0.- Introduction.
Thank you very much for visiting this website. We believe your privacy is important. For the website owner, your reading and showing interest in this section demonstrates your interest in the site. You should do this every time you visit new websites, especially if you are asked for personal information. Below in this document, we explain what personal data we collect, on what basis, how long it will be stored, and aspects related to data protection regulations, in compliance with current legislation. We encourage you to read these terms carefully before providing your personal data. For children under 14 years of age, the consent of their parents or guardians is required for the processing of their data. If you are under 14, you should not leave your data on this website unless authorized by your parents. Under no circumstances will data relating to the professional or financial situation of minors, or the privacy of other family members, be collected from them without their consent. If you have any questions regarding this matter, please contact the data controller or, where applicable, the data protection officer via email. This data controller is permanently committed to privacy and guarantees best practices in the processing of your personal data.
In compliance with the provisions of the data protection regulations (EU Regulation 2016/679, of April 27, 2016), Restoledo SL (hereinafter, "The Owner" or simply "The Owner"), Owner of the website https://www.hotelboutiquequintaesencia.com/ (hereinafter, the "Website"), establishes the following Privacy Policy, which will follow in the processing of personal data . This policy is understood, in any case, without prejudice to the provisions of the corresponding Legal Notice / General Conditions and the corresponding Cookies Policy.
1.- Data Controller
Data Controller: Restoledo SL
Address: Calle Juan Labrador, 9 Toledo (Spain)
Email: hosts@hotelboutiquequintaesencia.com
Telephone: +34925222100
We strive to guarantee the privacy of the users of this website. You should know that we will never request personal information unless it is truly necessary to provide services, we will never share it with third parties (except in certain cases where it is essential and based on legitimate and previously reported situations), and we will never use your data for purposes unrelated to the contractual relationship. This entity assumes the commitments of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, Regulation (EU) 2016/679 of the European Parliament and of the Council, and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSICE or LSSI), as well as any regulations that develop or complement them.
This Data Controller guarantees the confidentiality of the personal data processed and informs you that those who have access to your information are bound by professional secrecy. However, we cannot guarantee the impregnability of this website or the total absence of risks. To the extent that your privacy is considered to have been compromised, this Data Controller undertakes to inform you without undue delay of any personal data security breach that is likely to entail a high risk to your rights and freedoms, in compliance with the General Data Protection Regulation.
Therefore, any data that may be requested from users of this Website through contact forms, any other data provided by the mere fact of accessing the Website (cookies), any other data related to possible comments on the different corporate pages of the social networks linked from this Website, any personal data that the user enters within the enabled sections or those provided through the rest of the enabled communication channels or means (for example, email) will be processed by the indicated data controller in compliance with current legislation.
2.- What obligations do I have when providing my data?
By providing us with your personal information through electronic channels, you declare that you are over 14 years of age and that all information provided is true, accurate, complete, and up-to-date. For these purposes, you confirm that you are responsible for the veracity of the information provided and that you will keep this information appropriately updated so that it reflects your actual situation. You accept responsibility for any false or inaccurate information you may provide, as well as for any direct or indirect damages that may arise.
3.- Why do we process your personal data?
When a user visits this website, they are providing personal information. This information may include personal data such as your IP address, name, physical address, email address, telephone number, and other information. The purposes for which we process your data will depend on the context or section in which it is requested:
- Simply by visiting the Website, certain information is collected on the servers that provide hosting services. This information includes the IP address from which you access the Website. The purpose of processing this information in this case is to facilitate your browsing experience. We may also collect certain information (cookies), which we will process in accordance with the specific Cookie Policy, which you can consult.
- If you provide us with your data through one or more of the enabled forms, the purpose will be related to that indicated in the corresponding form. For example, if you provide us with your data through contact forms, the purpose will be to respond to your query, if applicable. If you use the reservation form, the purpose will be to manage and, where applicable, confirm your reservation, as well as to comply with the legal obligations associated with this action. If you enter your data in the newsletter form, your email address will be included in our mailing list, and you may receive advertising through this medium. If you include your data in the restaurant reservation form, your data may be processed for this purpose. If you include your data in the "Work with us" section, we may process your identification data and CV data to manage staff vacancies and review your application. In particular, the use of the chatbot may involve the processing of personal data by the entity responsible for this tool, with your data being stored outside the European Union.
- If you provide us with personal data via email or other means (traditional or otherwise), we will generally process your data in relation to the management or query you have submitted. In compliance with Law 34/2002 on Information Society Services and Electronic Commerce, the Owner will not send commercial communications without identifying them as such and without prior information. For these purposes, any information sent to interested parties will not be considered commercial communications, provided that its purpose is to maintain the contractual relationship or respond to your request, or to provide other information related to your request (if applicable) and that is directly derived from this relationship.
- If you provide us with information through one or more of the social media platforms maintained by this entity and linked through this Website, this entity assumes the role of Data Controller of the data provided (for example, photos uploaded by us or by third parties, comments made by the interested party in relation to our publications, etc.), we will process the information exclusively in relation to your query, management, or comment, and always within and within the context of the social media platform. Under no circumstances will we extract such data unless we obtain the interested party's consent to do so. However, the use of these platforms is subject to full acceptance of their terms and conditions, and this implies the processing of your data under conditions different from those set forth herein. The official profiles on the social media platforms linked from this Website have been created to provide you with a better understanding of our activities and to create an alternative communication channel for those interested in our entity and the services we offer. However, we decline responsibility for the processing of data by the companies that manage the aforementioned social media platforms.
4.- How long will you keep them?
As a general rule, the data stored by this controller will be deleted as soon as it is no longer necessary for the purposes for which it was stored and there is no legal obligation to retain it. However, if the user's data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted to very specific purposes. This means that the data will be blocked and not processed for other purposes. For example, in relation to user data that must be retained for commercial or tax reasons.
It depends on the data processing carried out:
- The data related to the cookies on this Website have a retention period indicated in the Cookie Policy itself.
- The data you provide us through the means made available on this Website (forms, email) will be retained for the duration of the relationship with the interested party or for the duration of the withdrawal of consent. We will subsequently retain the data depending on whether there is a legal obligation, with the minimum period required depending on the relationship or transaction being carried out. For example, we will retain billing data for 6 years due to legal tax and accounting obligations. There is also a 5-year period established by Article 1964 of the Civil Code (personal actions without a special period). When a room is reserved, the record books for check-in reports at hotel establishments will be kept for 3 years and made available to state security forces.
- We will retain the data included in the social networks linked through this Website until the data subject withdraws their consent. However, the responsible entities may retain this data according to other processing policies for which we are not responsible under any circumstances.
5.- Why can we process your personal data?
Because there is a legitimacy established by the data protection regulations themselves. That is, the regulations allow us to process your personal data. It depends on the data processing carried out:
- The existence of one or more legal obligations that oblige us to process your data. For example, the aforementioned tax obligation related to invoices issued or the obligation to retain entry data at hotel establishments (Organic Law 4/2015, of March 30, on the Protection of Citizen Security and Royal Decree 933/2021, of October 26, establishing the documentary and information recording obligations of natural or legal persons engaged in lodging and motor vehicle rental activities).
- You have given us your consent to process your data under the terms set out above by checking the corresponding acceptance box.
- There is a legitimate interest in the processing. For example, if the data subject provides us with their data in connection with a task assigned to them, we will process it because we understand that we must fully respond to the request.
6.- Are we going to give them to someone?
Whenever we subcontract third parties to provide our services, we will take appropriate legal precautions, as well as appropriate technical and organizational measures, to ensure the protection of personal data in accordance with applicable legal regulations.
In addition to the Data Controller mentioned above, data may be processed by other entities depending on the nature of the data processing:
- Certain companies responsible for the cookies stored on your computer simply by visiting this Website may have information associated with your IP address, browsing habits, etc., as described in the corresponding Cookie Policy.
- Certain service providers related to this Website. For example, the entity that provides us with hosting or reservation management services. In all cases, we will process your data within the European Economic Area.
- Regarding the Asksuite platform, a chatbot implemented to provide assistance with transactions, we inform you that your data will be processed by this entity and stored on Amazon (United States). You can consult this entity's privacy policy at https://asksuite.com/privacy-policy/
- By legal obligation, the Spanish Tax Administration Agency may also request information of tax relevance from us, and we are obligated to provide it. This is also the case for state security forces and bodies in the performance of their assigned functions.
- In case of reservation, and in relation to guest registration: competent authorities in compliance with the provisions of Organic Law 4/2015, of March 30, on the Protection of Citizen Security and Royal Decree 933/2021, of October 26, which establishes the obligations of documentary registration and information of natural or legal persons who carry out accommodation and motor vehicle rental activities
This Data Controller follows strict criteria for selecting service providers in order to comply with its data protection obligations and undertakes to enter into the corresponding data processing contract with them, imposing obligations related to the implementation of appropriate technical and organizational measures, processing personal data for the agreed purposes and solely in accordance with documented instructions, and deleting or returning the data to this controller once the provision of services has concluded.
7.- What rights do I have?
Any person has the right to obtain confirmation as to whether or not this entity is processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defense of legal claims. In other circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In those cases in which you have given us your consent, we also inform you that you have the right to withdraw it at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal. If you request it, this entity will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible legal claims. You may also request that your data be processed by another entity, with this entity facilitating the portability of your data to the new controller. For this purpose, specific forms have been developed (which are available to you and which you can request) so that you can exercise your rights of access, rectification, deletion, restriction of processing, opposition to processing, opposition to automated individual decision-making, including profiling, and data portability. In any case, if you consider that these rights have not been adequately fulfilled by us, we inform you that you may file a complaint with the supervisory authority (Spanish Data Protection Agency, Jorge Juan 6, 28001 Madrid, or at its electronic headquarters https://sedeagpd.gob.es ).
If you prefer, you may contact us by postal mail at the address shown in the header, or by email at the address indicated, including proof of identity, and request the exercise of the aforementioned rights.
8.- Mandatory or optional nature of the information we request. Veracity of the information.
By checking the corresponding boxes and entering data in the fields, the user expressly, freely, and unequivocally accepts that their data is necessary for the Data Controller to process their request. The user guarantees that the personal data provided is true and correct and is responsible for communicating any changes to it. This Data Controller is exonerated from any liability if the user enters false data. All data requested through the website is mandatory, as it is necessary at a minimum to contact us. If not all data is provided, there is no guarantee that the information and services provided will be fully tailored to your needs.
9.- Principles that we will apply when processing your personal data
The processing of the User's personal data will be subject to the following principles set out in Article 5 of the General Data Protection Regulation:
Principle of legality, loyalty, and transparency: the User's consent will always be required after fully transparent information about the purposes for which personal data is collected.
Principle of purpose limitation: personal data will be collected for specific, explicit, and legitimate purposes.
Data minimization principle: the personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
Principle of accuracy: Personal data must be accurate and always up to date.
Principle of limitation of retention period: Personal data will only be kept in a form that allows the identification of the User for the time necessary for the purposes of its processing.
Principle of integrity and confidentiality: personal data will be treated in a manner that guarantees its security and confidentiality.
Principle of proactive accountability: The Data Controller shall be responsible for ensuring that the above principles are met.
10.- Special reference to social networks
The Owner maintains several pages and/or profiles on various social media platforms, linked through this Website. The Owner shall not be liable for content published by third parties on the aforementioned social media platforms. The use and processing of data by third parties on the aforementioned social media platforms shall be subject to general or specific terms and conditions that are separate from these. The Owner recommends that you read them carefully and be aware of them.
Our online presence includes a presence on the social network facebook.com and Instagram, both operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can search for us on the aforementioned social network and click "like" there. If you are logged in to Facebook, Facebook can assign your browsing experience to your Facebook account. For details on the purpose and scope of data collection, processing, and use by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy statement: http://www.facebook.com/policy.php . By using this social network and communicating with us, you consent to the sole use of your personal data through the platform of the aforementioned social network for the purposes of operating our professional page on this social network and for the two-way communication we maintain with our followers via chat, messaging, or other means of communication permitted by Facebook now and in the future. Therefore, (1) we will process your data within this social network to manage the list of people who like our Facebook page, and (2) you may receive information related to events, activities, and promotions. Outside of these circumstances, we will not use your data.
This website also includes a link to the WhatsApp instant messaging platform.
The service provider is WhatsApp Ireland Limited, part of the Facebook group of companies. Therefore, your data may be transferred to external countries, particularly the United States of America. According to its privacy policy, the guarantees provided for this transfer are based on the acceptance of standard contractual clauses or adequacy decisions and, where applicable, adherence to the Data Privacy Framework. Under no circumstances should this tool be used to send sensitive information, although the information is transmitted encrypted. We only recommend it for general inquiries regarding our organization. We will not be responsible for any subsequent data processing carried out by WhatsApp. We merely provide a link through this website to facilitate contact with this entity through this instant messaging tool.
11.- Cookies and other aspects.
This website includes an SSL certificate. This is a security protocol that ensures your data travels securely and intact. We have implemented appropriate security measures after conducting a risk analysis. These security measures include, in particular, encrypted data transmission between your browser and our server.
As a user, you are solely responsible for the truthfulness and accuracy of the data you submit on this website. The Owner Entity will not accept any liability in this regard, ensuring the accuracy, validity, and authenticity of the personal data provided.
This Data Controller reserves the right to modify and/or update the data protection information when necessary to ensure proper compliance with the Data Protection Regulation. If any changes are made, the new text will be published on this page, where you can access the current policy.
Regarding the cookies collected on this website, please refer to our Cookie Policy.
We use Google's reCAPTCHA service to determine whether a person or computer uses our contact or newsletter form.
The operator and party responsible for the processing of personal data is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For more information about our privacy policy, data processing, and service, see:
Google uses the following data to verify whether you are a human or a computer: IP address of the device used, which of our websites you visit and which has the CAPTCHA included, date and duration of the visit, identification data such as the browser type and operating system used, Google account, Google login, mouse movements on reCAPTCHA surfaces, and tasks that require you to identify images.
This involves the transfer of your data outside the European Economic Area. The privacy guarantees this entity provides in this regard can be reviewed in its privacy policy (Standard Contractual Clauses) and adherence to the Data Privacy Framework.
12.- Security information for safe browsing
- Always use an updated browser. Also, use an updated operating system. If applicable, review the apps and programs you use most frequently. Today's major browsers update automatically, either transparently or through notifications that must be approved. These updates are often avoided because they seem cumbersome, but the reality is they usually include patches that address minor security holes. We also recommend that add-ons and extensions are configured to update automatically. Also, make sure you install these add-ons from trusted sources.
- It is advisable to disable plugins such as Adobe Flash and Java for unfamiliar services and sites. Click-to-run tools or the use of certain extensions make this task easier. It is also recommended to disable JavaScript when browsing unfamiliar websites.
- It's advisable to review your browser's security and privacy options. Currently, browsers offer useful features such as: not accepting third-party cookies, blocking pop-ups, preventing password synchronization, preventing auto-complete, deleting temporary files and cookies when closing the browser, blocking geolocation, filtering ActiveX, etc.
- It is recommended to use the https protocol. This means that information between your browser and the server will travel end-to-end encrypted. However, it is important to verify that certificates issued by "https" services that handle sensitive information have been issued by a trusted entity. Any errors or alerts generated by the browser as a result of certificate validation (for example, self-signed certificates) should be carefully reviewed. Be wary if the beginning of the web address is not "https." And in any case, keep in mind that the padlock icon in the browser does not guarantee security: the padlock only serves to warn that communication to the web server is encrypted and that you have paid for it, but it has nothing to do with whether the website is legitimate or fraudulent.
- Take the time to configure the cookies on the website you're visiting. Correct cookie settings should allow you to disable them, and they should not load automatically (except for essential cookies) under any circumstances.
- Protect your passwords, do not disclose them to third parties in writing or verbally, change them periodically, and never respond to password requests received by email. Use combinations of numbers, letters, and symbols for your passwords. Do not store passwords by default through your browser and use more secure tools for managing them (for example, password managers that implement a strong encryption system). If you decide to use your browser, it is important to use a master key to encrypt your credential repository.
- Consider using additional extensions or add-ons that implement features not supported by your browser. For example, those that improve privacy while browsing or that block ads, banner ads, and certain tracking techniques used by third parties as much as possible.
- We recommend not trusting unknown Wi-Fi networks. When our connections fail, desperation drives us to track down and access Wi-Fi networks of dubious origin and legitimacy, but presented as free. These fraudulent networks can open the doors to your devices, so you should avoid them.
- It's also important to log out when you're done browsing, especially if you've done so on a public computer.
13. Supervisory Authority
We trust that we can resolve any questions or concerns you may have regarding your personal information. However, if you wish to lodge a complaint with the competent authority, you have the right to do so. In Spain, the highest authority for data protection is the Spanish Data Protection Agency (AEPD). Its website can be accessed at https://www.aepd.es/es and its telephone number is Tel: 91 266 35 17.
14.- Updates to this Privacy Policy.
This data controller reserves the right to modify this privacy policy to adapt it to changing legal situations or in the event of changes in our business or significant changes affecting the processing of personal data. However, this applies only to this privacy policy. However, if user consent is required, changes will only be made with the user's authorization. Users are requested to regularly inform themselves about the content of this Privacy Policy.
