Privacy Policy
This Privacy Policy has been developed in accordance with the provisions of the Organic Law on the Protection of Personal Data currently in force, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the GDPR.
The purpose of this Privacy Policy is to inform the holders of personal data, whose information is being collected, about specific aspects related to the processing of their data, including, among other things, the purposes of the processing, contact details for exercising their rights, the retention periods for the information, and the security measures in place.
Data Controller
In terms of data protection, ANTONIO GARCERAN is considered the Data Controller for the files/processes identified in this policy, specifically in the Data Processing section.
Below are the identifying details of the owner of this website:
Data Controller: ANTONIO GARCERAN
Postal Address: C/ Condesa 1, 30710 – Murcia
Email Address: info@balneariolaencarnacion.com
Data Processing
The personal data requested, if applicable, will consist solely of that which is strictly necessary to identify and address the request made by the data subject, hereinafter referred to as the Interested Party. This information will be processed fairly, lawfully, and transparently in relation to the Interested Party. Furthermore, personal data will be collected for explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
The data collected from each Interested Party will be adequate, relevant, and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The data subject will be informed, prior to the collection of their data, of the general aspects regulated in this policy so that they can provide their express, precise, and unambiguous consent for the processing of their data, in accordance with the following aspects.
Purposes of Processing
The explicit purposes for which each processing activity is carried out are outlined in the informational clauses included in each data collection method (web forms, paper forms, notices, or informational notes).
However, the personal data of the Interested Party will be processed solely for the purpose of providing an effective response and addressing the requests made by the user, as specified alongside the option, service, form, or data collection system used by the data subject.
Legal Basis
As a general rule, prior to the processing of personal data, ANTONIO GARCERAN obtains the express and unambiguous consent of the data subject by incorporating informed consent clauses into the various information collection systems.
However, in cases where the consent of the Interested Party is not required, the legal basis for the processing relied upon by ANTONIO GARCERAN is the existence of a specific law or regulation that authorizes or requires the processing of the data subject’s data.
Recipients
As a general rule, ANTONIO GARCERAN does not transfer or communicate data to third parties, except when legally required. However, if such transfers or communications are necessary, the data subject will be informed through the informed consent clauses included in the various personal data collection methods.
Source of Data
As a general rule, personal data is always collected directly from the Interested Party. However, in certain exceptions, data may be collected through third parties, entities, or services other than the Interested Party. In such cases, this will be communicated to the Interested Party through the informed consent clauses included in the various information collection methods, within a reasonable period after obtaining the data, and no later than one month.
Retention Periods
The information collected from the Interested Party will be retained for as long as necessary to fulfill the purpose for which the personal data was collected. Once the purpose has been fulfilled, the data will be deleted. Such deletion will result in the blocking of the data, which will only be kept available to Public Administrations, Judges, and Courts to address any potential liabilities arising from the processing, during the statute of limitations for such liabilities. Once this period has elapsed, the information will be destroyed.
For informational purposes, the following are the legal retention periods for information in relation to different matters:
| Document | Retention Period | Legal Reference |
|---|---|---|
| Labor or social security-related documentation | 4 years | Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infringements and Penalties in the Social Order |
| Accounting and tax documentation for commercial purposes | 6 years | Article 30 of the Commercial Code |
| Accounting and tax documentation for tax purposes | 4 years | Articles 66 to 70 of the General Tax Law |
| Building access control records | 1 month | Instruction 1/1996 of the Spanish Data Protection Agency (AEPD) |
| Video surveillance records | 1 month | Instruction 1/2006 of the Spanish Data Protection Agency (AEPD) and Organic Law 4/1997 |
Browsing Data
Regarding browsing data that may be processed through the website, if data subject to regulations is collected, it is recommended to consult the Cookie Policy published on our website.
Rights of Data Subjects
Data protection regulations grant a series of rights to data subjects or holders of data, users of the website, or users of the social media profiles of ANTONIO GARCERAN.
These rights include:
Right of Access: The right to obtain information about whether their data is being processed, the purpose of the processing, the categories of data being processed, the recipients or categories of recipients, the retention period, and the origin of the data.
Right of Rectification: The right to obtain the rectification of inaccurate or incomplete personal data.
Right of Erasure: The right to obtain the deletion of data in the following cases:
When the data is no longer necessary for the purpose for which it was collected.
When the data subject withdraws consent.
When the data subject objects to the processing.
When the data must be deleted to comply with a legal obligation.
When the data was obtained through an information society service under Article 8(1) of the GDPR.
Right to Object: The right to object to a specific processing activity based on the data subject’s consent.
Right to Restriction of Processing: The right to obtain the restriction of processing when:
The data subject contests the accuracy of the data.
The processing is unlawful, and the data subject opposes erasure.
The controller no longer needs the data, but the data subject requires it for the establishment, exercise, or defense of legal claims.
The data subject has objected to processing while verifying whether the legitimate grounds of the controller override those of the data subject.
Right to Data Portability: The right to receive the data in a structured, commonly used, and machine-readable format and to transmit it to another controller when:
The processing is based on consent.
The processing is carried out by automated means.
Right to Lodge a Complaint with a Supervisory Authority: Data subjects may lodge a complaint with the competent supervisory authority.
Interested parties may exercise these rights by contacting ANTONIO GARCERAN in writing, sent to the following address: info@balneariolaencarnacion.com, indicating in the subject line the right they wish to exercise.
In this regard, ANTONIO GARCERAN will respond to the request as soon as possible, taking into account the deadlines set forth in data protection regulations.
If you believe your right to the protection of personal data has been violated, you may file a complaint with the Spanish Data Protection Agency (AEPD) (https://www.aepd.es/).
Security
The security measures adopted by ANTONIO GARCERAN are those required in accordance with Article 32 of the GDPR. In this regard, ANTONIO GARCERAN, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, has established appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In any case, ANTONIO GARCERAN has implemented sufficient mechanisms to:
Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
Regularly test, assess, and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.
