DATA PROTECTION POLICY
The following text informs of the data EAT SLEEP CYCLE S.L. processes in the exercise of its services in compliance with both EU regulations (no. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free mobility of people) and the Spanish legislation (Ley Orgánica 3/2018, of December 5, on the protection of personal data and guarantee of digital rights).
WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
The person in charge of the processing of personal data is Louise Laker, one of the founding partners of EAT SLEEP CYCLE S.L. with a legal address at Carrer del Vern, 3, Girona, 17004, telephone +34 972 649 131, email address firstname.lastname@example.org.
WITH WHAT PURPOSE AND WITH WHAT LEGITIMACY DO WE TREAT THE DATA?
The data is treated with the consent of the person who has contacted us. The data is collected either through: telephone, email, online forms or in person. This data is not preserved unless a professional relationship is established.
Services to customers.
We record the customer identification data, as well as any addition information we are provided with in order to satisfactorily carry out the services offered. We can obtain information from third parties from the customers (e.g. one client making a reservation for another). The data recorded is solely and exclusively aimed for executing our services.
The data is recorded in our documents and computer systems for the administrative management and accounting of the company. The data treatment is carried out in compliance with contractual relationships (article 6.1.b RGPD) and legal obligations (article 6.1.c RGPD).
Management of the data of our suppliers.
We treat the contact details and the fiscal data of the suppliers (physical persons) from whom we obtain services or goods. We deal only with the data necessary to maintain the business relationship and use the data only for this purpose, in the context of contractual relationships and in compliance with legal obligations.
Product and service information.
With the authorization of the customer, their contact information is used to send information related to our services or products. We treat the data based on the consent of the person receiving the communications (art. 6.1.a RGPD).
Users of our website. Cookies.
The navigation system and the software that enables the operation of our website automatically record the data that is normally generated in the use of Internet protocols, among others, the IP address or the domain name of the computer used by the person who viewed the web.
Upon accessing our office we inform of the existence of video surveillance cameras through of the approved signboards. The images are recorded as a security measure, to preserve the legitimate interests of the office (Article 6.1.f RGPD). They are kept for a maximum period of one month, except should the Security forces require them.
WHO IS THE DATA COMMUNICATED TO?
We only communicate data of our clients when it is necessary for the fulfillment of the orders received. With prior knowledge of the client, we can also communicate data to people with whom he/she has a legal relationship with, and to other professionals with whom we collaborate with in the provision of services. In the billing of our services we can communicate data to banks.
Our office employs the services of other people or companies, such as IT or consultancy firms, that provide us with their experience and specialization. On some occasions they have to treat personal data for which the company is responsible for. This access does not constitute a transfer of data but a processing assignment (art. 4.8 RGPD), so that these employed professionals can only treat the data to offer their services, without being able to allocate the data for other purposes. At the time of contracting such professionals, confidentiality obligations are formalized and we at EAT SLEEP CYCLE S.L. keep track of their actions.
HOW LONG DO WE KEEP THE DATA FOR?
We comply with the legal obligation to limit the period of preservation of the data as much as possible. For this reason the data is only kept for the justified amount of time necessary to carry out the purpose that motivated obtaining it.
On certain cases, such as the data contained in the accounting documentation and the billing, the tax regulations compel us to conserve it until the responsibilities in this matter prescribe.
When we have been authorized to send information about our services, the data is retained until the person revokes this consent. The images obtained by video surveillance cameras are kept for a maximum of one month, although it can be longer if an incident occurs.
WHAT RIGHTS DO PEOPLE HAVE IN RELATION TO THE DATA WE ARE DEALING WITH?
The people whose data we work with have the following rights:
To access it. They have the right to know what personal data is subject to treatment, what is the purpose for which it is treated, communications to other people, the right to obtain a copy or knowing the predicted term of conservation.
To ask for the rectification. Right to rectify inaccurate data.
To ask for it to be deleted. Right to request the deletion of the data when, among other reasons, they are not necessary for the purposes for which they were collected and justified the treatment.
Request limitation of treatment. In certain circumstances there is the right to request the limitation of the treatment of the data: they will no longer be dealt with and will only be retained for the exercise or defense of claims.
Portability. Right to obtain the personal data in a commonly readable format for a machine, and to transmit them to another person responsible for the treatment if the interested party so decides.
To oppose treatment. Because of particular circumstances, a person may ask us to stop processing their data if it can be detrimental.
HOW CAN YOU EXERCISE OR DEFEND YOUR RIGHTS?
The rights that we have just enumerated can be exercised by contacting us at our postal address or by sending an email to the address indicated in the heading. If a person considers that he/she has not obtained a satisfactory answer in the exercise of rights, he/she can file a claim with the Spanish Data Protection Agency, through the forms or other channels accessible from its website www.agpd.es.