Privacy policy

This privacy policy aims to inform you about the processing of personal data of users ("Users") of the website ≪www.hotelperalada.com≫ ("the Website"), carried out by Hotel Peralada Wine Spa y Golf, S.L.U. ("Hotel Peralada") in accordance with Regulation 2016/679 (EU), of April 27, 2016, on the protection of natural persons with regard to the processing of personal data ("GDPR") and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights ("LOPD").

 

1. Identification and Contact Details of the Data Controller

The data controller of the Users' personal data is Hotel Peralada, with registered office at Calle Pere II de Montcada, 1, 08034 Barcelona and CIF B-67509620. Hotel Peralada has a privacy representative, whom you can contact with any questions and/or doubts regarding any aspect of this privacy policy. For this purpose, you can send an email to the following address: dpo@grupperalada.com, including, if possible, a mention of Hotel Peralada in the subject line of the email.

 

2. Categories of Data Processed

In the context of providing services available on the Website, Hotel Peralada may process the following categories of personal data:

• Identification and Contact Details: Name and surname; email address; DNI (National Identification Card) number, passport or other identification document; nationality; and phone number.
• Traveller Data: Identification and contact details; date and place of birth; place of habitual residence; number of travellers; and relationship between travellers (only if one is a minor).
• Transaction Data for Reservations: Payment method (cash, credit card or transfer); identification data of the payment method (bank card number and expiration date or IBAN); payment date.
• CCTV Images: Images captured through the video surveillance system installed in the Hotel's facilities. This system is duly signposted with informative signs warning about the existence of video surveillance and the corresponding processing of personal data.
• Social Networks: Data provided by Users through corporate social media profiles where the Hotel is present, such as Instagram (@hotelperalada) or Facebook.
• Browsing Data: Information collected through cookies about Users' activity on the Website, in accordance with the Cookie Policy.

 

3. Basic Information on Personal Data Processing

Purpose of Processing	Legal Basis
Check-in, check-out and documentary registration in accordance with Royal Decree 933/2021, of October 26.	Legal obligation (art. 6.1.c RGPD)
Management of room reservation requests made through the Hotel Peralada Website, by phone or by email.	Execution of the contractual relationship (art. 6.1.b RGPD)
Billing and collection for services and experiences consumed by the user.	Execution of the contractual relationship (art. 6.1.b RGPD)
Attention to inquiries made by phone, email, in person at the Hotel reception, or through the inquiry form available on the Hotel Peralada Website.	Legitimate interest (art. 6.1.f RGPD)
Issuance of gift vouchers for experiences.	Execution of the contractual relationship (art. 6.1.b RGPD)
Management of user registration for the purchase of experiences.	Execution of the contractual relationship (art. 6.1.b RGPD)
Subscription for sending commercial communications to registered users.	Consent (art. 6.1.a RGPD)
Management of sending commercial communications from Hotel Peralada to existing clients.	Existence of a prior contractual relationship (art. 21 LSSI)
Communication of information of interest to Hotel guests via WhatsApp (e.g., check-in and check-out process, spa availability, parking, etc.).	Execution of the contractual relationship (art. 6.1.b RGPD)
Offering complementary services related to the clients' stay at the Hotel via WhatsApp.	Existence of a prior contractual relationship (art. 21 LSSI)
Sending satisfaction surveys to know the clients' evaluation of their experiences.	Legitimate interest (art. 6.1.f RGPD)
Ensuring the security of goods, facilities, and people in the Resort premises through the CCTV system.	Legitimate interest (art. 6.1.f RGPD)
Attention to inquiries made by Users through the Hotel's social networks (WhatsApp Business, Meta, LinkedIn, Instagram, Twitter) or through Chatbot, if applicable.	Legitimate interest (art. 6.1.f RGPD),  or execution of the contractual relationship when the user is already a Hotel client.
Management of participation in experience giveaways organized by Hotel Peralada through social networks.	Execution of the contractual relationship (art. 6.1.b RGPD)
Personalization of Users' browsing experience on the Website, particularly through the analysis of Users' browsing data via cookies.	Consent (art. 6.1.a RGPD)

Below we inform you about the different purposes for which Hotel Peralada may process Users' personal data, indicating the legal basis for each processing:

 

4. Recipients

As a general rule, Hotel Peralada will not share Users' personal data with third parties. However, in certain cases, data may need to be shared with:

• Providers: Those providers who need access to personal data to provide their services to Hotel Peralada, such as hosting providers, reservation management systems, and commercial communication management services, as well as virtual assistant services for guests. These third parties will act as (sub)processors of Hotel Peralada and will provide adequate guarantees to protect Users' personal data, including the corresponding data processing agreement in accordance with art. 28 GDPR.
• Police General Direction or other competent analogous entities: In accordance with the provisions of Royal Decree 933/2021, of October 26, establishing the obligations of documentary registration and information of natural or legal persons engaged in lodging and motor vehicle rental activities, Hotel Peralada will share travellers’ data with the competent authorities to fulfil their legal obligations.
• Others: Hotel Peralada may share Users' personal data with third parties if required by a regulation and/or an administrative or judicial authority or for the good purpose of public interest or order.

Finally, in the event of a business restructuring, merger, spin-off, or sale, Hotel Peralada may transfer all personal information about Website Users to the third party resulting from such transaction, based on the legitimate interest of the transferor in accordance with article 21 of the LOPD.

 

5. International Transfers

As a general rule, Hotel Peralada will not directly carry out transfers of Users' personal data outside the European Economic Area. However, providers that provide services to Hotel Peralada, particularly in relation to data hosting services, reservation management systems, or subscription management and commercial communication services, including newsletters, as well as virtual assistant services for guests, may process Users' personal data outside the European Economic Area. In such cases, Hotel Peralada will contractually require these providers to guarantee the protection of Users' personal data by adopting adequate guarantees, particularly through the adoption of standard data protection clauses approved by the European Commission in accordance with article 46 of GDPR.

 

6. Retention Periods and Security Measures

The personal data of Users will be retained for the time strictly necessary to fulfil the purpose that justified its collection and processing. Before proceeding with its complete deletion, the personal data will remain blocked until the expiration of the statute of limitations for any legal obligations or liabilities that may apply to Hotel Peralada.

The images obtained through the video surveillance system installed on the premises of Hotel Peralada will be retained for a maximum period of 30 days from the time they are recorded. As an exception to the foregoing, if there are indications of the commission of an unlawful act, such images may need to be shared with the competent authority (i.e., law enforcement agencies or judicial authorities) and retained for a longer period, as necessary for the conduct of the corresponding investigation.

Hotel Peralada will implement the necessary technical and organizational measures to ensure the security of the personal data being processed, with the aim of preventing its loss, destruction, unauthorized access, alteration, or disclosure.

 

7. Rights

We inform you that any User of the Website may exercise the following rights at any time and free of charge:

1. The right to be informed about the processing of your personal data by Hotel Peralada and to access such data (“right of access”);
2. The right to obtain the rectification of inaccurate personal data (“right of rectification”);
3. The right to request the deletion of your personal data (“right of erasure”), or, in certain cases, to restrict its processing (“right of restriction”);
4. The right to request and, if applicable, obtain the portability of your data (“right to data portability”); and
5. The right to object to certain processing of personal data (“right of objection”).
6. The right to withdraw your consent for the processing of your personal data for one, several, or all of the purposes listed above, which rely on such consent for processing. Please note that, in such cases, this could affect the way we provide services to you or even lead to their termination.

You can exercise any of your rights or obtain more information regarding this Privacy Policy by sending an email to the following address: dpo@grupperalada.com, preferably including a reference to Hotel Peralada in the subject line of the email.

Additionally, if you believe that Hotel Peralada has not processed your personal data in accordance with the applicable regulations, you have the right to file a complaint with the Spanish Data Protection Agency.

 

8. Cookie Policy

Hotel Peralada will process the data collected through the use of cookies in accordance with the Cookie Policy available at the following link: Cookies Policy.

 

9. Updates and modifications

Hotel Peralada may update and modify this Privacy Policy at any time to adapt it to any changes that may arise, whether related to the types of data processing carried out or as a result of amendments to applicable legislation, guidelines, or judicial criteria on the subject.

 

Last update:  January 2025