Last modified: [21st May, 2018]
|Neptuno Turística, S.A.|
|Avda. Antonio Domínguez Alfonso, 8
38660 Playa de las Américas – Arona (Tenerife)
Collection and Use of Personal Data
Personal data is information that can be used to directly or indirectly identify you. This data includes anonymous information that is linked to information that can identify you either directly or indirectly. Personal data does not include data that has been aggregated or anonymised, with which we are not able to identify you, either in combination with other information or in any other way.
Below is a description of the types of personal data we can collect, and how we can use them:
Personal Data We Can Collect
Depending on the products and services you use, we may collect different personal information from you.
- Data you provide: We collect the personal data that you provide when using our services, such as when making a reservation or using our online chat tool.
- Financial data: If you have made a purchase, the data collected will be related to that purchase. This data includes the payment information, the credit or debit card number, other card information, authentication information and billing, shipping and contact details.
- Data on the use of our services and products: When you visit our websites, we can collect data about the type of device with which you connect, the unique device identifier, the IP address of the device, your operating system, the type of browser you use, data usage information, diagnostic information and location of computers, telephones or other devices onto which you have installed our app or use to access our products or services. Where available, our services can use GPS, your IP address and other types of technologies to determine the approximate location of your device and allow us to improve our products and services.
How We Use Your Personal Data
We generally use personal data to provide, improve and develop our products and services, to communicate with you and offer you personalised services, and to protect our customers and ourselves.
The Spring Hotels Group determines how to process your personal data acting as a controller for the following purposes:
To provide, improve and develop our products and services: we use personal data to help us provide, improve and develop our services. This includes the use of personal data for purposes such as data analysis, research and audits. Such processing is based on our legitimate interest in offering you products and services and for business continuity. If you participate in a contest or any other promotion, we may use the personal data you provide to administer those programs. Some of these activities have additional rules, which may contain further information about how we use personal data, so we recommend that you read those rules carefully before participating.
To communicate with you: Subject to your prior express consent, we may use personal data to send you communications from the Spring Hotels Group, communicate with you about your account or transactions, and inform you about our policies and terms. We may also use your data to process and respond to your requests when you contact us. Subject to your prior express consent, we may share your personal data with the Spring Hotels Group.
NOTE: For any of the uses of your data described above that require your prior express consent, please note that you can withdraw your consent by contacting firstname.lastname@example.org
To promote security: we use personal data to help verify user accounts and activity, as well as to promote security, monitor fraud and investigate suspicious or potentially illegal activities or violations of our terms or policies. Such processing is based on our legitimate interest in helping to ensure the safety of our products and services.
Cookies and Other Similar Technologies
You can delete or reject cookies in your browser or device settings, but in some cases doing so may affect your ability to use our products and services.
We may share personal information with companies that provide services on our behalf, such as websites, email services, marketing, sponsors of giveaways, competitions and other promotions, audits, fulfillment of customer orders, data analytics, customer service provision and conducting customer research and satisfaction surveys. These companies are obliged to protect your data and can be located wherever we operate.
Affiliates and Corporate Transactions
We may share personal data with all companies affiliated with the Spring Hotels Group. In the event of a merger, reorganisation, acquisition, association, assignment, spin-off, transfer or sale or disposition of all or part of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any or all personal data to the relevant third party.
Legal and Security Compliance
It may be necessary, by law, legal process, litigation and/or requests from public and governmental authorities inside or outside your country of residence, for us to disclose your personal information. We may also disclose personal data if we determine that, for purposes of national security, law enforcement or other matters of public importance, disclosure is necessary or appropriate.
We may also disclose personal data if we determine in good faith that the disclosure is reasonably necessary to protect our rights and pursue available solutions, enforce our terms and conditions, investigate fraud or protect our operations or users.
Legal Basis for the Processing of Personal Data of EEA Residents
If you reside within the European Economic Area (EEA), the processing of your personal data will be legitimised as follows: Whenever we request your consent for the processing of your personal data, such processing will be justified pursuant to Article 6 (1) paragraph (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). If the processing of your personal data is necessary for the execution of a contract between you and us or to take any pre-contractual action upon request, such processing will be based on Article 6 (1) of GDPR paragraph (b). When processing is necessary for us to comply with a legal obligation, we will process your data based on Article 6 (1) of GDPR paragraph (c), and when processing is necessary for the purposes of our legitimate interests, such processing will be performed in accordance with Article 6 (1) of the GDPR paragraph (f).
We take reasonable measures to ensure that your personal information is accurate, complete and up-to-date. You have the right to access, correct or delete the personal information we collect. You also have the right to restrict or object, at any time, to the further processing of your personal data. You have the right to receive your personal data in a structured and standard format. You may file a complaint with the competent data protection authority regarding the processing of your personal data.
To protect the privacy and security of your personal data, we may request data to enable us to confirm your identity and the right to access such data, as well as to search for and provide you with the personal data we keep. There are instances in which applicable laws or regulatory requirements allow or require us to refuse to provide or delete some or all of the personal information we maintain.
You can contact us to exercise your rights. We will respond to your request within a reasonable timeframe, and in any event in fewer than 30 days.
Data Security, Integrity and Retention
We use reasonable physical, administrative and technical security measures, designed to safeguard and help prevent unauthorised access to your data, and to correctly use the data we collect. For example, access to your personal data is restricted to our employees, contractors and agents who need access to such data to perform their assigned work tasks. In the case of a security breach, we will notify you and the appropriate authorities if required by law.
Our services are intended for adults. As a result, we do not knowingly collect, use or disclose data about children under 16 years of age. If we discover that we have collected the personal data of a child under the age of 16, or the equivalent minimum age depending on the jurisdiction, we will take steps to remove the data as soon as possible. Please contact us immediately if you are aware that a child under the age of 16 has provided us with personal data.
Data Transfers, Storage and Processing Globally
When we share your personal data with our affiliated companies and service providers, your personal data may be transferred and/or accessible from countries outside the European Economic Area. In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the Privacy Shield, where applicable, or binding corporate rules where our partners or service providers have adopted such internal policies approved by European Data Protection Authorities.
In relation to the use of your personal data for the following purposes:
- to provide, improve and develop our products and services;
- to communicate with you;
- to share your personal information with third parties for marketing communications;
- to promote safety;
- to use your personal data for the provision of services you requested.