Privacy Policy

Privacy Policy

This legal text gives details of how we collect and process your personal data through your use of our website https://baltazarmarbella.es, including any information you may provide to us through the site when you register for our newsletter or provide your details to make a booking.

By providing us with the data, we inform you that our services are not possible for those persons who the regulations prevent them from giving consent, so when you send us the forms you guarantee that you have sufficient capacity to give consent.

Next, we inform you about the data protection policy of: Hotelera Padrón, S.A

Responsible for the treatment.

Contact details of the responsible:

Hotelera Padrón, S.A, with CIF: A29705019 and address at: Ctra. Cádiz Km 159, Playa Padrón 29680 Estepona Málaga and telephone: 952809500. We have a Data Protection Delegate, who can be contacted by email: dpo.estepona@kempinski.com.

Registered in the Mercantile Registry of Malaga, on August 2, 2012, Volume 5039, Book 3946, Folio 180, Section 8, Page MA20412, I/A 55.

Hotelera Padrón, S.A, is responsible for your data (hereinafter we, us or our).

  1. What data do we collect?

The General Data Protection Regulation defines personal data as any information about an identified or identifiable natural person, i.e. any information capable of identifying an individual. This would not include anonymous data, nor percentage data.

The personal data that could be collected directly from the interested party, will be treated confidentially and will be incorporated to the corresponding treatment activities, owned by Hotelera Padrón, S.A.

In our Web we can process certain types of personal data, which may include:

  • Identity data: name and surname.
  • Personal characteristics data: date of birth.
  • Contact data: email and telephone.

We do not collect any data relating to special categories of personal data (those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and information about your health, genetic or biometric data).

In the event that you are required to collect personal data by law or under the terms of a contract between us and you refuse to provide it to us, we may not be able to perform the contract or provide the service and you must notify us in advance.

  1. How do we collect your personal data?
  • The means we use to collect personal data are:
  • Through the form on our website, through our contact email, by phone or mail, when you:Request information about our servicesContract the provision of our servicesSubscribe to any of our services.
  • Send your comments

To ensure the quality of our portal, we reserve the right to refuse any registration request or to suspend or cancel a previously accepted registration if we believe that it does not meet these requirements or any other law or regulation. If this happens, we will try to explain the reasons for our decision, but we cannot undertake to do so in all cases.

Through technology or automated interactions: On our site we may automatically collect technical data about your computer, browsing actions and usage patterns. This data is collected through cookies or similar technologies. If you would like more information, you can consult our cookie policy here (link).

Through third parties:

  • Google: analytical data or search data. Outside the European Union.
  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • For the formalization of a contract between Hotelera Padrón, S.A and you.
  • When you give your consent to the treatment of your data.
  • When we need it to comply with a legal or regulatory obligation.
  • When it is necessary for our legitimate interest or that of a third party.

The User may revoke the consent given at any time by sending an email to dpo.estepona@kempinski.com or by consulting the exercise of rights section below.

Below, we attach a table in which you can consult the ways in which we are going to use your personal data and the legitimacy for its use, in addition to knowing what type of personal data we are going to process. We may process some personal data for some additional legal reason, so if you need details about it you can send an email to dpo.estepona@kempinski.com.

FormPurposeData typeLegitimacy for treatment
ContactThe purpose is to manage contacts and requests for information received via the web.NameEmailConsent of the data subject (art. 6.1.a GDPR) Pre-contractual measures (art. 6.1.b GDPR) Processing is necessary for the purposes of the legitimate interests pursued by the controller (art. 6.1f GDPR)
  NewsletterThe purpose is to manage the data provided in order to send information about our services and promotions.First nameEmailLast nameDate of birthConsent of the data subject (art. 6.1.a GDPR) Pre-contractual measures (art. 6.1.b GDPR) Processing is necessary for the purposes of the legitimate interests pursued by the controller (art. 6.1f GDPR)
Reserve a tableThe purpose is to manage the reservation of a table.First nameLast nameEmailPhoneConsent of the data subject (art. 6.1.a GDPR) Processing necessary for compliance with a legal obligation applicable to the controller (art. 6.1.c GDPR) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the request of the data subject of pre-contractual measures (art. 6.1b GDPR) Processing necessary for the purposes of the legitimate interests pursued by the controller (art. 6.1f GDPR)
Book an eventThe purpose is to manage the booking of an event.NamePhoneEmailConsent of the data subject (art. 6.1.a GDPR) Processing necessary for compliance with a legal obligation applicable to the controller (art. 6.1.c GDPR) Processing necessary for the performance of a contract to which the data subject is party or for the implementation at the request of the data subject of pre-contractual measures (art. 6.1b GDPR) Processing necessary for the purposes of the legitimate interests pursued by the controller (art. 6.1f GDPR)

Commercial communications: You will only receive communications if

You have requested information from us or have contracted a product or service from us.

If you provided us with your data, accepting the box provided for this purpose on our form.

As long as you have not expressed your desire to stop receiving such communications.

We obtain your express consent before sending you any communication, and you may request at any time that we stop sending you communications by email to dpo.estepona@kempinski.com.

When you opt out of receiving communications from us, your personal data will continue to be stored as a result of your contracting with us in order to comply with legal requirements.

Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably consider that we should use it for another reason, notifying you in advance so that you are informed of the lawful reason for processing and provided that the purpose is compatible with the original purpose.

  1. How long will we keep your data?

They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from that purpose and the processing of the data. The provisions of the different regulations regarding the retention period, as applicable to this treatment, shall apply.

Data of subscribers by e-mail or form: From the time the user subscribes until the user unsubscribes.

  1. Minors.

Hotelera Padrón, S.A. does not authorize minors under 14 years of age to provide their personal data through the means enabled in this web site (filling in the web forms for the request of services, contact or by sending e-mails). Therefore, the persons who provide personal data using these means formally declare to be older than 14 years old, being Hotelera Padrón, S.A. exempted from any responsibility for the non-fulfillment of this requirement.

If your child under the age limit has provided personal information to Hotelera Padrón, S.A., please contact us in order to request the exercise of your applicable rights.

In those cases in which the services offered by Hotelera Padrón, S.A. are intended for children under 14 years of age, the means to obtain the authorization of the parents or legal guardians of the minor will be enabled.

  1. Exercising Data Protection Rights:

How to exercise these rights? The users will be able to send a communication to the registered address of Hotelera Padrón, S.A. or e-mail address dpo.estepona@kempinski.com, including in both cases a photocopy of their ID card or other similar identification document, to request the exercise of the following rights:

  • Access to your personal data: you will be able to ask Hotelera Padrón, S.A if it is using your personal data.
  • To request their rectification, if they are not correct, or to exercise the right to be forgotten with respect to them.
  • To request the limitation of the treatment, in this case, they will only be kept by Hotelera Padrón, S.A. for the exercise or defense of claims.
  • To oppose to its treatment: Hotelera Padrón, S.A. will stop treating the data in the way you indicate us, unless for legitimate reasons or for the exercise or defense of possible claims, these should continue to be treated.
  • To the portability of the data: in case you want your data to be treated by another company, Hotelera Padrón, S.A, will facilitate the portability of your data to the new responsible.

You will be able to use the forms made available by the Spanish Data Protection Agency, to exercise your previous rights: Here

Claim before the DPO AEPD: if you consider that there is a problem with the way in which Hotelera Padrón, S.A. is treating your data, you will be able to address your claims previously to the Data Protection Delegate, who will mediate for the correct resolution of the conflict:

Email DPO: dpo.estepona@kempinski.com

  • Address: Ctra. Cádiz Km 159, Playa Padrón 29680 Estepona Málaga.

If it is not possible to resolve the conflict, you can always go to the corresponding control authority, being in Spain, the competent for this: Spanish Data Protection Agency.

We will ask you for specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any other of the rights mentioned above). This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it.

All requests will be dealt with by us within the one month legal deadline. However, it may take longer than one month if your request is particularly complex. In this case, we will notify you and keep you updated.

  1. Communication of data: provision of services.

It is possible that, in the performance of our work, we may need the assistance of third parties, who will only process the data to provide the contracted service, and with whom we have the corresponding measures to guarantee their rights:

  • Service providers who provide system administration and information technology services.
  • Professional advisors including lawyers, auditors and insurers who provide banking, legal, insurance and accounting consulting services.

All processors to whom we transfer your data will respect the security of your personal data and process it in accordance with the GDPR.

We only allow such processors to process your data for specified purposes and in accordance with our instructions. However, in order to comply with transparency requirements, you can ask us for a list of the companies that provide us with these services by sending an email to: dpo.estepona@kempinski.com.

  1. Data Security.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner, modified or disclosed. In addition, we limit access to your personal data to those employees, agent contractors and other third parties who have a business need to know such data. They will only process your personal data in accordance with our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspected breach of your personal data and will notify you and the Supervisory Authority in the event of a breach of security as regulated in Articles 33 and 34 of the GDPR.