account Privacy Policy of B&B HOTELS in Spain
General Personal Data Protection Policy (B&B HOTELS www.hotel-bb.com mobile and web application)
Update date: 19/07/2024
Preamble
In the course of its activity, B&B HOTELS collects and processes the personal data of its contacts, customers, potential customers, suppliers and partners. The main purpose of this document is to inform its recipients of the conditions under which their data will be processed.
This policy is addressed to users (hereinafter, "Users") of the website https://www.hotel-bb.com/ (hereinafter, "Website") and of the application for mobile devices of B&B HOTELS (hereinafter, the "Application") through which the B&B HOTELS ONLINE BOOKING PLATFORM (hereinafter, the "Platform") operates.
Our purpose is to inform, pursuant to Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation" or "GDPR"), to all Users about how their personal information collected through our Website and Application will be processed. in relation to room bookings in those countries where B&B has hotel establishments, as well as B&B HOTELS Club and B&Me loyalty programmes.
Ensuring proper protection of personal data is a priority for B&B HOTELS, which is why we are committed to doing so in strict compliance with applicable regulations and laws.
1. Definitions
Application: B&B HOTELS mobile application available for IOS and Android devices.
Platform: central online reservation system enabled by the B&B HOTELS Group on its Website and Application.
Data controller: the companies B&B Hospitality, S.L., We I Alicante, S.L. and We I Valencia San Luis Hotel, S.L., in their capacity as Data Controllers, are responsible for managing the data processing operations carried out through the Website or Application in Spain.
Services: set of services offered by B&B HOTELS through its Platform. All the available services are detailed in the Terms and Conditions of Use (TCU) document, which can be accessed through the following link https://www.hotel-bb.com/es/condiciones-de-uso/espana
Website: B&B HOTELS website, available through the following link https://www.hotel-bb.com/es
User: any person who accesses or browses the Website or the Application, regardless of whether they are a customer, operator or any Internet user who has or does not have a personal user account, will be considered as such.
2. Data controllers
The companies responsible for the processing of personal data collected through the Website and the Application in Spain are (hereinafter, B&B HOTELS):
- B&B Hospitality, S.L.
- We I Alicante, S.L.
- We I Valencia San Luis Hotel, S.L.
All of them with registered office at Calle Luís Pasteur s/n. CP 28703 San Sebastián de los Reyes (Madrid) and contact email esp-privacy@hotelbb.com. The user can contact the Data Protection Officer through dpdhotelbb@globalsuitesolutions.com.
B&B HOTELS operates through a central online reservation system shared by the hotels listed at the following link https://www.hotel-bb.com/es/espana/hoteles-espana
As part of the booking process carried out via the Website or the Application, B&B HOTELS is the joint controller of personal data together with the companies that operate the hotels in which the bookings are made. Through the following link you can consult the list of hotels https://www.hotel-bb.com/es/espana/hoteles-espana
The companies indicated in the following link https://www.hotel-bb.com/es/terminos-conditiones-generales-bb-hotels-cl… jointly manage the B&B HOTELS Club loyalty programme. In addition, B&B HOTELS has signed a joint responsibility agreement with the data controllers, which establishes their respective obligations, the general lines of which are available upon request by email to the B&B HOTELS Data Protection Officer at the following address dpdhotelbb@globalsuitesolutions.com.
The companies listed in the following link https://www.hotel-bb.com/es/condiciones-de-uso-b-and-me/espana-portugal jointly manage the B&Me loyalty programme. In addition, B&B HOTELS has signed a joint responsibility agreement with the data controllers, which establishes their respective obligations, the general lines of which can be consulted upon request by email to the Data Protection Officer of B&B HOTELS at the following address dpdhotelbb@globalsuitesolutions.com.
3. Transparent and legitimate collection of personal data
In order to comply with the values of fairness and transparency, B&B HOTELS ensures that it informs the data subjects about the processing operations it carries out, informing them of this at the time of collecting their personal data.
All data is obtained lawfully. No data will be collected without the knowledge or consent of the person concerned.
4. Fair and proportionate use of personal data
When B&B HOTELS processes your personal data, it does so for specific purposes: each data processing operation therefore pursues a legitimate, specific and explicit aim.
For each of the operations carried out, B&B HOTELS undertakes to collect and use only the data that is relevant, relevant and strictly necessary in relation to the purposes for which they are processed.
B&B HOTELS guarantees that the data will be kept up to date and will apply procedures that allow the deletion or rectification of data that are incorrect.
5. Data processed
B&B HOTELS collects and processes the following categories of personal data for the purposes indicated in the following section:
- Identification data: name, surname, address, telephone, email, date of birth, age and customer code.
- Professional data: company in which you carry out your professional practice and management of the same.
- Browsing Data: logs and connection data, computer hardware identification data, language preferences, geo-location data, data relating to the use of the Platform and Services, including data provided to our computers when you make requests (language preference, etc.), and data collected through cookies or other trackers.
- Data in relation to the reservation: arrival and departure dates, details of the other people who will occupy the reserved room (name and age, preferences such as whether they want a smoking room, floor, etc.),. In the case of requesting the invoice in the name of a company with a different address than its personal address, its name, address, applicable VAT, etc. must be indicated.
- Transactional data: transaction number, details of the means of payment, details of the purchase, subscription or service subscribed, details of the payment of invoices, payment terms, discounts granted, receipts, balances and unpaid invoices. The bank card number, expiry date and encryption code are processed exclusively by our service provider Adyen, which only provides an identification number (token) to guarantee and pay for bookings.
- Data on the history of bookings made at B&B HOTELS.
6. Purposes, legal bases and data retention periods
Each processing operation carried out by B&B HOTELS responds to an express, legitimate and specific purpose, which is based on the performance of a contract, compliance with a legal or regulatory obligation, the User's consent or even a legitimate interest. However, the data will only be kept for the time strictly necessary for the purposes for which they are to be used.
The purposes for which Users' personal data may be processed, their legal basis and the period of their retention are detailed below:
PURPOSE | LEGAL BASIS | RETENTION PERIOD |
Handling reservations and supervising the commercial relationship with customers in all related aspects, including the management of complaints, if any | Execution of the contract between the clients and entities of the B&B HOTELS Group | Active bases: The data necessary for the management of customer relations will be kept for the time necessary for the execution of the contract. Intermediate files: For judicial or pre-judicial purposes, they will be kept until the end of the judicial injunction, and/or for the duration of the procedure until ordinary and extraordinary remedies have been exhausted. Data relating to payments made by bank card will be kept for 13 months from the date of payment, a period that will be extended up to 15 months in the case of deferred debit cards. |
Creating and managing user accounts on the website Improved services offered by B&B HOTELS, specifically: − Surveys of satisfaction − Feedback management received on the services provided | User Consent B&B's legitimate interests HOTELS | Active bases: The data necessary for the management of the relationship with customers will be kept for the time necessary for the execution of the contract. Intermediate files: For judicial or pre-judicial purposes, they will be kept until the end of the judicial injunction, and/or for the duration of the procedure until the ordinary and extraordinary remedies have been exhausted. The time required to conduct satisfaction surveys or to manage customer reviews |
Compilation of commercial statistics | B&B's legitimate interests HOTELS | The time necessary to achieve the purposes for which the statistics are compiled or until the User exercises his or her right to object. |
Registration of the accounting and Tax Obligations | Compliance with legal obligations | Intermediate files: They will be retained for the legally established period for each of the obligations (e.g. accounting data are retained for a period of 10 years) |
Operations commercial studies, specifically: − Sending of Newsletter − Customer acquisition campaigns (email Phone and regular mail) − Invitations to Events − Organization of competitions | − User's consent for operations carried out by electronic means (e-mails, text messages, etc.) − Legitimate interests of B&B HOTELS for those transactions carried out by post or in the that personal intervention is required (i.e. Non-automated operations). | The data will be kept until the owner revokes their consent or for a period of 3 years from the last communication of the owner with B&B HOTELS. |
Administration and management of the subscriptions to the B&B HOTELS Club loyalty program. | Execution of the contract concluded with B&B HOTELS and the other subsidiaries of the B&B HOTELS Group. | Active bases: They will be kept for the duration of the subscription to the program. Intermediate files: For judicial or pre-judicial purposes, they will be kept until the end of the judicial injunction, and/or for the duration of the procedure until the ordinary and extraordinary remedies have been exhausted. |
The management of requests from the Users to exercise their rights in relationship with their personal data | Compliance with the obligation imposed by Article 15 et seq. of the GDPR | During the time necessary for the processing of the application. |
The proper operation and improvement of the Platform and its Functionality including Quantifying the audience on the web | − The legitimate interest of B&B HOTELS in ensuring the proper functioning and security of the Web − The User's consent when unnecessary cookies are accepted. | The life of the tracker is limited to a period of 6 months Data collected through trackers will be retained for a maximum period of 25 months |
Management of the B&Me loyalty program (granting of benefits and loyalty points) | Execution of the contract entered into with B&B HOTELS and the other subsidiaries of the B&B HOTELS GROUP. | Active bases: For the duration of the membership to the program Intermediate files: For judicial or pre-judicial purposes, they will be kept until the end of the judicial injunction, and/or for the duration of the procedure until the ordinary and extraordinary remedies have been exhausted. |
7. Data recipients
Within the limits of their respective competences and for the purposes referred to in section 6 of this Policy, the following persons may have access to your personal data:
Authorized personnel belonging to the reservations, marketing, sales, administration, logistics and IT departments, who are responsible for improving our Services, relationships with customers, potential customers and quality controls.
Authorised staff of subcontractors and service providers of B&B HOTELS, including, in particular, providers of cloud hosting and storage, payment services, software for checking identity documents and verifying identity online using facial recognition, mail services, IT support services and, finally, market research.
Authorised personnel of the companies jointly responsible for the processing of the same.
The competent authorities, upon request, and in particular public bodies, courts, as well as mediators, accountants, auditors, lawyers, judicial officers, police officers, debt collection agencies. They will have access exclusively to comply with legal obligations, as well as to search for the perpetrators of infringements committed on the Internet.
Third parties who may implant cookies, with their consent, on the Users' devices. For more information, you can consult our Cookies Policy.
8. Transfer of data outside the European Union
B&B HOTELS belongs to the B&B HOTELS Group, which offers its services in numerous countries.
In this regard, and for the purposes set out in section 6 of this Policy, personal data may be transferred to persons belonging to the Group or not who are located outside the European Union.
In the absence of an adequacy decision, B&B HOTELS will only transfer data outside the European Union if the appropriate safeguards are met, i.e. the standard contractual clauses defined by the European Commission and in strict compliance with current regulations.
You can access all safeguards and documents relating to the transfer of personal data outside the European Union by contacting our Data Protection Officer.
- Through the following email address esp-privacy@hotelbb.com.
- By post addressed to "Data Protection Officer B&B HOTELS" C. Luis Pasteur, s/n, 28703 San Sebastián de los Reyes, Madrid.
9. Security of personal data
B&B HOTELS pays particular attention to the security of the processing of personal data. Consequently, it has implemented the necessary protection measures for this purpose, both technical and organisational, considering the degree of sensitivity of the data collected, in order to guarantee the integrity and confidentiality of the same and protect them against malicious interference, loss, alteration or disclosure to unauthorised third parties.
However, the security and confidentiality of data depends on the good practices of each person. Data subjects are therefore encouraged to keep abreast of the situation.
10. Subcontracted companies
When B&B HOTELS works with service providers, it will only transfer personal data when it has obtained the commitment and guarantees from them to comply with the confidentiality and security requirements required for this purpose.
In compliance with their legal obligations, the contracts signed between B&B HOTELS and the subcontracted companies include, in a precise manner, the terms and conditions under which the personal data will be processed in accordance with the applicable legislation for this purpose.
11. Cookies
The use of cookies is included, in particular, in the Cookies Policy.
12. Social Media
Our Twitter, Facebook, Instagram, TikTok and Youtube accounts can be accessed by clicking on the corresponding icon of each of them through our Website or Application.
Social media helps to improve the usability of the Website and our App, as well as helping to promote it when shared.
By clicking on the aforementioned icons, B&B HOTELS may have access to the personal information that the User has indicated as public and accessible from their Twitter, Facebook, Instagram, TikTok and YouTube profiles. However, B&B HOTELS does not create or use any separate databases of Twitter, Facebook, Instagram, TikTok and YouTube, or data relating to your private life.
To limit third parties' access to your personal information on Facebook, Twitter, Instagram, TikTok or YouTube, it is advisable to change the settings of your user profiles and/or the nature of your posts to limit your audience.
13. Exercise of data protection rights
B&B HOTELS is particularly committed to respecting the rights of Users in the context of data processing, and its intention is to ensure fair and transparent processing of the same, taking into account the specific circumstances and the context in which they are processed.
13.1 Right of access
In this regard, the User will have the right to obtain confirmation as to whether or not their personal data is being processed. If so, you have the right to access the data being processed and the following information:
The purposes of the processing.
The category of personal data concerned.
The addressees or categories of recipients to whom they are communicated, in particular where they are located in third countries or are international organisations.
Where possible, the expected period of data retention. Otherwise, the holder will be informed of the criteria followed to determine the aforementioned period.
The existence of the right to request the Controller to rectify or delete personal data, to limit the processing or to oppose it.
● The right to lodge a complaint with the competent authorities.
● Information on the origin of the data obtained when these have not been obtained directly from the owner.
The existence of automated decisions, including profiling and useful information on the logic applied for this purpose, as well as the significance and expected consequences of this processing for data subjects.
13.2 Right to rectification
The User shall have the right to request B&B HOTELS to rectify inaccurate, ambiguous or obsolete personal data concerning him/her. In addition, the data subject shall have the right to have his/her personal data completed when he/she considers that these are insufficient.
13.3 Right to erasure
The User will have the right to request B&B HOTELS to delete the personal data of which they are the owner, when the requirements of current legislation are met.
It should be borne in mind that the right to erasure of data is not a general right and can only be invoked if any of the grounds provided for in the applicable regulations are met.
13.4 Right to restriction of processing
The User shall have the right to obtain from the Data Controller the limitation of the processing of the data when the conditions provided for in the applicable regulations for this purpose are met.
13.5 Right to object
The User shall have the right to object at any time, for reasons relating to their particular situation, to the processing of the personal data of which they are the owner when the legal basis for such processing is the legitimate interest pursued by the Data Controller.
If the User exercises their right to object, B&B HOTELS will stop processing their personal data, unless legitimate reasons can be demonstrated to continue with such processing. These grounds must override the interests, rights and freedoms of the User or be justified by the recognition, exercise or defence of a right.
13.6 Right to data portability
The data subject shall have the right to the portability of their data. However, this is not a general right and can only be invoked when the processing has been carried out by automated means, being excluded in those cases in which the data have been processed manually or on paper.
In addition, this right is limited to cases where the processing of the data is based on the user's consent, the execution of pre-contractual measures or a contract.
This right does not apply when the data is derived or inferred, i.e. when it is personal data created by B&B HOTELS.
13.7 Right to revoke consent
When the processing of data by B&B HOTELS is based on the User's consent, the User has the right to revoke their authorisation at any time. In this way, B&B HOTELS will no longer process your personal data without affecting previous operations for which you have given your consent.
13.8 Right to make a complaint
The User shall have the right to lodge a complaint with the competent authorities, without prejudice to the exercise of other legal or administrative actions that he/she deems necessary, through the following address: https://www.aepd.es/
The User may submit the complaint using the following standard form: https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/tramitesCi…
13.9 Right to Advance Directives
The User may define his/her wishes, in the event of death, in relation to the storage, deletion and communication of personal data. He will also have the right to appoint a person of his trust to carry out his will, being empowered to request the Controller to execute such provisions.
The User may communicate their wishes regarding the destination of the personal data processed by B&B HOTELS in the manner described, which may be modified or revoked at any time.
13.10 How to exercise your rights?
All the rights described in the previous sections may be exercised as follows:
− Through the email address esp-privacy@hotelbb.com.
− By ordinary mail sent to C. Luis Pasteur, s/n, 28703 San Sebastián de los Reyes, Madrid.
In order to attend to your request, it will be necessary to prove your identity by any means.