top of page
HotelSAAS el marketplace de tecnologia .png

Data protection

ENTITY: HOTELSAAS
ELENA MATEOS GARCIA
NIF (Tax ID): 09781213A
Address: Avda. Europa 23, 28224 Pozuelo de Alarcón (Madrid)
Email: info@hotelsaas.es
Phone: +34-667-668-195
Websites: www.hotelsaas.es

The company operates under the highest level of commitment to responsibility and compliance with data protection regulations. Consequently, this document has been prepared to inform about the processing of personal data within the scope of activities carried out by the HOTELSAAS companies, as well as to inform data subjects of their data protection rights and the mechanisms in place to provide assistance and support in this area.

HOTELSAAS conducts its activities through a centralized organizational structure managed from the offices in Pozuelo de Alarcón (Madrid), Spain. Therefore, the processing of personal data is carried out in accordance with the data protection regulatory framework enforced by Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

DATA CONTROLLER

This data protection information is issued on behalf of HOTELSAAS and applies to and encompasses all the companies belonging to the Group, which will process personal data as Data Controllers.

The contact details for HOTELSAAS in relation to this data protection information, as well as those of the Group’s Data Protection Officer, are as follows:
Address: Avenida Europa 23, Pozuelo de Alarcón (Madrid)
Email: info@hotelsaas.es
Phone: +34-667-668-195

SCOPE OF APPLICATION

This data protection information refers to the processing of personal data collected in the context of HOTELSAAS’s activities and operations through the various available contact mechanisms, and that are processed for the purposes listed in the “Purposes” section.

Below is a list of the categories of individuals whose personal data we collect and process:

  1. Shareholders and investors

  2. Directors

  3. Job applicants (candidates)

  4. Employees

  5. Interns

  6. Self-employed individuals (suppliers or collaborators)

  7. Temporary staff provided by Temp Agencies

  8. Persons who visit HOTELSAAS offices and premises

  9. Individuals who contact HOTELSAAS for any reason

  10. Our own legal representatives

  11. Legal representatives and contacts of clients / awarding authorities

  12. Legal representatives and contacts of suppliers

  13. Legal representatives and contacts of collaborating HOTELSAAS companies for the provision of products and services

  14. Persons involved in HOTELSAAS projects for coordination and compliance with regulatory requirements and occupational risk prevention

  15. Data subjects whose involvement is necessary within the scope of products and services provision as Data Processors

  16. Users of the compliance mechanisms implemented by the Group

ORIGIN

  1. Directly from the data subjects: HOTELSAAS collects personal data directly from individuals when they send an email, contact us by phone, fill out a form, send their CV, complete a questionnaire, or when necessary for formalizing any kind of agreement or for requesting assistance through the channels enabled for that purpose.

  2. Provided by third parties: Personal data may also be collected when these are provided by a third party in the context of managing and fulfilling a service provision contract and for complying with the associated regulatory requirements.

  3. Data Processors: HOTELSAAS may collect, access, and process personal data in its capacity as a Data Processor in the provision of services to its clients.
    This processing shall be governed by the policies and data protection information provided by the relevant Data Controller.

PURPOSES OF PROCESSING

Within HOTELSAAS, we will store, use, and disclose personal data strictly within the boundaries of applicable data protection legislation and for the following purposes:

  1. Manage your assistance, visits, and meetings at our facilities and/or managed properties.

  2. Handle any type of request, information, suggestion, inquiry, or complaint regarding the various professional products and services provided by HOTELSAAS that data subjects may submit on their own behalf or representing an entity.

  3. Manage relationships with our shareholders and investors.

  4. Manage the provision and delivery of contracted products and services:

    • Technology sector (LIST CONTRACTED PRODUCTS HERE)

    Users can access detailed information about HOTELSAAS’s activities in the “Services / Products” section on the www.hotelsaas.es website.

  5. Comply with regulatory coordination and compliance requirements, especially regarding occupational risk prevention in the context of service and product provision and in health-related matters.

  6. Formalize and manage relationships with HOTELSAAS suppliers and collaborators.

  7. Manage the various websites, intranets, social networks, and blogs owned by the Group.

  8. Formalize and manage Temporary Joint Venture (UTE) agreements in which HOTELSAAS may participate.

  9. Send informational and commercial communications about our promotions, products, and services related to the technology sector, as well as upcoming events in which HOTELSAAS will participate, activities, articles on innovations in these sectors and the solutions provided, as well as general information related to our services, products, and projects that might be of interest.

    • You may unsubscribe from our communications at any time by emailing info@hotelsaas.es or by clicking the unsubscribe link included in the communication itself.

  10. Manage data provided by job candidates for recruitment and selection purposes.

  11. Formalize, develop, maintain, and fulfill our obligations under an employment or professional relationship, or under any agreement/convention with a third party.

  12. Ensure the security of offices, facilities, and persons through access controls, video surveillance systems, and other access control/identification systems.

  13. Manage and monitor the operation of the internal mechanisms, policies, and protocols established by HOTELSAAS for legal compliance, prevention of criminal liability, anti-money laundering, and the management of whistleblowing channels.

  14. Comply with legal provisions applicable to HOTELSAAS and its activities.

  15. Conduct all necessary processing to duly comply with the regulations and official/sectorial requirements to which our activity is subject.

To successfully meet and manage the purposes detailed above, the processing of your data for each relevant purpose will be carried out in strict compliance with data protection regulations and the Policy described herein. You may exercise your rights at any time (see specific section below).

LEGAL BASES FOR PROCESSING

The legal bases enabling the processing of personal data in the context of HOTELSAAS’s activities and operations are as follows:

  • The consent of data subjects for handling and managing any requests for information or inquiries about our services, products, and/or activities.

  • The contractual framework and/or award of services or products provided by the various HOTELSAAS business lines, as well as compliance with the legal obligations associated with them.

  • The contractual framework established with our shareholders and investors, as well as compliance with obligations imposed by corporate regulations.

  • The contractual framework with our suppliers.

  • Legitimate interest in conducting due diligence checks and formalizing and managing UTE agreements.

  • Legitimate interest in understanding the development of various business lines at the entity level, improving products and services, and fostering the Group’s corporate growth.

  • Legitimate interest in sending informational and commercial communications related to our activity and the services and products offered, via email or any other means.

  • Legitimate interest in ensuring the security of offices, facilities, and individuals.

  • Consent granted by the candidate when applying for one of our job postings and the organization’s legitimate interest in including the candidate in other selection processes within the Group companies if the candidate’s profile fits.

  • Fulfillment of the employment or professional contract and/or training agreement formalized with HOTELSAAS.

  • Legitimate interest in implementing a compliance system, as well as in meeting security requirements and ethical and sustainability commitments.

  • Compliance with legal requirements and obligations related to HOTELSAAS’s activities.

DATA RETENTION CRITERIA

  • Project management and execution: Personal data included in contracts, offers, and/or service proposals, as well as data of any other individuals whose involvement is necessary for the established contractual relationship, will be retained for as long as the service/product provision agreements remain in force. At the end of the relationship, the personal data will be retained in cases where liabilities could arise between the parties or in compliance with other regulatory frameworks requiring their retention. Personal data will be kept in a manner that allows for the identification of and the exercise of data subjects’ rights, under the necessary technical, legal, and organizational measures to ensure confidentiality and integrity.

  • Curriculum Vitae management: As a general rule, we keep your CV for a maximum period of one year. After this period, it will be automatically deleted in compliance with the principle of data accuracy.

  • Management of employment contracts, internship agreements, and/or contracts entered into with Temporary Work Agencies: Personal data will, in any case, be retained for as long as the employment relationship is in force or for the agreed period in the internship agreement or contract signed with the Temporary Work Agency. Once this relationship has ended, data will be retained in cases where liabilities could arise between the parties or when required by law.

  • Other: All other data and information provided by data subjects in any way will be retained for as long as necessary to fulfill the purpose for which it was collected, and in line with any associated liability or regulatory compliance requirements. In any event, legal data retention periods will be observed, and if no legal requirement prevents it, the data will be destroyed or anonymized.

SECURITY AND CONTROL MEASURES

General

HOTELSAAS, in adherence to its commitment to complying with data protection regulations, will maintain personal data in a way that allows for the identification and the exercise of rights by data subjects, and under the technical, legal, and organizational measures outlined below:

  • Implementation of policies and protocols of action regarding data protection and information security.

  • Execution of Data Processing Agreements with all third parties who access and process data on our behalf.

  • Implementation of access control policies for resources and systems, as well as identification and authentication policies, including the delegation of user permissions according to their roles.

  • Backup and recovery systems for our information and personal data.

  • Periodic external expert audits and controls on data protection.

We appreciate that you inform the Data Controller / Data Protection Officer, using the contact details / channel provided in this Privacy Policy, of any suspected or known security risk that might compromise the integrity and confidentiality of personal data and/or confidential information. This will enable us to take the necessary measures to prevent unauthorized processing, loss, destruction, or accidental damage.

Cybersecurity

As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage potential cyberattacks and fraud that could compromise the privacy and protection of data processed and accessed by our Entity within its activities and operations.

In this regard, we wish to highlight that if you encounter any suspicious communications whose content and/or format casts doubt on their authenticity, we recommend you disregard them and contact the Data Controller / Data Protection Officer using the contact details provided in this Privacy Policy.

Likewise, any request you receive from our Entity regarding changes in payment methods, requests for data or contact persons, or confidential (non-public) information, bank data and/or credit card details, or other official data, should not be acted upon without direct confirmation from our Entity via an alternative channel. We would be grateful for your cooperation in reporting and denouncing any such requests or other possible cyberattack risks in which our Entity may be impersonated, as well as any other security risks you may be aware of.

RECIPIENTS

Whenever necessary to achieve the purposes described above, HOTELSAAS may share personal data with the following third parties:

  • HOTELSAAS Group companies: when necessary for the proper management of a service or product contract, for managing its centralized organizational structure, for sending commercial communications related to the real estate and financial sectors, as well as for sharing data of candidates whose profiles may fit vacancies at the HOTELSAAS companies.

  • Collaborating HOTELSAAS companies: when their involvement is required under a contract and/or product and service agreement concluded with our clients or a public entity. Personal data may also be disclosed in the context of a Temporary Joint Venture agreement for the execution of a project.

  • Suppliers: Personal data may be disclosed to various suppliers if they provide services requiring access to and processing of personal data, such as consulting and legal advisory services, labor, tax, and accounting advisory services, software and maintenance service providers, etc.

  • Court representatives: if their involvement is required as part of judicial proceedings.

  • Financial HOTELSAAS: when necessary to offer private capital solutions and implement financing management services.

  • Notaries: when their involvement is needed to act as a public certifier for the transaction or contract signing, providing conclusive proof of the reality of the act, the literal statements of the parties, and their identity.

  • Public administrations or bodies: in compliance with applicable regulations (labor, occupational risk prevention, tax, accounting, data protection, etc.).

  • Courts and Tribunals, as well as Law Enforcement Agencies: personal data may be disclosed to these entities if officially requested.

Apart from the cases detailed above, personal data will not be disclosed to third parties except as required by law.

RIGHTS

  • Right of Access, Rectification, and Erasure: Data subjects have the right to obtain confirmation as to whether HOTELSAAS processes their personal data. They also have the right to request the rectification of inaccurate data or request the erasure of data when, among other reasons, such data are no longer necessary for the purposes for which they were collected.

  • Right to Restriction and Objection: Under certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defense of claims or when required by law. Likewise, in some instances and for reasons related to their particular situation, data subjects may object to the processing of their data. In such a case, we will cease data processing unless there are overriding legitimate grounds or for the exercise or defense of potential claims.

Furthermore, data subjects can revoke consent previously granted for specific processing purposes, with no retroactive effect.

Data subjects can exercise their data protection rights by writing to the postal address 28224, Pozuelo de Alarcón (Madrid) or emailing info@hotelsaas.es. If no response is received within one month, they may file a complaint with the supervisory authority (Spanish Data Protection Agency: www.agpd.es).

SECURITY BREACHES

In order to respond diligently to potential data protection risks, data subjects may report any sign or knowledge of possible security breaches and/or any noncompliance or irregularities related to data protection regulations or HOTELSAAS policies and commitments by emailing info@hotelsaas.es.

SUPERVISORY AUTHORITY

Should any disagreements arise with the Entity regarding the processing of your data, you have the right to submit a complaint to the relevant Data Protection Supervisory Authority. In Spain, this is the Spanish Data Protection Agency (www.aepd.es).

UPDATES AND MODIFICATIONS

HOTELSAAS reserves the right to modify and/or update its data protection information whenever necessary to comply with relevant regulations. If any changes are made, the new text will be published in this same section of the website.

In any case, the relationship with users will be governed by the rules in effect at the precise moment they access the website.

bottom of page