Rights and obligations
Official website of Blau hotels & resorts
You declare that the data you provide us with now or in the future are correct and truthful and you undertake to inform us of any change in them. If you are providing personal data of third parties, you undertake to obtain the prior consent of the data subjects and inform them of the contents of this policy.
In general, the mandatory fields in our forms must be completed in order to process your requests.
1. Who is the data controller responsible for processing your data?
Unless specifically indicated otherwise, the responsible party for processing the data collected on this Website is ROXA HOSPITALITY, S.L., with the address Calle Manuel Azaña, 38, plt. 2, 07006, Palma de Mallorca (Balearic Islands) and email address firstname.lastname@example.org.
The Data Protection Delegate of ROXA HOSPITALITY, S.L is IURISTEC, S.L. with the address Calle Guillem Massot, 53, plt. baja, 07003, Palma de Mallorca and email@example.com.
2. What personal information do we collect?
The data we process are those obtained:
− From the forms you complete and the requests you formulate via the Website. We also process the data included on applications and requests we receive by email.
− From profiles and analytics obtained based on Website browsing by users, whether registered or not.
− From the social profile with which you have decided to begin the session on our Website.
− From your profile on the programme Blau Amigo!, in case you have registered in this manner.
The data categories we process typically consist of:
− Identification and contact data, national identity document or passport number;
− Data relating to your booking and contact history;
− Economic and transaction data;
− Commercial tracking data
− Identification and contact data obtained from the social profile with which you used to start the session on our Website. This data is only processed for this purpose.
− Data generated by your use of social networks which you have decided to share with us (likes and comments, for example).
3. Why do we process your data?
Our users' data will be processed for the management of our relations with them, for dealing with their requests and queries, for managing their bookings, the administration and the management of online security and the fulfilment of our legal obligations. This data will also be used for analytical purposes and to improve the quality of our services. Additionally, we will process your data to send commercial communications through electronic mediums, in case you have registered with the Blau Amigo! programme.
4. To whom may we disclose your data?
Your reservation details may be shared with entities managed by ROXA HOSPITALITY, S.L. or other companies in the Roxa Group* hotel division, *, this is to the destination hotels and to the companies whose services are included in the contracted service for the correct transmission and management of your bookings, requests or queries. This includes the communication to said hotel of the bank card data that has been provided in the reservation to attend to the possible penalties for cancellations or non-presentation fixed in the rate terms and conditions. The processing of your reservations requires the aforementioned process, and therefore the process cannot be carried out if you object to this.
This sharing of data may involve an international transfer of data. The aforementioned entities are outside the European Economic Area.
Your data will only be communicated to third parties by legal obligation, with your consent, or when your request requires such communication.
**In the following link you can see the companies managed by ROXA HOSPITALITY, S.L. and other companies in the Grupo Roxa hotel division www.roxa.es/hoteles-grupo-roxa-blau-hotel/
5. Legal basis for processing
The legal basis for the processing of your data is the management of the legal relationship established with you, the provision of requested or contracted services, and compliance with legal obligations.
The following processes are based on the existence of a legitimate interest:
− The security management of the Website is based on our legitimate interest to guarantee the security of our systems.
− The completion of statistics and quality control are based on our legitimate interest to evaluate our services.
− Sending commercial communications is based on our legitimate interest to promote our products and services, as well as receiving your consent to receive the said communications through electronic mediums.
The following processes are based on your consent, without the withdrawal of such consent determines the provision of contracted services.
− The completion of browsing profiles from the information obtained through cookies or similar technologies.
6. For how long will we retain your data?
In general, we retain your data throughout the validity of the relationship you have with us and, in any event, throughout the periods provided in applicable legal provisions, such as accounting and tax matters, and for the time necessary to meet potential liabilities arising from the processing of such data. We will erase your data when it is no longer necessary or relevant for the purposes for which it was collected. Access logs for restricted areas of the Website will be deleted one month after their creation. Information on browsing will be removed once the website connection has been completed and the statistics compiled.
The data processed for commercial purposes will remain valid until its deletion is requested.
7. What are your rights?
You have the right to obtain confirmation about whether or not we are processing your personal data and, if we are, to access such data. You may also ask for your data to be rectified if it is inaccurate or incomplete. In addition, you may request the erasure of your data if, among other reasons, it is no longer necessary for the purposes for which it was collected.
In certain circumstances, you may request limitations upon the processing of your data. In this case, we will only process the data in question for the formulation, exercise or defence of claims or with a view to protecting the rights of other persons. Under certain conditions, and for reasons related to your particular situation, you may also object to the processing of your data. In this case, we will cease to process your data other than for compelling legitimate reasons which prevail over your interests or rights and freedoms, or for the formulation, exercise or defence of claims.
Similarly, and under certain conditions, you may request your data in a portable form for it to be transferred to another data controller.
You can revoke the consent given for certain purposes, without affecting the legality of the processing based on the consent prior to its withdrawal.
To request your withdrawal from the processing for commercial purposes you can:
− Send an email to the following email address: firstname.lastname@example.org
− Use the link provided to that effect in our bulletins.
You equally have the right to file a complaint with the data protection authorities.
To exercise your rights, please send a request to the data protection officer, by post or email, accompanied by a copy of your national identity card or another valid identification document, to the address indicated in the section "Who is the data controller responsible for processing your data?".
You can obtain more information about your rights and how to exercise them on the website of the Spanish Data Protection Agency at www.aepd.es.