CUSTOMER AND GUEST PRIVACY POLICY

This privacy policy applies to data processing carried out at HOTELS VIVA & RESORTS hotels. Please read it carefully, it contains important information about the processing of your personal data and the rights recognised by current regulations on this matter.

This policy can be consulted at the hotel reception desk where you can request a copy to keep.

In general, the fields on our forms that are indicated as mandatory must be completed in order to process your requests.

1. WHO IS THE DATA CONTROLLER FOR YOUR DATA?

The data controllers for the processing of data of hotel customers and guests are:

The company that operates the hotel in which you are staying (hereinafter the HOTEL), whose identification and contact details are available at the Hotel Reception.

INVERSIONES PASCUAL S.L., with CIF (Codigo de Identificacion Fiscal [Tax Identification Code]): B07461767, with address at calle Agustín Argüelles, No. 1, 07400 Alcudia, Balearic Islands, Spain (hereinafter HOTELS VIVA & RESORTS), the scope of the respective responsibilities of the HOTEL and HOTELS VIVA & RESORTS being as follows:

The HOTEL is the controller for the processing of customer and guest data necessary for the operational management of the hotel, such as the administrative and accounting management of the hotel; the management of bookings and stays; the provision of contracted services and dealing with customer complaints.

HOTELS VIVA & RESORTS is the controller for the processing of personal data affecting the brand and hotel management, including:

• Hotel management control and business data analysis,
• The definition and control of the standards applied by the hotels and the control and improvement of the quality at the company level of the HOTELS VIVA & RESORTSbrand;
• The commercial exploitation of customer and brand user data for the sending of commercial communications, the management of their loyalty programmes, the creation of commercial profiles or the personalisation of services to customers.

For more information about the processing of your data or the exercise of the rights recognised by current regulations on this matter, you can send an email to the Data Protection Officer: dpd@hotelsviva.com 

2. WHY WILL YOUR DATA BE PROCESSED AND WITH WHAT LEGAL BASIS?

The data of the customers and guests of the hotels of the HOTELS VIVA & RESORTS brand are processed for the following purposes:

• Booking management and provision of requested services
• Traveller registration and tracking
• Recording of entertainment activities and activities
• Addressing special needs
• Qualitycontrol
• Use of WI-FI service
• Addressing enquiries and complaints
• Consolidation of the data of the customers of the HOTELS VIVA & RESORTS brand
• Sending non-personalised business communications and managing distribution lists (segmentation)
• Preparation of a commercial profile for the personalisation of the services and commercial communications of the HOTELS VIVA & RESORTS brand

You can find detailed information about each of these purposes below.

2.1. Booking management and provision of requested services. The HOTEL will process the data provided in the booking requests or services for the management of said bookings and the provision of the requested services.

What data is processed for this purpose and how has it been obtained?

The categories of data that the HOTEL will process for these purposes are as follows:

• Identification and contact details of the booking holder;
• Details of the booking or service request itself (dates of stay, number and age of guests and services requested);
• Data relating to means of payment;
• Transaction data for goods and services.

This data is obtained either directly from you, or from the third parties who have processed the booking or requested the service on your behalf, for example, the travel agency where you booked your stay.

The processing of this data is necessary for the execution of the accommodation contract, the provision of the requested services or for the application of pre-contractual measures at your own request.

The economic and transactional data of goods and services generated by your stay will be processed for the purposes of accounting and administrative management and compliance with the HOTEL’s legal obligations in accounting and tax matters.

Select hotels of the HOTELS VIVA & RESORTS brand have a VIRTUAL MAYORDOMO (butler) service. Said utility is provided through the Whatsapp app provided by WhatsApp Ireland Limited, more information at https://www.whatsapp.com/legal/privacy-policy-eea#G1Di6og0cz0BSJDBp. MAYORDOMO has been created for the effective provision of the services offered in our establishments. In particular, customers may request information, make bookings at our restaurant and spa and make requests related to our services at the HOTEL. To do this, we will process your contact details, in particular your mobile number to correctly address your requests. The processing of this data is based on your consent. Failure to provide your consent or to withdraw it does not condition the execution of your booking or the provision of contract services. At any time, you may request your withdrawal from this processing by requesting it directly in the app chat or by indicating it at the reception desk.

The data collected at the time of check-in at the hotel, together with those generated by your stay and, where appropriate, the data provided to our service of MAYORDOMO, will be consolidated in the databases of HOTELS VIVA & RESORTS. (+ info in the section “Consolidation of brand customer data”)

2.2. Traveller registration and tracking: In compliance with the traveller control law, hotels must record information about guests staying at their properties. This information is collected in the entry form that must be completed by guests and is consolidated into a traveller book and log that must be kept by the HOTEL and made available to the competent authorities.

What data is processed for this purpose?

• First and last name, gender, date of birth, country of nationality, ID number and type, date of issue of the document, date of entry and signature.

Likewise, when required by the health regulations in force during your stay, the HOTEL will establish a registry of the persons who access the establishment to allow the control of epidemics by the competent health authorities. Upon arrival, you will be expressly informed of the specific health obligations applicable.

2.3. Recording of entertainment events and activities. Entertainment events or activities organised by the HOTEL may be photographed or recorded for later broadcast on screens located in the hotel itself. You will be asked for your consent prior to the capture and dissemination of your image. Such consent does not condition your participation in the entertainment events or activities and may be revoked by requesting it from the hotel reception during your stay or by contacting the Data Protection Officer in the event that it has ended.

2.4. Addressing special needs. The health data you provide to address special needs, such as allergies or taking medications, will be processed by the HOTEL only for this purpose. The processing of this data is based on the explicit consent you give when requesting special attention, or when providing this information when registering a child in VIVA KIDS ONLY CLUB or requesting treatment in the SPA, for those hotels that have these services. You may revoke your consent to the processing of your health data at any time by indicating this at the hotel reception desk, although if you do so, special care or the requested service may not be provided to you.

2.5. Quality Control . To evaluate the application of HOTELS VIVA & RESORTS brand standards and to evaluate the quality of the services and products offered to its customers, HOTELS VIVA & RESORTS may conduct satisfaction or opinion surveys of customers. These surveys are anonymous and are not required to be completed.

However, if you provide data that identifies you in these surveys, for example, your name or room number, HOTELS VIVA & RESORTS may use the contact details you have provided to contact you regarding complaints or suggestions you have made. This processing is based on the legitimate interest of HOTELS VIVA & RESORTS in assessing and managing the quality of the services and products offered and improving customer service.

How has this interest been weighed against your rights and freedoms?

For the weighting of this interest with respect to your rights and freedoms, the following has been determined:

• The processing is consistent with the reasonable expectations of the data subjects, as they are customers of the HOTELS VIVA & RESORTS brand who, having made a complaint or suggestion in relation to the provision of the service received, have voluntarily provided their identifying data. Likewise, the data used to contact the data subjects has been provided by the data subjects themselves.
• The impact of the processing on the privacy of data subjects is limited, as the purpose of the contact is limited to resolving complaints or commenting on suggestions made by data subjects and that this purpose also benefits data subjects, by improving the quality of services and the level of customer service.

2.6. Use of WI-FI service.

Your identifying and contact details will be processed for the management of Wi-Fi access and security of hotel systems. 

We do not monitor or control connections made over Wi-Fi, except if it is indispensable to prevent or manage a threat to the security of our systems or to investigate violations of Wi-Fi terms of use or applicable laws. However, in this case, we will always choose the least burdensome method for Wi-Fi users’ privacy. 

The basis for the processing of your data is the provision of the requested WI-FI service and our legitimate interest in managing the security of our systems. 

2.7. Addressing enquiries and complaints. The data provided in your enquiries or complaints will be processed to address your requests and to manage any possible complaints. This processing is necessary for the execution of the accommodation contract, the application of pre-contractual measures at your own request or for defence in the case of customer complaints.

The processing of any health data that you have provided in your claim is covered by art. 9.2. f) of the GDPR, as such processing is necessary for the formulation, exercise or defence of complaints.

2.8. Consolidation of the data of the customers of the HOTELS VIVA & RESORTS brand. The data provided by the customers together with those generated by their stays at the HOTEL are consolidated into databases owned by HOTELS VIVA & RESORTS .

What data is consolidated?

The categories of customer data that are consolidated are as follows:

• Identifying Data: First name, last name, identification document (type, number, date of issue), country of residence, postal, shipping or billing address, email, fax, mobile number;
• Personal characteristics data: Gender, date and country of birth, nationality, family details (family status: children, date of birth thereof, legal or minors, partner), language);
• Data related to the booking (dates of stay, number and age of guests) and services included in the booking and consumption during the stay (purchases, use of services, meals and beverages consumed, use of facilities);
• Data provided in complaints and grievances;
• Transaction data for goods and services:
• Economic, financial and insurance data;
• Data obtained from the MAYORDOMO service;

This data is consolidated into HOTELS VIVA & RESORTS systems located in the European Union.

The purpose of this consolidation is to have a brand-level customer record, to harmonise the formats and coding of information, and to enable centralised management of operational processes common to all hotels, for example, communication of traveller entry forms to competent authorities, where required by applicable regulations.

This consolidation is based on the legitimate interest recognised by recital 48 of the GDPR, to transmit personal data of customers between companies, as affiliated entities are part of a central body for internal administrative purposes.

How has this interest been weighed against your rights and freedoms?

For the weighting of this interest with respect to your rights and freedoms, the following has been determined:

• The processing is consistent with the reasonable expectations of the data subjects, since they are customers of the HOTELS VIVA & RESORTS brand and the processing occurs within the framework of the relationships maintained.
• The impact of the processing on the privacy of data subjects is limited, taking into account the purpose, the restriction of the storage period of this data and the adoption of technical and organisational measures to prevent the use of such data for commercial purposes, including profiling, without the consent of the data subjects.

The consolidated data is also used for the following purposes:

2.9. Sending non-personalised business communications and managing distribution lists (segmentation)

HOTELS VIVA & RESORTS processes the identifying and contact information provided by customers, together with the information regarding their status as customers, language and market of origin for the sending of non-personalised commercial communications related to the tourist products and services offered by HOTELS VIVA & RESORTS and the management of distribution lists.

The consolidation of this information for this purpose is based on the legitimate interest of HOTELS VIVA & RESORTS in establishing and exploiting a commercial database of the brand’s customers for direct marketing purposes.

How has this interest been weighed against your rights and freedoms?

For the weighting of this interest with respect to your rights and freedoms, the following has been determined:

• Recital 47 of the GDPR considers that the processing of personal data for direct marketing purposes may be considered to be carried out for legitimate interest. Recital 48 of the GDPR recognises that there may be a legitimate interest in transmitting customer personal data between companies, as the affiliated entities form part of a central body for internal administrative purposes.
• This processing is compatible with the reasonable expectations of the data subjects, since they are brand customers, there being a contractual relationship prior to sending commercial communications, which refer to tourism products or services specific to the HOTELS VIVA & RESORTS brand.
• The impact on the privacy of data subjects is limited by affecting a limited number of data elements for processing and by offering the possibility to object to the processing both at the time of data collection and in the commercial communications themselves.

The sending of commercial communications by electronic means is based on Art. 21.2. of Law 34/2002, of 11 July, on information society and e-commerce services transposed by directive 2002/58/EC (e-privacy directive) in Spain.

You may at any time request to opt out of distribution lists by using the link provided for this purpose in our communications or by sending an email to: gdpr@hotelsviva.com

To manage your distribution lists, HOTELS VIVA & RESORTS performs a classification of the recipients of your communications based on your customer status, language and home market. This processing is based on the legitimate interest of HOTELS VIVA & RESORTS in segmenting the recipients of your communications.

How has this interest been weighed against your rights and freedoms?

For the weighting of this interest with respect to your rights and freedoms, the following has been determined:

• The processing is compatible with the reasonable expectations of the data subjects, by constituting an accessory processing to the sending of commercial communications and allowing the recipients of these to receive them in a format and content adapted to their language and market.
• The processing does not pose a significant threat to the privacy of the data subjects, as it consists of a simple classification based on objective criteria that does not allow for inferring new information about the data subjects, having adopted technical and organisational measures to prevent business profiling, individualised behavioural predictions or analytics about the customer data set, unless the data subjects have authorised the processing of their data for this purpose. Likewise, the data subjects retain control of their information by offering them the possibility to object to receiving commercial communications at any time.

2.10. Preparation of a commercial profile for the customisation of the services and commercial communications of the HOTELS VIVA & RESORTS brand

If you have authorised the customisation of the services and communications of HOTELS VIVA & RESORTS, it will access the data generated by your stay at the HOTEL to include it in a commercial profile.

What data is included in my profile?

The profile created by HOTELS VIVA & RESORTS will consolidate the following data generated by your bookings and stays at the hotels:

• Identification and contact details: first name, last name, country of residence, postal address, email, fax, mobile number;
• Personal characteristics data: gender, date and country of birth, nationality, family data (family status: children, date of birth, partner), language;
• Goods and services transaction data: data relating to the booking (dates of stay, number and age of guests and services included in the booking) and consumptions made during the stay (purchases, use of services, food and beverages consumed, use of facilities);
• Preferences manifested during the stay (for example, if you have requested a special pillow type)
• Data provided in possible complaints, grievances or surveys;

Health data or other special categories of data, such as religion or beliefs, or data from payment methods, such as bank cards, that you have provided for your stay will never be added to your profile.

HOTELS VIVA & RESORTS will use this profile to:

• Customise the treatment and services provided by the companies and hotels of the HOTELS VIVA & RESORTS brand, for example, to wish you a happy birthday or to take into account the preferences you have expressed during your stays. What does this customisation involve?

Hotels and companies of the HOTELS VIVA & RESORTS brand with which you contact or contract a service will consult your profile details to personalise the service to your request and the provision of said service. This personalisation is carried out according to the standards defined by HOTELS VIVA & RESORTS. Your profile enquiry only occurs when you contact and interact with the hotels and brand companies and is carried out through connection to the HOTELS VIVA & RESORTS Customer Relationship Management (CRM) tool located in the European Union. Your profile data is not incorporated into the systems of the hotels and companies of the brand that perform the query.

• Customise your offers based on your consumer profile, for example, to determine the periods of the year in which you have stayed or usually stay in our establishments or the type of product that may be of interest to you taking into account your past bookings or the actions you have taken on the corporate website (e.g. family vacation-oriented products if you have travelled with family, or stays related to products that you have consulted on our websites without contracting them). This profileis also used to be able to make special offers based on the frequency of your bookings, the products contracted and the amounts spent.

While no automated individualised decisions are made that produce legal effects on our customers or significantly affect them in a similar way based on this profile, we inform you of your right to object to the adoption of such decisions in accordance with the provisions of Article 22 of Regulation (EU) 2016/679. 

These processing and data flows are based on the consent you have given. Failure to provide your consent or to withdraw it does not condition the execution of your booking or the provision of contract services. You may revoke your consent at any time by sending an email to gdpr@hotelsviva.com.

3. WHO IS YOUR DATA COMMUNICATED TO?

Your data will only be communicated between HOTELS VIVA & RESORTS companies in the situations described in the previous sections or to third parties due to legal obligations, with your prior consent or when necessary to provide you with the requested services. Specifically:

The HOTEL shall communicate the guest entry forms to the competent authorities when required by the current health safety or traveller control regulations.

If your booking contains accessory services provided by third party suppliers or your requests affect such services, the personal data necessary for the processing of such booking/availability request will be communicated to the corresponding suppliers, only for this purpose. These communications are necessary for the provision of the requested services or for the application of pre-contractual measures at your own request.

4. HOW LONG IS YOUR DATA KEPT?

In general, the data of customers and guests will be kept for the duration of the relationship they have with the HOTEL and HOTELS VIVA & RESORTS and in any case for the periods provided for in the applicable legal provisions and for the time necessary to address possible liabilities arising from the processing. Your data will be cancelled when it is no longer necessary or relevant for the purposes for which it was collected. Specifically:

The HOTEL will keep the economic and transactional data of goods and services generated by your stay for the time required by current accounting and tax regulations.

The HOTEL shall keep the guest books and records required by Organic Law 4/2015, of 30 March, on the protection of citizen safety. For a minimum of 3 years.

The health data that the customers have provided to the hotel to meet special needs is cancelled daily with respect to customers not being accommodated and once their stay has ended in the case of customers staying at the HOTEL.

The chats generated in the Whatsapp app for the MAYORDOMO service will be deleted once your stay at the HOTEL has ended.

Consolidated customer data in the central hotel management tool (PMS) is retained for 6 years.

Data processed by HOTELS VIVA & RESORTS for commercial purposes, including commercial profiles, will be retained as long as you do not object to the processing or request its erasure. The media that contain your consent to the processing of your data for these purposes, such as signed forms, electronic form submission logs, check-in sheets, will be kept for the entire duration of the processing and the applicable prescription periods.

The data processed by HOTELS VIVA & RESORTS for the purposes of management control and business data analysis is kept without time limit. With respect to data from customers who did not consent to be profiled, the data is anonymised upon expiry of the storage periods of their information in the central PMS.

5. WHAT ARE YOUR RIGHTS?

You have the right to obtain confirmation of whether or not we are processing your personal data and, in such a case, to access it. You can also ask for your data to be corrected when it is inaccurate or for incomplete data to be completed, as well as to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, you may request the restriction of processing of your data. In such a case, we will only process the data affected for the formulation, exercise or defence of complaints or with a view to protecting the rights of other persons. Under certain conditions and for reasons related to your particular situation, you may still object to the processing of your data. In this case, we will stop processing the data except for compelling legitimate reasons prevailing over your interests or rights and freedoms, or for the formulation, exercise or defence of complaints.

Likewise, under certain conditions, you may request the portability of your data so that it can be transmitted to another data controller.

You may revoke the consent you have provided for certain purposes, without affecting the lawfulness of the processing based on the consent prior to your withdrawal.

You may at any time revoke your consent or object to the processing of your data for direct marketing purposes, including commercial profiling. In such case we will stop processing your personal information for such purposes. You also have the right to object to the adoption of automated individual decisions that produce legal effects on you or significantly affect you in a similar way, when this right occurs in accordance with the provisions of Article 22 of Regulation (EU) 2016/679.

To opt out of receiving marketing communications, you may use the link provided for this purpose in our communications or send an email to the following email address: gdpr@hotelsviva.com

To request the erasure of your business profile, you can send an email to the following email address: gdpr@hotelsviva.com

You also have the right to lodge a complaint with a data protection authority.

To exercise your rights, you must send us a request by mail or email to the addresses indicated in the section

Who is the data controller of your data?

You can find out more about your rights and how to exercise them on the Spanish Data Protection Agency page (https://www.aepd.es).

Hotels VIVA

Head Office

Tel: (+34) 971869500