WHO IS RESPONSIBLE FOR MANAGING MY INFORMATION?
The data controller of your personal information is THOMAS ULRICH MICHAEL FOGHT, registered office at Avenida Marqués del Duero, 15. San Pedro Alcántara, CP: 29670, Málaga, email: firstname.lastname@example.org.
WHAT INFORMATION DO WE COLLECT?
We receive and store any information you enter on our Website, by email, post or telephone. This includes information that can identify you ("personal information"), including your first and last name, telephone number, postal and e-mail addresses. We also may request passport details, people travelling with you once you have made a booking. If you are an owner wishing to let your property with us we will collect additional data, such as your bank account and property details. If you do not provide us with the information set out in this paragraph, then we may not be able to provide the booking or letting services. We do not collect sensitive personal information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic, biometric or health data.
PURPOSE AND LEGAL BASIS FOR THE USE OF DATA
We will only use your personal data when the law allows us. We will normally collect personal information from you only
- when we need to perform a contract with you
- when it is necessary for our legitimate interests and not overridden by your rights
- when we have your consent to do so
- when we need to comply with legal and tax obligations.
At any time you may withdraw your consent or exercise your right of access, correction, erasure, restriction, objection and portability, by sending an email to email@example.com. Please note that even though you have opted out of receiving communication we may need to retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, tax or reporting requirements.
We use the information received from and about you for the following general purposes:
- To answer your enquiries via online booking/contact forms
- To provide you with booking confirmation and important travel updates for your booking (via email or SMS)
- To manage your booking, including processing payments
- To respond to your questions and comments
- To notify you about special offers that may be of interest to you
- To ask you for your feedback to ensure we are providing the best service we can
- To resolve disputes or troubleshoot problems
Your personal information shall be retained for as long as is necessary to fulfil the purposes for which it was initially collected, to comply with our legal obligations and resolve disputes. The retention period shall be governed by the regulations of storage of data and documentation.
YOUR GDPR RIGHTS
If you are a resident of the European Economic Area, you have the following data protection rights:
- Access: To request us to confirm whether we hold any of your personal data
- Rectification: To request us to correct your data if they are inaccurate
- Restriction: To restrict the processing of personal data. - retained only for the purpose of the establishment, exercise or defence of legal claims
- Erasure also known as the “right to be “forgotten”: To request us to delete (to the extent legally possible) your personal data if it is no longer necessary for the purposes for which we collected or processed it. Data will be retained only for the purpose of the establishment, exercise or defence of legal claims.
- Objection: To object to the processing of your personal data and we do not have an overriding legitimate ground for processing
- Portability: To request a portable copy of the personal data we hold about you, should you wish your data be processed by a third party, where feasible
If you wish to exercise any of these rights, please send a written request via email to firstname.lastname@example.org or via ordinary post to the registered address of THOMAS ULRICH MICHAEL FOGHT. In order to help us confirm your identity and verify your right to access your personal data (or to exercise any of your other rights) you will need to attach a copy of some form of identification (passport/ID Card). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you are dissatisfied with our handling of any complaint you also have the right to lodge a complaint to the supervisory authority about the way we process your personal data, which in Spain is The Spanish Data Protection Agency (AEPD).
The controller shall respond to these requests within one month of receipt. That period may be extended depending on the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
HOW WE SHARE YOUR DATA
In order to provide you with the services that we offer we may share your information with:
- owners of holiday accommodation (if you are guest booking accommodation)
- guests of holiday accommodation (if you are a holiday home owner)
- third party service providers (who manage our online booking system and accounting and tax consultants)
- Spanish Tax Authorities (listing details such as the owner’s full name and tax identification number, accommodation address; booking details such as guest’s name and identification number and number of nights booked)
Where third-party service providers have access to data they will only collect information as needed to perform their functions, and are not permitted to share or use the information for any other purpose. If you have any questions about third-party data sharing, please contact us at: email@example.com
HOW WE PROTECT YOUR PERSONAL DATA
We want you to feel confident about using our website to plan and book your holiday rental, so we are committed to protecting the information we collect. While no website can guarantee security, we have implemented and maintain appropriate physical, administrative, technical and organisational measures to protect the personal data you provide us against unauthorised or unlawful access, use or disclosure and against accidental loss, damage, alteration or destruction.
For example, only authorised employees and third party providers are permitted to access personal data, and they only may do so for permitted business functions and are bound by a Non-Disclosure and Confidentiality Agreement.
We have established what we consider to be reasonable precautions for personal data breach detection. In the event of a security breach, we will notify the affected individual as well as the supervisory authority (AEPD).
INTERNATIONAL DATA TRANSFER
EU data protection rules apply to the European Economic Area (EEA), which includes all EU countries, Iceland, Liechtenstein and Norway. When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data.
THOMAS ULRICH MICHAEL FOGHT uses DROPBOX, located in the USA, for cloud storage of personal data www.dropbox.com/help/security/data-transfers-europe-us. Dropbox complies with the EU-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area to the United States.