Privacy Policy

Claridge Granada s.l.u works to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. Your privacy is important to us, and we believe we should be transparent about it.

For the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter "GDPR") concerning the protection of natural persons, Organic Law 3/2018 of 5 December on Personal Data Protection and guarantee of digital rights with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Services of the Information Society and electronic commerce (hereinafter, "LSSI") Claridge Granada s.l.u informs the user that, as the Data Controller, it will incorporate the personal data provided by users into an automated file.

Our commitment begins by explaining the following to you:

• Your data is collected to improve the user experience, addressing your interests and needs.
• We are transparent regarding the data we obtain about you and the reason for doing so.
• Our intention is to offer you the best possible experience. Therefore, when we are going to use your personal information, we will always do so in compliance with the regulations and, when necessary, we will request your consent.
• We understand that your data belongs to you. Therefore, if you decide not to authorise us to process it, you can ask us to stop processing it.
• Our priority is to guarantee your security and process your data in accordance with European regulations.

Who is the Data Controller for your personal data?

Identity: Claridge Granada s.l.u

Registered Office: Plaza de Villamena 1. Granada 18001.

CIF: B21914858

Email: administracion@granhotelclaridge.com

Claridge Granada s.l.u has appointed a Data Protection Officer or an internal contact person within its organisation. If you wish to make an inquiry regarding the processing of your personal data, you can contact them via the email admin@globalserpro.com.

What personal data do we collect?

The personal data that the user may provide:

• Identification data, including image.
• Email address.
• City/Town, telephone numbers.
• Any other information or data you decide to share with us.
• In the case of personnel selection, academic and professional data.
• Financial data for invoicing and payment of services.
• Special Categories of Personal Data (Arts. 9 and 10 of the General Data Protection Regulation (EU Regulation 2016/679)).

In some cases, completion of the registration form is mandatory to access and enjoy certain services offered on the website; likewise, failure to provide the requested personal data or failure to accept this data protection policy makes it impossible to subscribe, register, or participate in any of the promotions where personal data is requested.

Why and for what purpose do we process your data?

Claridge Granada s.l.u processes the information provided to us by interested parties for the following purposes:

• Managing our online services.
• Management of website users.
• Managing the sending of information requested from us.
• Compliance with regulations and laws.
• Personnel selection.
• Contacting the user, sending quotes, offers, orders, invoices, technical inquiries, and commercial promotion of products that may be of interest to them.
• Developing commercial actions and carrying out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and information tasks, being able to perform automatic evaluations, profile creation, and customer segmentation tasks with

the aim of personalising the service according to their characteristics and needs and improving the customer's online experience.

We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.

In some cases, it will be necessary to provide information to Authorities or third-party companies for audit reasons, as well as to handle personal data from invoices, contracts, and documents to respond to claims from customers or Public Administrations.

What is the lawful basis for processing your data?

The processing of your data may be based on the following legal bases:

• Consent of the data subject for the contracting of services and products, for contact forms, and requests for information.
• Legitimate interest for the processing of our customers' data in direct marketing actions and explicit consent of the data subject for everything related to automatic evaluations and profiling.
• Compliance with legal obligations for fraud prevention, communication with Public Authorities, and third-party claims.

How long do we retain your data?

Data processing for the described purposes will be maintained for the time necessary to fulfil the purpose of its collection, as well as for compliance with the legal obligations arising from the data processing.

With regard to personnel selection, the CV will be retained for one year if it is of interest during the process; after this time, it will be deleted.

For video recording through security cameras and access control to the facilities, the data will be retained for a maximum of 30 days.

To which recipients is your data disclosed?

Your data will be retained under strict security measures that guarantee their confidentiality and security. Likewise, they will only be disclosed to the following entities and for the following purposes:

• Entities and suppliers that provide services to Claridge Granada s.l.u for the correct execution of our activities and projects. These entities and suppliers are duly accredited and sign the corresponding data processing agreement with us in compliance with current data protection regulations.
• Public bodies and authorities, and Courts and Tribunals, when there is a legal obligation to provide the data.

Where is the data stored?

Claridge Granada s.l.u The data is stored within the EU; depending on the destination country of your trip, some suppliers may be located in third countries for which an international data transfer is necessary.

What rights do you have and how can you exercise them?

You can address your communications and exercise your rights by making a request to the following email address: administracion@granhotelclaridge.com

Pursuant to the provisions of the GDPR, you can request:

• Right of access: you can ask for information about the personal data we hold about you.
• Right of rectification: you can communicate any change to your personal data.
• Right of erasure (and the right to be forgotten): you can request the deletion, following blocking, of personal data.
• Right to restriction of processing: this involves restricting the processing of personal data.
• Right to object: you can withdraw consent for the data processing, objecting to further processing.
• Right to data portability: in some cases, you can request a copy of the personal data in a structured, commonly used, and machine-readable format for transmission to another data controller.
• Right not to be subject to automated individual decision-making: you can request that decisions not be taken based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.

In some cases, the request may be refused if you ask for data necessary for compliance with legal obligations to be deleted.

Furthermore, if you have any complaint about the data processing, you can lodge a complaint with the data protection authority.

Who is responsible for the accuracy and veracity of the data provided?

The user is solely responsible for the veracity and correctness of the data included, exempting Claridge Granada s.l.u from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided and undertake to keep them duly updated.

Claridge Granada s.l.u is not responsible for the veracity of information that is not its own creation or for which another source is indicated, and therefore assumes no liability whatsoever for any hypothetical damage that may arise from the use of such information.

Claridge Granada s.l.u reserves the right to update, modify, or delete the information contained on its web pages, and may even limit or deny access to said information. Claridge Granada s.l.u is exempted from liability for any damage or harm that the user may suffer as a result of errors, defects, or omissions in the information provided by Claridge Granada s.l.u, provided that it originates from external sources.

How do we process the personal data of minors?

In accordance with Article 8 of the GDPR and Article 7 of LO3/2018, of December (LOPDGDD), Claridge Granada s.l.u will require the valid, free, unambiguous, specific, and informed consent of their legal guardians to process the personal data of minors. In this case, the ID or other form of identification of the person giving consent will be required.

In the case of those over fourteen years of age, data processing may proceed with the user's consent, except in cases where the Law requires the assistance of those holding parental authority or guardianship.

What security measures do we apply to protect your personal data?

Claridge Granada s.l.u has adopted the legally required levels of security for the protection of Personal Data and endeavours to install other technical means and additional measures at its disposal to prevent the loss, misuse, alteration, unauthorised access, and theft of the Personal Data provided to Claridge Granada s.l.U.

Claridge Granada s.l.u is not responsible for hypothetical damages or harm that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns, or disconnections in the operational functioning of this electronic system, caused by reasons beyond the control of Claridge Granada s.l.u; or from delays or blockages in the use of the present electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, the Internet system, or other electronic systems, as well as damages that may be caused by third parties through illegitimate intrusions outside the control of Claridge Granada s.l.u, nevertheless, the user must be aware that security measures on the Internet are not impregnable.