PALLADIUM HOTEL GROUP (group of companies owning hotels under the management of PALLADIUM GESTIÓN, S.L.U. or make use of the systems owned by PALLADIUM GESTIÓN, S.L.U.) takes special care to protect the personal data of the Users of the Website’s services and of its guests. Through this Privacy Policy (or Data Protection Policy), the owner of this site, PALLADIUM GESTIÓN, S.L.U., hereby informs the website’s Users about the uses their collected personal data will be subjected to in order for them to freely and voluntarily decide whether to provide the data requested of them.
PALLADIUM GESTION, S.L.U. reserves the right to modify this Policy in order to adapt it to new developments in legislation, jurisprudential criteria, industry practices or the entity’s own interests. Any modification thereto will be announced with due notice in order for its contents to be adequately known.
PALLADIUM GESTION, S.L.U. is the controller, with registered address for this purpose at: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands). The processing activities carried out on our websites and for our guests’ stays in our hotels imply personal data processing, performed by the grouping of entities linked to PALLADIUM GESTIÓN, S.L.U. You can obtain more information about all of these entities in the following link.
The controllers may process your personal data for the following purposes:
1. Management of the accommodation booking in one of the hotels managed by PALLADIUM GESTIÓN, S.L.U., which includes:
2. Managing stays in all our hotels to offer you our best service and best possible attention in each and every one of them. With this purpose, the controllers may:
3. Managing the “Online check-in”: The controllers may send an email for the data subject to voluntarily carry out initial formalities regarding your check-in at the hotel.
4. Managing information and contact requests through the specific channels and/or forms made available for this purpose. This includes:
5. PALLADIUM GESTION S.L.U. manages the “Palladium Rewards” loyalty programme. This includes:
6. Gathering the opinions of guests through customer satisfaction surveys.
7. Informing and signing users up, when necessary, for fairs and events organised by the controller or in which it participates.
8. Managing employment applications by collecting CVs, in order to contact the data subject and carry out the selection process.
9. Sending “shopping basket pending” reminders: the controller may send the data subject communications to remind him/her that he/she has not finished the order or booking process that he/she started. The information that the user included on the website will be considered. This purpose will only be carried out if the user has expressly consented to it.
The controller has a legitimate basis to process your personal data based on:
Personal data come from the booking that the data subject carries out, from the forms that the controller makes available to him/her and that he/she completes, or from the user experience data gathered during his/her stay at the hotels managed by PALLADIUM GESTION, SLU.
In the case that the data do not come directly from the data subject, these would come from the booking made for the data subject by a third party (by a travel agency, for example, or a travel booking website).
The personal data that are provided will be stored for the corresponding term in order to meet legal obligations or respond to possible claims during the statute of limitations for civil suits.
Currently, with the purpose of improving your experience in future stays at our hotels, we maintain the data related to your stay history for a term of seven years, unless you express your opposition, in which case they will be maintained for the stipulated legal periods and throughout the term in which a judge or court could request them. To find out more information about all of the storage periods, you can contact our Data Protection Officer.
PALLADIUM HOTEL GROUP has adopted security measures aimed at protecting the confidentiality, integrity and availability of the data, both through measures on an organisational level and those of a technical nature. The entity applies the following measures, among others:
a) Data blocking procedures. In accordance with the provisions of Article 32 of Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, the entity blocks data to prevent their processing.
b) Data Breach management procedures The entity has technical measures aimed at detecting security incidents that could affect the data processing that is carried out. Once a security incident is detected, PALLADIUM HOTEL GROUP has established measures to resolve the incident and, when applicable, notify the competent authorities and/or the data subjects.
c) Personal data pseudonymisation and encryption procedures With this measure, PALLADIUM HOTEL GROUP guarantees that the data subjects’ data are kept within a sphere of maximum confidentiality.
d) Procedures to restore availability and access to personal data in case of a technical or physical incident.
PALLADIUM HOTEL GROUP regularly carries out evaluations on the effectiveness of the technical and organisational measures to guarantee secure processing.
The personal data that you provide to the controller may be transferred to the following categories of recipients:
The entities acting as controllers will not market, sell or carry out any similar activity with your personal data. They will only process your personal data for the purposes mentioned herein. The entities have service providers who can access the personal data (processors). These service providers include companies located outside of the European Economic Area, which could entail international data transfers, which in all cases would provide adequate guarantees, in accordance with Articles 44 et seq. of the GDPR. To carry out international transfers with PALLADIUM GESTION, S.L.U. service providers located in the USA, the standard contractual clauses adopted by the European Commission are used as a guarantee.
Nonetheless, the data subject in any case can exercise the rights to which he/she is entitled, in accordance with the General Data Protection Regulation, which are the following:
The data subject can exercise these rights through a request that includes a copy of his/her national identity card and must specify which of these rights he/she wishes to exercise, sent to the controller at the address: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Baleares) or through the email address rgpd@palladiumhotelgroup.com
If you believe your data protection rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
Data of update: 1 January 2022