Privacy Policy

Identification of the Data Controller

Casoti, S.L. is the CONTROLLER of the USER’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).

You can contact the Controller via the email address andersoncityflats@gmail.com

The address for complaints will correspond to that indicated as the address of the Owner.

Purposes of the processing

1. Respond to the questions that the interested party sends to the Controller.

Conservation period: The data will be kept until the question raised by the interested party is resolved. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

Legal basis: Legitimate Interest of the Controller and Consent of the Interested Party.

2. Manage the subscription of the interested party to their Client or User account, as well as access to the services and functionalities of our Clients / Users.

Storage period: The data will be kept as long as the interested party does not revoke the consent granted. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

Legal basis: Consent of the interested party.

3. Process accommodation reservations made by the user.

Storage period: The data will be processed as long as there is an interest on the part of the interested party, based on the contractual relationship existing when contracting the accommodation service. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

Legal basis: Contractual relationship.

4. Send the interested party commercial communications about our services that may be of interest to them (newsletter).

Storage period: The data will be kept as long as the interested party does not revoke the consent granted. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

Legal basis: Express consent of the interested party.

5. Manage the publication of content or opinions of users, about their degree of satisfaction with their experience using our services or the facilities we provide.

Conservation period: The data will be kept as long as the interested party does not revoke the consent granted. Subsequently, if necessary, the information will be kept blocked for the legally established periods.

Legal basis: Express consent of the interested party.

Recipients of your data

The Controller contracts with third parties in charge of processing in order to provide its services. With the exception of these entities, your data will not be communicated to other third parties. If for any reason it is necessary to communicate said data to third parties, you will be informed in advance and, where appropriate, your consent will be requested and the purposes of the communication and the identity of the third party to whom it will be communicated will be specified.

All of this, with the exception of cases in which a legal requirement requires the communication of said data to a third party.

Rights

People who provide us with their data have the following rights in relation to them:

  1. Right of access
  2. Right to rectification or deletion
  3. Right to limitation of processing
  4. Right to portability
  5. Right to object
  6. Right to revoke consent

Right of access: Any person has the right to obtain confirmation from the Controller as to whether or not personal data concerning them is being processed and, if so, the right to access the personal data.

Right to rectification: This is the right to obtain the rectification of the personal data in our possession that concerns you.

Right to deletion: This is the right to obtain the deletion of your personal data.

Right to limitation of processing: This is the right to have your data no longer be subject to the corresponding processing operations when any of the following conditions are met:

  • When you have exercised the rights of rectification or opposition and the Controller is in the process of determining whether the request is admissible.
  • If the data processing is unlawful, which implies the deletion of the data, but you do not want your data to be deleted by the Controller.
  • When the data is no longer necessary for processing, this implies the deletion of the data, but you want the Controller to limit the processing of the data and to retain it in order to be able to formulate, exercise or defend against claims.

Right to portability: This is the right to obtain from the Controller, in the event of automated processing of your data, a copy of it in a structured, commonly used and machine-readable format or for said copy to be transmitted directly to the Controller that you indicate. Please note that this right will not apply to:

  • Third-party data that you have provided to the Controller.
  • Data that concerns you, but that has been provided to the Controller by third parties.

Right to object: This is the right to object to the processing of your personal data. As regards the processing carried out by the Controller, you may object to the sending of commercial communications, both from you and from third parties.

If you wish to obtain more information about your rights, we suggest that you visit the website of the Spanish Data Protection Agency, as well as the European Data Protection Regulation.

The exercise of these rights may be carried out by sending an email to reservas@andersoncityflats.com, clearly indicating which right you wish to exercise and providing a copy of your identity document to prove your identification. You may also contact the Controller by post at its registered office, which appears in point 1 of this Privacy Policy.

Additionally, we inform you about the possibility of filing a claim with the competent Control Authority, in this case, the Spanish Data Protection Agency, especially if you have not obtained satisfaction in the exercise of your rights. You can contact the Spanish Data Protection Agency through their telephone numbers 901 100 099 and 912 663 517 or by visiting them at their address C/ Jorge Juan, 6. 28001 – Madrid.

Security measures

The Controller guarantees the user that the processing carried out complies with all the provisions of the aforementioned data protection regulations, GDPR and LOPDGDD, and that the data is processed in a lawful, fair and transparent manner in relation to the interested party and is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Likewise, the Controller guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the USERS and has communicated to them the appropriate information so that they can exercise them.

Origin and Truthfulness of the data

All the data collected comes from the interested party. The User, by accepting this Privacy Policy, declares and undertakes to guarantee the truthfulness and accuracy of the data provided, as well as being the legitimate owner of the same.

Likewise, the User undertakes to keep their data updated at all times, and to promptly inform the Controller of any significant changes, such as the change of ownership of their bank account, or the modification of their email account provided through the relevant forms hosted on the website.

In this regard, the User will be solely responsible for any failure to comply with the above provisions, exonerating the Data Controller from all liability with respect to such data that the User has not previously communicated to it.