based on your express consent given when you request specific accommodations or when you provide such information when registering a child for the mini club or request a treatment at the Spa, for hotels that provide such services. You can withdraw your consent to the processing of your health-related personal data at any time by notifying Reception at the hotel, but if you do so it may not be possible for us to provide the accommodations or special service requested.

Quality control.

To assess the implementation of standards across the chain by the hotels in the Group and to assess the quality of the products and services offered to our customers, HM HOTELS GROUP may carry out customer satisfaction and opinion surveys among guests and patrons of the chain. If you provide identifying information in responding to those surveys such as name or room number, HM HOTELS GROUP will inform the HOTEL so that they can contact you in relation to your complaints or suggestions. HM HOTELS GROUP may also use contact information provided by you to contact you for the same purpose. That processing of personal data is based on the legitimate interest of the HOTEL and HM HOTELS GROUP in assessing and managing the quality of the products and services provided by the chain and improving customer service.

How has that interest been weighed against your rights and freedoms?

That interest has been weighed against your rights and freedoms as follows:

Consolidation of customer databases of the group for purposes of internal management.

Customers’ personal data, financial information and information concerning bookings, and information concerning any transactions for goods and services generated by companies in the group and the hotels in the chain are consolidated in the databases of HM HOTELS GROUP for the following purposes of internal management of the Group:

Maintaining a register of customers across the chain: Personal data of customers of the Group is consolidated so as to have a register of customers at the level of the chain, to harmonise formats and coding of information and allow central management of operational processes common to all the hotels, such as notification of the arrival of travellers to competent authorities when required by applicable local laws. The information is consolidated within the Group’s hotel management tool (central PMS).

The legal basis of the processing is the legitimate interest of HM HOTELS GROUP in communicating the personal data of customers within the Group for purposes of internal management.

Publicity purposes and commercial profiles

HM HOTELS GROUP consolidates the personal data of customers and potential customers of the Group in a commercial database that it uses for direct marketing purposes and to draw up commercial profiles. Such personal data is obtained from bookings and stays and from the interactions of our customers and potential customers with the digital communication channels and businesses of the Group and the hotels in the chain, at all times with the knowledge of data subjects. Such personal data is processed for the following commercial purposes:

Sending of unpersonalised commercial communications and management of distribution lists (segmentation): HM HOTELS GROUP processes the identifying details and contact information provided on its Website and booking platform, information concerning your status as customer, language and market of origin for the sending of unpersonalised commercial communications relating to the travel and holiday-making products and services offered by the chain and the management of its distribution lists.

The legal basis for the consolidation of such information for that purpose is the legitimate interest of HM HOTELS GROUP in compiling and using for business purposes a database of customers of the chain for purposes of direct marketing.

The legal basis for the sending of commercial communications by the chain is Article 21.2 of Law 34/2002 of 11 July to make provision fro the information society and electronic commerce, transposing into Spanish law Directive 2002/58/EC (the E-Privacy Directive). In order to manage its distribution lists the HM HOTELS GROUP classifies addressees in function of their status as a customer of the chain, language and market of origin. This processing consists of a simple classification under objective criteria and it is not carried out for the purpose of drawing up commercial profiles, prediction or behavioural analysis; its legal basis is the legitimate interest of HIM HOTELS GROUP in segmenting addressees of its communications.

You may ask to be removed from the chain’s distribution lists at any time by following the unsubscribe link in our communications or by email to dpo@hmhotels.com.

Drawing up commercial profiles for the personalisation of the services and commercial commutations of the chain: Personal data consolidated in the Group’s commercial database is used to carry out behavioural analysis and predictive models in order to understand and predict the wishes and needs of our customers, actions associated with purchases of our products and services and the factors that lead to such purchases.

If you have given consent to the personalisation of the services and communications of the Group, HM HOTELS GROUP will access the personal data generated by your bookings and stays at the hotel to add it to your commercial profile. That profile will be enriched with the information generated from your interactions with the businesses, hotels and digital media of the Group. We will use the personal data contained in your profile to personalise the way in which we deal with you and the services provided by Group businesses and the hotels in the chain with which your interact, such as by wishing you happy birthday or taking account of the preferences that y9ou have shown during your stays in relation, for example, to your preferred type of room. To that end, Group businesses and the hotels in the chain with which you interact will access your profile.

What is involved in personalisation?

The hotels in the chain and Group businesses with which you contact or from which you request a service will view the information in your profile to personalise the way in which they handle your request and provide services. That personalisation is subject to the standards set for the chain by HM HOTELS GROUP. Your profile will only be viewed when you contact and interact with the hotels and Group businesses. Viewing is by connection to the customer relationship management (CRM) tool of HM HOTELS GROUP which is located within the European Union. Information from your profile data will not added to the systems of the hotels and businesses in the chain viewing your profile. Note, however, that where such hotels and businesses are located outside the European Economic Area (EEA), viewing your profile may involve the transfer of your personal data to countries that do not offer a level of protection of personal data equivalent to the level provided within the European Union. The chain has adopted the appropriate organisational and technical measures to ensure an adequate level of protection of personal data, regardless of the location of the hotels and businesses of the HM HOTELS Group, including the execution agreements that contain the standard clauses approved by the European Commission between HM HOTELS GROUP and the hotels and Group businesses located outside the EEA, the use of secure connections, strict control of access to profile data and the establishment of internal rules to be followed by individuals persons authorised to access such information. For further information concerning these measures, please contact our Data Protection Officer.

Your profile will also allow us to determine when to send you marketing communications based on the frequency of your bookings or the times of year when you have stayed or tend to stay at our establishments and to personalise our offers in function of the type of product likely to be of interest to you based on your past bookings, amounts spent and products you have enquired about but not purchased, for example, to promote products intended for family holidays if you have travelled as a family, have viewed products of that nature on the Group’s websites or have requested a quote for stays of this nature.

Whilst automated individual decisions that produce legal effects for our customers or that significantly affect them in a similar way are not taken on the basis of these profiles, please note that you have the right to object to the making of such decisions Article 22 of GDPR.

The legal basis for all such processing and flows of personal data is the consent for which you were asked; the giving or withholding of that consent does not affect the provision of services contracted for. You can withdraw your consent at any time by email to dpo@hmhotels.com 

Management of the loyalty programme

If you have joined our loyalty programme, the HOTEL will process personal data relating to your membership to identify you as a member of the programme in order to ensure that you receive the benefits to which you are entitled. For the same purpose, the HOTEL will provide to HM HOTELS information relating to your booking (dates of stay, number and ages of guests and services within the booking) and items consumed during your stay (purchases, use of services, meals and drinks consumed, use of facilities) to ensure that you receive the benefits to which you are entitled under the programme.

Such processing is the purpose of the programme and required for it to operate. The legal basis for such processing is the contractual relationship arising from your request to join the programme. You can withdraw your consent at any time by sending an email to dpo@hmhotels.com.

If you consented to the preparation of a commercial profile, the information arising from your use of the programme will be added to the profile.

WHO WILL YOUR PERSONAL DATA BE DISCLOSED TO?

Your personal data will only be exchanged within the HM HOTELS Group in the circumstances described in the preceding paragraphs or disclosed to third parties in compliance with legal obligations, with your prior consent or when required in order to be able to provide the services requested. The HOTEL will notify the competent authorities of the registration information of guests when public health, security or traveller monitoring local laws in the relevant country so require.

If your booking includes ancillary services provided by third-party providers or if your request relates to such services, the personal data required for the handling of your booking or request will be disclosed to the relevant provider for that sole purpose. Such communications are required for the provision of the requested services or for pre-contractual processes related to your request.

If you have given your consent, HM HOTELS GROUP and HM HOTELS branded hotels will disclose your identifying details and contact information and information about your stays and future bookings (dates of stays, number and ages of guests and services included in each booking) to the operator of the HM HOTELS loyalty programme, HORRACH MOYA HOTELS, S. L. (HM HOTELS).That personal data will be processed by HM HOTELS to send promotional communications under the programme and its management if you are a member. International transfers of personal data to HM HOTELS will be subject to the entry into agreements containing the data protection provisions approved by the European Commission in Decision CE 2004/915/EC so as to ensure an appropriate level of protection for your personal data. For further information about those provisions clauses, please contact our Data Protection Officer. You can withdraw your consent to the processing of your personal data by HM HOTELS at any time by sending an email dpo@hmhotels.com.

HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?

As a general principle, the personal data of guests and patrons will be retained during the lifetime of the relationship between the HOTEL and HM HOTELS GROUP any in any event for the period envisaged in relevant laws and for such time as may be required to address any legal liabilities arising from processing. Your personal data will de deleted when it has ceased to be required or relevant for the purposes for which it was collected.

The HOTEL will retain financial and transaction information concerning goods and services generated during your stay for the time required by local accounting and tax laws in the country in which the HOTEL is located.

In countries in which national security and traveller monitoring laws so require, the HOTEL will retain its guest logs for the periods required by such laws, and for no less then three years.

Health-related personal data provided by guests and patrons to the hotel in connection with special needs will be deleted daily for patrons who are not guests and at the end of their stays for guests.

The personal data of customers consolidated for purposes of the internal management of the Group will be retained during the lifetime of the relationship between the hotels and the Group and in any event for the periods envisaged by the provisions of local law and for such time as may be required to address any liabilities arising from processing. Your personal data will de deleted when it has ceased to be required or relevant for the purposes for which it was collected.

Personal data processed by HM HOTELS GROUP for commercial purposes, including commercial profiles, will be retained for so long as you do not object to processing or request deletion of your personal data and in any event for the periods envisaged by applicable law and for such time as may be required to address any liabilities arising from processing. Your personal data will de deleted when it has ceased to be required or relevant for the purposes for which it was collected.

WHAT RIGHTS DO YOU HAVE?

You have the right to obtain confirmation of whether or not we are processing your personal data and, if we are, to access the personal data. You can also request rectification of your personal data when it is inaccurate and to have your personal data completed and to request its deletion when the personal data are no longer required for the purposes for which it was collected and for other reasons.

In certain circumstances, you can request restriction of processing of your personal data. In that event, we will only process personal data affected by the establishment, exercise or defence of claims or with a view to the protection of the personal data of other data subjects. In certain circumstances and on grounds relating to your particular situation, you can object to the processing of your personal data. In that case, we will cease to process the personal data except on compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise and defence of legal claims. You may also in certain circumstances request data portability of your personal data to transfer them to another data controller.

You can withdraw any consent you have given for specific purposes; however, any withdrawal of consent will not affect the lawfulness of any processing based on your consent prior to its withdrawal. You can at any time lodge a complaint with the Spanish Data Protection Agency. You can request cessation of processing of your personal data for commercial purposes by email to dpo@hmhotels.com.

You may request exercise of any of your rights by written request accompanied by a copy of your national identity document or equivalent identifying document by ordinary post or email to the addresses set out in the section headed Who is the data controller for the processing of your personal data?

You can obtain further information about your rights and their exercise on the website of the Spanish Data Protection Agency at http://www.aepd.es