Privacy Policy

O Forno de Catuxa makes available to you through the website https://ofornodecatuxa.es This Privacy Policy is intended to inform you, in detail, about how we process your personal data and protect your privacy and the information you provide to us. In the event of future modifications to it, we will notify you through the website or through other means so that you can be aware of the new privacy conditions introduced.

In compliance with Regulation (EU) 2016/679, General Data Protection and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, we inform you of the following:

Data Controller

• Identity: Miguel Ángel Cabana Aguiar with NIF 33319939T
• Dir. Postcard: Carballido 8 Esperante, 27210 Lugo
• Email: info@ofornodecatuxa.es
• Website: www.ofornodecatuxa.es

For what purpose do we process your personal data?

The accommodation collects and processes your personal information in general to manage the relationship we have with you, the main purposes that we have identified are the following:

• Management and contracting of the services offered by our accommodation
• Channel requests for information, suggestions and complaints that you may send us
• To keep you informed about events, offers, products and services that may be of interest to you through different communication channels as long as you have given your consent.
• Management of the commercial relationship maintained with our suppliers
• O Forno de Catuxa has video surveillance cameras in the common areas to ensure the safety of guests.
• The installation and operation of security cameras is in accordance with current regulations.

How do we collect your information?

We collect your personal information through different means:

• Contact form: to send information about the query made (name, surname and email), obtaining the corresponding legitimacy through the pre-contractual relationship of the parties;

• Services form: to maintain the contractual relationship, as well as the management, administration, information, provision and improvement of the service offered, obtaining the corresponding legitimacy through the contractual relationship between the parties, which will be sent once the client contacts us.

You will always be informed at the time of collection by means of information clauses about the data controller, the purpose and legal basis of the same, the recipients of the data and the period of storage of your information, as well as the way in which you can exercise your rights in terms of data protection. In general, the personal information we process is limited to identifying data (name and surname, date of birth, address, ID card, telephone number and email). The accommodation uses social media and this is another way to reach you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies that explain how they use and share your information, so we recommend that you check them before using them to confirm that you agree with the way your information is collected, processed and shared. Likewise, this website collects cookies, which you can consult at the following link: COOKIES POLICY

User Responsibility

By providing us with their data through electronic channels, the user guarantees that they are over 14 years of age and that the data provided to The Accommodation are true, accurate, complete and up-to-date. To this end, the user confirms that they are responsible for the veracity of the data communicated and that they will keep this information suitably updated so that it corresponds to their real situation, being responsible for any false and inaccurate data that may be provided, as well as for any direct or indirect damages that may arise.

How long do we keep your information?

We will only keep your information for the period of time necessary to comply with the purpose for which it was collected, to comply with the legal obligations imposed on us and to attend to the possible responsibilities that may arise from the fulfilment of the purpose for which the data was collected.

If at any time we have collected your data to address you as a potential user of our services or to respond to a request for information made by you, said data will be kept for a maximum of 6 months from its collection, and will be deleted after this period if a contractual relationship has not been formalized or at the time you request it.

In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that binds us or you do not exercise your right to erasure and/or limitation of processing, in which case, the information will be blocked without its use beyond its conservation, as long as it may be necessary for the exercise or defence of claims or any type of liability that should be taken care of may arise.

Who do we disclose your data to?

In general, we do not share your personal information, except for those disclosures that we must make based on imposed legal obligations.

Although it is not a transfer of data, in order to provide you with the requested service, it may be that third parties, acting as our suppliers, access your information to carry out the service we have contracted for them. These processors access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality.

• Hetzner Online GmbH, with registered office in Industriestr. 25, 91710 Gunzenhausen, Germany, VAT Reg. No. DE 812871812, which provides the hosting management services. The privacy policy and other legal aspects of this company can be consulted at the following link: https://www.hetzner.com/legal/privacy-policy
• Redsys: Redsys Servicios de Procesación, S.L.: company used to manage credit card payments on the website. Located at Francisco Sancha, 12 – 28034 Madrid. Privacy policy and other legal aspects of said company at the following link: https://www.redsys.es/legal/20200224_poli%CC%81tica_de_privacidad.pdf
• Google LLC, located at 1600 Amphitheatre Parkway, 94043, Mountain View, California, United States, which provides services consisting of measurement, surveys, and mail services. They have adopted standard data processing clauses approved by the European Commission that can be consulted at: https://cloud.google.com/security/gdpr/resource-center. Privacy policy and other legal aspects of said company at the following link: https://www.google.com/intl/es/policies/privacy/
• KROSS BOOKING: Krossbooking is a software for vacation rental owners to which basic reservation data is sent for centralized management, which belongs to the company Solutions Plus SRL based in Str. Prov. Bitonto – Aerop. Palese, 28 – Bari, Italy. Link to Krossbooking’s privacy policy: https://www.krossbooking.com/privacy/

Likewise, your personal information will be available to Public Administrations, Judges and Courts, for the attention of possible responsibilities arising from the processing.

International Data Transfers

We have agreed with our suppliers that, for the provision of the contracted service, they will make use of servers located in the EEA and if, in the future, we need to make use of servers located outside the territory of the EU, the appropriate measures will be adopted, which will be incorporated into this Privacy Policy, guaranteeing that the appropriate guarantees are in place.

What are your rights in relation to the processing of your data and how can you exercise them?

Data protection regulations allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation of their processing, as well as not to be subject to decisions based solely on the automated processing of your data, where appropriate.

These rights are characterized by the following:

• Its exercise is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive), in which case the accommodation may charge a fee proportional to the administrative costs incurred or refuse to act
• You can exercise your rights directly or through your legal representative or volunteer.
• We must respond to your request within one month, although, if the complexity and number of requests are taken into account, the deadline can be extended by another two months.
• We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of opting for another means. If the request is submitted by electronic means, the information will be provided by these means where possible, unless you request us otherwise.
• If we do not process the request, you will be informed, within one month, of the reasons for your failure to act and the possibility of filing a complaint with a Supervisory Authority
•  

In order to facilitate their exercise, we provide you with the links to the application form for each of the rights:

Exercise of the right of access form

Form for exercising the right of rectification

Right to object exercise form

Right to erasure exercise form (“right to be forgotten”)

Form for exercising the right to restriction of processing

Form for exercising the right to portability

Exercise form not to be subject to automated individual decisions

To exercise your rights, we provide you with the following means:

1. By means of a written and signed request addressed to the postal address of the data controller with Ref. Exercise of LOPD Rights.
2. By sending a scanned and signed form to the email address of the data controller indicated above, indicating in the subject Exercise of LOPD Rights.

In both cases, you must prove your identity by attaching a photocopy or, where appropriate, a scanned copy, of your ID card or equivalent document in order to verify that we only respond to the interested party or their legal representative, in which case you must provide a document accrediting the representation.

Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.

How do we protect your information?

We are committed to protecting your personal information.

We use physical, organisational and technological measures, controls and procedures that are reasonably reliable and effective, aimed at preserving the integrity and security of your data and guaranteeing your privacy.

In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data.

In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the assignment carried out, as well as to implement the technical and organisational security measures necessary to guarantee confidentiality, Permanent integrity, availability and resilience of personal data processing systems and services.

All these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and there is no security system that is impenetrable and, in the event that any information subject to processing and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where appropriate, to those users who may have been affected so that they take the appropriate measures.