Privacy Policy
The laws governing our data processing activities are primarily:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR")
This Privacy Policy may be amended unilaterally by our accommodation at any time. This Privacy Policy and any amendments thereto will be published on the accommodation's booking page.
Definitions
GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation)
Personal data: any information relating to a data subject, such as an identifier, name, number, location data, online identifier or data specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
Specific data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health and personal data concerning the sex life or sexual orientation of a natural person.
Data processing: any operation or set of operations performed on personal data or data files, regardless of the method used, such as collection, recording, recording, structuring, storage, alteration, transformation, use, retrieval, transmission, disclosure by transmission, alignment or combination, blocking, erasure and destruction, access to data and preventing further use of data, taking photographs, audio or video recordings and recording physical characteristics (e.g. fingerprints or palm prints) of a person.
Data controller: the natural or legal person or an organisation without legal personality who, alone or jointly with others, determines the purposes and means of processing personal data, makes and implements decisions relating to the processing of data or has them implemented by the data processor.
Data processor: the natural or legal person or an organisation without legal personality who, on behalf of the data controller, processes personal data.
Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of one or more factors, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors.
Data transfer: making personal data available to a specific third party. Data transfers to EEA Member States or to European Union bodies shall be considered as data transfers within the territory of Hungary.
Data erasure/deletion: making data unrecognizable by deleting its content or by a method that enables an equivalent result.
Data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
EEA Member State: a Member State of the European Union and another state party to the Agreement on the European Economic Area, as well as a state whose citizen enjoys the same legal status as a citizen of a state party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a state not party to the Agreement on the European Economic Area.
Third country: any state that is not an EEA Member State
3. What personal data do we process, for how long, for what purpose and on what basis?
The legal bases for our data processing may be the following:
• the user's voluntary, informed consent to data processing pursuant to Article 6(1)(a) of the GDPR (hereinafter: Consent);
• according to Article 6(1)(b) of the GDPR, the data processing is necessary for the performance of a contract to which the User, as the data subject, is a party (hereinafter referred to as: Performance of the Contract)
• according to Article 6(1)(c) of the GDPR, the data processing is necessary for the performance of a legal obligation to which the data controller is subject (such as the performance of an accounting or bookkeeping obligation – hereinafter referred to as: Performance of a Legal Obligation)
• according to Article 6(1)(f) of the GDPR, the data processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (hereinafter referred to as: Legitimate Interest)
The legal basis for data processing is defined below for each data category and data processing purpose separately, with reference to the above list.
3.1. Contact
Data subjects: any natural person who writes to us at one of our e-mail addresses on our website or contacts us by phone.
Purpose of data processing: Contact.
Data processing process:
If you provide us with your contact details via email or phone call, we will use them to maintain contact and provide our service.
Providing the above data is not mandatory, but we cannot contact you without them. You can withdraw your consent at any time without giving any reason, but this will not affect any data processing previously carried out based on your consent.
3.2. Reservation
Data subjects: Natural persons who book accommodation with the Data Controller.
Purpose of data processing: Booking management
Data processing process:
You must provide the above data to make a reservation on our website. Providing the above data is not mandatory, but in the absence of this, the reservation cannot be processed. You may withdraw your consent at any time without giving any reason, but this does not affect data processing previously carried out on the basis of your consent.
Customer service administration, complaint management
Data subjects: Every natural person who contacts our customer service with an inquiry or complaint by e-mail.
Purpose of data processing: Administration, complaint management
Data processing process:
If you contact our customer service regarding a complaint or other administration, the above personal data must be processed.
Providing the data is mandatory according to the relevant laws. If you fail to do so, we cannot carry out the administration or complaint management.
The data will be transferred in the event of an effective request.
Cookies
When visiting the booking page and using the services, small data files, called cookies, are placed in the User's browser and in HTML-based e-mails in accordance with this data management information.
Cookies are small data files that are transferred to your computer through the website when you use the website, and are saved and stored by your internet browser. The cookie allows us to recognize when the User last logged in to the website, the main purpose of the cookie is to enable the User to receive personalized offers and advertisements, which personalize the User's experience when using the website and express the User's personal needs.
Cookies can be used for a number of useful purposes:
Preferences, features and services: cookies can tell the site which language the User prefers, what the User's communication preferences are, help the User fill out forms on the site, making them easier.
Performance, analytics and research: such cookies help the site to understand how the site is performing in different locations. The site may also use cookies to evaluate, improve, and research the site, products, features, and services, including when the User accesses the site from other websites or devices, such as the User's computer or mobile device.
Based on the above, the types of cookies we use are:
Cookies necessary for the operation of the site (Essential cookies):
Cookies storing data recorded by the user ("user-input cookies"): these are session cookies that are based on a session identifier (a random temporary identification number) and that expire at the end of the session, when you exit the browser at the latest. They ensure user data input, i.e. they are linked to the user's activity during the exchange of messages with the service provider (e.g. filling out a form or clicking a button).
Cookies necessary for performance measurement (Performance cookies):
These cookies provide us with information for the appropriate development of the website by assessing user needs. These cookies collect information such as which menu item or which part of the website was clicked on, how many pages were visited, how long each session was in time, what documents were downloaded. To ensure this, so-called We also use third-party cookies
Cookie control:
We provide detailed information and settings options regarding the cookies we use in a pop-up window when you visit the website for the first time.
Most browsers allow Users to control the use of cookies through their settings. However, if the User restricts the website from using cookies, it may impair the user experience, as it will no longer be personalized for the user. The user can also stop saving personalized settings, such as their login information.
If the User does not want the site to use cookies when they visit the website, they can apply the appropriate settings for them in the pop-up window when they first visit our website.
Later, the user can disable the use of certain cookies in the settings menu of their browser. In order for the site to be aware that the user has blocked the use of certain cookies, the site will place a blocking cookie on the User's device, so that it will know that it cannot place cookies the next time the User visits the website.
Who manages your personal data and who has access to them?
The data controller and data processor
Name: Apartmento Mariposa Azul Santa Pola
Address: Calle Valladolid 3, 03130 Santa Pola, Alicante
Contact: info@mariposaazul.es
Information on data transfers abroad:
We do not transfer data to third countries. If such a case does occur, we will only transfer data to a third country to a service provider that ensures an adequate level of protection of personal data in accordance with Articles 45-47 of the GDPR, and this is examined on a case-by-case basis.
Rights of data subjects
Right to prior information
The data subject has the right to receive transparent, understandable, clear and easily accessible written information from the Data Controller before the start of data processing relating to personal data. The information must be provided to the Data Controller at the latest at the time of obtaining the personal data.
If the data controller intends to carry out further data processing on personal data for a purpose other than the purpose for which they were collected, it must inform the data subject of this different purpose and any relevant additional information prior to further data processing.
Right of access
The data subject shall have the right to obtain from the Controller information as to whether or not personal data concerning him or her are being processed and, where such processing is taking place, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom or to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
d) where applicable, the envisaged period for which the personal data will be stored or, where that is not possible, the criteria for determining that period;
e) the right of the data subject to obtain from the Controller rectification, erasure or restriction of processing of personal data concerning him or her and to object to the processing of such personal data;
f) the right to lodge a complaint with a supervisory authority;
g) where the data were not collected from the data subject, all available information on their source;
h) the fact of automated decision-making, including profiling, and at least in such cases, intelligible information on the logic involved and the significance and foreseeable consequences of such processing for the data subject.
The Controller shall provide the data subject with a copy of the personal data which are the subject of the processing. For further copies requested by the data subject, the Controller may charge a reasonable fee based on the administrative costs. If the data subject has submitted the request electronically, the information shall be provided in a commonly used electronic format, unless the data subject otherwise requests. The right to request a copy shall not adversely affect the rights and freedoms of others. Data processing information
Right to rectification
The data subject shall have the right to obtain from the Controller, upon request, the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purpose of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of a supplementary statement.
Right to erasure ("right to be forgotten")
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller shall be obliged to erase personal data concerning him or her without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
c) the data subject objects to the processing of his or her data and there are no overriding legitimate grounds for the processing;
d) the personal data have been processed unlawfully;
e) the personal data must be erased for compliance with a legal obligation to which the controller is subject under Union or Member State law;
f) the personal data were collected in connection with the offering of information society services.
Where the controller has made the personal data public and is obliged to erase them pursuant to the foregoing, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the data that the data subject has requested erasure by them of links to or copies or replications of the personal data concerned.
The above shall not apply where processing is necessary:
a) for the exercise of the right to freedom of expression and information;
b) for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
c) on grounds of public interest in the field of public health;
d) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right to erasure would likely render impossible or seriously jeopardise such processing; or
e) for the establishment, exercise or defence of legal claims. Data Protection Notice
Right to restriction of processing
The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
d) the data subject has objected to the processing; in such a case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override those of the data subject.
If processing is restricted on the basis of the above, such personal data may be processed, with the exception of storage, only with the data subject's consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the Union or of a Member State.
The controller shall inform the data subject at whose request the processing has been restricted in advance of the lifting of the restriction.
Right to rectification or erasure of personal data or restriction of processing
The data subject has the right to obtain from the controller the names of the recipients to whom the personal data have been disclosed. The controller shall inform all recipients to whom the personal data have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller, where
a) the processing is based on consent or a contract and
b) the processing is carried out by automated means.
When exercising the right to data portability, the data subject shall have the right to request the direct transmission of the personal data between controllers, where technically feasible.
The exercise of the data subject's right to data portability may not adversely affect the rights and freedoms of others, if this fact exists, the Data Controller shall exercise the right to data portability of the data subject by not providing the personal data supported by this fact, about which it shall send a reasoned information to the data subject.
The right to object
The data subject shall have the right to object at any time, on grounds relating to his or her own situation, to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or to the processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on the aforementioned provisions. In this case, the Data Controller may no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where this is related to direct marketing.
If the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Automated decision-making, profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply where the decision
a) is necessary for entering into, or the performance of, a contract between the data subject and the controller,
b) is permitted by Union or Member State law applicable to the controller and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
c) is based on the data subject's explicit consent.
In the cases referred to in points a) and c), the Controller shall take suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to object to the decision.
Right of the data subject to information about a data breach
The data subject shall have the right to receive information about a data breach concerning him or her that has occurred at the Controller, where the data breach is likely to result in a high risk to the rights and freedoms of natural persons.
Right of the data subject to lodge a complaint with a supervisory authority Data Protection Notice
Without prejudice to other administrative or judicial remedies, each data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes the Regulation.
The supervisory authority to which the complaint has been lodged shall inform the customer of the progress of the complaint and its outcome, including the fact that the customer has the right to a judicial remedy.
Right to an effective judicial remedy against the supervisory authority
Without prejudice to other administrative or non-judicial remedies, every natural and legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him or her.
Without prejudice to other administrative or non-judicial remedies, every data subject shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject of the progress of the complaint or its outcome within three months.
Proceedings against the supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
These rights can be exercised by data subjects using our contact details provided in the previous section, in writing or in person upon prior agreement. We strive to respond to all inquiries as soon as possible, but no later than within 15 working days.