PRIVACY POLICY - EXPANDED INFORMATION
This privacy policy is a part of the General Terms and Conditions regulating the Website www.virreyevents.com together with the Cookie Policy and Legal notice.
BONSOL HOTELS & INVEST SA (VIRREY EVENTS), reserves the right to modify or adjust this Privacy Policy at any time. We, therefore, encourage you to review it whenever you access the Website. In the event that the user has registered on the website and logged into his/her account or profile, when accessing it, he/she will be informed whenever there have been substantial changes regarding the processing of personal data.
Who is responsible for processing your data?
The data that has been collected or that you have voluntarily provided through the Website, whether by browsing it, or any data you may have given us via contact forms, via email or phone, will be collected and processed by the party responsible for the processing, whose identifying data is indicated below:
BONSOL HOTELS & INVEST SA, CIF: A07221419
Registered offices: C/Bartolomé Fons, 8, 07015, Palma de Mallorca, Illes Balears
Registered in the Trade Registry of Palma de Mallorca. Volume 639, book 555, folio 106, page PM9144. Date 12/12/1986
Contact information for VIRREY EVENTS regarding the protection of your personal data
Carrer de la Concepció, 26, 07012, Palma de Mallorca, Illes Balears
Tel.: 971875837
E-mail: lopd@themorganagroup.com
If, for any reason, you want to get in touch with us regarding any issue related to the processing of your personal data or privacy (with our data protection commissioner), you can do so through any of the means indicated previously.
Which data do we collect through the website?
Just by your browsing the website, VIRREY EVENTSwill be able to collect information relating to:
- IP address.
- Browser version.
- Operating system.
- Duration of visit or website browsing.
Such information is stored by Google Analytics, so we refer you to Google's privacy policy, since it collects and processes said information. http://www.google.com/intl/en/policies/privacy/
Similarly, the Website provides you with some Google Maps functions, which may have access to your location, should you give it permission, in order to facilitate a greater specificity about the distance and/or routes connecting our locations. In this regard, we refer to the privacy policy used by Google Maps, in order to know how it uses and processes such data http://www.google.com/intl/en/policies/privacy/
The information we handle is not linked to any specific user and it is stored in our databases, in order to carry out statistical analyses, improvements on the Website, on our products or services, and it will help us improve our business strategy. The data will not be disclosed to third parties.
User registration at the website / submitting forms
To access certain products or services, such as bookings or contact, it is necessary for the user to fill in a form. To do this, on the registration form, a series of personal data will be requested. The data are necessary and mandatory for carrying out said registration. Should you choose not to provide us with such data, the registration will not take place.
In such case, the browsing data will be linked to the data on the user’s registration, identifying said specific user that is browsing the Website. This way, we are able to personalise the products or services offerings that, in our opinion, best suit the user.
Each user’s registration data will be incorporated into the databases of VIRREY EVENTS, along with the transaction history of said user, and will be stored therein as long as the registered user’s account is not removed. Once said account has been removed, the information will be kept isolated from our databases, and those data relating to the transactions carried out will be kept for 10 years, not being accessed or altered, in order to comply with any statutory periods of retention in force. Data that are not linked to the transactions performed will be maintained unless consent is withdrawn, in which case they shall be deleted immediately (always with due regard to any statutory periods).
The legal basis for the processing of personal data is the performance of a contract between the parties.
In relation to the delivery of commercial communications and promotional offers by e-mail and replying to requests for information, the legitimacy of the processing the data is the consent of the affected party.
The aims of the processing, shall be as follows:
(a) to manage your access to the website.
(b) to manage the purchase of the products and/or services made available to you through the website.
(c) to keep you informed of the processing and status of your requests, or bookings.
(d) to respond to your requests for information.
(e) to manage all the functionalities and/or services that the platform provides to the user.
We hereby inform you that you can receive communications by e-mail or on your phone, to inform you of potential incidents, errors, problems and/or the status of your requests.
For the sending of commercial communications, the express consent of the user at the time of registration will be requested. In this regard, the user may revoke the consent given by addressing VIRREY EVENTS, in any of the ways listed above. In any case, in each commercial communication, you will be given the possibility to unsubscribe from receiving said communications, either through a link and/or e-mail address.
Newsletter mailing
On the website, you are offered the option to subscribe to the VIRREY EVENTS Newsletter. To do so, it is necessary that you provide an e-mail address to which it will be forwarded.
Such information will be stored in a VIRREY EVENTS database, in which it will remain registered until the interested party requests to be unsubscribed or, as the case may be, VIRREY EVENTS stops sending said newsletter.
The legal basis for the processing of these personal data is the express consent given by all the interested parties who subscribe for this service by checking the box intended for such purpose.
The e-mail data shall be only processed and stored with the purpose of managing the Newsletter mailing for the users who request it.
To deliver the Newsletter, the express consent of the user at the time of registration shall be requested by checking the box intended for such purpose. In this regard, the user may revoke the consent given by addressing VIRREY EVENTS , in any of the ways listed above. In any event, in each communication, you will be given the possibility to unsubscribe from receiving said communications, either through a link and/or an e-mail address.
If you belong to one of the following groups, please, review the drop-down information:
+ AGENTS
For what purposes will we process your personal data?
Tracking your activity.
Performing the corresponding transactions.
Billing and filing the appropriate tax returns.
Fraud and recovery management.
What is the legitimation for processing your data?
The legal basis is of contractual origin, acceptance of an agency agreement.
+ WEB OR E-MAIL CONTACTS
For what purposes will we process your personal data?
Answering to your questions, requests or petitions.
Managing the service requested, answering your requests or processing your application.
Information by electronic means, related to your request.
Commercial information or information on events by electronic means, provided that there is express permission.
What is the legitimation for processing your data?
Acceptance and consent from the person concerned: In those cases where, in order to make a request, it is necessary to fill out a form and to click on the send button, doing so will necessarily imply that you have been informed and have expressly granted consent to the contents of the clause appended to said form or have accepted the privacy policy.
All of our forms have a checkbox with the following formula in order to express consent to the sending of the information: "□ I have read and accept the Privacy Policy."
+ CUSTOMERS
For what purposes will we process your personal data?
Budget preparation and monitoring through communications between the two parties.
Information by electronic means, related to your request.
Commercial information or information on events by electronic means, provided that there is express permission.
Managing administrative services, logistics and communications carried out by the responsible party.
Performing the corresponding transactions.
Billing and filing the appropriate tax returns.
Fraud and recovery management.
What is the legitimation for processing your data?
The legal basis is your consent and the performance of a contract.
+ SUPPLIERS.
For what purposes will we process your personal data?
Information by electronic means, related to your request.
Commercial information or information on events by electronic means, provided that there is express permission.
Managing administrative services, logistics and communications carried out by the responsible party.
Billing.
Performing the corresponding transactions.
Billing and filing the appropriate tax returns.
Fraud and recovery management.
What is the legitimation for processing your data?
The legal basis is the acceptance of a contractual relationship, or failing that, your consent by contacting us or offering us your products by any means.
+ SOCIAL NETWORKS CONTACTS
For what purposes will we process your personal data?
Answering your questions, requests or petitions.
Managing the service requested, answering your requests or processing your application.
Working together and creating a community of followers.
What is the legitimation for processing your data?
The acceptance of a contractual relationship in the environment of the pertinent social network, and in accordance with their privacy policies:
Facebook http://www.facebook.com/policy.php?ref=pf
Instagram: https://es-la.facebook.com/help/instagram/155833707900388
How long are we going to keep your personal data?
We can only check or remove your data to a limited extent, being that you have a specific profile. We will process them as long as you allow us by following us, being friends on the social network or “liking” or “following” us or our posts, or in any other similar way.
You must make any rectification of your data or information or publications restriction through your profile or user settings in the social network itself.
+ VIDEO SURVEILLANCE
For what purposes will we process your personal data?
Video surveillance of our premises.
Control of our employees.
Sometimes they can be transferred to the courts for the application of legitimate actions.
What is the legitimation for processing your data?
The unambiguous consent of the person concerned when accessing our facilities after viewing the informational poster in the monitored area.
+ JOBSEEKERS
For what purposes will we process your personal data?
Organization in hiring processes for the recruitment of employees.
Arranging job interviews with you and assessing your application.
If you have given us your consent, we may transfer it to cooperating or related parties, with the only goal of helping you find employment.
What is the legitimation for processing your data?
The legal basis is your unequivocal consent by giving us your résumé and receiving and signing information relating to the subsequent data processing.
How long are we going to keep your personal data?
The résumé will be stored for the period of one year, time after which, in the case of our not having contacted you, it will be deleted.
+ HUMAN RESOURCES
For what purposes will we process your personal data?
- Management of the employment relationship and worker’s record.
- Carrying out all those administrative, fiscal and accounting procedures required to meet our contractual commitments, obligations in the field of labour legislation, Social Security, occupational tax and accounting hazard prevention.
- Payroll management by means of a financial institution.
- T&A control by means of an access control system with fingerprint/card capabilities (if need be).
- Management of the company’s group insurance policies/ pension plans.
- Carrying out training actions both subsidized and non-subsidized.
What is the legitimation for processing your data?
The legal basis for the processing of your personal data is the performance of a contract between the parties. Compliance with the relevant legal obligations. The consent from the interested party.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Do we include personal data from third parties?
We do not, as a general rule we only process data provided to us by the owners. If you give us data from third parties, you must previously, inform and request the consent from said parties, otherwise we are exempt from any liability for breach of this requirement.
And data relating to minors?
We do not process data from minors under 14 years of age, therefore, refrain from providing us with your data if you are under 14.
Will we contact you electronically?
We will only contact you electronically to manage your requests, if it is one of the means of contact with which you have provided us.
If we make commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
You can rest easy: We have adopted an optimal level of protection of the personal data that we handle, and we have installed all the means and technical measures at our disposal, according to the latest state-of-the-art technology, to prevent the loss, misuse, alteration, unauthorized access and theft of personal data.
To what extent will decision making processes be automated?
VIRREY EVENTS does not use fully automated decision-making processes to engage, develop, or finish a contractual relationship with the user. If we use these processes in a particular case, we will keep you informed and will communicate you your rights in this regard if so prescribed by the law.
Will there be profiling?
In order to offer you products and/or services according to your interests and enhance your user experience, we may develop a "business profile" based on the information provided. However, no automated decisions will be made based on that profile.
With whom will your data be shared?
The companies comprising The Morgana Group.
Personal data will not be passed on to third parties unless it is to comply with statutory provisions. In particular, they shall be shared with the National Tax Administration Agency and banks and financial institutions for the payment of the service provided or product purchased, as well as responsible for the treatment necessary for the execution of the agreement.
In the case of a purchase or payment, if you choose any application, web, platform, credit card, or any other online service, your data will be transferred to said platform or will be processed in its environment, always with the maximum security.
In the event that you have given us your consent to the processing of your name and images and other information, relating to the activity of VIRREY EVENTS, they will be published on the different social networks and the VIRREY EVENTS website.
International transfers.
Whenever VIRREY EVENTS needs to transfer data internationally, they shall only be made to entities enabled by the Privacy Shield European Union-United States agreement (further information: https://www.privacyshield.gov/welcome), to entities that have demonstrated compliance with the level of protection and offer guarantees in line with the parameters and expected requirements in the current legislation on data protection, such as the European Regulation, or when there is a legal authorization to carry out the international transfer.
What rights do you have?
To know if we are processing your data or not.
To access your personal data.
To request the rectification of your data if they are inaccurate.
To request the deletion of your data if they are no longer needed for the purposes for which they were collected or if you withdraw the consent you granted.
To request the limitation of the treatment of your data, in some cases, in which case only we will retain them in accordance with the regulations in force.
To move your data, which will be provided to you in a structured, common or machine-readable format. If you prefer, we can send them to the new responsible party of your appointment. This only applies to certain cases.
To file a complaint with the Spanish Data Protection Agency, if you think that you have not assisted properly.
To revoke the consent to any processing to which you have consented, at any time.
If you modify any data, we would be grateful if you would let us know so that we can keep them up to date.
Would you like a form so that you can exercise your rights?
We have forms for you to exercise your rights, ask us by email or if you prefer, you can use the one drawn up by the Spanish Data Protection Agency or third parties.
These forms must be signed electronically or be accompanied by a photocopy of your ID card. (DNI in Spanish).
If you are legally represented by someone, you must send us a copy of their Spanish National ID card (DNI in Spanish), or have them sign it electronically.
Forms can be submitted in person, sent by letter or by email at the address of the responsible body at the beginning of this text.
- You have the right to file a complaint with the Spanish Data Protection Agency, if you think that you have not assisted properly when it comes to your rights.
- The deadline for VIRREY EVENTS to reach a resolution is one month, starting from the effective reception of your request.
You are entitled to revoke your consent at any time for any of the processing of data to which you have consented.
Do we use cookies?
If we use any other type of cookie aside from the necessary ones, you can consult our cookies policy on the corresponding link on our home page.
How long are we going to keep your personal data?
Your personal data will be kept as long as there is mutual interest.
Once you decide it is no longer in your interest, the processed personal data for whichever purposes will be kept for the legally prescribed term included the period in which a judge or court may require them in accordance with the period of limitation of legal proceedings.
The processes data will be kept as long as the aforementioned legal time limits do not expire, as well as if there were a legal obligation to keep them, or there is no such legal term, until the person concerned requests its deletion or revokes the consent granted.
We will keep all information and communications relating to your purchase or the performance of our service for as long as the warranties of our products or services last, to meet potential claims.
In each processing or classification of data, we provide you with a specific period, which you can check in the following table:
Customers
|
Recursos Humanos
|
Proveedores
|
Control de acceso y videovigilacia
|
Fiscal
|
Medioambiente
|
Jurídico
|
Protección datos personales
|
Processing of personal data, if it is different from the processing reported to the AEPD
|
3 años
|
Personal data of employees stored in networks, computers and communications equpment used by said employess, as acces controls and internal managemen/ administration systems
|
5 años
|
COOKIE POLICY AND LOCAL STORAGE
Cookie policy:
In accordance with the Spanish Act 34/2002, dated July 11 on Information and e-commerce society services, we hereby inform you that this website uses Cookies to improve and optimize the user experience. Below you will find detailed information on what "Cookies” are, what types are in use on this website, how to change your cookies settings, and what happens if you disable them.
What are cookies?
A cookie is a file that is downloaded onto your computer when you access certain web pages. Cookies allow a website, among other things, to store and retrieve information about a user’s or a device’s browsing habits and, depending on the information they may contain and the way you use your device, they might be used to identify a user.
What kinds of cookies are used in this website?
Depending on the organisation that manages them, cookies may be:
- First-party cookies: Those sent to the interested party’s device from a system or domain managed by the content manager and from which the service requested by the user is provided.
- Third-party cookies: Those sent to the user’s device from a system or domain not managed by the content manager, but by another organisation that processes the data gathered through the cookies.
The Website uses both first-party and third-party cookies.
- Depending on the period of time they remain active:
Session cookies: They are the type of cookies intended for collecting and storing data while the user is browsing the website. They are often used to store information that is only meant for the provision of the service requested by the user just once (e.g. a list of purchased products).
Persistent cookies: They are the type of cookies which store data on the device and can be accessed and processed for a period of time established by the party responsible for the cookie, and that can range from a few minutes to several years.
This website uses both persistent cookies as well as session cookies.
- For what purposes can the website’s cookies be used?
- Technical cookies: Those that allow the user to browse a website, platform or application and to make use of the different options or services that it may offer such as to control the traffic and transmission of data, identify the session, access restricted areas, remember the items that make up an order, process a purchase order, request to register or participate in an event, use security measures during browsing, store content for video or sound broadcasting, or share content through social networks.
Customisation cookies: Those that allow the user to access the service with some default general features based on a set of criteria present in the user’s device, for instance, the language settings, browser type through which you access the service, the locale format from where you have access to the service, etc.
Analytic cookies: Those that allow the party responsible for said cookies to monitor and analyse the users’ behaviour on the websites to which they are linked. The information collected by means of these types of cookie is used for measuring the activity of websites, applications, or platforms and for profiling the users’ web browsing activity in such sites, applications and platforms, in order to introduce improvements based on the analysis of the usage data from the users of the service.
Advertising cookies: Those that allow for managing, as efficiently as possible, the advertising spaces that, as the case may be, the content managers have included in a web page, application, or platform from which they provide the service requested on the basis of criteria such as the edited content or the frequency with which advertisements are displayed.
Behavioural advertising cookies: Those that allow for managing, as efficiently as possible, the advertising spaces that, as the case may be, the content managers have included in a web page, application, or platform from which they provide the service requested. These cookies store the user’s behavioural information obtained through observation of his/her browsing habits, which allows for profiling so that advertisements can be displayed based thereon.
Cookie name:
|
Description / purpose
|
Supplier
|
Expiration
|
|
|
|
|
• Third-party Cookies: Provided by third parties.
Cookie name:
|
Description / purpose
|
Supplier
|
Further information
|
Google Analytics
|
Google Analytics Cookies. They generate an anonymous user ID, which is used to count how many times the user visits the website. It also records when it was the first and the last time they visited the website. It also calculates when a session, user origin, and keywords have expired.
|
Google
|
Further information
|
What happens if the cookies are disabled?
Some of the website’s features in certain areas and for certain services may not function properly if cookies are disabled.
Do we update our Cookie Policy?
We may occasionally update the Cookie Policy on our website, we, therefore, recommend that you review this policy each time you access our website in order to be properly informed about how and for which purpose we use cookies.
How can you set your Cookies?
By browsing and remaining on our website you will be consenting to the use of Cookies under the terms and conditions contained within this Cookie Policy. You, as the user, have the possibility of exercising your right to block, delete and reject the use of Cookies at any time, by changing your browser settings. For example:
Microsoft Edge: Settings > Advanced Settings > Cookies.
Visit Microsoft Support or your browser’s help section.
Mozilla Firefox: Tools > Options > Privacy > History > Custom Settings.
Visit Mozilla Support or your browser’s help section.
Google Chrome: Settings > Show Advanced Options > Privacy > Content Settings.
Visit Google Support or your browser’s help section.
Safari (Apple): Preferences > Security.
Visit Apple Support or your browser’s help section.
Opera (Opera Software): Settings > Options > Advanced > Cookies
Visit Opera Support or your browser’s help section.
If you use any other browser, check its installation policy, and its cookies use and blocking policy. Regardless, by using the tool www.youronlinechoices.com, you can find useful information and set your cookies preferences for each supplier.
Are there only cookies?
It may be that some websites use other forms of storage similar to cookies but which can store a larger amount data, like other forms of data local storage on the client’s computer, for example:
HTML5 LocalStorage and sessionStorage: Space that the website can take up on the user's device. They can be usually deleted by deleting the browsing history.
"Local Shared Objects" in Flash ("isolated storage" in Silverlight): They are stored inside the Microsoft folder where the user profile is. You have to navigate to the folder and delete it. (E.g.: vimeo videos).
Flash is used to incorporate multimedia elements to a website, and in order to do that, it stores files in the user's device.
A web beacon is used to track your activity, by inserting a mini image that the user doesn’t even notice. When you browse the web, it’s loaded along with the website, and the server where the photo is downloaded from, records the access time or how many times you have accessed it.
These files are more intrusive than cookies, since their removal is more difficult, they keep more data, and don’t depend on the browser being used. We do not use these types of storage.