Privacy Policy

Your data will be processed in compliance with the current legislation, specifically in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) on the protection of natural persons regarding the processing of personal data and the free movement of such data. This also includes Spain’s Organic Law 3/2018 of December 5, on Personal Data Protection and Guarantee of Digital Rights.

A thorough reading of our Privacy Policy will provide you with the necessary information to understand how we handle the data you provide.

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

If you or an authorized person have provided your data, please note that AMORIÑO 1988, S.L., with Tax ID: B36951861, is responsible for processing this data, in compliance with the applicable data protection regulations.

There may be other data controllers involved in our processing activities. In such cases, we will always inform you about the data controller and their identifying details.

The Website may include hyperlinks or links that allow access to third-party websites, other than hotelamorino.com, which are not operated by AMORIÑO 1988, S.L. The owners of such websites have their own data protection policies and are responsible for their processing and privacy practices.

AMORIÑO 1988, S.L. is committed to maintaining the confidentiality and security of personal data and takes the necessary measures to prevent unauthorized alteration, loss, processing, or access, in line with the GDPR.

2. WHERE DO WE INFORM YOU?

AMORIÑO 1988, S.L. informs you through the website hotelamorino.com, specifically in the privacy policy section. More information is available in our Legal Notice.

3. WHAT PERSONAL DATA DO WE PROCESS?

The personal data we process includes:

Any data you voluntarily provide to us
Data derived from the communications you have with us
Information related to your browsing activity on our Online Services (such as IP address or information derived from cookies or similar devices, as detailed in our Cookie Policy on the website)
Information available from publicly accessible sources that we can lawfully access
Data related to the contractual or pre-contractual relationship you have with us, including your image when relevant, with prior notification
Data provided by third parties about you, where a legitimate basis or your consent has been obtained
Data about third parties that you provide to us, with the prior consent of the third party

For more information, please see the record of processing activities section in this privacy policy.

4. HOW DO WE PROCESS YOUR DATA?

AMORIÑO 1988, S.L. processes your personal data in strict compliance with applicable legislation. Furthermore, we have implemented adequate technical and organizational measures to ensure an optimal level of security, ensuring that only authorized personnel have access, that we maintain data integrity, prevent intentional or accidental data loss, and have reinforced our data processing systems and services.

However, given that AMORIÑO 1988, S.L. cannot guarantee the invulnerability of the internet or the absence of hackers or other fraudulent access to personal data, we commit to notifying you without undue delay when a security breach occurs that poses a high risk to individuals’ rights and freedoms. Under Article 4 of the GDPR, a personal data breach refers to any security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.

The operations, processes, and technical procedures we conduct, whether automated or not, enabling the collection, storage, modification, transfer, and other actions on personal data, qualify as data processing.

5. WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?

The legal basis for processing personal data will be based on the contractual or pre-contractual relationship, employment relationship, or any other necessary legal basis for data processing, such as explicit consent.

6. HOW DO WE HANDLE ELECTRONIC COMMUNICATIONS?

Under Law 34/2002 of July 11 on Information Society Services and Electronic Commerce and Directive 2002/58/EC, we inform you that you may receive commercial communications and information via electronic means (emails, automated response messages from forms, and other communication systems) when you have given us your consent or when the communications relate to similar products or services previously provided by the data controller.

If you do not wish to receive such communications, you may notify us by indicating “UNSUBSCRIBE FROM COMMERCIAL COMMUNICATIONS” in the subject line, so that your personal data is removed from our database. Your request will be processed within one month of receipt. If we do not receive an explicit response from you, we will assume that you accept and authorize our continued commercial communications.

When receiving such communications, please note that messages are intended solely for the recipient and may contain privileged or confidential information. If you are not the intended recipient, any unauthorized use, disclosure, or copying is prohibited by law.

7. HOW LONG DO WE KEEP YOUR DATA?

Personal data collected by AMORIÑO 1988, S.L. through any means will be retained until the data subject requests its deletion. It will also be retained while the relationship that prompted data processing remains in effect, always in compliance with legal retention periods. After this period, personal data will be deleted from all systems of AMORIÑO 1988, S.L.

8. WILL YOUR DATA BE SHARED WITH THIRD PARTIES?

There will be no data sharing, transmission, or transfer of personal data, except for those previously notified or due to a legal obligation. If requested by public administration or autonomous institutions within their legally attributed functions, your data will be shared accordingly.

If any data sharing, transmission, or transfer occurs outside of the previously stated cases, you will be informed beforehand to provide your consent if necessary.

To ensure efficient organization, operations, and procedures, AMORIÑO 1988, S.L. may require the services of advisors, professionals, or other service providers to process data according to our instructions.

Data processing by third parties is regulated by a contract, whether in writing or otherwise legally accepted, verifying the existence and content of the agreement, explicitly specifying that the data processor will handle data per our instructions, without using it for any purpose other than stated in the contract, and will not disclose it, even for storage, to other parties.

9. WHAT ARE YOUR RIGHTS?

Data protection regulations grant you the following rights:

Right of access: Users have the right to obtain confirmation about whether AMORIÑO 1988, S.L. processes their personal data and, if so, to access the specific personal data and information about the processing performed by AMORIÑO 1988, S.L., including, among other details, the data source and recipients of any communications made or planned.
Right to rectification: Users have the right to request corrections to inaccurate or incomplete personal data, considering the purposes of the processing.
Right to erasure (“the right to be forgotten”): Users may request the deletion of their personal data when they are no longer necessary for the purposes they were collected or processed for; if consent has been withdrawn, there is no other legal basis; users object to processing with no other legitimate reason to continue it; data has been processed unlawfully; data must be deleted to comply with a legal obligation; or data was collected directly from a minor under 14 years of age. In addition to deleting the data, the Data Controller, considering available technology and implementation cost, must take reasonable steps to inform other controllers processing the data of the user’s request to erase any links to the personal data.
Right to restrict processing: Users have the right to restrict processing of their personal data. Users can request restriction when challenging data accuracy; if processing is unlawful; if the Data Controller no longer needs the personal data, but the user needs it for claims; and when users object to processing.
Right to data portability: If processing is carried out by automated means, users have the right to receive their data from the Data Controller in a structured, commonly used, and machine-readable format, and to transmit it to another controller. When technically possible, the Data Controller will transmit data directly to the other controller.
Right to object: Users may object to the processing of their personal data by AMORIÑO 1988, S.L. or request that processing is stopped.
Right not to be subject to automated individual decision-making, including profiling: Users have the right not to be subject to a decision solely based on automated processing of their data, including profiling, unless legally permitted otherwise.

If you would like more information about data processing, to correct inaccurate data, to object and/or limit unnecessary processing, or to request data deletion when no longer necessary, please write to AMORIÑO 1988, S.L. at Rúa Arrayal, 39 A, 36700 – Tui (Pontevedra), or email info@hotelamorino.com.

Such communication must include the following information: User’s full name, request details, address, and proof of identity.
Exercise of rights must be performed by the user themselves. However, it may also be performed by an authorized person as the user’s legal representative, with documentation proving representation.

Additionally, you may withdraw your consent without affecting the lawfulness of prior processing by sending a request to the address above. Attach a copy of your ID or identity document with your request.

If you believe there is an issue or violation of applicable law regarding the processing of your personal data, you have the right to effective judicial protection and to file a complaint with a supervisory authority, especially in the State where you have your habitual residence, workplace, or the place of the alleged violation. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/) – C/ Jorge Juan, 6 28001-Madrid – FAX: 914483680- TELF: 901 100 099- Email: ciudadano@agpd.es

10. WHAT IS THE PURPOSE AND LEGAL BASIS FOR DATA PROCESSING, AND HOW LONG WILL THE DATA BE KEPT?

Below is a table detailing the purposes of data processing carried out by one or all of the Data Controllers mentioned earlier.

PROCESSING ACTIVITY	PURPOSE OF PROCESSING	LEGAL BASIS	RETENTION PERIOD
Labor management	Personnel management for employment contract formalization, case control, payroll management	Contractual relationship	5 years after contract termination
Tax and accounting management	Necessary processing to comply with tax and accounting obligations	Contractual relationship Legal obligation for the controller Controller’s or third parties’ legitimate interests	5 years after contract termination The time necessary to fulfill legal obligations
Contact management	Data processing for maintaining communications with data subjects	Contractual relationship Controller’s or third parties’ legitimate interests Explicit consent of the data subject	5 years after contract termination Until cancellation and/or objection by the owner Until the data loses its relevant purpose
Occupational risk prevention	Compliance with occupational risk prevention legislation and health monitoring	Contractual relationship Legal obligation for the controller	Until the end of the contractual relationship The period legally established by specific regulations
Video surveillance	Image capture via video surveillance system and/or alarm system with image capture to protect the entity’s assets	Controller’s or third parties’ legitimate interests	Maximum 1 month
Job candidate management	Personnel selection and job placement through CV management, personal interviews, and evaluation tests	Vital interests of the data subject or other persons Explicit consent of the data subject	Until the requested appointment expires
Informational communication and notifications	Dissemination of activities and notifications of relevant information related to the entity’s activities	Controller’s or third parties’ legitimate interests Explicit consent of the data subject	Until cancellation and/or objection by the owner
Client management	Processing necessary for maintaining commercial/contractual relationships with clients, billing, after-sales service, promotions and advertising, and client loyalty	Contractual relationship Commercial relationship	5 years after contract termination The period legally established by specific regulations
Labor control	Control of employee attendance at the workplace (vacation, absenteeism, workday record)	Contractual relationship Legal obligation for the controller Controller’s or third parties’ legitimate interests	Until the end of the contractual relationship
Supplier management	Analysis, evaluation, contracting, order management, and payment management for suppliers	Contractual relationship	5 years after contract termination The period legally established by specific regulations
Reservation management	Identifying data necessary for accommodation reservation	Explicit consent of the data subject	The time necessary to fulfill legal obligations
APPCC management	Compliance with current APPCC regulations	Legal obligation for the controller	5 years after contract termination
Web management	Manage inquiries, contacts, and complaints received through the website	Explicit consent of the data subject	Until cancellation and/or objection by the owner Until data loses relevant purpose

11. ACCEPTANCE AND CHANGES IN THIS PRIVACY POLICY

The User must read and agree with the conditions regarding the protection of personal data in this Privacy Policy and accept the processing of their personal data, so that the Data Controller can proceed with it as outlined, for the periods, and for the purposes indicated. Using the Website implies acceptance of its Privacy Policy.

AMORIÑO 1988, S.L. reserves the right to modify its Privacy Policy according to its own criteria or due to changes in law, judicial decisions, or guidance from the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is encouraged to check this page periodically to stay informed about the latest changes or updates.

This Privacy Policy has been updated to comply with Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, regarding the protection of natural persons in relation to personal data processing and the free movement of such data (GDPR) and Spain’s Organic Law 3/2018 of December 5, on Personal Data Protection and the guarantee of digital rights.