WEB DATA PROTECTION POLICY
PERSONAL DATA PROTECTION POLICY
1. WEBSITE ADMINISTRATOR:
MOLSAN GESTIÓN Y TRAMITACIÓN, S.L.
- Legal Name: MOLSAN GESTIÓN Y TRAMITACIÓN, S.L. (B61082657)
- Address: Paseo de la Castellana, 141, floors 18-19, 28046, MADRID
- Contact Email: club@smhoteles.com
- Commercial Registry: Barcelona, Volume 29063, Folio 68, Page B147971
In compliance with current personal data protection regulations, as the administrators of this website, we inform users that we have created a safe and trustworthy environment. We want to share our principles regarding your privacy:
We never request personal information unless it is strictly necessary to provide the services or information requested.
We do not share users’ personal information with unauthorized third parties. Data is shared only to comply with the law or deliver the requested services, such as booking intermediations, accommodations, or essential administrative and fiscal processes.
We never use your personal data for purposes other than those described in this privacy policy.
This Privacy Policy may change due to legislative or self-regulation requirements. Users are encouraged to review it periodically. It applies when users fill out any of the website’s forms that collect personal data.
This website complies with the requirements of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR), as well as Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), and the laws on Retail Commerce and Consumer Protection.
The person responsible for this website, as well as for the processing of personal data, is identified in the Legal Notice section of this website.
For the purposes of the aforementioned General Data Protection Regulation, the personal data sent to us via website forms or user registrations will be processed as “Website Users,” “Clients,” or “Partners,” as appropriate.
To process our users’ data, we implement all technical and organisational security measures established under current legislation.
2. PRINCIPLES APPLIED TO YOUR PERSONAL INFORMATION
In processing your personal data, the following principles are applied in line with GDPR requirements:
Principle of Lawfulness, Fairness, and Transparency: We will always seek your consent for the processing of your personal data for one or more specific purposes, which will be clearly communicated to you in advance with complete transparency.
Principle of Data Minimisation: We will only request the data strictly necessary in relation to the purposes for which it is required, ensuring we collect the minimum amount possible.
Principle of Storage Limitation: Data will be retained no longer than necessary for the purposes of processing. Depending on the purpose, we will inform you of the relevant retention period. For subscriptions, we will periodically review our lists and delete records that have been inactive for a considerable amount of time, wherever physically or digitally possible.
Principle of Integrity and Confidentiality: Your data will be processed in a way that ensures an adequate level of security and confidentiality. Please note that we take all necessary precautions to prevent unauthorised access or misuse of your data by third parties.
3. HOW DO WE PROCESS YOUR PERSONAL DATA?
The personal data we process on this website originates from the various forms available to you, such as the contact form and the booking form, which you fill out and submit after accepting the legal terms attached to each of them.
4. WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?
Anyone has the right to obtain confirmation as to whether or not this entity is processing personal data that concerns them, and also to:
Request access to personal data relating to the individual.
Request rectification or deletion of their data.
Request the limitation of its processing.
Object to the processing of their data.
Request the portability of the data.
Withdraw the consent given (without retroactive effects that are not in line with the law).
Data subjects can access their personal data and request the rectification of inaccurate data or, where applicable, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, data subjects may request the limitation of the processing of their data, in which case it will only be retained for the purpose of exercising or defending claims or for legal obligations imposed by public authorities or applicable law.
In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The data controller of this website will cease to process the data, unless there are overriding legitimate reasons, or for the exercise or defence of possible claims.
As a data subject, you have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit them to another data controller when:
The processing is based on consent.
The data has been provided by the individual.
The processing is carried out by automated means.
When exercising your right to data portability, you have the right for your personal data to be transmitted directly from one controller to another where technically feasible.
Data subjects also have the right to effective judicial protection and to file a complaint with the supervisory authority, in this case, the Spanish Data Protection Agency, if they believe that the processing of their personal data infringes the Regulation.
5. WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA FOR?
When a user navigates our website to request information from the owner, subscribe to the newsletter, or make a purchase, they are providing personal information for which the website owner (identified at the beginning) is responsible. This information may include personal data such as name, physical address, email address, phone number, and other information. By providing this information, the user gives consent for their data to be collected, used, managed, and stored by the owner, strictly as described in the Legal Notice and this Privacy Policy.
This website has various systems for collecting personal information, and we process the information provided by interested parties for the following purposes, according to each data capture system (forms):
Contact Forms:
We request the following personal information: Name, Email, Phone number, to respond to user requests. For example, we may use this data to respond to queries, complaints, comments, or concerns regarding the information on the website, products advertised through the website, processing of personal data, legal texts included on the website, and any other inquiries that are not related to the purchase conditions. We inform you that the data provided will be stored on servers within the EU.
Booking Form:
We request the following personal information: Name, Email, ID, Address, Date of Birth, payment details (payment method information) to process the required purchase.
Membership Form:
We request the following personal information: Name, Email, ID, Date of Birth, Nationality, and Address.
There are other purposes for which we process your personal data:
To ensure compliance with the terms of use and applicable law. This may include the development of tools and algorithms to help this website ensure the confidentiality of the personal data collected.
To support and improve the services provided by this website.
To manage social media. Our company has a presence on social media. The processing of data from individuals who follow the official pages of the company on social media will be governed by this section, as well as by the terms of use, privacy policies, and access regulations of the relevant social network, which have been previously accepted by the system administrator. We will process your data to properly manage our social media presence, providing information on activities, products, or services of the company, as well as for any other purpose permitted by the social media platform’s policies. Under no circumstances will we use follower profiles on social media to send individual advertisements.
In accordance with the European General Data Protection Regulation (GDPR) 2016/679 and the national data protection law (LOPDGDD 3/2018), our company (see Legal Notice) will be responsible for processing the data of website users.
Our company does not sell, rent, or transfer personal data that could identify users to third parties without prior consent, and will not do so in the future. However, in certain cases, collaborations with other professionals may take place, and in those cases, user consent will be required, informing them of the collaborator’s identity and the purpose of the collaboration. All actions will be carried out with the highest security standards.
6. LEGAL BASIS FOR THE PROCESSING OF YOUR DATA
The legal basis for the processing of your data is consent. To contact or perform any action involving the processing of personal data on this website, consent to this privacy policy is required. The prospective or commercial offer of products and services is based on the consent you provide, without any impact on the execution of the subscription contract or any actions prior to its withdrawal, such as the purchase of items. The legal basis that legitimises purchases is the legislation on trade and consumer rights, both digital and retail.
7. CATEGORY OF DATA
The categories of data processed include identification data and payment system-related data in the case of reservations or purchases. No categories of specially protected data are processed.
8. HOW LONG DO WE RETAIN YOUR DATA?
The personal data provided will be retained until the data subject requests its deletion and for as long as required by law to ensure compliance with our legal obligations. Once the legal retention periods have been met, the data will be blocked, making it accessible only to authorities that may request it. After the legal blocking period has elapsed, the data will be permanently deleted from the system.
9. WHO WILL YOUR DATA BE SHARED WITH?
Data is only shared internally, with another company within the same group. No other data communications are made to third parties, apart from those necessary to comply with the relevant legal obligations required by public authorities and to execute the process requested by the website user or customer. For example, in the purchasing process, we are obligated to transmit your identifying data to the transport company in order to deliver your order.
10. DATA SECURITY AND CONFIDENTIALITY
The data controller is committed to using and processing the data, including the personal data of users, while respecting confidentiality and using it in accordance with its intended purpose, as well as fulfilling its obligation to retain the data and implement all necessary measures to prevent alteration, loss, unauthorised processing, or access, in compliance with the applicable data protection regulations.
This website includes an SSL certificate. This is a security protocol that ensures your data is transferred securely and intact, meaning the transmission of data between a server and the website user, as well as feedback, is fully encrypted.
The data controller cannot guarantee the absolute invulnerability of the internet, and therefore, cannot fully prevent data breaches due to fraudulent access by third parties. However, all possible measures are applied to eliminate, mitigate, or reduce the impact of such breaches.
Regarding the confidentiality of the process, the data controller will ensure that anyone authorised by the company to process customer data (including staff, collaborators, and service providers) is under an appropriate confidentiality obligation (whether contractual or legal).
In the event of a security incident, once the data controller becomes aware of it, they must notify the customer without undue delay and provide relevant information related to the security incident as it becomes known or when reasonably requested by the user.
1. INTELLECTUAL AND INDUSTRIAL PROPERTY
Molsan Gestión y Tramitación, S.L. All rights reserved.
The contents of this website, as well as all documents, trade names, brands, or logos included therein, are subject to the intellectual and industrial property rights of its owner, Molsan Gestión y Tramitación, S.L., protected by current legislation on Intellectual and Industrial Property (Royal Decree-Law 2/2019, RD 1/1996, and Directive 2019/790/EU). Access to the website does not imply any waiver, transfer, assignment, or full or partial licence of these rights, nor does it grant any right to use, alter, exploit, reproduce, distribute, or publicly communicate the contents or goods subject to industrial property without the prior and express authorisation of the owner. Any rights you wish to acquire or any need for copying, reproduction, or assignment can be requested from the owner via email at: fiscal@sanchezmolina.com.
2. ACCURACY AND TRUTHFULNESS OF DATA
As a user, you are solely responsible for the accuracy and correctness of the data you submit to our website, and you exempt the controller of this website from any liability in this regard.
Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided, and they undertake to keep it duly updated. The user agrees to provide complete and accurate information in the forms where it is requested.
3. ACCEPTANCE AND CONSENT
The user declares that they have been informed of the conditions regarding the protection of personal data, accepting and consenting to the processing of such data by the controller in the manner and for the purposes outlined in this privacy policy.
4. REVOCABILITY
The consent given, both for the processing and for the transfer of the data subjects, can be revoked at any time by notifying the controller in the manner outlined in this Policy for exercising the rights of access, rectification, deletion, and portability of data, the limitation or opposition to processing, or withdraw the consent given, along with all rights set forth in the GDPR 2016/679 and the LOPDGDD 3/2018. This revocation will not have a retroactive effect under any circumstances.
5. CHANGES TO THE PRIVACY POLICY
The controller reserves the right to modify this policy to adapt it to legislative or judicial developments, as well as to industry practices. In such cases, the controller will announce the changes introduced on this page with reasonable advance notice before they take effect.
6. COMMERCIAL EMAILS
In compliance with the LSSICE 34/2002, the company does not engage in SPAM practices and does not send commercial emails without prior request or authorisation from the user.
Accordingly, each form on the website includes the option for the user to provide explicit consent to receive the newsletter, independent of any commercial information specifically requested.
In accordance with the provisions of Law 34/2002 on Information Society Services and Electronic Commerce, the controller is committed to ensuring the proper identification of all commercial communications.
7. INFORMATION AND CONSENT CLAUSE AND EXERCISE OF RIGHTS
The personal data collected through this website will be included in our information system and processed according to our record of processing activities, including Customer Management, Website Users, or Members, as applicable. This is managed by the CONTROLLER identified at the beginning of this clause and will always be handled in accordance with the provisions of the GDPR 2016/679 and the LOPDGDD 3/2018.
The purposes for using the data, explicitly detailed in each section of the website, may include: enabling communication via email in response to user queries, requests for relevant information, product purchase procedures, and facilitating such procedures as required by current regulations.
You may exercise any of your legal rights: access, rectification, erasure, and portability of your data, as well as the restriction or objection to its processing or withdrawal of consent. These rights can be exercised by sending a certified letter or another method that verifies the sender’s identity and provides proof of receipt to the CONTROLLER, including a copy of your ID.
This Privacy Policy was last updated in December 2022.
