DATA PROTECTION POLICY
This is Camping Playa Brava – Balade S.L.’S data protection policy. It refers to any data accessed in the course of its tourist services, sporting and leisure activities, in compliance with the General Data Protection Regulation (Regulation (EU) No 2016/679 of the European Parliament and of the Council dated 27 April 2016) and Organic Law 3/2018, dated 5 December, on the Protection of Personal Data and security of digital rights.
Who is responsible for the processing of your personal data?
The data protection controller is Camping Playa Brava, owned by Balade S.L., with VAT no. B58981523 and address at Ada. de Arenales De Mar, 3, 17256 – Pals. Balade SL is an integral part of a group of companies which Golf Platja de Pals SA and Serres de Pals SL also belong to.
What is the purpose of our processing of the data?
We process personal data for the following purposes.
To deal with any queries from people who contact us through the contact forms on our website. We use them solely for this purpose.
Assisting people ringing us by phone. In order to provide the best service, conversations may be recorded, notifying anyone who rings us of this fact in advance.
Receipt of CVs sent to us by people interested in working with us and the management of personal data that are generated by participating in the personnel selection processes, in order to analyse the suitability of each candidate’s profile based on existing or newly created vacancies. However, we immediately delete the data if requested by the interested party in the latter case.
Registering new customers and additional data that may be generated as a result of the business relationship with customers. Essential details are requested during the contracting process, including bank details (current account or credit card number) which will be sent to the banking institution managing the charge (which can only be used for this purpose). The relationship involving the provision of tourist services entails other processing, such as incorporating the data to accounting, invoicing or information to the tax authorities.
Information about our services.
The Camp Site uses contact information of its customers to communicate information about this relationship for the duration of the contractual relationship held with them, information that may happen to include references of our products or services, whether of a general nature or more specifically related to the customer’s characteristics and needs.
Other information about the services.
Once the contractual relationship ends, the contact details are stored to send out publicity related to our services or products, general or specific information, based on each customer’s characteristics, subject to the explicit authorisation of the customer. This information is delivered to whoever requests it from us or who agrees to the same by filing in our forms, even if not a customer.
Advertising of services of companies from our group.
Always subject to the explicit prior authorisation of the people mentioned above, the contact details are used to send out general advertising as well as advertising that is adapted to the characteristics of each person, of the services of our group companies. The contact details can also be sent to these companies to allow them to directly send advertising about their services subject to the explicit consent of the interested party.
Management of data from our suppliers.
We register and process data from the suppliers who we obtain services or goods from. These can be data of people who are self-employed as well as details of representatives of legal persons. We obtain the data necessary to maintain the business relationship, which is intended solely for this purpose and use it solely for this kind of relationship.
The approved signs warn about the existence of video surveillance when entering our facilities, where applicable. The cameras only record images of justified points to ensure the security of both goods and people and the images are used solely for this purpose.
Other data collection channels.
We also obtain data through face-to-face relationships and other channels such as the receipt of e-mails or through our profiles on social networks. In all cases, the data is intended solely for the purposes stated that justify the collection and processing of the same.
What is the legal basis for the processing of the data?
The processing of data that we perform has different legal grounds, depending on the nature of each processing operation.
In compliance with a pre-contractual relationship. Cases involving data of potential customers or suppliers who we have a relationship with prior to the formalisation of a contractual relationship, such as the development or the study of budgets. Also cases involving the processing of data from people who have provided us with their CV or who participate in selection processes.
In compliance with a contractual relationship. Cases involving relationships with our subscribers, customers and suppliers and all actions and uses involved in these relationships.
In compliance with legal obligations. Communication of data to the tax authorities are established by business relationship regulatory standards. Data may have to be reported to judicial bodies or security forces or bodies, also in compliance with legal standards that oblige them to cooperate with these public bodies.
Based on consent. Whenever we send information about our products or services, we process the contact details of the recipients with their explicit authorisation or consent. The browsing data that we may obtain through cookies takes place with the consent of the person visiting our website, which can be revoked at any time by uninstalling these cookies.
For a legitimate interest. The images we obtain through video surveillance cameras are processed for the legitimate interest of our company to preserve their property and facilities. Our legitimate interest also justifies the processing of data obtained from contact forms.
Who is the data sent to?
As a general rule, the data is only sent to the public administrations or authorities and in compliance with legal obligations at all times. The identification details of people staying at our establishments are sent to the Directorate General of Police (compliance with Order IRP/418/2010, dated 5 August, on the obligation to register and report people staying in the accommodation facilities to the General Directorate of Police).
The data may be communicated to banks when issuing invoices to customers. If consent has been provided, the data may be sent to other companies from our group for the purposes indicated above. No data is transferred outside the scope of the European Union (international transfer).
We also obtain the services of companies or people providing us their experience and specialisation for certain tasks. In some cases, these external companies must access personal data that we are responsible for. This involves processing rather than a transfer of data. Only services of companies that ensure compliance with data protection legislation can be contracted. Their duty of confidentiality is to be formalised at the time of contracting the same and their actions monitored. This may involve data hosting services, computer support services or legal, accounting or tax consulting.
How long do we retain the data?
We comply with legal obligation to limit the period that data is retained as much as possible. For this reason, they are retained only as long as is necessary and justified for the purpose for which they have been obtained. In certain cases, such as data contained in the accounting and invoicing documentation, they must be retained under tax legislation until no longer prescribed under obligations related to this area. Any data that are processed on the basis of the consent of the interested party are preserved for as long as consent for the same is not revoked by this party. The images obtained by cameras are stored for up to one month, but may be retained for the time necessary in order to facilitate the proceedings of the security forces and bodies or the judicial bodies in the event of any incident that justifies the same.
What rights do people have in relation to the data that we process?
As provided by General Data Protection Regulation, people whose data we process have the following rights:
To know if they are being processed. First and foremost, everyone has the right to find out if we are processing their data, regardless of whether there has been a previous relationship or not.
To be informed during collection. Whenever personal data are obtained from the interested party, they must be provided with clear information about the reason why they will be used, who will be responsible for the processing and any other aspects arising from this processing at the time of providing the data.
To access them. A very broad right that includes knowing precisely what personal data are being processed, what the purpose for which they are being processed is, notifications that will be send to others (if applicable) or the right to obtain a copy or to know the planned duration of retention of the same.
To request their rectification. You have the right have any inaccurate data that we are processing to be rectified.
To request their deletion. In certain circumstances, there may be a right to have data deleted, including when they are no longer necessary for the purposes for which the data were collected and the processing justified, among others.
To request restricted processing. In certain circumstances, the right to request restricting processing of data is also recognised. In this case, they will no longer be processed and shall be retained solely to exercise or defend claims, in accordance with General Data Protection Regulation.
Portability. The cases referred to in legislation recognise the right to obtain personal data in a machine-readable common use structured format, and transfer them to another controller if so requested by the interested party.
To object to the processing. Anyone can argue the reason related to their particular situation, which would result in the termination of processing of their data to the degree or extent that could harm them, except for any legitimate reasons or the exercise or defence against claims.
Not to receive any commercial information. We will immediately deal with any requests not to continue sending commercial information to anyone who had previously authorised us to do so.
How can I exercise or defend my rights?
The rights mentioned above may be exercised by sending a written request to Camping Playa Brava, avda. del Grau, 1, Playa de Pals (CP 17256), or by sending an email to [email protected], stating “Personal Data Protection” in all cases.
If a satisfactory response has not been obtained during the exercise of these rights, a complaint can be filed with the Spanish Data Protection Agency, by filling out the forms, or other accessible channels on its website www.agpd.es.