In accordance with the provisions of the arts. 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as ‘GDPR’’), and articles 6 and 11 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, “LOPDGDD”) which regulates the right to information in the collection of data, we inform you of the following points.
Who is Responsible for the processing of your personal data?
RESTAURANTE TROPICAL GAVÀ MAR, S.L., (hereinafter, “Tropical”), with Tax ID Code no. B22.214.171.124 and registered address at Ronda General Mitre, 59, Bajos, 08017, and email firstname.lastname@example.org informs the user that is the Data Controller for the personal data collected via this website, and that in accordance with the applicable regulations, it is indicated that the personal data provided to us will be carried out for the purposes described in this privacy notice and will be carried out with all the technical and organizational measures necessary to meet the required levels of privacy.
Web Site https://tropical.barcelona/#
Profiles in social networks:
What is Etoshi’s presence on social networks?
RESTAURANTE TROPICAL GAVÀ MAR, S.L., have some profiles in the social networks (Facebook and blog).
Tropical is the data controller of the data of it’s users, followers or people who make comments through them. Also in accordance with the Law on Information Society Services and Electronic Commerce. Tropical is exonerated from any liability from comments from users and followers on their social networks.
Tropical may use the profiles described above for to inform it’s users about topics that it considers interesting to them.
What personal data do we collect?
The personal data that the user may provide:
Name, address and date of birth.
Telephone number and e-mail address.
Credit and debit card number or other payment details.
Financial information in certain circumstances
Date and place of birth
Nationality, passport, visa or other identification data issued by government authorities.
Important dates, such as birthdays, anniversaries, and special occasions
Membership or loyalty program details (including co-branded payment cards and travel partner program affiliations)
Your employer’s details
Travel itinerary, travel group or activity information
Previous stays as a guest or interactions, goods and services purchased, special services and requests for accommodations
Facts about allergies or intolerances
Any information that the client wants to share with us.
In some cases, it’s obligatory to fill in the registration form to access certain services, as well as not provindig the personal data requested or not accepting this data protection policy means the impossibility of navigating the website.
Why do we process your data?
Depending on the purposes we will need to process some data or others, which in general will be, depending on the case, the following:
Data provided to carry out the management of any reservation made by an interested party through the channels provided for this purpose. The data will be kept for as long as any type of responsibility for the services contracted by the interested party may arise. For this purpose, Tropical will keep the credit card information provided during the booking process until the payment of the amount has been concluded.
To manage the stay of the clients, as well as to give the services that these request during their stay.
Data provided to carry out the management of the reservation in the restaurant. In order to do so, we inform you that we can request health data of the clients that are necessary to prepare menus adapted to their needs.
Manage and respond to possible queries, complaints and or claims that are made through any means. It is also informed that the personal data of the interested party for these purposes will only be kept while processing and responding to the response to the consultation, complaint and or claim submitted.
The website makes informative communications about the services offered, as well as commercial and or promotional communications that may be of interest for the users.
Newsletter and blog management.
Management of data of the interested parties for the realization of events.
The users are informed of the possibility of withdrawing consent for a specific purpose, without affecting the legality of the processing based on consent prior to withdrawal.
What is the lawful basis for the processing of your data?
The processing described above are based on the following legal basis:
Execution of a contract. The purposes for the contracting of hotel services and reservations, management of the stay and data provided for the contracting of catering services and the holding of events.
Legal obligation. The purposes for the contracting of services and hotel reservations, as well as for the management of taxes due to the contract, and the management of complaints, queries and/or any claim on the part of the interested party.
Consent of the interested party for the sending of informative and promotional commercial communications and the subscription to the newsletter.
Compliance with legal obligations for fraud prevention, communication with Public Authorities and third party claims.
How long do we keep your personal data for?
The processing of personal data of the interested parties for the purposes describes will keep for time necessary for fulfill the aforementioned purpose, as well as for compliance with the legal obligations arising from the processing of data. Notwithstanding that the conservation is necessary for the action, exercise or defense of potential claims and or whenever permitted by applicable law.
Tropical undertakes to cease the processing of personal data at the end of the storage period and to block them in our databases.
To which recipients is your data communicated?
As stated above, Tropical may communicate the personal data of interested parties to government bodies or agencies, as well as to security agencies.
Tropical ensures the security of personal data when it is sent outside the company, and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. Such third parties have an obligation to ensure that the information is treated in accordance with data privacy regulations. In some cases, the law may require that personal data be disclosed to public bodies or other parties, only as strictly necessary for the fulfilment of such legal obligations.
Where do we store personal information?
In general, data is stored outside the EU, specifically on Google Cloud servers in the US. Therefore, users are informed that it is attached to the “Privacy Shield”.
What rights do you have and how can you exercise them?
You may address your communications and exercise your rights by written communication to the following email: email@example.com
Under the provisions of data protection regulations you can apply:
Right of access: you can ask for information of those personal data that we have about you.
Right to rectification: you can communicate any change in your personal data.
Right to erasure: you can request the deletion after blocking personal data.
Right to restriction of processing: this implies the restriction of the processing of personal data.
Right to object to processing: you can withdraw your consent to the processing of your data, opposing further processing.
Right to portability: in some cases, you can request a copy of the personal data in a structured format, commonly used and machine-readable for transmission to another data controller.
The right not to be the subject of individualised decisions: you may request that decisions not be taken which are based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.
In some cases, the request may be refused if you request that data necessary for the fulfilment of legal obligations be deleted. Also, if you have a complaint about the processing of data you can submit a complaint to the data protection authority.
Who is responsible for the accuracy and veracity of the data provided?
Tropical is not liable for the accuracy of the data provided by their users. It is user’s liability to guarantee, in any case, the accuracy and authenticity of the personal data provided. The user agrees to provide complete and correct information in the contact form. Tropical is exonerated from any liability in this respect and therefore does not assume any responsibility with regard to hypothetical damages that may arise from the use of said information.
Tropical is only responsible for the veracity of its own elaboration information. Tropical reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or deny access to said information. Tropical is exonerated from any responsibility for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by Tropical provided that this comes from sources outside or publics the company.
How do we treat the personal data of minors?
Due to its activity Tropical treats personal data of minors in order to carry out the required services. Likewise, the consent of the parents or legal representatives will be requested for the processing of the personal data of the minor in compliance with the appropriate security measures.
What security measures do we take to protect your personal data?
Tropical has adopted the legally required levels of personal data protection security, and endeavours to install those additional means or technical and organisational measures within its reach to prevent the loss, misuse, alteration, unauthorised access and theft of the personal data provided to Tropical.
Personal data breach policy
Data breaches may be caused by employees, parties external to the company, or computer system errors. Tropical is legally required to notify affected individuals if their personal data has been breached. We will notify affected individuals within 72 hours if a data breach involves sensitive personal data. In addition we will notify users as soon as the data breach is resolved. Information will be officially communicated via e-mail.
Updates to This Policy
If you have questions? Contact us by filling out the contact form or online chat. You can also call us at +34 936 33 00 62.