THIS PRIVACY STATEMENT WAS LAST UPDATED ON 1 AUGUST 2019
The Joint Data Controller are:
NH HOTEL GROUP, S.A. ('NH HOTEL')
MINOR HOTEL GROUP LIMITED ('MINOR”)
2. INFORMATION AND CONSENT
By accepting this Privacy Notice, the user is informed and provides their free, informed, specific and unambiguous consent for the personal data they provide on the website at www.tivolihotels.com (the “Website”) to be processed by Data Controllers, with their browsing data and any other data they provide to Data Controllers in the future.
The user must read this Privacy Notice carefully, which has been written clearly and simply, to improve understanding, to freely and voluntarily decide whether they wish to provide their personal data to Data Controllers.
3. REQUIREMENT TO PROVIDE DATA
Data requested in Website forms are generally mandatory (unless otherwise specified in the requested field) to comply with the stated purposes.
Therefore, if these are not provided or not provided correctly, they may not be addressed, without affecting the free display of the Website content.
4. FOR WHAT PURPOSE WILL THE DATA CONTROLLERS PROCESS USERS’ PERSONAL DATA?
The personal data provided through the Website will be processed by Data Controllers for the following purposes:
- To monitor the use of the Website.
- Contact with hotels to know the services they offer.
- Information about wedding services in the hotels.
5. WHAT CATEGORIES OF USER DATA WILL THE DATA CONTROLLERS PROCESS?
The Data Controllers will process the following categories of user data:
- Identifying data: name, surname, nationality, website traffic data.
- Contact details: email address, telephone number.
6. WHAT IS THE LAWFUL BASIS FOR PROCESSING USERS’ DATA?
The lawful basis for processing your personal data will be as follows:
- For analyzing the use of the website in the legitimate interest of the Data Controllers.
- For managing the contact and the information about wedding service: the consent requested.
7. WITH WHICH RECIPIENTS WILL USER DATA BE SHARED?
The User data may not be disclosed to a third party. If necessary, prior to transfer to third parties your data, Data controller will request your consent.
In addition, data may be accessed by Data Controllers’ suppliers, when this is required for proper compliance with legal obligations and/or for the purposes indicated above. These providers will not process your data for purposes not previously advised by Data Controllers.
8. INTERNATIONAL TRANSFERS OF DATA
All data generated by or collected from this website and its users while visiting it, the joint Data Controllers are NH Hotel Group, S.A., and Minor Hotel Group Limited.
Minor is an entity located in Thailand, outside of European Economic Area. This entity shares data cross-border to the services that the user receives in this website. As a result, of this we will transfer personal data in countries where data protection standards may differ from those in the country where you reside. For this reason, we will request your consent prior to data processing.
9. DATA STORAGE
Your data will be stored for the following periods:
- Data provided for analyzing the use of the website: will be stored untilthe cookies have been deleted.
- Data provided on contact forms and website: will be stored for the period required to process and answer your request and, when this is complete, for the limitation period for legal actions resulting from this request.
10. USER LIABILITY
- Guarantees that they are above eighteen (18) years of age and that the data they provide to Data Controllers and true, precise, complete and up to date. For these purposes, the user is liable for the veracity of all the data disclosed and must keep the information provided properly up to date, to reflect their actual situation.
- They guarantee that they have informed the third parties whose data they have provided, if they have done so, of the points covered in this document. In addition, they guarantee that their authorization has been obtained to provide their data to Data Controllers for the indicated purposes.
- They will be liable for any false or inaccurate information they provide on the Website and for direct or indirect damage caused to Data Controllers or to third parties.
You may disable any of these cookies via your browser settings or change your cookies settings.12. EXERCISE OF RIGHTS
Users may write to Data Controllers, at the address or by email noted at the top of this Notice, including a copy of their identity document, at any time and free of charge, to:
- Revoke consent already granted.
- Receive confirmation on whether or not Data Controllers are processing personal data belonging to the user.
- Access your personal data.
- Correct inaccurate or incomplete data.
- Request the deletion of your personal data when, for any reason, the data is no longer necessary for the purposed for which it was obtained.
- Request that Data Controllers restrict data processing when any of the conditions in the data protection regulations are met.
- Request the portability of the data provided by the User in cases envisaged in the regulations.
- Contact the DPO or Head of Data Privacy of Data Controllers.
- Lodge a complaint relating to the protection of your personal data with the Spanish Data Protection Agency at Calle de Jorge Juan, 6, 28001 Madrid, when the data subject believes that Data Controllers have infringed the rights recognized by applicable data protection regulations.
13. SECURITY MEASURES
Data Controllers will implement necessary technical and organizational measures to ensure the security of your data and prevent unauthorized changes, loss, processing or access, in view of the state of technology, the nature of the data stored and risks to which they are exposed.
The observance and fulfilment of these conditions will be required in relation to any person who accesses, navigates or uses the Website. If you do not agree with the terms set out, do not access, navigate or use any page on the Website.
Last updated: 01 Aug 2019