PRIVACY POLICY – ADDITIONAL INFORMATION
The Privacy Policy is part of the General Conditions that govern this Website.
Who is responsible for processing your data? Paraty Hoteles SLU CIF: B93165090
Address: Avda. Manuel Fraga Iribarne, nº 15, Portal 4 – 1st Floor, CP 29620, Torremolinos.
Phone: 952230887
Mail: protecciondatos@paratytech.com
You can contact us in any way you like.
We reserve the right to modify or adapt this Privacy Policy at any time. We encourage you to review it, and if you have registered and accessed your account or profile, you will be notified of any changes.
If you are one of the following groups, please consult the information:
WEB OR EMAIL CONTACTS
What data do we collect through the Web? We may process your IP address, operating system or browser, and even the length of your visit, anonymously.
If you provide us with information in the contact form, you will be identified so we can contact you if necessary.
For what purposes will we process your personal data?- Respond to your questions, requests or petitions.
- Manage the requested service, respond to your request, or process your petition.
- Information by electronic means, relating to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Conduct website analysis and improvements for our products and services. Improve our business strategy.
What is the legitimacy for processing your data? Acceptance and consent of the interested party: In those cases where completing a form and clicking the send button is required to submit a request, doing so will necessarily imply that you have been informed and have expressly given your consent to the content of the clause attached to said form or acceptance of the privacy policy.
All our forms include a * symbol for required information. If you do not complete these fields, or do not check the privacy policy acceptance checkbox, your information will not be submitted. The form typically reads as follows: “□ I am over 14 and I have read and accept the Privacy Policy.”
You may revoke your consent at any time.
NEWSLETTER CONTACTS
What data do we collect through the newsletter? On the Website, you can subscribe to the Newsletter if you provide us with an email address, to which it will be sent.
We will only store your email address in our database and will continue to send you emails periodically until you unsubscribe or we stop sending emails.
The newsletter may contain a web beacon, which statistically confirms whether you've opened it, at what time, or how many times. This helps us determine the best delivery times and what interests you, but we won't collect any personal information about you, only your email address.
You will always have the option to unsubscribe from any communication.
For what purposes will we process your personal data?- Manage the requested service.
- Information by electronic means, relating to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Conduct analysis and improvements in mailing delivery to enhance our sales strategy.
What is the legitimacy for processing your data? Acceptance and consent of the interested party: If you subscribe, you will need to accept a checkbox and click the send button. This necessarily implies that you have been informed and have expressly given your consent to receive the newsletter.
If you do not check the privacy policy acceptance checkbox, the information will not be sent. It typically reads as follows: "□ I am over 14 and I have read and accept the Privacy Policy."
You may revoke your consent at any time.
CUSTOMERS
For what purposes will we process your personal data?- Provide technological solutions and increase your direct sales.
- Budget preparation and monitoring through communications between both parties.
- Information by electronic means, relating to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Manage the administrative, communications and logistics services provided by the Controller.
- Carry out the corresponding transactions. Bill and file the appropriate taxes. Manage control and collection processes.
What is the legitimacy for processing your data? The legal basis is your contractual consent, which you may revoke at any time.
SUPPLIERS
For what purposes will we process your personal data?
- Information by electronic means, relating to your request.
- Commercial or event information by electronic means, provided there is express authorization.
- Manage the administrative, communications and logistics services provided by the Controller.
- Carry out the corresponding transactions. Bill and file the appropriate taxes. Manage control and collection processes.
What is the legitimacy for processing your data? The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products through any means.
PARTNERS
For what purposes will we process your personal data?- Organization of the actions necessary to achieve the company's goals.
- Internal management and legal compliance thereof.
- Call for meetings.
- Carry out the corresponding transactions.
- Declaration of the appropriate taxes.
What is the legitimacy for processing your data? The legal basis is contractual, the acceptance of a contract for the sale of shares or similar, or participation in the incorporation of the company.
SOCIAL NETWORK CONTACTS
For what purposes will we process your personal data?- Respond to your questions, requests or petitions.
- Manage the requested service, respond to your request, or process your petition.
- Connect with you and build a community of followers.
What is the legitimacy for processing your data? Acceptance of a contractual relationship in the corresponding social network environment, and in accordance with its Privacy policies: Facebook http://www.facebook.com/policy.php?ref=pf
Instagram https://help.instagram.com/155833707900388
Twitter http://twitter.com/privacy
Linkedin http://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Pinterest https://about.pinterest.com/es/privacy-policy
Google* http://www.google.com/intl/es/policies/privacy/
*(Google+ and Youtube)
How long will we keep personal data? We can only view or delete your data in a limited manner if you have a specific profile. We will process it for as long as you allow us to continue following us, becoming our friend, or clicking "like," "follow," or similar buttons.
Any corrections to your data or restrictions on information or publications must be made through your profile or user settings on the social network itself.
JOB SEEKERS
For what purposes will we process your personal data?- Organization of selection processes for hiring employees.
- Schedule you for job interviews and evaluate your candidacy.
- If you have given us your consent, we may retain your CV for future job postings.
- If you have given us your consent, we may share your information with partner or related companies for the sole purpose of helping you find employment.
What is the legitimacy for processing your data? The legal basis is your unequivocal consent, upon submitting your CV and receiving and signing information regarding the processing we will carry out.
COMPLAINTS CHANNEL
For what purposes will we process your personal data?- Internal detection of potential criminal and administrative offenses affecting the legal entity and compliance with the company's code of conduct and compliance policies.
- Reporting management. The reporting party's data can be processed anonymously.
What is the legitimacy for processing your data?- Mission interests or public powers.
- Compliance with a legal obligation.
INFORMATION COMMON TO ALL TREATMENTS:
Do we include personal data of third parties? No, as a general rule, we only process data provided to us by data subjects. If you provide us with third-party data, you must first inform them and request their consent, otherwise you will release us from any liability for failure to comply with this requirement.
And data on minors? We do not process data from children under 14 years of age, so please refrain from providing it if you are not that age.
Will we communicate electronically? These will only be used to process your request, if it is one of the contact methods you have provided to us.
If we make commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply? Rest assured: We have adopted an optimal level of protection for the Personal Data we handle, and we have implemented all available technical means and measures, based on the state of the art, to prevent the loss, misuse, alteration, unauthorized access, and theft of Personal Data.
To which recipients will your data be communicated? Your data will not be shared with third parties, except under legal obligation. Specifically, it will be shared with the State Tax Administration Agency and with banks and financial institutions for payment of the service provided or product purchased. It will also be shared with the data processors necessary for the execution of the agreement.
In the event of a purchase or payment, if you choose an app, website, platform, bank card, or other online service, your data will be transferred to that platform or processed within its environment, always with the utmost security.
Upon our request, the web development and maintenance company or hosting provider will have access to our website. They will have signed a service provision agreement that obliges them to maintain the same level of privacy as us.
We use applications that may involve an international data transfer to the United States. This will only be done to entities that have adhered to the US-EU Data Privacy Framework, or failing that, to those that have demonstrated compliance with the regulations and have committed through standard contractual clauses (SCCs) to comply with the level of protection and guarantees in accordance with the parameters and requirements set forth in current European data protection regulations, such as the European Regulation, or failing that, when there is a legal authorization to carry out the international transfer.
What rights do you have?- To know whether we are processing your data or not.
- To access your personal data.
- To request rectification of your data if it is inaccurate.
- To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent you granted.
- To request the restriction of the processing of your data, in certain cases, in which case we will only retain it in accordance with current regulations.
- To transfer your data, which will be provided to you in a structured, commonly used, or machine-readable format. If you prefer, we can send it to the new controller you designate. This is only valid in certain cases.
- To file a complaint with the Spanish Data Protection Agency if you believe we have not served you properly.
- To revoke consent for any treatment to which you have consented, at any time.
If you change any of your information, please let us know so we can keep it updated.
Do you want a form to exercise your rights?- We have forms for exercising your rights. Request them by email, or if you prefer, you can use those developed by the Spanish Data Protection Agency or third parties.
- These forms must be signed electronically or accompanied by a photocopy of your ID.
- If someone represents you, you must attach a copy of their ID, or have them sign it electronically.
- The forms can be submitted in person, sent by letter, or sent by email to the Controller's address at the beginning of this text.
How long does it take us to respond to your exercise of rights? It depends on the law, but within a maximum of one month from your request, and two months if the issue is very complex and we notify you that we need more time.
How long will we keep your personal data?- Personal data will be retained as long as you remain associated with us.
- Once you unsubscribe, the personal data processed for each purpose will be retained for the legally established periods, including the period in which a judge or court may request it in accordance with the statute of limitations for legal actions.
- The data processed will be retained until the aforementioned legal deadlines expire, if there is a legal obligation to retain it, or if there is no such legal deadline, until the data subject requests its deletion or revokes the consent granted.
- We will retain all information and communications related to your purchase or the provision of our service for as long as the product or service warranties last, in order to address any potential claims.
For each type of data processing or type, we provide you with a specific period, which you can consult in the following table:
DATA RETENTION PERIODS
| File | Document | Conservation |
|---|
| Customers |
| Invoices | 10 years |
| Forms and coupons | 15 years |
| Contracts | 5 years |
| Human Resources |
| Payrolls, TC1, TC2, etc. | 10 years |
| Resumes | Until the end of the selection process and 1 more year with consent |
| Severance/dismissal documents, contracts, temporary worker data | 4 years |
| Worker's file | Up to 5 years after discharge |
| Marketing |
| Databases or website visitors | While the treatment lasts |
| Suppliers |
| Invoices | 10 years |
| Contracts | 5 years |
| Access control and video surveillance |
| List of visitors | 30 days |
| Videos | 30 days (blocking) / 3 years (destruction) |
| Accounting |
| Accounting books and documents | 6 years |
| Shareholder agreements, bylaws, minutes, regulations | 6 years |
| Financial statements, audit reports | 6 years |
| Grant records and documents | 6 years |
| Fiscal |
| Tax management: taxes, dividends, withholdings | 10 years |
| Establishment of intragroup prices | 18 years old |
| Intragroup transactions (price agreements) | 8 years |
| Health and Safety |
| Medical records of workers | 5 years |
| Environment |
| Information on hazardous substances | 10 years |
| Environmental permits | During the activity / 3 years after closure / 10 years (crime) |
| Recycling or waste disposal records | 3 years |
| Grants (rights, obligations, receipts, payments) | 4 years |
| Accident reports | 5 years |
| Insurance |
| Insurance policies | 6 years (general) / 2 years (damages) / 5 years (personal) / 10 years (life) |
| Shopping |
| Record of deliveries, acquisitions, imports/exports (VAT) | 5 years |
| Legal |
| Intellectual and industrial property, contracts and agreements | 5 years |
| Permits, licenses, certificates | 6 years from expiration / 10 years (criminal) |
| Confidentiality and non-competition agreements | Validity of the obligation |
| LOPD |
| Treatments not notified to the AEPD | 3 years |
| Employee data on internal networks/equipment/systems | 5 years |
| Whistleblower Channel |
| Internal reporting and regulatory compliance program | 3 months (general) / 10 years (criminal) |
GROUP COMPANIES.
The following companies are part of the business group and carry out activities related to the provision of technological, commercial, or data analysis services. Each of them acts as Data Controller within the scope of its own business and sectoral activities.
Paraty Hotels SLU
Direct hotel sales. Booking engine and other related services.
https://www.paratytech.com/ Data Seekers SL
Data extraction, monitoring and organization.
https://www.dataseekers.com/ Ring2travel SL
Call Center for Hotels.
https://www.ring2travel.com/ Updated on 07/15/2025