Privacy Policy for thehotelalhambra.com
1. Introduction
At The Hotel Alhambra, accessible via thehotelalhambra.com, we take your privacy seriously and are committed to protecting your personal data. This Privacy Policy outlines the manner in which we collect, use, disclose, and safeguard your information when you visit our website or interact with our services. We operate in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through thehotelalhambra.com and services related to your interaction with us, including reservations, inquiries, marketing, and support communications. For the purpose of GDPR and other applicable data protection legislation, the data controller is The Hotel Alhambra.
If you have any questions about our data handling practices, you may contact us at [email protected].
3. Categories of Data We Process
We collect and process the following categories of personal data when you engage with our website and services:
a. Usage Data
Includes: IP address, browser type and version, operating system, referral source, time zone settings, device location, session timestamps, and website activity logs.
b. Account Data
Includes: Full name, title, postal address, email address, phone number, and user credentials used to access bookings or subscriptions on our website.
c. Profile Data
Includes: Reservation history, room preferences, special requests, loyalty program information, and behavioral data related to your engagement with our website and services.
d. Communication Data
Includes: Details of communications with our support team, contact form submissions, online chat records, customer feedback, and correspondence history.
e. Technical Data
Includes: Device identifiers, settings, operating system, mobile network data, browser plug-in types, diagnostics, and crash reports collected via automated technologies.
f. Transaction Data
Includes: Payment details (card type, last four digits, billing address), purchase amounts, delivery details, booking confirmations, and transaction history.
g. Preference Data
Includes: Marketing and communication preferences, opt-in/opt-out status, and interests explicitly disclosed or inferred from user behavior.
4. Legal Bases for Processing Personal Data
We rely on the following legal bases for processing personal information under GDPR:
– Performance of a Contract: When we fulfill your reservation request or respond to your direct inquiries.
– Consent: When you voluntarily provide data for marketing or newsletter subscriptions.
– Legitimate Interests: To enhance user experience, maintain security, and analyze service performance, provided that such interests do not override your fundamental rights.
– Legal Obligation: To comply with regulatory requirements, including tax, fraud prevention, and operational mandates.
Under the CCPA, we process data as a ‘business’ as defined by California law and only use personal data for the purposes described in this policy.
5. Your Rights
Under GDPR, you are entitled to the following rights regarding your personal data:
– Right of Access: Request a copy of your personal data.
– Right to Rectification: Correct inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, except where necessary for contractual or legal purposes.
– Right to Restriction: Limit the use of your personal data under specific conditions.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
Under CCPA, California residents may additionally:
– Request to know what personal information we collect, use, disclose, or sell.
– Request deletion of your personal information.
– Opt out of the sale of personal information, if applicable (note: we do not sell personal data).
Requests relating to these rights can be made by contacting [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to protect your personal data against unauthorized access, loss, misuse, alteration, or destruction. These include:
– Data Encryption (HTTPS, TLS) for data in transit.
– Access Control & Authentication for internal systems.
– Regular Security Audits and Penetration Testing.
– Backup & Disaster Recovery protocols.
– Employee Training in data protection and privacy compliance.
7. International Transfers
We may transfer your data to jurisdictions outside of the European Economic Area (EEA) or California for processing by partners or service providers. In such cases, all transfers are conducted under legally approved mechanisms, such as:
– Standard Contractual Clauses adopted by the European Commission.
– Binding Corporate Rules.
– Transfer Impact Assessments and supplemental safeguards where required.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specific retention periods include:
– Booking and Account Data: up to 7 years following your last interaction for legal and accounting purposes.
– Communication Logs: 3 years from date of communication.
– Marketing Data: until you unsubscribe or withdraw consent.
– Usage and Technical Data: retained up to 26 months for analytical purposes.
After the applicable retention period, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance functionality and analyze performance. Types of cookies include:
– Essential Cookies: Enable core functionalities such as page navigation and access to secure areas of the website. These cannot be disabled.
– Functional Cookies: Remember user preferences and enhance usability.
– Analytics Cookies: Collect aggregated, anonymized data to measure usage and improve site performance.
– Performance Cookies: Monitor website responsiveness and user navigation patterns.
10. Cookie Management and Compliance
Upon first visit to thehotelalhambra.com, you will be prompted to manage your cookie preferences. You may accept or reject non-essential cookies in accordance with GDPR and CCPA requirements. At any time, you can change your consent using browser settings or our Cookie Settings interface.
Note: Essential cookies necessary for website functionality are always active and do not require user consent.
11. Children’s Privacy
Our website and services are not intended for children under 13 years of age. We do not knowingly collect or solicit personal data from minors. If we discover that we have inadvertently collected information from a child under the age of 13, we will delete such information promptly. Parents or guardians may contact us at [email protected] to request removal.
12. Changes to This Policy
We reserve the right to modify or update this Privacy Policy at our discretion to remain compliant with legal obligations or operational changes. Significant modifications will be highlighted on thehotelalhambra.com, and where appropriate, we will seek your express consent to any material changes that affect your rights.
13. Contact Us
If you have any privacy-related concerns, questions about how we handle your data, or wish to exercise your rights, please contact us at:
Email: [email protected]
Website: https://thehotelalhambra.com
We remain committed to ensuring the protection and lawful use of your personal information, and we encourage you to contact us should you need any further assistance regarding your privacy rights.