Privacy
1. INFORMATION FOR THE USER
AMISTAT INTERNATIONAL, S.L. hereinafter the MANAGER, is the Data Controller for the User’s personal data and informs you that said data will be processed in accordance with the current legislation on personal data protection, Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and Organic Law (ES) 3/2018, of 5 December (LOPDGDD), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. For this reason, it provides the following information on processing (hereinafter, the “Privacy Policy”):
Purpose and legal basis of the processing: The main purpose is to maintain a commercial relationship with the data subjects (hereinafter, the “User or Users”). Please find listed the legal basis as well as all purposes that AMISTAT INTERNATIONAL, S.L. needs in order to carry out the processing:
Consent:
• The sending of commercial advertising communications, provided prior authorisation has been given, by clicking on the correspondent check box on our website, e-mail, fax, SMS, MMS, social communities or any other electronic or physical means, present or future, which makes it possible to send commercial communications. These communications will be made by the MANAGER and related to its products and services, or those of its associates or suppliers with whom it has entered into a promotional agreement. Please note, that the User’s can withdraw their consent at any time. • To give a response to User’s information requests applying for a job vacancy; • To send the website news bulletin; • To use your personal image and/or voice in our website, as well as for publishing purposes. This processing activity will be carried out just if the user has given us his/her consent to be able to do so.
Legitimate Interest:
• To carry out statistical studies; • To give a response to the user’s information requests; • To give response to any claims that may arise, as well as investigate and give response to any issue we deem appropriate; • To provide Users a direct chat so that they can communicate with our agents if they need help while using our website; • To keep our website secure, as well as our systems; • To keep our blog “What’s On” up to date.
Contractual execution:
• To enable de website use; • To show Users offers that suit their needs; • To provide service bookings. • To process orders, applications or any type of request made by the user via any of the contact methods made available.
Legal obligation:
• All those legal obligations that may arise, for example all tax obligations that AMISTAT INTERNATIONAL, S.L. has.
Criteria for storage of the data: personal data will be stored as long as you continue to be a User in our website, until there is a mutual interest in maintaining the purpose of the processing and, until we
comply with all or some of the purposes detailed in this Privacy Policy. If the User’s consent has been requested, his/her personal data will be stored until the User withdraw the consent. Subsequently, AMISTAT INTERNATIONAL, S.L. will block your personal data in order to prevent its processing, except for making it available to Public bodies, Courts, Arbitration and Mediation Entities, in order to comply with legal obligations that may arise. In particular, when no longer necessary for said purpose, they will be erased using appropriate security measures to guarantee the pseudonymisation of the data or the total destruction thereof.
Communication of the data: If a User finally books a room by means of our website, his/her personal data can be communicated to other entities that are part of AMISTAT INTERNATIONAL, S.L.’s Group. Personal data can also be communicated to third parties such as our suppliers (for example, companies that organize social events, etc.) or to Public bodies in order to comply with our legal obligations.
Moreover, AMISTAT INTERNATIONAL, S.L informs the Users that no personal data international transfer will be carried out, unless it is necessary in order to comply with the contractual relationship that we maintain. AMISTAT INTERNATIONAL, S.L. guarantees that all international transfers do have an adequacy decision, or at least, do have the appropriate safeguards.
User rights:
• Right to withdraw consent at any time; • Right of access, rectification, to object, data portability and to erasure his/her data and the right to restriction of the processing. • Right to lodge a complaint with the supervisory authority (www.agpd.es) if the user considers that the processing does not comply with the current legislation.
AMISTAT INTERNATIONAL, S.L. will respond you as soon as possible and, in any case, within one (1) month since we have received the User’s request. In certain circumstances, the abovementioned response timeslot can be extended to two (2) months, in which case we will inform you promptly within one (1) month of receipt of your request.
Contact details to exercise your rights: Postal address: AMISTAT INTERNATIONAL, S.L. C/ Ausiàs Marc, 157 – Oficina G 08013 Barcelona (Barcelona) E-mail: legal@amistathostels.com ………………………………………….. – …………………………………………..
2. COMPULSORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
When Users check the corresponding boxes and enter data in the fields marked with an asterisk (*) in the contact form or presented on download forms, they explicitly, freely and unequivocally agree that their data are necessary for their request to be dealt with, by the service provider, and that the inclusion of data in the remaining fields is voluntary. The User guarantees that the personal data provided to the MANAGER are true, and undertakes to communicate any modification therein.
SECURITY MEASURES In accordance with the current personal data protection legislation, the MANAGER is complying with all the provisions of the GDPR regulations for the processing of personal data for which it is responsible, and manifestly with the principles described in article 5 of the GDPR, as well as those stated in article 32 GDPR.
This means that they are processed in a lawful, fair and transparent manner with regard to the data subject, and are appropriate, relevant and restricted to the minimum required for the purposes for which they are processed.
The MANAGER guarantees that it has implemented appropriate technical and organisational policies to apply the security measures set out in the GDPR in order to protect the rights and freedoms of Users, and has communicated to them the appropriate information to allow said rights and freedoms to be exercised.