Privacy Policy

The web page of management of reservations of tourist apartments in Novo Sancti Petri www.sanctipetri.me belongs to BUSINESS TRIP S.L. (in forward, BUSINESS TRIP), a mercantile that is totally compromised with the security and protection of the personal character data.

This privacy policy explains how BUSINESS TRIP, in its capacity as data controller, collects, processes and protects personal data. Any data collection responds to a precise purpose that is clearly indicated to the person concerned in the booking management process or in the documents necessary for the provision of our services.

By making a reservation, the client accepts this Privacy Policy and agrees to the collection and processing of data for the specific purposes and in the manner described herein, in compliance with the applicable legislation in force at any given time.

Index

Dependiendo del navegador que utilice podrá desactivar las Cookies utilizando los siguientes enlaces:

1. Company information
2. For what purpose do we process your data?
3. How long do we keep your data?
4. Your Rights: What are your rights when you provide us with your data?
5. Categories of data we collect 
6. Third party access to your personal data
7. Information Security
8. To whom do we transfer your data within the European Union?
9. Do we make international transfers of your data outside the European Union?
10. Changes in the Privacy Policy

1.Company information

BUSINESS TRIP S.L. (hereinafter, BUSINESS TRIP), with CIF B-76329804 and registered office in Madrid (Spain), C/ Salustiano Olózaga 11- 4º C, C.P. 28001.

BUSINESS TRIP also acts as owner of tourist apartments and service provider to manage vacation rental reservations on the website owned www.sanctipetri.me, operating as a service company under Law 34/2002 of July 11, services of the information society and electronic commerce (hereinafter LSSI).

As responsible for the processing of data provided by customers when managing reservations on our website we design all our services to protect the security and privacy of your personal data. To contact our DPO you can send us an email to: info@sanctipetri.me.

 

2. For what purpose we treat your data?

The data collected directly from customers are strictly necessary for the proper provision of the reservation management service of tourist apartments of our property in Novo Sancti Petri, with the purposes and legitimacy indicated in this section.

Management of reservations and payment of contracted services

When a reservation request is processed, we process personal data and the bank card that guarantees the reservation, with the following purposes:

Management of reservations and provision of contracted services: the data you provide us in the online forms for data collection that are necessary for these services, as well as in the communications that we may have with the client by phone, chat, WhatsApp or any other means of communication, will be treated in order to carry out the reservation of the tourist apartment on the dates requested. The personal data you provide to us within the scope of the registration and booking process will be processed by us for verification purposes on the legal basis of art. 6.1.b RGPD. Legitimation: this data processing is necessary for the execution of the contract.
Processing of bank card data by the provider of payment services for reservations: When a customer books his accommodation through the website, the bank card data to guarantee the reservation will be provided to the payment services provider in order to make the corresponding charges for the accommodation reservation. The payment service provider will keep the bank card details for a limited time, for the purpose of making the charges of any additional charges that may be generated by extensions, modifications or cancellations of reservations. BUSINESS TRIP not retain data from bank cards, but will be stored by the payment service provider in a secure environment and in accordance with its specific regulations. In this sense, BUSINESS TRIP will simply confirm that the customer has paid the reservation and / or additional charges. Legitimation: This treatment is necessary for the execution of the contract.
Registration of the sending of booking confirmation: File that is sent to the customer to the contact email provided when booking.
Sending the contact form and queries: By completing and submitting our contact form, the data we collect are essential to facilitate contact: email address, booking code, last name, first name, date of birth, zip code, email address, optional phone number, language, country, IP and date and time of registration. BUSINESS TRIP will perform those data processing necessary to address the query submitted by the user through the contact form provided on the website.
Sending offers, promotions and discount codes: In order to offer users services and products that may be of interest will be sent promotional offers on services related to those previously contracted. BUSINESS TRIP will process the data for the purpose of interests considered legitimate by the LSSI and other regulations, without this having any consequence on their rights.
Market analysis, statistics and improvement of the user experience: Through the process to anonymize the data obtained on our website, we conduct statistical studies that help us to perform market analysis, improve our services and user experience so that we can provide more personalized offers to the needs and preferences of the users.
Fulfillment of legal, fiscal, accounting and administrative obligations: in some cases the processing of data is done to comply with obligations under current legislation.
User and/or customer service: to help you with any questions you may have about our services.
Complaints and claims management: when a complaint or claim is filed against BUSINESS TRIP, we will need to process the data of the claim to resolve the incident properly.
Administrative or judicial proceedings: In the context of possible administrative or judicial proceedings that may arise as a result of the services provided or offered by BUSINESS TRIP, the processing of the information necessary to make appropriate allegations or file claims it deems appropriate to exercise the protection and defense of their rights and legitimate interests will be made. Legitimation: This treatment is based on legal, material and procedural obligations established by the regulations in force.
Performance of controls for the detection of fraudulent activities. In order to carry out controls to detect activities that may allegedly constitute fraud in hiring, we inform that the transactions carried out will be analyzed to identify and analyze those detected as suspected of being fraudulent during the hiring period, preparing, where appropriate, temporarily limited hiring exclusion lists.
Legitimacy: this treatment is based on the legitimate interest of BUSINESS TRIP in controlling the operations carried out by the users in order to detect possible fraudulent actions in the transactions carried out during the contracting process.

3. How long do we keep your data?

The personal data to which BUSINESS TRIP has access will be processed and retained for as long as the contractual relationship or the purpose for which they were collected. After that, the personal data will be retained once the contractual relationship is terminated or when they are no longer relevant for the purposes for which they were collected, duly blocked, to be made available to the competent Public Administrations, Judges and Courts or the Public Prosecutor during the limitation period of the actions that may arise from the relationship with the customer and / or the conservation periods provided by law. BUSINESS TRIP will proceed to the physical deletion of your data once these periods have elapsed. The data will be blocked by BUSINESS TRIP automatically to stop being treated whenever:

  • You exercise your rights, with the exception of the right of rectification.
  • After 5 years from the end of the contractual relationship or since they are no longer relevant for the purposes for which they were collected, notwithstanding that the applicable law requires that the data be retained longer.

4. Your Rights

4.1. What are your rights when you provide us with your data?

As a holder of personal data the current legislation in force, contained in Regulation (EU) 2016/679 (hereinafter RGPD) and the Organic Law 3/2018 on Personal Data Protection (hereinafter LPDP), recognizes a set of rights. Although the application depends on each of the different situations, depending on the applicable case, the rights are:

Right of access (Arts. 13 LPDP and 15 RGPD): you have the right to request confirmation as to whether or not your personal data is being processed and, if so, to request access to personal data and information, as well as the purposes of the processing to which we comply with this Privacy Policy.
Right of rectification (Arts. 14 LPDP and 16 RGPD): you have the right to request the correction of inaccurate or incomplete personal data.
Right to erasure (Arts. 15 LPDP and 17 GDPR): you have the right to request the erasure of personal data without undue delay in certain circumstances, for example, if your personal data is no longer necessary for the purposes for which it was collected or if you withdraw the consent on which the processing is based in accordance with Art. 6.1.a GDPR and where there is no other lawful ground for the processing.
Right to restriction of processing (Arts. 16 LPDP and 18 RGPD): you have the right to ask us to restrict the processing of your personal data in certain circumstances, for example, if you believe that the personal data we process about you is inaccurate or unlawful.
Right to portability (Arts. 17 LPDP and 20 RGPD): in certain circumstances, you have the right to receive the personal data you have provided to us, in a structured, commonly used and readable format, and you have the right to transfer your personal data to whom you request us to.
Right to object (Arts. 18 LPDP, 21 and 22 RGPD): you have the right to object to the processing of your personal data under certain circumstances, in particular, if we process your personal data on the lawful basis of legitimate interest (Art. 6.1.f RGPD) or if we use your personal data for marketing purposes, commercial profiling and receiving surveys.

4.2. How can you exercise your rights?

You can exercise your rights of access, rectification and deletion of data, as well as request to limit the processing of your personal data, oppose to it, request the portability of your data, as well as not to be subject to automated individual decisions, by contacting us by email at: info@sanctipetri.me. Also by mail or by contacting directly with the Data Protection Delegate in writing at: Data Protection Delegate BUSINESS TRIP – C/ Salustiano Olózaga 11 – 4º C, C.P. 28001, Madrid (Spain). Finally, you have the right to formalize a complaint regarding the processing of personal data before the Spanish Data Protection Agency at its electronic headquarters: https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/inicio.jsf, by postal mail at its headquarters at: C/ Jorge Juan, 6, C.P. 28001, Madrid.

5. Categories of data we collect

In order to be able to offer you a range of services, the categories of data we collect are as follows: Direct information provided when you process the reservation and when you fill out the contact form on our website.

6. Third party access to your personal data

6.1. Categories of recipients

We share your personal data, for the purposes described in this Privacy Policy, with the following categories of recipients:

Our employees and/or authorized collaborators who provide assistance and consulting services in the areas of administration and accounting, marketing, legal advice, customer service, and those in charge of our computer systems for the maintenance of our network and hardware and software equipment.
Our ancillary service providers such as email delivery platforms, which will process your personal data on our behalf and under our instructions for the purposes of our Privacy Policy, in their capacity as data processors or IT and hosting service providers.
Our business partners that are social media platforms when you expressly request it (e.g., when you log in through such social media). 
Competent authorities when we are required to do so in compliance with applicable regulations.
The competent authorities and law enforcement agencies when it is necessary for us to enforce our terms of use, protection and defense of our rights and property or the rights and property of any third party.

In any case, we strive to ensure that our business partners comply with this Privacy Policy and data protection legislation. We expressly prohibit such companies from using your personal data for purposes other than the provision of our services. We ensure that they are entities that comply with the legal provisions on the protection of personal data, both nationally and internationally. BUSINESS TRIP undertakes to terminate its agreements with advertising companies, members or partners who fail to comply with current legislation on privacy and protection of personal data.

6.2.

Categories of providers

We use the following categories of service providers or other third parties when you browse our website. We use it exclusively for an analysis of performance and security metrics without any processing for advertising purposes by BUSINESS TRIP. Use of Google Analytics and scope of personal data processing: We use Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Analytics examines, among other things, data on the origin of visitors, time spent on individual pages and the use of search engines, which enables better monitoring of the success of advertising campaigns. Google Analytics uses cookies and stores them on your device. This allows personal data to be stored and evaluated, in particular user activity (in particular, which pages have been visited and which items have been clicked on), device and browser information (such as IP address and operating system), data about the advertisements displayed (in particular, which advertisements have been displayed and whether the user has clicked on them) and also data about advertising partners (in particular, pseudonymous user IDs). The information generated by the cookie about your use of this website will be transmitted to and stored by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on servers in the United States. However, if IP anonymization is enabled on this website, Google will first truncate your IP address within Member States of the European Union or other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with other services associated with website use and Internet use of the website. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. Google LLC is certified under the Privacy Shield Agreement between the European Union and the United States. In doing so, Google LLC agrees to comply with the standards and regulations of European data protection law. More information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active You can find more information about data collection and storage by Google here: https://policies.google.com/privacy?gl=EN&hl=en

7. Information Security

We have taken appropriate security measures to prevent unauthorized access to, or unauthorized alteration, disclosure or destruction of, your information. These measures include internal reviews of our procedures for collecting, storing and processing personal data and of our security measures, as well as physical security measures to protect against unauthorized access to the systems in which we store personal data in accordance with data protection regulations. Access to personal data is restricted to those employees, contractors and directors of BUSINESS TRIP who need to know such data to perform their duties and develop or improve our services. These persons are subject to confidentiality obligations and may be subject to disciplinary measures, including dismissal, as well as legal action in case of breach of such obligations.

8. To whom do we disclose your information within the European Union?

In order to provide you with our services, we may need to transfer some of your information to certain categories of recipients identified in this Privacy Policy, usually after anonymization.

9. Do we make international transfers of your data outside the European Union?

BUSINESS TRIP does not transfer data outside the European Economic Area.

10. Changes to the Privacy Policy

We periodically update this Privacy Policy to provide information on the changes made in accordance with the corresponding adaptation to current regulations. We are committed to give you an answer to any request, complaint or doubt related to our treatment and use of your personal data. Contact us at any time if you have questions about this Policy or our privacy practices in general, by sending an email to: info@sanctipetri.me.

Last Updated

This Privacy Policy was last revised on April 30, 2024.