As soon as you make use of our services we might process the following personal data: First Name, Surname, gender, date of birth, address details, phone numbers, Email addresses, passport details.
We do not collect sensitive personal data (such as racial or ethnic origin, nationality, political opinions, religious beliefs, etc.)
With this privacy statement, we would like to inform you about the types of data we store and how we use them.
Collection and processing of personal data
As a matter of course, you can visit our website without informing us who you are. Our web servers might automatically store general information, including the type of web browser, the operating system used, the domain name of your Internet service provider, the website directing you to us, our web pages that you visit, and the date and duration of your visit. This information does not enable us to make any kind of conclusion about your identity. This data is intended for anonymous evaluations and statistical purposes only.
Furthermore we may collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. Your IP address is a number that your Internet Service Provider automatically assigns to the computer that you are using to access the website. This number is identified and logged automatically in our server log files whenever users visit the website, along with the time of each visit and the page(s) that were visited. Collecting IP addresses is standard practice on the Internet and is done automatically by many websites. We use IP addresses for purposes such as calculating website usage levels, helping diagnose server problems, validation of a legitimate user session via Google® captcha and administering the website. Please note that we treat IP addresses, server log files, and related information as Non-Personal Information, except when we are required to do otherwise under applicable law.
Our website uses “cookies” which are harmless small text files that are placed on your machine to help the website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser. Please note, if cookies are disabled, the online browsing experience may be limited.
For more information about cookies, please visit the About Cookies webpage.
When visitors send informations via a contact form on the site we collect the data requested in that form, and also the visitor’s IP address and browser user agent string to help spam detection.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Use of Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
Use of Google Maps
This website uses Google Maps to display maps and create directions for driving. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the collection, processing and use of data that is collected automatically, or which you enter yourself, by Google, its representatives or third-party service providers.
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Analytics and Google Remarketing
This website uses Google Analytics and eventually Google Remarketing. These are services provided by Google, Inc. (“Google”). Google uses “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to a Google server in the USA and stored there. For more information check Googles Privacy & Terms webpage (don’t forget to change the language to your favourite one).
Purpose of collecting, processing or using data
The purpose of collecting your data are diverse, but all collected datas will only be used to provide the service requested by you. This might be:
- On our websites, when you visit or make or manage a reservation; when you use our contact forms for an enquiry; email sign up, event enquiry
- In our Reception/Reservation/Sales departments from your correspondence
- If you contact us (by phone, email, text or otherwise), we may keep a record of our correspondence with you for record or training purposes, to improve the quality of our offering and to prevent and detect fraud
- When you enter our competitions
- When you register at Reception on arrival
- We are also working closely with third parties (including for example, Online Travel Agents) and may receive information about you from them.
- To administer a booking, event or reservation
- Send you emails or call you in relation to your stay
- To contact you on departure to complete a questionnaire
- To send you marketing & promotional emails should you opt in to this service.
- To provide you with dietary specific meals when you book a meal / dine with us by collecting information regarding your dietary requirements
- Other communications for example responding to requests or general customer service
- Video surveillance is used at the hotels public areas solely for the collection of evidence in the event of vandalism, burglary, assault or other criminal offenses and only where permitted by law.
Use and forwarding of collected data
We use the personal data that you provide exclusively for the communicated or agreed purposes and thus as a rule to process the contract concluded with you or to provide you with the information you have requested.
If you use our services, only the data required for provision of the services in question is normally collected. If we ask you for additional data, provision of this data is voluntary. The processing of personal data is only performed in order to provide the requested service.
Is personal data forwarded to third parties?
The processing and use of your personal data for consultation, advertising or market research purposes requires your express permission. Your data will not be sold, leased or in any other way be made available to third parties. Personal data is only transferred to government institutions and authorities (e.g. Guardia Civil) to the extent required by national legislation.
Categories of recipients to whom the data may be communicated
Hotels, guest houses and other accommodation establishments are permitted to collect and automatically store personal data relating to its guests if so required within the framework of the accommodation contract. This normally also includes billing data relating to food and drink and/or other hotel-specific services. Hotels and other accommodation establishments are required by federal registration regulations to request information about the place of residence, date of birth and nationality of the guests as well as other passport details.
Furthermore, data can be communicated to the following recipients:
- We may share your data with agencies such as law enforcement or governmental organisations (e.g. Guardia Civil), where we are required to make such disclosures by any applicable law.
- We may share your data with banks and payment providers, to authorise and complete payments
- We may pass your information to our third-party service providers, agents, sub-contractors and other associated organisations for the purposes of completing tasks and providing services to you on our or your behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Software to collect, process and store personal data
- Oscar Hotel Software by Redforts for your bookings, confirmations, credit cards details and invoicing. For more information check the Redforts Legal Information webpage.
Description of the group of persons concerned and the data/data categories associated with them
The collection, processing and use of personal data will primarily be performed for the following groups of people:
- Guest data (in particular address data, reservation data, data relating to guest wishes, billing data)
- Customer data (in particular address data, contract data, billing and performance data)
- Data relating to potential customers (in particular accommodation-specific interests, interest in renting rooms/halls, address data)
- Employee data, applicant data, data relating to bodies responsible for pensions (in particular personnel and payroll data)
- Business partners, external service companies (in particular address, billing and performance data)
- Supplier data (in particular address, billing, performance and functional data)
Credit Card Details
We use a secure website through our Oscar Hotel Software by Redforts to obtain your credit/debit card information in order to process any purchases/bookings made on our site. Credit/debit card information may also be requested over the phone when a booking is being made. We will never ask you to send us this information electronically. All such information is stored on a secure system and will only be accessed when necessary to take payments as outlined in our Terms & Conditions. This data will be kept for as long as is necessary to fulfil your contract with us (unless a longer retention period is required or permitted by applicable law) before being disposed securely.
Statutory deadlines for the deletion of data
The legislature has imposed a number of obligations and deadlines regarding data storage. When these deadlines have expired, the relevant data and data sets will be routinely deleted when it no longer serves the purpose of fulfilling contractual obligations (guest, rental and service contracts). Thus, the commercial or financial data of the past fiscal year is, by law, deleted after ten more years unless longer storage of the data is stipulated or necessary for legitimate reasons.
Registration forms will be stored at B&B Cortijo El Sarmiento in accordance for the minimum duration prescribed by law, whereafter they will be disposed of, taking special precautions, in a manner compliant with data protection law.
Check, Change and delete personal data
It is your right to check, change or remove your personal data at any moment. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In case you want to do so please contact us at firstname.lastname@example.org. We will get back to you and resolve the matter within 5 working days. Alternatively you can check your data by following this link to our Data Access Request.
In relation to Marketing & Promotional e-mails we provide a link at the end of the e-mail to unsubscribe from that service.
Please note that it is not possible to ‘opt-out’ of receiving communication from us, which relates to your bookings or reservations.
Name and address of the data protection officer
B&B Cortijo El Sarmiento
Marega Projects S.L.
Camino de Gatar 2
04638 Mojácar (Almería) – Spain
VAT No. ESB54744016
Platform for online dispute resolution by the European Commission:
Ensuring security when processing data
B&B Cortijo El Sarmiento implements technical and organizational security measures to safeguard the data that it manages against inadvertent or deliberate manipulation, loss or destruction and against access by unauthorized persons. The security measures used are continuously being improved to ensure that they remain the state of the art. This means that B&B Cortijo El Sarmiento only stores information relevant to data protection on secured systems. Furthermore this site uses, for security reasons and to protect the transmission of confidential content, an SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
In case of any security breach we will immediately inform the party in question, eg. Redforts Hotel Software and will temporarily disconnect until the problem has been solved and we can ensure the security of your data.
Should you apply for a position within our company, your details will be held on file until such a time as the position is filled. If you are unsuccessful in your application, your details will be disposed of securely and in a timely manner unless you request otherwise.
This policy was updated on May, 17th 2018