Legal notice
This Privacy Policy governs the use of the Internet portal service at https://www.lasrocashotel.com/ whose identifying party is:
- Data Controller: Hotel Fagarmu S.L.
- VAT Number: B39013768
- Address: C/ Faviobriga nº 1, Castro Urdiales, 39700, Cantabria.
- Phone: (+34) 942 860 400
- Email: info@lasrocashotel.com
- Registration details in the Commercial Registry: Hotel Fagarmu S.L. Commercial Registry of Santander, Book 14 of Limited Liability Companies. Page 50, Sheet 281. Registration 1st.
The Data Controller guarantees compliance with the current personal data protection regulations, as reflected in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons (GDPR) and in the Organic Law 3/2018 of December 5, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). It also complies with Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).
Below, we provide general information regarding the uses of your personal information, and later, we will detail these uses and treatments.
Principles, Which do we apply in data processing?
In the processing of your personal data, the Data Controller will apply the following principles, in line with the requirements of the GDPR:
- Principle of lawfulness, fairness, and transparency: The Data Controller will always require consent for processing personal data, which may be for one or more specific purposes, which the Data Controller will inform the User about with absolute transparency.
- Principle of data minimization: The Data Controller will only request the data strictly necessary for the purpose(s) for which it is requested.
- Principle of storage limitation: The Data Controller will retain personal data for the strictly necessary period for the purpose(s) of processing.
- Principle of integrity and confidentiality: The personal data collected will be processed in a manner that ensures its security, confidentiality, and integrity.
The Data Controller takes the necessary precautions to prevent unauthorized access or misuse of users’ data by third parties.
Source of the data, Where do we get your data?
The personal data collected comes directly from the information provided by users through the Data Controller’s website.
We collect this information through the following methods:
- Contact form: We request contact information to respond to user inquiries to the Data Controller. For example, we may use this data to respond to your request and address any doubts, complaints, comments, or concerns you may have regarding the information on the website, the services offered through the website, the processing of your personal data, legal texts on the website, or any other queries unrelated to the terms of the contract.
- Reservation form: We request contact details to respond to the user’s reservation request.
- Sign-up form: We request contact details to create your account on the Data Controller’s website.
- Login data for creating an account on the site (such as email address and password).
Your personal data is treated with maximum confidentiality, and the Data Controller has implemented the necessary technical and organizational measures to ensure the confidentiality and security of the personal data, preventing alteration, loss, processing, or unauthorized access.
To enable you to receive information and, if applicable, reserve or use the products and services offered by the Data Controller through their website, it is necessary that you provide certain personal data to allow us to personalize our services and adapt them to your interests and needs. We remind you that it is the user’s responsibility to inform the Data Controller of any changes in their data to maintain them in the corresponding files.
What purpose will we use your data for, what is the legal basis for these treatments, and how long will we keep it?
| Finalidad |
Base jurídica |
Conservación |
| Prestación de los servicios que nos solicite |
Relación contractual |
5 años, desde que finalice la relación |
| Envío de información de actividades por correo electrónico o postal |
Relación contractual y consentimiento |
Hasta que se revoque el consentimiento |
| Solicitud de información |
Consentimiento |
Hasta que se revoque el consentimiento |
| Gestión de personal laboral |
Relación contractual y obligación legal |
5 años |
| Gestión de proveedores |
Relación contractual y obligación legal |
5 años |
| Atención de obligaciones legales y contractuales |
Relación contractual y obligación legal |
10 años |
Who will access and know the content of your data?
To fulfill the aforementioned purposes, the following people and entities may access your personal data. Access will be limited to the data necessary for the Data Controller’s functions. All entities and individuals who will receive this data have signed confidentiality agreements or specific agreements that regulate access to the information, security measures, and the usage of the data. Data may be accessed by:
- Personnel duly authorized by the Data Controller.
- Public administration within the scope of their competences.
Legitimacy, What is the legal basis for processing your data?
The legal basis for the processing of your data will be:
- The consent of the data subject, for data processing, in accordance with article 6. 1. a) of the General Data Protection Regulation. It is understood that the user accepts this privacy policy by enabling the “I have read and accept the privacy policy” checkbox on the data collection forms, or by sending an email to the contact addresses listed on the website.
- The necessary execution of a contract to which the data subject is a party or to take steps at their request prior to entering into a contract, according to article 6. 1. b) of the General Data Protection Regulation.
You may revoke your consent according to article 13.2. c) of GDPR 679/2016, by notifying the Data Controller that you withdraw the consent previously granted.
Recipients, Who do we share your data with?
Personal data will not be transferred unless legally required or to support services linked to this processing.
Cookie Policy
To ensure this website functions correctly, it must use cookies, which are pieces of information stored in your web browser.
You can consult all information related to the cookie collection and treatment policy on the Privacy Policy page.
Rights, What are your rights when you provide us with your data?
As a result of processing your personal data, the current legislation grants you a series of rights. Below is a brief explanation of each right to make it easier for you to exercise it:
- Right of access: You have the right to know the personal data we process about you and the purposes for which we process it. Governed by article 15 of GDPR 679/2016.
- Right to rectification: Your data will always belong to you, and as such, you can request that it be rectified at any time if it is incorrect in our records. Governed by article 16 of GDPR 679/2016.
- Right to erasure: You may request that the Data Controller delete any personal information about you. Erasure implies blocking all data and retaining it for the legal period required by public administrations. Governed by article 17 of GDPR 679/2016.
- Right to object: You may object to the processing of your data related to any of the purposes for which we process your data, according to the privacy policies applicable in each case. Governed by article 21 of GDPR 679/2016.
- Right to restrict processing: Governed by article 18 of GDPR 679/2016. You can request the restriction of processing in the following cases:
- If you believe the data we hold about you is inaccurate or incorrect;
- If you consider that we are processing your data unlawfully but prefer us to limit the processing rather than deleting it;
- If the data we hold is no longer necessary for the purpose(s) we collected it, but you need it for legal claims;
- If, having exercised your right to object to a specific processing, you are waiting for our response.
- Right to data portability: You have the right, where technically possible and reasonable, to request that the personal data you have provided to us directly be communicated to another data controller. If possible, we will directly provide your data to that other data controller, but if not, we will provide it to you in a standard format. Governed by article 20 of GDPR 679/2016.
You can exercise these rights by contacting the Data Controller through one of the following means:
- By email directed to the appropriate Data Controller, as specified in the header of the document.
- By postal mail directed to the appropriate Data Controller, as specified in the header of the document.
If you do not wish to exercise a specific right but need to make a query or suggestion regarding the processing of your personal data, you can also contact the relevant Data Controller.
Data Protection Officer
We have appointed Inforpyme Servicios Informáticos S.L. as the Data Protection Officer, whose contact email is dpd@consulpyme.com. As described in article 38 of the General Data Protection Regulation, data subjects can contact the Data Protection Officer for all matters regarding the processing of their personal data and the exercise of their rights under this Regulation.
Complaints to the Supervisory Authority
If you believe your rights have been overlooked by our entity, you can file a complaint with the Spanish Data Protection Agency via one of the following means:
- Electronic headquarters: www.agpd.es
- Postal address: C/ Jorge Juan, 6, 28001, Madrid
- By phone: Tel: 901 100 099/ 912663517
Filing a complaint with the Spanish Data Protection Agency does not incur any cost, and there is no need for legal representation.
Consent for minors, What if you are a minor?
If some of our services are specifically targeted at children under the age of fourteen, we will request consent from parents or guardians for the collection of personal data or, where applicable, for automated data processing in accordance with article 7 of LOPDGDD.
Accuracy, truthfulness, and security of data, How do we process your data?
The User is solely responsible for the accuracy and correctness of the data provided, releasing us from any liability. Users guarantee and are responsible for the accuracy, validity, and authenticity of the personal data provided, and commit to keeping them updated. The user agrees to provide complete and accurate information on registration or subscription forms. We will not be responsible for the veracity of information not originating from us or indicated from another source, and therefore will not assume any responsibility for potential damages resulting from using such information.
We also reserve the right to update, modify, or delete the information on the website, and even limit or prevent access to it.
We will not be liable for any damage or loss suffered by the user due to errors, defects, or omissions in the information provided by the Data Controller as long as it comes from external sources.
The data will be processed confidentially and under appropriate technical and organizational security measures to prevent alteration, loss, processing, or unauthorized access.
