RESPONSIBLE FOR THE TREATMENT

LYLAA RESORT SL with CIF B-02940245, with address in Tomares (Seville), Puerta Aljarafe Building, Parque Aljarafe s/n, represented by José Antonio Garcés Cabrera, in his capacity as Data Protection Delegate, with contact telephone number 954.25. 73.25 and email protecciondatos@grupoq.net.

The aforementioned report has been prepared based on the information provided by the Treatment Manager.

PRIVACY POLICY

As you surely know, the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of personal data (hereinafter GDPR) and Organic Law 3/2018, of 5 of December, Protection of Personal Data and Guarantee of Digital Rights (hereinafter LOPDGDD), highlights the need to reinforce the levels of security and protection of personal data. We want to inform you that we meet all the requirements that said legislation requires and that all data, under our responsibility, is being treated in accordance with legal requirements and keeping the appropriate security measures that guarantee their confidentiality. However, given the legislative developments that have occurred, we believe it appropriate to inform you of the following privacy policy:

1) Who is responsible for processing your data?

Identity: LYLAA RESORT SL
Postal Address: Puerta Aljarafe Building, Parque Aljarafe s/n (CP 41940 TOMARES) SEVILA
Telephone: + 34 954-25-73-25
Email: protecciondatos@grupoq.net

2) What are your rights?

3) How can rights be exercised?

3.1) Where to go to exercise your rights:

If you wish to exercise your rights, please go to the channel established for the exercise of rights by the data controller protecciondatos@grupoq.net so that we can respond to your request in a managed manner»

3.2) Information required to exercise your rights:

3.3) General Procedure for the Exercise of your rights:

Once the required information is received, we will proceed to respond to your request in accordance with the organization's general procedure for exercising rights:

4) What claim channels exist?

If you consider that your rights have not been duly addressed, you have the right to file a claim with the competent data protection authority (www.agpd.es)

ADDITIONAL INFORMATION TREATMENT OF CONTACT DATA

1) For what purpose do we process the personal data you provide us?

2) How long do we keep the data provided?

3) What is the legitimacy for the processing of your data?

4) To which recipients can your data be communicated?

5) Under what guarantees are your data communicated?

The communication of data to third parties is carried out to entities that accredit the provision of a Personal Data Protection System in accordance with current legislation.

6) How have we obtained your data?

The interested party himself, through the communication sent and/or through professional social networks.

7) What category of data do we process?

Identification and contact data, those related to and/or provided with the Query, Request for Technical or Corporate Information, Resources and/or Activities, Claims or Incidents that you make to us, as well as the personal data of third parties that you could provide us.

8) How is your personal data stored securely?

LYLAA RESORT SL takes all necessary measures to keep your personal data private and secure. Only authorized persons, authorized personnel of treatment managers or authorized personnel of hotels and activities (who have the legal and contractual obligation to keep all information securely) have access to your personal data. All staff who have access to your personal data are required to agree to respect the Hotel's Privacy Policy and data protection regulations, and all Third Party employees who have access to your personal data are required to sign the confidentiality commitments in the terms established in the current legislation. In addition, you contractually ensure that third-party companies that have access to your personal data keep it secure. To ensure that your personal data is protected, LYLAA RESORT SL has an IT security environment and adopts the necessary measures to prevent unauthorized access.

LYLAA RESORT SL has formalized agreements to guarantee that we treat your personal data correctly and in accordance with the data protection law. These agreements reflect the respective roles and responsibilities in relation to you, and contemplate which entity is in the best position to meet your needs. These agreements do not affect your rights under data protection law. For more information on these agreements, please do not hesitate to contact us.

ADDITIONAL INFORMATION TREATMENT OF CUSTOMER DATA:

1) For what purpose do we process the personal data you provide us?

2) How long do we keep your data?

3) What is the legitimacy for the processing of your data?

4) To which recipients can your data be communicated?

5) Under what guarantees are your data communicated?

The communication of data to third parties is carried out to entities that accredit the provision of a Personal Data Protection System in accordance with current legislation.

6) How have we obtained your data?

The interested party and other companies of the Business Group to which LYLAA RESORT SL belongs, travel agencies and intermediaries, the entity that processes the reservation and/or manages the payment with which the data controller maintains a contractual or service provision relationship and for which it must have personal data of contact persons, users and/or guests for administrative and operational management in order to manage their access to the hosting, catering and/or event service.

7) What category of data do we process?

Commercial data and contact persons for administrative and operational management associated with the execution of the contract/service; Data related to the position of contact persons for the administrative and operational management associated with the execution of the contract/service; Commercial data and contact persons for administrative and operational management associated with the execution of the contract/service; Economic, financial and/or payment terms data; Goods and services received by the affected party, Financial transactions; Name, surnames and NIF of legal representative, contact details of people from the organization involved or related to the project object of the contract/service.

It does not contain specially protected data or data related to criminal convictions and infractions, except those stated by the interested party for the adaptation of the required service (eg reduced mobility, food intolerances, ...).

8) How is your personal data stored securely?

In relation to the processing of your personal data, we inform you:

All necessary steps are taken to keep your personal data private and secure. Only authorized persons in charge of treatment or authorized personnel of hotels and activities (who have the legal and contractual obligation to keep all information securely) have access to your personal data. All personnel who have access to your personal data are required to agree to respect the Privacy Policy and the data protection regulations and all Third Party employees who have access to your personal data sign the confidentiality commitments in the terms established in the current legislation. In addition, you contractually ensure that third-party companies that have access to your personal data keep it secure. To ensure that your personal data is protected, we have an IT security environment and take the necessary measures to prevent unauthorized access.

The company and group members have entered into agreements to ensure that we treat your personal data correctly and in accordance with data protection law. These agreements reflect the respective roles and responsibilities in relation to you, and contemplate which entity is in the best position to meet your needs. These agreements do not affect your rights under data protection law. For more information on these agreements, please do not hesitate to contact us.

In relation to personal data that could be accessed as a result of the contracted services, we inform you:
The provision of services that are the object of the contract may imply physical access by company personnel to premises or facilities capable of storing personal data for which the client is responsible for processing. In this sense, the company has signed with its staff clauses that prohibit access to all types of confidential information and, specifically, to personal data belonging to the client, unless the service contemplates within its scope the treatment of transfer, repair , destruction and/or management of computer media that could contain personal data, in which case, LYLAA RESORT SL would act as data processor, establishing in that case the relevant contract in accordance with current data protection regulations that would include among other aspects the object, duration, nature, purpose, category of the data subject to treatment, security measures, obligations and rights of the person in charge, organizational and technical security measures to guarantee confidentiality during the process, as well as the agreements adopted between the client and commissioned in connection with the transmission of security violations and/or exercise of rights. The non-formalization of the personal data processing service in a contract by the client, presupposes that LYLAA RESORT SL has no associated responsibility as the person in charge of their treatment.

Notwithstanding the foregoing, in the event that he came to know any type of confidential information for the purpose of providing the service, he agrees to keep it secret, not to disclose or publish it, either directly or through third parties. or companies, or to make it available to third parties. This confidentiality obligation is indefinite, subsisting at the end of the contract for any reason. LYLAA RESORT SL undertakes to communicate and enforce compliance with the personnel under its charge and contracted on its own, the obligations established in terms of confidentiality.

ADDITIONAL INFORMATION SUPPLIER DATA PROCESSING:

1) For what purpose do we process the personal data you provide us?

2) How long do we keep your data?

3) What is the legitimacy for the processing of your data?

4) To which recipients can your data be communicated?

5) Under what guarantees are your data communicated?

The communication of data to third parties is carried out to entities that accredit the provision of a Personal Data Protection System in accordance with current legislation.

6) How have we obtained your data?

7) What category of data do we process?

Commercial data, contact persons for the administrative and operational management associated with the execution of the contract/project and workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks; As a consequence of the contribution of the curriculum of the supplier's personnel involved in the provision of the service/work, in order to prove technical solvency in offers; In the case of workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks (The data that could be derived from possible incidents or accidents at work of subcontractors would be included in the treatment "Prevention of Occupational hazards"); Licenses or approvals, in the case of workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks; Professional details and employment details as a result of the contribution of the curriculum of the provider's personnel involved in the provision of the service/work, in order to prove technical solvency in offers; Commercial information and approval data; Economic, financial data and/or collection conditions; Goods and services supplied by the affected party, Financial transactions; Other types of data: Name, surnames and NIF of legal representative, contact details of people in the organization involved or related to the project object of the contract/order.

The data structure that we process does not contain data related to criminal convictions and offenses, nor sensitive data, except in cases in which the owner has special conditions and must provide documentation that incorporates said information so that it can be accredited or justified compliance with said condition.

8) How is your personal data stored securely?

LYLAA RESORT SL takes all necessary measures to keep your personal data private and secure. Only authorized persons, authorized personnel of Third Parties or authorized personnel of our companies (who have the legal and contractual obligation to keep all information securely) have access to your personal data. All personnel who have access to your personal data are required to agree to respect the Privacy Policy and the data protection regulations and all Third Party employees who have access to your personal data sign the confidentiality commitments in the terms established in the current legislation. In addition, you contractually ensure that third-party companies that have access to your personal data keep it secure. To ensure that your personal data is protected, since it has an IT security environment and adopts the necessary measures to prevent unauthorized access. Group companies have entered into agreements to ensure that we treat your personal data correctly and in accordance with data protection law. These agreements reflect the respective roles and responsibilities in relation to you, and contemplate which entity is in the best position to meet your needs. These agreements between group companies do not affect your rights under data protection law. For more information on these agreements, please do not hesitate to contact us.

9) CONFIDENTIALITY AND INFORMATION TO THIRD PARTIES WHO PROVIDE US WITH DATA

In compliance with the provisions of the personal data protection regulations, we process the information you provide us (as well as the personal data of contact persons for administrative and operational management in order to manage your access, incorporation into the project/service object of the contracted service and/or verification of regulatory compliance under the responsibility of the organization, personal data of the legal representatives of the entity and/or of the people involved in the project (curriculum vitae) and/or personal references from previous jobs in order to accredit technical solvency and, where appropriate, personal data relating to workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks) in accordance with the provisions of the clause and additional information on data protection .

With the acceptance and/or validation of the process that serves as the basis for the formalization of your relationship with LYLAA RESORT SL, you expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection, as well as to inform and arrange of the consent of third parties who provide us with personal data for said treatment. Likewise, and to the extent that as a consequence of their relationship you can access personal data and/or confidential information, you agree to maintain absolute confidentiality and discretion regarding the information obtained about the activities, interested parties and entities related to LYLAA RESORT SL or group companies, especially with regard to Personal Data, even after the termination of their relationship with the organization.

In accordance with the aforementioned, it undertakes to inform on behalf of and in an express, precise and unequivocal manner the owners of the data of whom it transfers information to the company-within the month following the time of communication of the data to LYLAA RESORT SL , of the following aspects “Your personal data will be communicated to the Treatment Manager LYLAA RESORT SL–protecciondatos@grupoq.net. Said communication of data and the treatment of these, is carried out in compliance with current legislation on contractual, labor, occupational risk prevention and social security matters, with the purpose of informing, verifying and controlling compliance with the applicable legislation in relationship with the personnel designated by the supplier/collaborator for the execution of the contracted service and the maintenance of commercial relationship histories. Said treatment is mandatory in accordance with current legislation. The refusal to provide the data may lead to the termination of the contract. Likewise, the interested party is informed that, in accordance with current legislation, they must communicate the information and data obtained in the contracting process to organizations and third parties to whom, by virtue of current regulations, they have the obligation to communicate the data. Rights: The interested party may access, rectify and delete the data, as well as limit, withdraw or oppose the treatment in accordance with the procedures established in our privacy policy. If you consider that the exercise of your rights has not been fully satisfactory, you may file a claim with the national control authority by contacting the Spanish Agency for Data Protection, C/ Jorge Juan, 6 – 28001 Madrid. Origin: The data we process comes from the entity with which the data controller maintains a contractual or service provision relationship and for which it must have personal data of contact persons for administrative and operational management in order to manage their access, incorporation into the project/service object and/or verification of regulatory compliance under the responsibility of the organization (eg, data related to workers who are going to carry out the contracted work in terms of coordination of business activities and prevention of occupational hazards). The Data Structure that we process does not contain sensitive data, except in cases in which the owner is the beneficiary of special conditions and has to provide records that allow accrediting or justifying compliance with said condition. You can consult our Privacy Policy on the corporate website”

ADDITIONAL INFORMATION TREATMENT OF VIDEO SURVEILLANCE DATA AND ACCESS RECORD:

1) For what purpose do we process the personal data you provide us?

2) How long do we keep the data provided?

3) What is the legitimacy for the processing of your data?

The legal basis for the processing of your data is to satisfy a legitimate interest of the Responsible:

4) To which recipients can your data be communicated?

5) Under what guarantees are your data communicated?

The communication of data to third parties is carried out to entities that accredit the provision of a Personal Data Protection System in accordance with current legislation.

6) What claim channels exist?

If you consider that the exercise of your rights has not been fully satisfactory, you may file a claim with the national control authority by contacting the Spanish Agency for Data Protection, C/ Jorge Juan, 6 – 28001 Madrid.

7) What category of data do we process?

Image and identification and professional data, as well as reasons for your visit and/or person to visit, time of access and departure from the facility.

Likewise, temperature control data may be available to the extent that temporary temperature controls are carried out for access to the facilities for the purposes of controlling pandemic avoidance, according to the COVID Data Treatment Protocol that may be established. in terms of guaranteeing the job security of people in the organization.

8) How is your personal data stored securely?

All the necessary measures are taken to keep your personal data private and secure and will in any case comply with the provisions of Law 5/2014, of April 4, on Private Security and its development provisions. In this sense, it establishes and informs you of the following security measures:

LYLAA RESORT SL has formalized agreements to guarantee that we treat your personal data correctly and in accordance with current data protection regulations. These agreements reflect the respective roles and responsibilities in relation to you, and contemplate which entity is in the best position to meet your needs. These agreements do not affect your rights under data protection law. For more information on these agreements, please do not hesitate to contact us.

The Data Controller takes all necessary measures to keep your personal data private and secure. Only authorized persons, authorized personnel from third parties directly contracted by the Treatment Manager for the provision of services related to the purposes of treatment or authorized personnel of companies that operate under the trade name of LYLAA RESORT SL (who have the legal and contractual obligation to store all information securely) have access to your personal data. All LYLAA RESORT SL personnel who have access to your personal data are required to agree to respect the Privacy Policy of the person responsible for Treatment and the data protection regulations and all Third Party employees who have access to your personal data. that sign the confidentiality commitments in the terms established in the current legislation. In addition, you contractually ensure that third-party companies that have access to your personal data keep it secure. To ensure that your personal data is protected, we have an IT security environment and take the necessary measures to prevent unauthorized access.

9) CHANGES IN PRIVACY POLICY

LYLAA RESORT SL reserves the right to make, at any time, as many modifications, variations, deletions or cancellations in the contents and in the way they are presented as it deems appropriate, as we recommend that you consult our privacy policy whenever consider it relevant. If you do not agree with any of the changes, you can exercise your rights in accordance with the procedure described by sending an email to protecciondatos@grupoq.net

In compliance with the provisions of the personal data protection regulations, we treat the information that you provide us (as well as the personal data of other people that you may provide us with) for the purposes specified in this privacy policy. In this sense, you declare to have been informed, to consent, as well as to inform and have the consent of third parties who provide us with personal data for said treatment.

By accessing the facilities subject to video surveillance, you expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection, as well as to inform and have the consent of third parties who provide us with personal data for the processing of access log.

Likewise, with the acceptance and/or validation of the process, you declare that you are over 14 years of age and have legal capacity** and expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection. If you have checked the corresponding consent box, the legal basis for such purposes is your consent, which you can withdraw at any time.

(**) In the cases in which they represent a minor under 14 years of age or a person with legal incapacity, they responsibly declare that they have parental authority or guardianship of the minor or the corresponding legal representation, whose justification may be required by of the Treatment Manager in order to legitimize the accepted consent.