Privacy policy

1. Identification and contact details of the Data Controller.

Lopesan Hotel Management, S.L., a company with registered offices at C/ Concepción Arenal 20, 2o Cial, 35006, Las Palmas de Gran Canaria (Las Palmas, Spain), with Tax Identification Code B-76261130, and telephone number 928303250 (the “Lopesan“) is responsible for the processing of personal data. This clause provides information on how Lopesan will use your personal data.

The purpose of this Privacy Policy is to provide information about your rights under the General Data Protection Regulation (“GDPR“). If you have any questions regarding the processing of your personal data, please contact Lopesan at the following address: dpo@lopesan.com.

2. General information: description of the information contained in the privacy policy.

In this privacy policy you will find a table identifying each of the different services offered by Lopesan.
In these information tables you will be informed about:
·The purposes of the processing of your personal data, i.e. the reason why Lopesan processes your personal data.
·The legal bases that allow the processing of data by Lopesan for each of the purposes indicated.
·The possible communication of your data to third parties, as well as the reason for such communication. For these purposes, we inform you that we may transfer your personal data to third parties when there is a legal obligation (Tax Authorities, Judges and Courts, Security Forces and Bodies) as well as to the bank for the management of the reservation or when we expressly indicate it in the table below. On the other hand, Lopesan’s data processors may have access to your personal data, i.e. service providers who have to access your personal data in order to carry out their functions. The service providers that access your personal data are generally in the information systems and technology, payment gateway, marketing and hospitality industries. The table below will indicate those other sectors in which Lopesan service providers are required to access your personal data.
·Please note that you can request further information about the recipients of your data by sending an e-mail to dpo@lopesan.com, indicating the specific processing operation about whose recipients you would like information.
·The existence of potential international data transfers.
·The period of conservation of the data you provide us with. For this purpose, we inform you that we will keep your personal data for the duration of the contractual relationship or for a longer period if you have authorised us to do so. Likewise, we inform you that your data will subsequently remain blocked for the purpose of legal, administrative or tax claims, for the periods legally determined by each applicable regulation.

3. Necessary and up-to-date information

All fields marked with an asterisk (*) or whose completion is required by the system in the forms provided to you must be completed, so that the omission of any of them could make it impossible to provide you with the services. You must provide truthful information, and the use of aliases or any other means of concealing your identity is prohibited.
So that the information provided is always up to date and does not contain errors, you must inform Lopesan, as soon as possible, of any modifications and corrections to your personal data that may occur through the reception or the following e-mail address: dpo@lopesan.com.
Furthermore, by accepting this document you declare that the information and data you have provided are accurate and truthful.
In the event that, when booking, you provide personal data of third parties, you must fully comply with current data protection regulations and specifically with the provisions contained in the GDPR and in Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights with regard to the personal data of third parties that you transfer to us. In this sense, in each case, you must inform these third parties that their data will be transferred to Lopesan and the Lopesan Hotel Group hotel entity that owns the hotel where the third parties are going to stay.

4. Exercising your rights

We inform you that you may exercise the following rights:
·the right of access to your personal data in order to know which personal data are being processed and the processing operations carried out on them;
·the right to rectify any inaccurate personal data;
·the right to erasure of your personal data, where this is possible;
·the right to request the restriction of the processing of your personal data where the accuracy, lawfulness or necessity of the data processing is in doubt, in which case we may retain the blocked data for the exercise or defence of claims.
·the right to object to the processing of your personal data, when the legal basis that enables us to process your personal data, as indicated in the table above, is legitimate interest. Lopesan will stop processing your data unless it has a compelling legitimate interest or it is necessary for the defence of claims; and
·the right to portability of your personal data, where the legal basis that enables us to process your personal data, as indicated in the table in section 5, is the existence of a contractual relationship or your consent.

You may exercise your rights at any time and free of charge by sending an e-mail to dpo@lopesan.com, indicating the right you wish to exercise and your identification details.
Furthermore, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency if you consider that a breach of data protection legislation has been committed with regard to the processing of your personal data.

5. Detailed information on the treatments carried out.

Purpose of processingLegal basisAddresseesInternational transfersConservation period
Manage your reservation and/or purchase through the website.

-Management of your reservation and/or purchase;

-Booking confirmation sent;

-Processing, where applicable, of the reservation payment and pre-authorisations;

-Sending out quality surveys.
Management of the contractual relationship consisting of the provision of the requested booking management services.In addition to the assignees indicated in section 2 of this Policy, your data may be transferred to debt collection agencies and insurance companies in order to carry out the appropriate claims against tour operators or customers as a result of Lopesan’s legitimate interest in managing the collection of the services provided, as well as to secure the amounts pending payment.

We will also transfer your personal data to the establishment in which you have decided to book / purchase if this transfer is necessary for the provision of our services. For these purposes, we inform you that the processing of data carried out by the hotel in relation to the reservation data will be limited to the management of the same, which will be carried out under the same terms as those indicated in this privacy policy.
Your data may be accessed by information technology and systems, survey and personal data management service providers established outside the European Economic Area.

Lopesan will adopt the corresponding standard contractual clauses or supplementary guarantees.

In addition, your data will be transferred to countries outside the European Economic Area if you choose to receive services at our establishments located outside the European Union, as we must transfer your data to the hotel where you are staying in order to provide you with the services you have requested.

Further information on the transfers and guarantees adopted can be obtained by submitting a request to the following address: dpo@lopesan.com.
During the contractual relationship and up to 6 years after your booking and/or purchase on our website.
Management of your registration as a user of the Lopesan website and/or member of the individual or collective loyalty programme.

-Management as a user of the website

-Discharge confirmation sent

– Sending commercial communications with offers and benefits associated with your loyalty programme.
Management of the contractual relationship consisting of the provision of the service of registration as a user of the website or member of a loyalty programme.If you decide to register through a social log-in (sharing data from platforms such as Facebook or Linkedin), the owner of the platform you have voluntarily selected will be co-responsible for the processing related to the management of the registration and will retain the data relating to your subscription to the Lopesan loyalty programme.

In addition, the categories of assignees and service providers who may have access to your data are listed in section 2 of this Policy.
Your data may be accessed by personal data processing service providers established outside the European Economic Area.

Lopesan will adopt the corresponding standard contractual clauses or supplementary guarantees.

Furthermore, if you register as a user of the Lopesan website from a country outside the European Union, we inform you that, from this perspective, your data are subject to international transfers to Spain.

Further information on the transfers and guarantees adopted can be obtained by submitting a request to the following address: dpo@lopesan.com.
During the contractual relationship, i.e. until you unsubscribe as a user of the website.
Management and maintenance of your company’s registration in the group loyalty programme.

-Management of the relationship with the company subscribing to the agreement

-Sending of communications aimed at maintaining the contractual relationship with your company/group.
Lopesan’s legitimate interest in maintaining the contractual relationship with your company in order to offer exclusive benefits to its members.The categories of assignees and service providers who may have access to your data are listed in section 2 of this Policy.Your data may be accessed by personal data processing service providers established outside the European Economic Area.

Lopesan will adopt the corresponding standard contractual clauses or supplementary guarantees.

Furthermore, if you register as a user of the Lopesan website from a country outside the European Union, we inform you that, from this perspective, your data are subject to international transfers to Spain.

Further information on the transfers and guarantees adopted can be obtained by submitting a request to the following address: dpo@lopesan.com.
During the contractual relationship, i.e. until the company terminates or changes the company’s representative for interactions with Lopesan.
Attention of the contact form

– Attention to requests and queries sent through the contact form and/or the chatbot.
Lopesan’s legitimate interest in responding to requests for information or complaints made by users of the website.The categories of assignees and service providers who may have access to your data are listed in section 2 of this Policy.

We will also transfer your personal data to the establishment where we have provided you with services if this transfer is necessary to respond to your request or to respond to possible complaints or claims. For these purposes, we inform you that the processing of data carried out by the establishment in relation to your reservation data will be limited to the resolution of the complaint, which will be carried out under the same terms as those indicated in this privacy policy.
In case you communicate with us through the chatbot, your personal data may be accessed by providers of instant communication management services established outside the European Economic Area.

In addition, your data will be transferred to countries outside the European Economic Area in the event that we provide services to you in establishments outside the European Union, as we must transfer your data to the hotel in which you are staying so that they can respond appropriately to your claims or complaints.

These international transfers are regulated by standard contractual clauses approved by the European Commission. You can obtain a copy of this information by submitting a request at dpo@lopesan.com.
Until the resolution of the query, incident or complaint raised.
Service improvement and personalised service deliveryExpress consent to process identification data, contact data, reservation data and preferences expressed and inferred from the express requests.The categories of assignees are set out in section 2 of this Policy.Your data may be accessed by information technology and information systems service providers established outside the European Economic Area.

Lopesan will adopt the corresponding standard contractual clauses or supplementary guarantees.

Further information on the transfers and guarantees adopted can be obtained by submitting a request to the following address: dpo@lopesan.com.
For two years since the last interaction with Lopesan.
Sending of commercial communications and subscription to the newsletter which includes:

-Sending marketing communications.

-Invitations to events.

-Promotion of our products.

-Sending news from the sector.

-Sending information of interest about Lopesan.
Your consentThe categories of assignees and service providers who may have access to your data are listed in section 2 of this Policy.Your data may be accessed by information and marketing technology and systems service providers established outside the European Economic Area.

Lopesan will adopt the corresponding standard contractual clauses or supplementary guarantees.

Further information on the transfers and guarantees adopted can be obtained by submitting a request to the following address: dpo@lopesan.com.
Until you unsubscribe from the service or your disinterest in our commercial communications becomes apparent.

6. Confidentiality

The personal data that we may collect will be treated confidentially, and we undertake to keep them secret in accordance with the provisions of the applicable legislation.

7. Children

Minors under 18 years of age may not make reservations at the hotel and minors under 14 years of age may not use the rest of the services available through the Website without the prior authorisation of their parents, guardians or legal representatives, who shall be solely responsible for all acts carried out by the minors in their charge, including the completion of the forms with the personal data of said minors and the ticking, where applicable, of the boxes that accompany them. Translated with www.DeepL.com/Translator (free version)

8. Privacy policy update

This Privacy Policy may need to be updated; therefore it is necessary that you review this policy periodically and if possible each time you make your reservation with us in order to be properly informed about the type of information collected and its treatment. We will notify you of any changes to this privacy policy that affect the processing of your personal data.

9. Additional privacy information

If you are visiting our website as a representative of a Travel Agency or as a job applicant for any of the Group’s vacancies, detailed information regarding the processing of your personal data can be found in the following links: Travel Agencies Privacy Policy and Job Applicant Privacy Policy.