With this privacy policy, HOTEL NÓRDIC, S.A.Uno. (hereinafter, we or “the Hotel”) inform you of the personal data that we collect through the services we offer and that are reflected through this website (hereinafter “our website”), how we treat them and the rights that in relation to your personal data and our treatments are conferred on you by the personal data protection regulations that apply to us..
Applicable regulations
1.Law 29/2021, of October 28, qualified as protection of personal data of the Principality of Andorra (hereinafter “the LQPD”),
2.Decree 391/2022, of 9-28-2022 approving the Regulations for the application of the LQPD,
3.Decree 45/2023, of 1-25-2023, approving the Regulations to modify the Regulations for the application of the LQPD and
4.Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with respect to the processing of personal data and the free circulation of these data (hereinafter, “the GDPR”).
In the following table you will find links to facilitate access to the points of this policy that are of interest to you, however, please read all sections of the legal notice, the cookies policy and this privacy policy before using this website:
To whom does this privacy policy apply?
Who is responsible for the processing of your personal data?
How do we obtain your personal data?
Why do we use your data and on what legal basis do we do it?
- To manage your stay at our facilities
- To initiate and maintain the relationship with our suppliers
- To initiate and maintain the relationship with our clients
- To register your accommodation at our tourist establishment
- To preserve security by intermediating video surveillance
- To select and hire our staff
- To create a user account
- To send you information, promotions and discounts of interest to you
- To respond to your requests, queries or complaints
- To manage possible future claims
- To safeguard and return the objects you lose to our facilities
- To guarantee the operation of our website (functional cookies)
- To extract aggregate statistics on the use of our website (analytical cookies)
- To improve the interest of the advertising you receive (advertising cookies)
- To communicate security breaches to youPor otras finalidades que no sean incompatibles con las anteriores
5 - With whom can we share your personal data?
6 - How long do we keep your personal data?
7 - What rights do you have?
- Your rights
- Where and how you can exercise your rights
- Forms for the exercise of your rights
8 - What responsibilities do you have?
9 - How do we protect your personal data?
10 - Modifications of this Privacy Policy
- ¿ Who does this privacy policy apply to?
This policy applies to people who interact with the Hotel through this website, to users of the services that the Hotel offers for the purposes described in section 4 of this policy (the services), and to all people with personal data. of which (for example, your images) may appear on our website or in the context of the services.
- Who is responsible for the processing of your personal data?
The sole person responsible for the processing of your personal data in accordance with what is indicated in this policy is:
HOTEL NÓRDIC, S.A.U. (the Hotel), with NRTA-704433S and with registered office at Camino de Tomas, s/n, AD100 Canillo (Principality of Andorra).
We have an external data protection officer – Win2win, SLU, an Andorran company specialized in privacy and protection of personal data – whom you can contact by email dpd@grupnordic.ad.
The Hotel is not responsible for the activities you carry out on other websites, even if you access through links on our website. That is why we strongly recommend that you carefully read the information provided to you by those responsible for these other websites before giving them your personal data (especially the privacy and cookie policies of each website).
- How do we obtain your personal data?
In general, it is you who directly provide us with your personal data - for example, through the forms on this website. The only exceptions to this rule are:
- Your voice and/or your image, when eventually collected by our video surveillance cameras;
- Data provided to us by third parties who reserve or purchase our products or services on your behalf (as beneficiary);
- The contact information provided to us by our service and product providers when you represent them;
- The last four digits of your credit card, which together with the purchase amount and the transaction number, is returned to us by our payment service provider in case you want to consult or revoke the transaction;
- Photographs or videos of events that we organize or in which we participate, and in which you may appear;
- Photographs, texts or other means of communication that the author may present to publish on our website or our social networks, normally within the framework of a participatory process, in accordance with the corresponding terms and conditions, and therefore, with his or her consent. .
- The images or other personal data that correspond to any news in which we consider that the public interest, our obligation of transparency and the right to information prevail over the possible interests of the people whose image or other personal data is published on our Website or on our social networks;
- Images that correspond to any content on the website over which we have the corresponding rights;
- Personal data that may appear about you in the emails and instant messaging we receive, or through the forms on our website;
- The cookies on this website, about which you will find more information in our cookie policy
4.Why do we use your data and on what legal basis do we do so?
To manage your stay at our facilities
We collect your data for the purpose of:
- Complete the arrival and departure registration;
- Make available to police authorities a copy of the identification documents of all guests
- Process your promotional codes and your payments;
- Provide you with a consistent and personalized service, advising you on the services you can enjoy at our facilities (based on the use you have made previously or the preferences you have communicated to us);
- Provide you with left-luggage, safe and parking services;
- Purchase or reserve services offered by third parties, when you request it and on your behalf (for example, coordinating excursions and other tourist visits, requesting tours or vehicles with drivers, and facilitating reservations for restaurants and events);
- Manage and provide you with access to Wi-Fi connection, television and other connectivity services (including access to business center services, such as fax and photocopy service) and entertainment systems;
- Provide you with in-room catering service (which includes respecting dietary, health restrictions or any other type of personal needs that you communicate to us);
- Provide you with room service (including cleaning, laundry services, and anything you may request for your comfort that we may provide, such as a pillow, duvet, or cell phone charger);
- Manage the rest of your requests and queries, or your complaints and suggestions;
- Determine if you qualify for age-restricted products and services (such as alcohol or in-room adult entertainment).
The bases that legitimize us to process your data in relation to each of the previous purposes are the fact that they are necessary for the execution of the purchase and sale contract of your stay in our facilities or the acquisition of third-party services, our legal obligations (for example, regarding the collection of identification documents or the issuance of invoices), the consent you express when indicating your food preferences, and our legitimate interest in respecting your preferences (for example, in relation to whether you want your room to be near the elevator or on a high floor)
To initiate and maintain the relationship with our suppliers
If you represent a provider of products or services, we collect your contact information and your signature to:
- Manage our relationships of all kinds with the supplier you represent.
- Manage the corresponding file on our list of authorized suppliers.
- Manage the budgets and invoices of the supplier you represent.
The treatments linked to purposes a) and b) are legitimized by the employment or service contract that you have signed with the supplier you represent and our legitimate interest when contacting him. And the treatments linked to purpose c) are legitimized to be necessary for the execution of the contract or contracts that you have signed with us.
To start and maintain the relationship with our clients
We collect your data that we receive orally or in writing directly from you or from a third party that represents you or of which you are a beneficiary, when you contract a service or product from us (for example, a reservation agreement for a hotel room, or a contract of wholesale of fuel or other products) in order to manage said contract, provide you with the corresponding service and invoice you for it.
If you make a payment through POS, we collect the last 4 digits of your payment card along with your payment identifier, date and amount, in order to respond to any request for information or refunds in relation to this payment. This data does not allow us to identify you, and, therefore, if you want to request something from us in relation to them, you will have to provide us with some information that allows us to link them to you.
Additionally, we inform you that, as a result of this contractual relationship, we may communicate to you orally or in writing commercial information related to the products or services that you have contracted from us.
The processing of these data is legitimate to be necessary for the execution of the contract for services or products in which you are an interested party, and for our legitimate interest in keeping you informed in relation to the products or services purchased.
To register your accommodation to our tourist establishment
We can ask you for an identity document to register it in the Tourist Accommodation Occupancy Registry application.
The legal basis for the processing of this document is the legal obligation in accordance with Law 16/2017, of July 13, general on tourist accommodation.
To preserve security through video surveillance
We collect your image through our video surveillance systems in order to preserve the safety of people, property and the facilities themselves, and to have video recordings as evidence.
The basis of legitimation for the aforementioned treatments is the public interest in public safety in accordance with section 3 of article 20 of Law 31/2021, of November 22, of consolidated text qualified as public safety, the legitimate interest of the Hotel , or affected third parties, when requesting judicial protection over a crime that may be proven by a few minutes of a recording, and our own legitimate interest in avoiding or reducing losses derived from crimes committed at the facilities, protecting the integrity of our workers. , protect our assets and facilities, increase safety at work, speed up the speed of response to serious risks such as fires or theft from third parties.
To select and hire our staff
We process the CV data that you voluntarily send us and what we may collect during the interviews that you voluntarily agree to carry out, to manage the relationship with you regarding your candidacy to occupy a job at the Hotel, including the search process. , filtering and storing the CV as a potential candidate, the personnel selection process and the hiring process.
The basis of legitimacy for the aforementioned treatments is your consent, which you express by sending us your CV, filling out a test or attending an interview, to be necessary for the execution of pre-contractual measures if you request them, and if we do not have a process of open selection or you are not hired and we consider that you may fit in future selection processes, our legitimate interest in preserving your CV for the purpose of including it in these future selection processes. You can withdraw your consent or oppose our legitimate interest as indicated in section 7 of this policy, and if you do so, there will be no effect other than the destruction of your CV (if you withdraw your consent from us).
consent) or the limitation of its conservation to the selection process for which you have sent us your CV.
To create a user account
We collect the data that you provide us when you register on our website, filling out the form to create a personal account to facilitate the management of your reservations or purchases and the evaluation of our services, as well as to control access to it. Among other advantages, the account will save you from having to provide your personal information every time you make a reservation or purchase
The basis that legitimizes this processing activity is the execution of the user contract that you sign at the end of registration.
To send you information, promotions and discounts of interest to you
We collect your email when you subscribe to our commercial communications service to send you information by email about news, discounts or promotions and so that you can make the most of our facilities and services.
Additionally, we process your email address that you give us when you register or purchase our services, to inform you about news, events, exclusive content, discounts or promotions and contests or raffles, so that you can make the most of the services of interest to you.
If you have subscribed through our website, the legal basis for this processing is your consent, and you can withdraw it at any time by exercising your right as indicated later in this policy, or through the link at the bottom of each email. . The only consequence of withdrawing consent is that you will no longer receive the catalogs and information that we sent you by email, and will no longer be able to participate in promotions, contests or raffles reserved for our subscribers.
If you receive the information because you have purchased any of our services, the legal basis for this processing is our legitimate interest to keep you informed about our products and services related to those you have purchased, which you can oppose at any time, as in the case above and with identical consequences, exercising your right as indicated later in this policy or through the link that exists for this purpose at the bottom of all our emails
To respond to your requests, queries or complaints
We collect the personal data that you provide us in your emails or by telephone, through contact forms, or through requests for the exercise of rights, to respond to your requests, queries or claims in relation to our services or the rights that you have. you have about your personal data.
The legal basis for this treatment is the consent you express when sending or giving us this data, our legal obligation to attend to your rights requests, and our legitimate interest in serving you. The provision of your data
personal information is, therefore, voluntary, although if you do not provide them to us we will not be able to process your request, query or claim. You can revoke your consent whenever you wish, although such revocation will also make it impossible to continue processing your request, query or claim.
To manage possible future claims
We retain data that may be necessary to manage your potential claims, or ours, based on our legitimate interest in defending ourselves to safeguard our rights.
To safeguard and return the objects you lose to our facilities
If you have lost a mobile phone or any other object containing personal data and we find it or it is released to us, we will safeguard this personal data until the legitimate owner of the lost object successfully claims it at our customer service point or, after a period of time prudential, we hand it over to the police authorities so that they are the ones who manage its custody and eventual return.
The basis that legitimizes us to process personal data from cell phones, wallets, backpacks and other objects that may contain personal data in this way is our legitimate interest in preventing their theft and returning them to you.
To ensure the operation of our website (functional cookies)
We use functional cookies to collect, store, consult and process personal information (linked to you through unique identifiers or IP addresses), from your device's browser, in order to ensure the correct functioning of our website.
As these are cookies necessary for the correct functioning of the website or personalization cookies, their use does not require that you give us your express consent, and the basis that legitimizes us to use them is our legitimate interest in being able to offer you the services of our website. according to your preferences.
You can find more information about these cookies in our cookie policy
To extract aggregate statistics on the use of our website (analytical cookies)
We use analytical or statistical cookies to identify the most and least visited pages, analyze which content is of greatest interest to our visitors, and measure the success of our information campaigns, all with the aim of improving the services we offer you through the Web. . All these purposes provide aggregate results, in which it is not possible to identify the interests of any specific person.
As these are analytical cookies, we will not use them until we have your consent, and not giving it or withdrawing it will have no effect other than hindering our purpose of improving the website by analyzing aggregate statistics of our visitors' navigation.
You can find more information about these cookies in our cookie policy.
To improve the interest of the advertising you receive (advertising cookies)
We download third-party advertising cookies. These files help us infer your interests based on the pages you visit, the content you click on, and other actions you take online.
As these are non-necessary cookies, we will not use them until we have your consent, and not giving it to us or withdrawing it will have no effect except that your visit to our website cannot be used to improve the interest of the advertising you receive.
You can get more information about these cookies in our cookie policy
To communicate security breaches to you
At the Hotel we assume security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information; However, if we determine that your data has been misappropriated (including by an employee or former employee of the Hotel), has been exposed by a security breach or has been improperly acquired by a third party, exposing you to a high risk, We will immediately inform you about this security breach, appropriation or improper acquisition, and about the measures we have taken and those we recommend that you take so that the breach does not affect you.
The basis that legitimizes this treatment is the legal obligation provided in article 37 of the LQPD, and our legitimate interest in preventing this security breach from harming you.
For other purposes that are not incompatible with the above
We may use your personal data for other purposes that are not incompatible with those previously indicated (such as archiving purposes for reasons of public interest, scientific or historical research purposes, or statistical purposes) provided that it is permitted by current regulations on data protection. protection of personal data, and of course, acting in accordance with this and the rest of the applicable regulations.
5.Who can we share your personal data with?
We do not transfer your personal data to anyone, unless:
- You yourself are the one who requests it from us.
- We have a legal obligation to do so.
- Necessary to enforce the terms and conditions of our products and services, including investigation of potential violations.
- Necessary to detect, prevent or otherwise address fraud, security or technical issues.
- You contract our products or services through intermediaries (for example, a travel agency) to whom we have to deliver products or services that they have acquired on your behalf, either with the consent you have given, because they represent you legally, or because we you have explicitly authorized it to us.
- We are co-responsible for data collection, because, always with your consent, other entities process it on their own behalf. This is the case of:
- or Google Ireland Ltd, with registered office at 4 Gordon House Street, Barrow - Dublin, Ireland, to whom we have entrusted the processing of data from the cookies necessary to use its Analytics services. Google Ireland Ltd acts as an independent controller for all processing it carries out on your behalf in accordance with its privacy policy. We transfer data to Google Ireland Ltd based on the data protection agreement that this company located in the EU includes in the addendum to the standard contract for countries suitable for the GDPR, such as Andorra, to which we add the additional safeguard of activate the anonymization of the IPs that collect the cookies. In our cookie policy you will see what analytical and advertising cookies we offer you and how to configure them.
- We need to protect your rights, our rights, those of our employees, or those of third parties (which may require transfer to the police for security reasons or to health authorities to prevent the spread of disease, for example, for the purposes of contact tracing). For example:
- If our video surveillance cameras record a theft at our facilities,
- If a third party requests video surveillance images from us based on their legitimate interest to request effective judicial protection regarding the commission of a crime or compensation for damages proven by the transferred images, and with the third party's commitment to use them exclusively for the reporting of this crime or to claim damages and losses suffered, and reducing the transfer of images to the minimum and essential to fulfill the intended purpose.
- A company subcontracted by us needs to process them on our behalf (for example, the company that provides us with Data Protection Officer services, and that has to respond to your rights requests); always under the terms and conditions of the corresponding treatment manager contract.
- A company subcontracted by us may occasionally have access to the personal data on our Website or our systems, although they do not need to process it on our behalf. This is the case, for example, of the web development and maintenance company or some of the services of our computer services lenders. Given that they could access Hotel data, they have signed a service provision contract that obliges them to maintain the same level of privacy that we have at the Hotel.
- We need to protect or defend the rights or property of the Hotel.
It is not planned to make any international transfer of personal data, and, if we eventually needed to carry it out, they complied with what is established by the regulations in force that apply to us at all times.
- How long we keep your personal data
The Hotel retains your personal data exclusively for the duration of the processing that requires it and, afterwards, for as long as it takes for the legal responsibilities that apply to us at all times to expire, derived from the processing in question (including the obligation to be able to demonstrate that we have attended to your request for the destruction of personal data).
For example, we will retain video surveillance recordings for a maximum of 30 days when they are incident-free, and if, exceptionally, a security incident has occurred during this period or there is evidence of a crime (for example, theft), we will extract a copy of the part of the recording that records the incident that will be kept until it is delivered to the police or to the interested party who requires it from us to prove their request for judicial protection.
We will destroy your CV when it is more than two years old, to consider that it is outdated in relation to the purpose to which it is dedicated.
We will destroy any unnecessary or disproportionate personal data that may appear about you in the emails and instant messages we receive, or through forms on our website as soon as we receive it.
We will destroy (and rectify) any personal data that we find inaccurate as soon as we verify its inaccuracy.
If you send us a copy of an identity document, we will destroy this copy as soon as we have verified that it fulfills the function for which you have sent it to us.
When we have no legitimate purpose for processing some of your personal data, we will delete or anonymize it, and if this is not possible (for example, because it is in backup copies), we will store it securely and block it to isolate it from any further processing until deletion is possible.
- What rights do you have?
You have the right to obtain confirmation as to whether or not we have any of your personal data.
We remind you that, when we share personal data with other controllers, you will have to exercise your rights directly against these controllers following the instructions provided in their own privacy policies. Specifically, in relation to the data that our cookies share with Google, we inform you that you can install in your Chrome, Internet Explorer, Safari, Firefox and/or Opera browser, the add-on to not send Google Analytics or Google Ads data to Google Inc. .
Below, we explain what other rights you have and how to exercise them.
Your rights
You can request the execution of the following rights from us:
- Access to your personal data.
- Rectification of any of your personal data, specifying the reason.
- Deletion of some or all of your personal data.
- Limitation of the processing of your data, specifying the reason for the limitation.
- Opposition to the processing of your personal data.
- Portability of your data when the legitimation basis for collection has been consent or a contract.
- Right not to be subject to automated individual decisions.
The consent given, both for the treatment and for the transfer of the data of the interested parties, is revocable at any time by notifying us, just like any other right, as indicated in the following section. This revocation will in no case be retroactive
Where and how you can exercise your rights
You can exercise your rights:
- By sending a written request to HOTEL NÓRDICO, SAU addressed to our postal address, indicated in section 2 of this policy, indicating a means of contact with you to be able to respond to your request, or ask you for more information if necessary. We would appreciate it if you would mark us on “Exercise of Personal Data Protection Rights”.
- By sending an email or the form associated with the right you wish to exercise to the email address DPDextern@win2win.ad, indicating “Exercise of Personal Data Protection Rights” as the subject. You will find these forms later, in this same section of the privacy policy.
In both cases, if it is not possible for us to verify that you are who you say you are, we will ask you to please send us proof of your identity, and in this way we ensure that we respond only to the interested party or their legal representative.
If the person sending the email does so as a representative of the interested person, the representative's accreditation must be done through documents or legal instruments that correctly identify the interested person and the representative and specify the assignment or procedure for which it is delegated. the representation.
Finally, and especially if you consider that you have not obtained full satisfaction from the exercise of your rights, we inform you that you can file a claim with the national control authority of your country, or by contacting the Andorran Agency for the Protection of Persons for this purpose. Data (APDA).
Forms for the exercise of your rights
In order to facilitate the exercise of your rights, we recommend that you use the corresponding application forms of the following:
- Form for exercising the right of access
- Form for exercising the right of rectification
- Form for exercising the right to object (model A and model B)
- Form for exercising the right of deletion
- Form for exercising the right to limit treatment
- Form for exercising the right to portability
- Form for exercising the right not to be subject to individual decisions
Automated
8 What responsibilities do you have?
By providing us with your data, you guarantee that it is accurate and complete. Likewise, you confirm to us that you are responsible for the veracity of the personal data that you have communicated to us and that you will keep them conveniently updated so that they respond to your real situation, making you responsible for any false or inaccurate personal data that you may provide us, as well as any damages. and damages, direct or indirect, that may arise from your inaccuracy.
You cannot provide us with personal data of other people unless it is justified in relation to the services you request from us. In any case, if you provide us with the personal data of third parties, you assume the responsibility of informing said third parties prior to providing us with their personal data. This information that you have to provide to third parties, the data you provide us, must include all the provisions set forth in this privacy policy, and you are the one responsible for the legality of this personal data and for transmitting it to its owners. the rights they have in relation to their personal data.
In cases in which you have to provide us with personal data of a minor under 16 years of age or of a person whose rights are limited, by doing so you are obliged to have the authorization of the holders of their parental authority or guardianship. Without this authorization, it is prohibited for you to provide us with any personal data of these people.
- How do we protect your personal data?
We are fully committed to protecting your privacy and personal data. We have prepared a record of all the personal data processing activities that we carry out, we have analyzed the risk that each of these activities may pose to you, and we have implemented the appropriate legal, technical and organizational safeguards to avoid, as far as possible, the alteration of your personal data, its misuse, loss, theft, unauthorized access, or unauthorized treatment.
We keep our policies conveniently updated to ensure that we provide you with all the information we have about the processing of your personal data, and to guarantee that our staff receives the appropriate guidelines regarding how they should process your personal data. We have signed data protection clauses and data processor contracts with all our service providers, taking into account the need that each of them has to process personal data.
We restrict access to personal data to those employees who really need to know it to carry out any of the treatments referred to in this policy, and we have trained and made them aware of the importance of confidentiality and maintaining the integrity and availability of the information. as well as the disciplinary measures that any possible infraction in this matter would entail.
However, if the Hotel determines that your data has been misappropriated (including by a Hotel employee), has been exposed by a security breach or incorrectly acquired by a third party, the Hotel will immediately inform you of this breach. security, appropriation or improper acquisition.
- Modifications to this Privacy Policy
We will update this policy when necessary to reflect any changes that may occur to the regulations or our treatments. If the changes are substantial, we will notify you before they become effective by sending you a notice or by publishing a prominent notice on this website, and you will have the option to exercise your rights as we informed you in a previous section. In any case, we recommend that you review
Last update: April 30, 2024