Privacy Policy

Last updated: September 2019
The Privacy Policy forms part of the General Terms and Conditions governing this website.

Who is responsible for the processing of your data?
Address: Calle Orfila, 8, C.P. 28010 (Madrid)
VAT NUMBER: B87942827
Contact: Tfno: 910 88 70 70


You can contact the Controller by any of the means of contact provided.
We reserve the right to modify or adapt this Privacy Policy at any time.
We recommend you to review it, and if you have registered and access your account or profile, you will be informed of the modifications.

For what purposes will we process your personal data?
We inform you that your data will be processed for the purpose of managing your reservation, your stay at the hotel and other requests in relation to the same, or others in relation to the other services offered, as well as to ensure the payment of the expenses arising therefrom.
payment of the expenses derived from the same. For this purpose, we will collect identification and contact data, as well as financial and other information that you may provide us with.
Your data will be communicated to the Security Forces and Bodies in compliance with the provisions of current legislation, as well as to the travel agencies or operators involved. The data will be kept for at least
The data will be kept for at least 6 years in compliance with tax, commercial, consumer and travellers' book-register regulations.

The legal basis for such processing is the performance of a contract.

Website or e-mail contacts
The Data Controller will process the data that the user provides through the contact form or when contacting the Data Controller by e-mail or telephone, such as identification and contact data, or
other data that the user includes. In addition, the IP, operating system or browser used by the user, and even the duration of the visit, may be processed anonymously.
Thus, the data will be processed for the following purposes:

Answer queries, requests or petitions.
Manage the requested service.
Information by electronic means, related to a request.
Carry out analyses and improvements to the website.
Improve the commercial strategy.

In the event that you decide to create a user account on the website to manage your orders and/or reservations, your data will be processed so that you can enjoy the functionalities of said account.

The data processing is based on the execution of a contract or on the acceptance and consent of the data subject, as the case may be. In those cases where a request is made by filling in a form and clicking on the submit button, the execution of the request will
click on the send button, the completion of the form will necessarily imply that the user has been informed and has expressly given his or her consent to the processing of his or her data on the basis of this privacy policy. If you do not check the checkbox to accept the privacy policy, the information will not be sent.

We do not process the data of minors through electronic media without the corresponding authorisation, therefore, please refrain from providing them if you are not of that age or, if applicable, from providing data of third parties who are not of the aforementioned age.
age. HOTEL HERITAGE disclaims any liability for failure to comply with this provision.

Newsletter contacts
On the Website, you can subscribe to the Newsletter if you provide us with an e-mail address, to which the Newsletter will be sent.
We will only store your email address in our database and we will send you periodic emails until you unsubscribe or we stop sending emails.
You will always have the option to unsubscribe, in any communication.

Social Network Contacts
The personal data available in the profiles of RRSS, as well as those that the user provides to the Responsible when contacting him through this channel, will be processed for the purpose of:

Respond to queries, requests or petitions.
Manage the requested service, answer the request, or process a request.
Establish a user-respondent relationship, and create a community of followers.

In this case, the processing is based on the acceptance of a contractual relationship in the corresponding social network environment, and in accordance with its privacy policies, so it is advisable for the user to consult them.

The Heritage Hotel will only be able to consult or cancel the data in a restricted way by having a specific profile. These will be treated as long as the user allows it through the different interactions that each RRSS allows. Any rectification of data or restriction of information or publications, the user must do so through the configuration of your profile on the social network itself.

What data do we use from your CV?
The Data Controller will process CVs and the data contained therein, as well as other data related to job applications/selection processes, such as identification and contact data, for the following purposes:

Organisation of selection processes for the recruitment of employees.
Summoning for job interviews and evaluation of candidates.

The legal basis for the processing described above is the unambiguous consent of the applicant, understood as the applicant's unambiguous consent when submitting his or her application.
After one year has elapsed since the receipt of a CV, it will be securely destroyed.

Do we include personal data of third parties?
No, as a general rule we only process the data provided to us by the owners.
If you provide us with data of third parties, you must inform and request their consent beforehand, otherwise we will be exempt from any liability for failure to comply with this requirement.

What security measures do we apply?
You can rest assured: We have adopted an optimal level of protection for the Personal Data we handle, and we have installed all the technical means and measures at our disposal according to the state of technology to
prevent the loss, misuse, alteration, unauthorised access and theft of Personal Data.

To which recipients will your data be communicated?

Your data will not be passed on to third parties, unless legally obliged to do so. Specifically, they will be communicated to the State Agency of Tax Administration and to banks and financial institutions for the collection of the service provided or product purchased.
As well as to the data processors necessary for the execution of the agreement.
In case of purchase or payment, if you choose any application, website, platform, bank card, or any other online service, your data will be transferred to that platform or will be treated in their environment, always with maximum security.
When we order it, the web development and maintenance company or the hosting company will have access to our website. They will have signed a service contract that obliges them to maintain the same level of privacy as we do.
of privacy as we do.
Any international transfer of data when using American applications will adhere to the Privacy Shield agreement, which guarantees that American software companies comply with European data protection policies on privacy.

What rights do you have?
To know whether or not we are processing your data.
To access your personal data.
To request rectification of your data if it is inaccurate.
To request the deletion of your data if they are no longer necessary for the purposes for which they were collected or if you withdraw your consent.
To request the limitation of the processing of your data, in certain cases, in which case we will only keep them in accordance with the regulations in force.
To submit your data, which will be provided to you in a structured, commonly used or machine-readable format. If you prefer, we can send it to the new data controller you designate. This is only valid in certain cases.
To lodge a complaint with the Spanish Data Protection Agency or competent supervisory authority if you believe that we have not dealt with you correctly.
To revoke consent for any processing for which you have consented, at any time.

If you change any data, please let us know so that we can keep them up to date.

Would you like a form for exercising your rights?
We have forms for exercising your rights, ask us for them by email or, if you prefer, you can use the forms prepared by the Spanish Data Protection Agency or third parties.
These forms must be signed electronically or be accompanied by a photocopy of your ID card.
If someone is representing you, you must attach a copy of their DNI, or have them sign it electronically.
The forms can be submitted in person, sent by letter or by mail to the address of the Data Controller at the beginning of this text.

How long does it take for us to reply to your exercise of rights?
It depends on the right, but a maximum of one month from your request, and two months if the issue is very complex and we notify you that we need more time.

Do we use cookies?
If we use other types of cookies that are not necessary, you can consult the cookie policy in the corresponding link at the top of our website.

How long will we keep your personal data?
Personal data will be kept for as long as you remain connected with us. Once you disengage, the personal data processed for each purpose will be kept for the legally stipulated periods, including the period in which a judge or court may require them, in accordance with the statute of limitations period for
legal actions.
The data processed will be kept until the aforementioned legal periods expire, if there is a legal obligation to keep them, or if there is no such legal period, until the data subject requests their deletion or revokes
the consent granted.

We will retain all information and communications relating to your purchase or the provision of our service, for the duration of product or service warranties, to address potential claims.