Privacy Policy
PRIVACY POLICY - EXTENDED INFORMATION
LAST MODIFICATION: 15/03/2025
The Privacy Policy forms part of the General Conditions governing the Website www.granhotelingles.com together with the Cookies Policy and the Legal Notice.
DANDA PATRIMONIO E INVERSIONES SL, reserves the right to modify or adopt this Privacy Policy at any time. Therefore, we recommend that you review it every time you access the Website. If the user has registered on the website and accesses his/her account or profile, upon accessing the same, he/she will be informed in the event that there have been substantial modifications in relation to the processing of his/her personal data.
Who is responsible for the processing of your data?
The data that is collected or that you voluntarily provide us with through the Website, whether by browsing it, as well as any data that you may provide us with in contact forms, via email or by telephone, will be collected and processed by the Data Controller, whose data is indicated below:
DANDA PATRIMONIO E INVERSIONES SL, Tax Identificaction Number B57900029
C/ Echegaray, 8, 28014, Madrid
GRAN HOTEL INGLÉS, C/ Echegaray, 8, 28014, Madrid.
Inscrita en el Registro Mercantil de Palma de Mallorca, Tomo 2478, Folio 91, Hoja PM-69043
Contact DANDA PATRIMONIO E INVERSIONES SL, for the protection of your personal Information
Phone: 910 56 93 54
Data Protection Delegate Contact: lopd@hiddenhotels.com
If, for any reason, you wish to contact us on any matter relating to the processing of your personal data or privacy (with our Data Protection Officer), you may do so through any of the means indicated above.
¿What data do we collect through the website?
Symply by browsing the Website, DANDA PATRIMONIO E INVERSIONES SL, will collect information relating to:
- IP address.
- Browser version.
- Operating system.
- Duration of the visit or browsing of the website.
Such information is stored by Google Analytics, so we refer to Google's Privacy Policy, as Google collects and processes such information. http://www.google.com/intl/en/policies/privacy/
Similarly, the Website provides the utility of Google Maps, which may have access to your location, if you allow it to do so, in order to provide you with greater specificity about the distance and/or paths to our headquarters. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and processing of such data.
http://www.google.com/intl/en/policies/privacy/
The information we handle will not be related to a specific user and will be stored in our databases for the purpose of statistical analysis, improvements to the website, our products and/or services and to help us improve our business strategy. The data will not be communicated to third parties
User registration on the website / Form submission
To access certain services, such as booking, it is necessary for the user to fill out a form. For this, personal data is requested in the registration form. The data is necessary and mandatory to carry out such registration. If such fields are not provided, the registration will not be carried out.
In this case, the browsing data will be associated with the user's registration data, identifying the same user who browses the Website. In this way, the offer of products and/or services that, in our opinion, best suits the user can be personalized.
The registration data of each user will be incorporated into the databases of DANDA PATRIMONIO E INVERSIONES SL, together with the history of operations carried out by the same and will be stored in them until the registered user account is deleted. Once such an account is deleted, this information will be removed from our database, keeping data related to transactions made for 10 years, without being accessed or altered, in order to comply with the legally effective deadlines. Data that is not linked to transactions made will be kept unless consent is withdrawn, in which case they will be immediately deleted (always considering legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties. Regarding the sending of electronic communications and promotions and responding to requests for information, the legitimacy of the processing is the user's consent.
The purposes of the data processing will be as follows:
a) Manage your access to the Website.
b) Manage the purchase of services available to you through the Website.
c) Keep you informed about the processing and status of your requests, purchases, and/or reservations.
d) Respond to your information request.
e) Manage all the utilities and/or services offered by the platform to the user.
Thus, we inform you that you may receive communications via email and/or on your phone, in order to inform you of possible incidents, errors, problems, and/or the status of your requests.
For the sending of commercial communications, the express consent of the user will be requested at the time of registration. In this regard, the user may revoke the consent given by contacting DANDA PATRIMONIO E INVERSIONES SL, using the means indicated above. In any case, in each commercial communication, you will be given the possibility to unsubscribe from receiving them, either through a link and/or email address.
Newsletter Sending
On the Website, the option to subscribe to the Newsletter of DANDA PATRIMONIO E INVERSIONES SL, is allowed. To do this, it is necessary to provide us with an email address to which it will be sent.
This information will be stored in a database of DANDA PATRIMONIO E INVERSIONES SL, in which it will be registered until the interested party requests its removal or, where appropriate, it ceases to be sent by DANDA PATRIMONIO E INVERSIONES SL,
The legal basis for the processing of this personal data is the express consent given by all those interested who subscribe to this service by checking the box provided for this purpose.
The email data will only be processed and stored for the purpose of managing the sending of the Newsletter by users who request it.
For the sending of the Newsletter, the express consent of the user will be requested at the time of registration by checking the box provided for this purpose. In this regard, the user may revoke the consent given by contacting DANDA PATRIMONIO E INVERSIONES SL, using the means indicated above. In any case, in each communication, you will be given the possibility to unsubscribe from receiving them, either through a link and/or email address.
If you are any of the following groups, please consult the information below:
+ WEB OR EMAIL CONTACTS
What purposes will we process your personal data for?
• Answer your queries, requests, or petitions.
• Manage the requested service, answer your request, or process your petition.
• Electronic information, related to your request.
• Commercial or event information by electronic means, provided there is express authorization.
What is the legitimacy for the processing of your data?
The acceptance and consent of the interested party: In those cases where to make a request it is necessary to fill out a form and click on the send button, the completion of it will necessarily imply that you have been informed and have expressly given your consent to the content of the attached clause of said form or acceptance of the privacy policy.
All our forms have a verification checkbox with the following formula, in order to send the information: "□ I have read and accept the Privacy Policy."
+ CUSTOMERS
What purposes will we process your personal data for?
• Preparation of the budget and monitoring thereof through communications between both parties.
• Electronic information, related to your request.
• Commercial or event information by electronic means, provided there is express authorization.
• Manage administrative, communication, and logistics services performed by the Controller.
• Perform the corresponding transactions.
• Invoicing and declaration of the corresponding taxes.
• Control and collection management.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS
What purposes will we process your personal data for?
• Electronic information, related to your request.
• Commercial or event information by electronic means, provided there is express authorization.
• Manage administrative, communication, and logistics services performed by the Controller.
• Invoicing.
• Perform the corresponding transactions.
• Invoicing and declaration of the corresponding taxes.
• Control and collection management.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or failing that your consent to contact us or offer us your products by any means.
+ SOCIAL MEDIA CONTACTS
What purposes will we process your personal data for?
• Answer your queries, requests, or petitions.
• Manage the requested service, answer your request, or process your petition.
• Relate to you and create a community of followers.
What is the legitimacy for the processing of your data?
Acceptance of a contractual relationship in the environment of the corresponding social network, and in accordance with its Privacy policies:
Facebook http://www.facebook.com/policy.php?ref=pf
Instagram https://help.instagram.com/155833707900388
Twitter http://twitter.com/privacy
Linkedin http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
How long will we keep personal data?
We can only consult or unsubscribe your data in a restricted way by having a specific profile. We will treat them for as long as you let us follow you, be friends, or click "like," "follow," or similar buttons. Any rectification of your data or restriction of information or publications must be made through the configuration of your profile or user in the social network itself.
+ VIDEO SURVEILLANCE
What purposes will we process your personal data for?
• Video surveillance of our facilities.
• Control of our employees.
• On occasion, they may be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
The unequivocal consent of the interested party when accessing our facilities after viewing the informative sign of the video-monitored area.
+ JOB APPLICANTS
What purposes will we process your personal data for?
• Organization of selection processes for hiring employees.
• Schedule job interviews and evaluate your candidacy.
• If you have given us your consent, we may transfer it to collaborating or related entities, with the sole purpose of helping you find a job.
What is the legitimacy for the processing of your data?
The legal basis is your unequivocal consent, by delivering your CV to us and receiving and signing information regarding the treatments we are going to carry out.
How long will we keep personal data?
The resume will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
+ HR
What purposes will we process your personal data for?
• Management of the employment relationship and the worker's file.
• Carry out all those administrative, fiscal, and accounting procedures necessary to comply with our contractual obligations, obligations regarding labor, Social Security, occupational risk prevention, fiscal, and accounting regulations.
• Payroll management through a financial institution.
• Time control through the access control system by fingerprint/card (if applicable).
• Management of the entity's group insurance/pension plan.
• Carry out training actions, both subsidized and non-subsidized training.
What is the legitimacy for the processing of your data?
The legal basis for the processing of your data is the execution of your employment contract. Compliance with the relevant legal obligations. The consent of the interested party.
Do we include personal data of third parties?
No, as a general rule, we only process the data provided by the owners. If you provide us with third-party data, you must inform and request their consent from those individuals beforehand, or otherwise exempt us from any responsibility for failing to comply with this requirement.
And what about data from minors?
We do not process data from minors under 14 years of age, so please refrain from providing them if you are under that age.
Will we make communications via electronic means?
Communications will only be made to manage your request if it is one of the contact methods you have provided to us. If we carry out commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
You can rest assured: We have adopted an optimal level of protection for the personal data we handle, and we have implemented all technical means and measures at our disposal, according to the state of the technology, to prevent loss, misuse, alteration, unauthorized access, and theft of personal data.
To what extent will decision-making be automated?
DANDA PATRIMONIO E INVERSIONES SL, does not use fully automated decision-making processes to establish, develop, or terminate a contractual relationship with the user. In the event that we use such processes in a particular case, we will keep you informed and communicate your rights in this regard if required by law.
Will profiling take place?
In order to offer you products and/or services according to your interests and improve your user experience, we may create a "commercial profile" based on the information provided. However, automated decisions will not be made based on this profile.
Who will your data be communicated to?
Your data will not be transferred to third parties, except for legal obligations. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial entities for the collection of the provided service or acquired product, as well as to data processors necessary for the execution of the agreement.
In the event of a purchase or payment, if you choose any application, website, platform, bank card, or any other online service, your data will be transferred to that platform or processed in its environment, always with maximum security.
In the event that you have given us your consent for the processing of your name and images and other information related to the activities of DANDA PATRIMONIO E INVERSIONES SL, they will be disclosed on the different social networks and website of DANDA PATRIMONIO E INVERSIONES SL,
International transfers
If it is necessary to carry out international data transfers by DANDA PATRIMONIO E INVERSIONES SL, it will ensure that such transfers are possible in accordance with the General Data Protection Regulation, or any other requirement established by applicable regulations. For this purpose, the company will adopt the necessary agreements to ensure a level of data protection equivalent to that provided for in European regulations.
In the event of working in a system of shared folders in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc., an international transfer to the United States will be made under the provisions of Article 49.c) of the General Data Protection Regulation or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
What Rights do you have?
• To know if we are processing your data or not.
• To access your personal data.
• To request the rectification of your data if it is inaccurate.
• To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent given.
• To request limitation of the processing of your data, in certain cases, in which case we will only keep them in accordance with current regulations.
• To port your data, which will be provided to you in a structured, commonly used, or machine-readable format. If you prefer, we can send them to the new controller you designate. This is only valid in certain cases.
• To file a complaint with the Spanish Data Protection Agency, if you believe that your rights have not been properly addressed.
• To revoke the consent for any processing for which you have consented, at any time. If you modify any data, we appreciate your communication to keep them updated.
Would you like a form to exercise your Rights?
• We have forms for exercising your rights, ask us for them by email or, if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.
• These forms must be signed electronically or accompanied by a photocopy of your ID card.
• If someone represents you, you must attach a copy of their ID card, or they must sign it with their electronic signature.
• The forms can be submitted in person, sent by mail or by email to the address of the Controller at the beginning of this text.
You have the right to file a complaint with the Spanish Data Protection Agency if you believe that your rights have not been properly addressed.
The maximum period for resolution by DANDA PATRIMONIO E INVERSIONES SL, is one month, from the effective receipt of your request by us.
You have the right to revoke the consent for any processing for which you have consented at any time.
Do we use cookies?
If we use any other type of cookies than those necessary, you can consult the cookie policy in the corresponding link from the beginning of our website.
How long will we keep your personal data?
• Personal data will be kept as long as you remain linked to us.
• Once you unlink, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them according to the statute of limitations for legal actions.
• The processed data will be kept until the expiration of the legal periods mentioned above, if there is a legal obligation to keep them, or if there is no legal deadline, until the data subject requests their deletion or revokes the consent given.
• We will keep all information and communications related to your purchase or the provision of our service, for as long as the product or service warranties last, to attend to any possible claims.
• In each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
| Data relating to | Document | Storage |
| Clients and suppliers | By way of example and without limitation, the following are some of the most significant documents. Invoices (issued by the company and drawn on the company). Contracts between traders (purchase and sale, commission, transport, provision of services, etc.) Contracts with individuals. Real estate contracts (leasing of business premises, sale, purchase, exchange, etc.) Business correspondence Bank contracts and documentation (current accounts, deposits, leasing, renting, etc.) Expense notes. | Obligation to keep documentation for at least 6 years. It is advisable to keep it depending on the case of prescription of actions. Article 30 of the Commercial Code stipulates that entrepreneurs shall keep the books, correspondence, documentation and supporting documents relating to their business for six years from the date of the last entry made in the books. However, this rule merely establishes a minimum period of time during which, in the general interest, the trader must keep the documents that have been generated in the course of his business. |
| Tax relevant documents and records | Tax General Law arts. 66 to 70 4 previous financial years (years) | |
| Parties subject to the Prevention of Money Laundering Act, documentation accrediting compliance with AML obligations | Law 10/2010 art. 25 10 years | |
| Humas Resources | Payrolls, TC1, TC2, etc. | 10 years (Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Offences and Penalties in the Social Order). |
| CVs | Until the end of the selection process, and for a further 2 years unless the data subject revokes consent or requests deletion. | |
| Employee training | Art 5.2, Order TAS/2307/2007 4 years | |
| Working Time Records | Art. 34.9 Royal Legislative Decree 2/2015, approving the revised text of the Workers' Statute Law. 4 years | |
Severance pay documents. Contracts. Data on temporary workers. | RD 425/2005 apart. 3 Additional Provision 1 4 years Art. 30 of the Commercial Code establishes a minimum period of 6 years. Organic Law 7/2012 recommends keeping it for 10 years. | |
| Worker's file. | Up to 5 years after leaving (Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Offences and Penalties in the Social Order). | |
| Documentation or computer records accrediting compliance with ORP regulations. | RDL 5/2000 art. 4 5 years | |
| Marketing | Databases or web visitors. | For the duration of treatment. |
| Access control and video surveillance | Visitor registration | Instruction 1/1996 AEPD 30 days |
Video surveillance Images/sounds captured by video surveillance systems shall be cancelled within a maximum period of one month from their capture. Recordings shall be destroyed within a maximum period of one month from their capture, unless they are related to serious or very serious criminal or administrative offences in the field of public security, to an ongoing police investigation or to an open judicial or administrative procedure. | Instruction 1/2006 AEPD 30 days | |
| Accounting | Accounting books and documents. Annual accounts Shareholders' agreements and boards of directors, company bylaws, minutes, board of directors' regulations and delegated committees. Financial statements, audit reports Records and documents related to grants. | Commercial Code art. 30: 6 years |
| Corporate Documentation | Deeds of incorporation of the company together with the articles of association, deeds of elevation of corporate resolutions, deeds of granting/renewal of powers of attorney, deeds of purchase/sale of shares, deeds of purchase/sale of assets, deeds of shares, dissolution/settlement, etc.). | It is recommended to keep them throughout the life of the company, from its incorporation until at least 6 years after its dissolution and liquidation. In the event that the deeds will incorporate rights or obligations for the company, it is recommended to adhere to the above-mentioned limitation periods. |
| Books of minutes of meetings of the general meeting and the board of directors (commercial companies), register of shares, register of shareholders, register of contracts with the sole shareholder, other books. | Obligation to keep the documentation for at least 6 years. From the last entry made in the books. They must be kept throughout the life of the company from its incorporation until at least 6 years after its dissolution and liquidation. | |
| Other corporate documentation (private share purchase agreements, shareholder loans, pledges of shares, etc.) | It is recommended to keep them throughout the life of the company, from its incorporation until at least 6 years after its dissolution and liquidation. | |
| Tax | Administration of the entity's administration, rights and obligations relating to the payment of taxes. Administration of dividend payments and tax withholdings. All documents justifying the taxpayer's tax actions (proof of income and expenditure), including both accounting and supporting documentation (contracts, invoices, receipts, delivery notes...) All types of tax declarations. | Obligation to keep the documentation: Minimum 4 years. Articles 66, 67 and 68 of the General Tax Law. The general limitation period for tax obligations is 4 years. With regard to tax returns, the 4-year limitation period starts to run from the day on which the voluntary tax filing period ends. In the event that there has been a subsequent action by the Administration (inspection, partial verification) or by taxpayer (corrective return, appeal) that has interrupted the limitation period, a new 4-year period starts to run from that action. However, it is advisable to keep the physical documentation, as Organic Law 7/2012 recommends keeping it for 10 years. Order EHA/962/2007 provides for the possibility of destroying invoices received on paper if a certified digitalisation process has been previously carried out to obtain electronically signed digital copies. |
| Health and Safety | Workers' Medical Records/ Health data of Spa clients (treatments). | Article 17.1 of Law 41/2002 of 14 November, on patient autonomy and rights and obligations regarding clinical information and documentation. 5 years |
| Insurance | Insurance policies | 6 years (general rule) 2 years (damage) 5 years (personal) 10 years (life) |
| Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years |
| Permits, licences, certificates | 6 years from the date of expiry of the permit, licence or certificate. 10 years (criminal statute of limitations) | |
| Confidentiality and non-competition agreements | Always the period of duration of the obligation or of confidentiality | |
| Data protection regulations | Records and documents proving compliance with the requirements of data protection regulations (audits, reports, data processor contracts, etc.) | For the duration of data processing and thereafter for 3 years. |
| Documentation accrediting that requests for the exercise of data subjects' rights are dealt with. | For 3 years after application | |
| Logs/ Logs of access to information systems | 2 years | |
| If the processing is based on the data subject's consent, proof of consent | For the duration of data processing and thereafter 3 years | |
| Traffic data relating to internet connections, e-mails and calls sent or received from fixed-line telephony. | User ID, IP address (source/destination), phone number, IMSI and IMEI (source/destination), date and time of communication (start/end), identification of type of service or communication used (voice, data, SMS or MMS). | Article 5 of Law 25/2007 on the retention of data relating to electronic communications and public communications networks. 1 year |
Biometric data (fingerprint, facial recognition) (currently not allowed, unless legally authorised) | Biometric data are registered in the tool/software enabled for this purpose by the entity, in case of a positive Impact Assessment, within the current legal framework. | In compliance with the principle of limitation of the storage period, personal data may be processed for no longer than is necessary for the purposes of the processing, therefore, taking into account the provisions of article 34.9 of the ET, the company will keep the records for four years and they will remain at the disposal of the employees, their legal representatives and the Labour and Social Security Inspectorate. It will be the user who notifies and initiates the procedure for definitive deregistration. Building access control: 30 days, files to control access (Inst. 1/1996 AEPD) INACTIVE TRACKS: 6 MONTHS OF INACTIVITY. RECORDS: EMPLOYEES, 4 YEARS, NON-EMPLOYEES: 30 DAYS |
| Guests | Check-in of travellers/guests. | 3 years (Ley Orgánica 4/2015 de protección de seguridad ciudadana, Orden INT/1922/2003 and in RD 933/ 2021, of 26 October (obligations of documentary registration and information of natural or legal persons carrying out accommodation activities). |
Convertido a HTML con WordToHTML.net | Generador de firmas de correo electrónico
