Official Website

Privacy Policy MUR Hotels

Choose language:
Languages
  • MUR Hotels

Privacy Policy

Official website of MUR Hotels

PRIVACY POLICY AND DATA PROTECTION POLICY

In compliance with current legislation, www.murhotels.com and
www.artlaspalmas.com (hereinafter, also the "Website") undertake to adopt the necessary technical and organizational measures according to the security level appropriate to the risk of the data collected.

Laws incorporated into this privacy policy

This privacy policy is adapted to current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following provisions:

Regulation (EU) 2016/67G of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR ).

• The Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights ( LOPDGDD).

• The Spanish Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Personal Data Controller

The processing of personal data collected through the reservation system of the Websites (www.murhotels.com and www.artlaspalmas.com) will be carried out by one of the
following companies (hereinafter collectively referred to as "MUR HOTELS"), acting as the data controller for the establishment where you make the reservation, an inquiry, or subscribe to the newsletter.

Corporate Name Construcciones y Edificios Especiales SA
NIF/CIF A08242414
Linked EstablishmentsApartamentos Buenos Aires Bungalows Parque Romántico Viviendas Vacacionales ART en Las Palmas de
Gran Canaria
Registered Office C/ Doctor Vicente Navarro Marco, 109. 35017 Las Palmas de G.C.. Las Palmas.

Corporate Name CODIREX SL
NIF/CIF B35074087
Linked Establishments Hotel Neptuno
Registered Office Avenida 8 de marzo, 29. 35100 San Bartolomé de Tirajana, Las Palmas.

Corporate Name FLIMATUR SL
NIF/CIF B35382571
Linked Establishments Hotel Faro Jandía
Registered Office C/ Luis Doreste Silva 95, 1D. 35004 Las Palmas de G.C.. Las Palmas.

Central Data Protection Contact: lopd@murhotels.com.

Registration of Personal Data

In accordance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by the Website through the forms provided on its pages will be

incorporated into and processed in our files in order to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the
relationship established in the forms filled out by the User, or to address a request or inquiry. Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and other circumstances established in the GDPR.

Principles applicable to the processing of personal data

The processing of the User's personal data shall be subject to the following principles set forth in Article 5 of the GDPR and in Article 4 et seq. of Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights:

Principle of lawfulness, fairness, and transparency: The User's consent will be required at all times after fully transparent information on the purposes for which the personal data are collected.

Principle of purpose limitation: Personal data shall be collected for specified, explicit, and legitimate purposes.

Principle of data minimization: The personal data collected shall be strictly limited to what is necessary in relation to the purposes for which they are processed.

Principle of accuracy: Personal data must be accurate and always kept up to date.

Principle of storage limitation: Personal data shall only be kept in a form which permits identification of the User for no longer than is necessary for the purposes of its processing.

• Principle of integrity and confidentiality: Personal data shall be processed in a manner that ensures its security and confidentiality.

Principle of proactive responsibility: The Controller shall be responsible for ensuring that the above principles are complied with.

Categories of personal data

The categories of data processed on the Website are exclusively identifying data. In no case are special categories of personal data within the meaning of Article 9 of the GDPR processed.

Legal basis for the processing of personal data

Legal basis for processing your data varies depending on the purpose:

1. Performance of a contract: This is the basis for managing your accommodation booking and associated services. The processing is necessary for the provision of the service requested by you.

2. Consent of the data subject: This is the basis for processing your inquiries through the contact form, the submission of your CV, and the subscription to our newsletter or commercial communications. You have the right to withdraw this consent at any time.
The Website undertakes to obtain the express and verifiable consent of the User for the processing of their personal data.

What type of data does the Website collect from its customers and users?

The Website collects the following personal data:

o Contact Form

Purpose: To provide a means for you to contact us and respond to your requests for information, as well as to send you communications about our products, services, and activities, including by electronic means, if you check the
acceptance box.

Legal Basis: The user's consent by requesting information through our contact form and by checking the box to receive information.

Storage Period: Until your request via our form has been resolved or answered by email, provided it has not generated further processing. In the case of consent to receive commercial mailings, until you request to unsubscribe.

o Reservations

Purpose: To process reservation requests for accommodation in our establishment.

Legal Basis: Performance of the contractual relationship (Art. 6.1.b of the GDPR).

Storage Period: Data will be kept for the period required by legal prescription.

o Submission of Curriculum Vitae via Email

Purpose: To have your CV available for participation in our recruitment processes.

Legal Basis: The user's consent by sending us their personal information and CV for our recruitment processes.

Storage Period: During the development of active recruitment processes and for a period of 2 years for future processes.

o Newsletter Subscription

Purpose: Sending our commercial newsletter as well as informative and promotional communications about our products or services that may be of interest to you, including by electronic means.

Legal Basis: The user's consent by subscribing to our commercial mailings and/or newsletter.

Storage Period: Until the data subject withdraws consent and requests to unsubscribe from the service

Obligation to provide your personal data and consequences of failure to do so

The requested personal data are necessary to manage your requests and/or provide the services you may book. If you do not provide them, we will not be able to attend to your request correctly or provide the requested service.

Recipients of personal data

The User's personal data will not be shared with other companies unless required by law or necessary for the provision of services to the User; in such cases, the User will be informed beforehand.
Furthermore, if the Controller intends to transfer personal data to a third country or an international organization, the User will be informed at the time of data collection about the third country or international organization to which the data is intended to be transferred, as well as the existence or absence of an adequacy decision by the Commission.

Personal data of minors

In compliance with the provisions of Article 8 of the GDPR and Article 7 of Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, only persons over 14 years of age may lawfully grant their consent for the processing of their personal data by the Website. In the case of a minor under 14 years of age, the consent of parents or guardians is required for the processing, and it shall only be considered lawful to the extent that they have authorized it.

Confidentiality and security of personal data

The Website undertakes to adopt the necessary technical and organizational measures corresponding to the security level of the risk of the data collected. This is intended to ensure the security of personal data and prevent the accidental or unlawful destruction,
loss, or alteration of personal data transmitted, stored, or otherwise processed, as well as unauthorized disclosure of or access to such data.
However, since the Website cannot guarantee the invulnerability of the internet or the total absence of hackers or others who fraudulently access personal data, the Controller undertakes to inform the User without undue delay when a personal data security breach occurs that is likely to entail a high risk to the rights and freedoms of natural persons. In
accordance with Article 4 of the GDPR, a personal data breach is any security breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorized
disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the Controller. The Controller undertakes to ensure, by means of a legal or contractual obligation, that this confidentiality is respected by its employees, partners, and all persons to whom the information is made accessible.

Rights derived from the processing of personal data

The User has the following rights recognized in the GDPR and in Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, and may exercise them against the Controller:

Right of access: The right to obtain confirmation as to whether or not the Website is processing their personal data and, if so, to obtain information about their specific personal data and the processing carried out or to be carried out by the Website, including, among others, information on the origin of such data and the recipients of the communications made or planned.

Right to rectification: The right of the User to have their personal data modified if it proves to be inaccurate or, taking into account the purposes of processing, incomplete.

Right to erasure ("Right to be forgotten"): The right of the User, provided that current legislation does not stipulate otherwise, to obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed; the User has withdrawn consent and there is no other legal basis; the User objects to the processing and there is no other legitimate reason to continue; the data has been processed unlawfully; the data must be erased to comply with a legal obligation; or the data was collected as part of a direct offer of information society services to a child under 14. In addition to erasing the data, the Controller, taking into account available technology and implementation costs, shall take reasonable steps to inform other controllers processing the personal data of the data subject's request to erase any links to those personal data.

Right to restriction of processing: The right of the User to restrict the processing of their personal data. The User has the right to obtain restriction of processing when they contest the accuracy of their personal data; the processing is unlawful; the Controller no longer needs the personal data but the User needs it for the exercise of claims; or when the User has objected to the processing.

Right to data portability: If the processing is carried out by automated means, the User has the right to receive their personal data from the Controller in a structured, commonly used, and machine-readable format and to transmit it to another controller. Whenever technically feasible, the Controller will transmit the data directly to the other controller.

Right to object: The right of the User to prevent the processing of their personal data by the Website or to request its cessation.

Right not to be subject to a decision based solely on automated processing, including profiling: T he right of the User not to be subject to a decision based solely on automated processing of their personal data, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless current legislation stipulates otherwise.

The User may exercise their rights by means of a written communication addressed to the Controller with the reference "RGPD-murhotels.com", specifying:

First name, surname of the User and copy of the ID card (DNI). In cases where representation is permitted, identification of the person representing the User by the same means is also required, as well as a document proving representation.

The photocopy of the ID card may be replaced by any other legally valid means of proving identity.

Request with the specific reasons for the request or the information to be accessed.

Address for the purpose of notifications.

Date and signature of the applicant.

All documents supporting the request made.

This request and any other attached documents may be sent to the following address and/or email:

Postal Address: Calle Doctor Vicente Navarro Marco, 109, 35017 - Las Palmas de Gran Canaria, Las Palmas, Gran Canaria, Spain.

Links to third-party websites

The Website may contain hyperlinks or links that allow access to third-party websites not operated by this Website. The owners of such websites will have their own data protection policies and are, in each case, responsible for their own files and privacy practices.

Complaints to the supervisory authority

If the User considers that there is a problem or violation of current regulations in the way their personal data is being processed, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular in the state of their habitual residence, place of work, or place of the alleged infringement. In the case of Spain, the competent supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – http://www.aepd.es).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agree to the conditions on the protection of personal data contained in this Privacy and Cookie Policy, and to consent to the processing of their personal data so that the Controller can proceed in the manner, for the periods, and for the purposes indicated. Use of the Website implies acceptance of its Privacy and Cookie Policy.

The Website reserves the right to modify its Privacy and Cookie Policy according to its own criteria, or motivated by a change in legislation, jurisprudence, or doctrine of the Spanish Data Protection Agency. Changes or updates to this Privacy and Cookie Policy will not be explicitly notified to the User. The User is recommended to check this page periodically to be aware of the latest changes or updates.

This Privacy Policy was updated on January 10, 2020, to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and to Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights
(LOPDGDD).