Skip to main content

Hamman Palacio Nazarí S.L. (hereinafter the company) informs users of the website about its policy regarding the processing and protection of personal data of users and clients that may be collected through browsing or contracting its services. In this regard, the company guarantees compliance with the current regulations on personal data protection, as established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

Identifying Information

Data Controller: The company.

Website Manager: The company.

Contact Address: Calle San Miguel Alta, 18002 Granada, Spain.

Email: hammampalacionazari@gmail.com

Tax Identification Number: B19927409

Collection, Purpose, and Processing of Data

The company has the obligation to inform users of its website about the collection of personal data that may take place. In this regard, the company shall be considered the data controller responsible for processing the data collected through the means provided for this purpose.

Furthermore, the company informs users of the purposes for processing the collected data, which include: responding to user requests, inclusion in the contact database, provision of services, and management of the commercial relationship.

The operations, management, and technical procedures carried out in an automated or non-automated manner that enable the collection, storage, modification, transfer, and other actions related to personal data are considered personal data processing.

All personal data collected through the website or the company’s platform, and thus subject to personal data processing, will be included in the Activity Register owned by the data controller.

Users’ Rights

The General Data Protection Regulation grants data subjects the possibility to exercise a series of rights related to the processing of their personal data. Users may exercise the rights of access, rectification, erasure, restriction, and portability in accordance with the provisions established by the applicable personal data protection legislation. Essentially, each right allows the user to:

Access

Grants the right to obtain a copy of the personal data being processed upon request of the data subject, or alternatively, remote access may be provided through a secure system offering direct access to the personal data.

Rectification: The data subject has the right to obtain without undue delay from the data controller the rectification of inaccurate personal data concerning them.

Erasure

Grants the option to delete their personal data from a database when:

  • The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws the consent on which the processing is based.
  • The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
  • The personal data has been unlawfully processed.
  • The personal data must be erased to comply with a legal obligation under European Union law applicable to the data controller.
  • The personal data has been collected in relation to the provision of information society services concerning “Conditions applicable to consent of the child in relation to information society services.”

Restriction of Processing

Means that the personal data will not be processed further except for storage. It may be requested when:

  • The data subject has exercised the rights of rectification or objection, and the controller is verifying whether to comply with the request.
  • The processing is unlawful, and the data subject opposes erasure and requests restriction instead.
  • The data is no longer necessary for processing, which would normally lead to erasure, but the data subject requests restriction because they need the data for the establishment, exercise, or defense of legal claims.

Portability

Allows the data subject to obtain a copy of the personal data held by the data controller in a structured, commonly used, and machine-readable format.

To exercise these rights, the user must submit a written request along with documentation proving their identity (such as ID card or passport) to the following address: Calle San Miguel Alta, 18002 Granada, Spain. The communication must include the following information: full name of the user, the request being made, address, and supporting identification documents. For the convenience of the data subject, these rights may also be exercised by sending an email, including all the required documentation, to: hammampalacionazari@gmail.com.

The exercise of these rights must be carried out by the user themselves. However, they may be exercised by an authorized person acting as the legal representative of the data subject. In such cases, documentation proving this representation must be provided.

Please be informed that exercising your rights is completely free of charge, except when the request is manifestly unfounded or excessive, particularly due to its repetitive nature. In such cases, a fee may be charged to cover administrative costs of handling the request or for refusing to act.

Response Time for Requests

The time frame to address your request will be one month from the date of receipt, which may be extended to two months for particularly complex requests, always with prior notification to the data subject about the extension. If we decide not to fulfill the request, we guarantee communication of such decision within one month.

Principles Applied to Personal Data

The following principles will be applied in the processing of personal data, in accordance with the requirements of the new European Data Protection Regulation:

  • Lawfulness, Fairness, and Transparency: Consent will always be required from data subjects for the processing of personal data for one or more specific purposes, which will be communicated transparently beforehand.
  • Data Minimization: Only data strictly necessary in relation to the purposes for which they are requested will be collected—the minimum possible.
  • Storage Limitation: Data will be kept no longer than necessary for the purposes of the processing, according to its purpose. The corresponding retention period will be informed. For subscriptions, lists will be reviewed periodically, and inactive records over a considerable period will be deleted.
  • Integrity and Confidentiality: Data will be processed in such a way as to guarantee adequate security of personal data and ensure confidentiality.

Lawfulness of Data Processing

The legal basis for the processing of your data is primarily your consent, without prejudice to other legal grounds provided for in the applicable regulations that may also apply, which are as follows:

  • The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • The processing is necessary for compliance with a legal obligation to which the data controller is subject.
  • The processing is necessary to protect the vital interests of the data subject or another natural person.
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  • The processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, particularly where the data subject is a child.

Categories of Data

The categories of data processed include:

  • Identifying data, among other data related to the purposes of the processing.

Retention Period of Personal Data

Personal data will be retained until deletion is requested by the data subject or when the data is no longer necessary for the purpose for which consent was given.

Data Confidentiality and Security

The company commits to the use and processing of the data subjects’ personal data respecting their confidentiality and using them only for the stated purpose. The Company also undertakes to comply with the obligation to safeguard such data and to implement all measures necessary to prevent alteration, loss, unauthorized processing, or access, in accordance with applicable data protection regulations.

Changes to the Privacy Policy

The company reserves the right to modify this policy to adapt it to legislative or jurisprudential developments, as well as industry practices. In such cases, changes will be announced on this page with reasonable advance notice before implementation.

Commercial Emails

In accordance with the LSSICE (Spanish Law on Information Society Services and Electronic Commerce), the Company does not engage in SPAM practices and will not send unsolicited commercial emails. Therefore, on each form available on the website, users have the option to give their express consent to receive newsletters, independently from any specific commercial information requested. The company commits to properly identify all commercial communications in compliance with Law 34/2002 of Information Society Services and Electronic Commerce.

Complaints to the Spanish Data Protection Agency

If you believe that your rights have not been properly addressed, you have the right to file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos). Their contact details are:

Phone numbers: 901 100 099 / 912 663 517

Postal address: C/ Jorge Juan, 6, 28001 Madrid, Spain

Electronic Headquarters: https://sedeagpd.gob.es/sede-electronica-web/

Website: www.agpd.es