Last Updated: April 2019
1. Who is responsible for processing your data?
Resorts Mallorca Hotels International S.L. (hereinafter referred to as Cala Blanca Sun Hotel) are responsible for the processing of your data collected from the Website, with address at C/ Calçat, 2 07011 – Palma de Mallorca, Spain. You can contact our Data Protection Officer at firstname.lastname@example.org or at C/ Calçat, 2 07011 – Palma de Mallorca, Spain. Alternatively, you can contact the Data Protection Officer of the Group at GroupDPO@thomascook.com, on +44 (0)207 557 6400 or at Thomas Cook Group plc | 3rd Floor, South Building | 200 Aldersgate | London EC1A 4HD | United Kingdom.
2. Why will we process your data?
The data of our users will be processed for managing the relationship with such users, for the commercial processing and monitoring of your reservations, for rendering the requested services, to address your requests and queries, for the administration and management of the Website’s security and to fulfil our legal obligations. These data will also be processed for analytical purposes and to improve the quality of our services. This includes the analysis of consolidated data of reservations processed through the Website.
Moreover, their data will be processed for marketing purposes and to send commercial messages related to products and services provided by the THOMAS COOK Group.
3. To whom can we disclose your data?
Your data will only be disclosed to third parties when there is a legal obligation to do so, with their consent, or when your request implies the disclosure thereof. For example, to correctly process your reservation, the data provided must be disclosed to the hotel included in your reservation. This includes providing such hotel with the bank card details that you provided in the reservation in order to address the possible penalties stipulated in the fee conditions for cancellations or failure to arrive at the hotel. The data processing previously indicated must be carried out in order to process your reservations; therefore the reservation process cannot be carried out if you oppose such data processing.
We inform you that Thomas Cook Group companies have Standard contractual clauses for the transfer of Personal Data to Third Countries approved by the European Commission in place to ensure the lawfulness of data transfers to the UK, in case the UK leaves the European Union. This guarantees that personal data processed by group companies in the UK will continue to benefit from protection according to the European standards.
4. Legal basis for data processing
The legal basis for processing your data is to manage the legal relationship we hold with you, to render the requested or contracted services and to fulfil the legal obligations, particularly with regard to the applicable regulations for accounting, tax and tourism matters. Managing the security of the Website and the Reservation Platforms is based on the existence of a legitimate interest. The analysis of customers’ consolidated data, collecting statistics and quality control, the commercial monitoring of your requests and sending commercial messages are based on our legitimate interest for internal administrative purposes, as well as to evaluate and promote our services.
5. How long will we keep your data?
In general terms, we will keep your data for the term the legal relationship lasts with us and, in all cases, for the terms stipulated in the applicable legal provisions, for example those regarding accounting and tax matters, and for the time required to settle any possible liabilities arising from the data processing. We will cancel your data when they are no longer necessary or relevant for the purposes for which they were collected.
The browsing information will be cancelled once the user has disconnected from the Website and the statistics have been collected.
The data processed for commercial purposes shall be kept until the user requests the cancellation thereof. The devices on which the consent is provided for processing your data for these purposes, for example, the logs of electronic forms sent shall be kept for the whole term of the processing and the applicable statutes of limitation.
6. What are your rights?
You are entitled to obtain confirmation on whether or not we are processing your personal data and, in such case, to access such data. You can also request the rectification of your data when they are inaccurate or to fill in the data that are not complete, as well as to request the cancellation thereof when, among other reasons, the data are no longer necessary for the purposes of which they were collected.
In certain circumstances, you may request to restrict the processing of your data. In such case, we will only process the data to formulate, file and defend claims or for the purpose of protecting the rights of other persons. Under certain conditions and for reasons related to your particular situation, you may also oppose the processing of your data. In this case, we will no longer process the data unless there are legitimate imperative reasons to do so, which prevail over your interests or rights and freedoms, or to formulate, file or defend claims. Moreover and under certain conditions, you may request the portability of your data so that they are transferred to another data controller.
You may withdraw the consent you have given for certain purposes, without this affecting the legality of the processing based on the consent given prior to it being withdrawn. You may also submit a claim with the Spanish Data Protection Agency.
In order to exercise your rights, you must send a request to the relevant data controller by email or post, along with a copy of your national identification document, or another valid document that identifies you, to the address specified in the section “Who is responsible for processing your data?”.
You can obtain further information on your rights and how to exercise them on the Spanish Data Protection Agency’s website: http://www.agpd.es.