Gravina 51 Hotel Privacy Policy
LAST MODIFICATION: 03/15/2025
The Privacy Policy is part of the General Conditions that govern the website www.hotelgravina51.com , along with the Cookie Policy and the Legal Notice.
URIBEN HOTEL SERVICES SL reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. If a user has registered on the Website and accesses their account or profile, they will be informed upon accessing the Website if there have been substantial changes to the processing of their personal data.
Who is the data controller?
Any data collected or voluntarily provided to us through the Website, whether by browsing it, or any data you may provide in the contact forms, via email, or by phone, will be collected and processed by the Data Controller, whose details are indicated below:
URIBEN HOTELS SERVICES SL CIF: B95817318
Address: C/ Gravina , 51, 41001, Seville.
HOTEL GRAVINA 51
Address: C/ Gravina , 51, 41001, Seville
Registered in the Mercantile Registry of Seville, Volume 5566, Folio 199, Sheet BI-66816
Contact URIBEN HOTELS SERVICES SL, for the protection of your personal data
Phone : 910 56 93 54
Contact Data Protection Officer: lopd@hiddenhotels.com
If, for any reason, you wish to contact us regarding any matter related to the processing of your personal data or privacy (our Data Protection Officer), you can do so through any of the methods indicated above.
What data do we collect through the website?
By simply browsing the Website, URIBEN HOTELS SERVICES SL will collect information regarding:
- IP address.
- Browser version.
- Operating system.
- Duration of the visit or navigation on the Website.
This information is stored through Google Analytics , so we refer to Google's Privacy Policy, as it collects and processes such information. http://www.google.com/intl/en/policies/privacy/
Likewise, the Website provides Google Maps , which may access your location, provided you allow it, in order to provide you with greater specificity regarding the distance and/or routes to our locations. In this regard, we refer to the Privacy Policy used by Google Maps , in order to understand the use and processing of such data : http://www.google.com/intl/en/policies/privacy/
The information we handle will not be associated with a specific user and will be stored in our databases for the purpose of performing statistical analysis, improving the Website, our products and/or services, and helping us improve our commercial strategy. The data will not be shared with third parties.
User registration on the website/Submission of forms
To access certain services, such as booking, the user must complete a form. To do so, the registration form requests a series of personal details. This information is required and mandatory for registration. Failure to provide these fields will result in the user's registration being unsuccessful.
In this case, the browsing data will be associated with the user's registration data, identifying the specific user browsing the Website. This allows us to personalize the product and/or service offerings that, in our opinion, best suit the user.
URIBEN HOTELS SERVICES SL databases , along with the history of their transactions, and will be stored therein as long as the registered user's account is not deleted. Once the account is deleted, said information will be removed from our databases, and data relating to transactions will be kept separate for 10 years , without accessing or altering them, in order to comply with the legally applicable deadlines. Data not linked to transactions will be retained unless consent is withdrawn, in which case it will be deleted immediately (always taking into account the legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties.
Regarding the sending of communications and promotions electronically and the response to requests for information, the legitimacy of processing is the user's consent.
The purposes of the treatment will be the following:
a) Manage your access to the Website.
b) Manage the purchase of the services made available to you through the Website.
c) Keep you informed of the processing and status of your requests, purchases and/or reservations.
d) Respond to your request for information.
e) Manage all utilities and/or services that the platform offers to the user.
Therefore, we inform you that you may receive communications via email and/or phone to inform you of possible incidents, errors, problems, and/or the status of your requests.
For the sending of commercial communications, the user's express consent will be requested upon registration. In this regard, the user may revoke the consent given by contacting URIBEN HOTELS SERVICES SL using the means indicated above. In any case, with each commercial communication, the user will be given the opportunity to unsubscribe from receiving them, either through a link and/or email address.
Sending Newsletter
If the Website allows you to subscribe to the URIBEN HOTELS SERVICES SL Newsletter , you will need to provide us with an email address to which it will be sent.
Such information will be stored in a database of URIBEN HOTELS SERVICES SL , in which it will remain registered until the interested party requests its removal or, where appropriate, URIBEN HOTELS SERVICES SL ceases to send it.
The legal basis for the processing of this personal data is the express consent given by all interested parties who subscribe to this service by checking the designated box.
Email data will be processed and stored solely for the purpose of managing the newsletter delivery to users who request it.
To send the Newsletter , the user's express consent will be requested when registering for it by checking the designated box. In this regard, the user may revoke the consent given by contacting URIBEN HOTELS SERVICES SL using the means indicated above. In any case, with each communication, you will be given the opportunity to unsubscribe from receiving them, either through a link and/or email address.
If you are one of the following groups, please refer to the drop-down information:
+ WEB OR EMAIL CONTACTS
For what purposes will we process your personal data?
• Respond to your questions, requests, or petitions.
• Manage the requested service, respond to your request, or process your petition.
• Information by electronic means, relating to your request.
• Commercial or event information by electronic means, provided there is express authorization.
What is the legitimacy for processing your data?
Acceptance and consent of the interested party: In those cases where completing a form and clicking the send button is required to submit a request, doing so will necessarily imply that you have been informed and have expressly given your consent to the content of the clause attached to said form or acceptance of the privacy policy.
All our forms have a checkbox with the following formula, so you can send the information: “□ I have read and accept the Privacy Policy.”
+ CUSTOMERS / GUESTS
For what purposes will we process your personal data?
• Budget preparation and monitoring through communications between both parties.
• Information via electronic means, relating to your request and our service.
• Commercial or event information by electronic means, provided there is express authorization.
• Manage the administrative, communications, and logistics services provided by the Controller.
• Carry out the corresponding transactions.
• Billing and filing of appropriate taxes.
• Control and recovery procedures.
What is the legitimacy for processing your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS.
For what purposes will we process your personal data?
• Information by electronic means, relating to your request.
• Commercial or event information by electronic means, provided there is express authorization.
• Manage the administrative, communications, and logistics services provided by the Controller.
• Billing.
• Carry out the corresponding transactions.
• Billing and filing of appropriate taxes.
• Control and recovery procedures.
What is the legitimacy for processing your data?
The legal basis is the acceptance of a contractual relationship, or failing that, your consent when contacting us or offering us your products through any means.
+ SOCIAL NETWORK CONTACTS
For what purposes will we process your personal data?
• Respond to your questions, requests, or petitions.
• Manage the requested service, respond to your request, or process your petition.
• Connect with you and build a community of followers.
What is the legitimacy for processing your data?
Acceptance of a contractual relationship within the corresponding social network environment and in accordance with its privacy policies:
Facebook http://www.facebook.com/policy.php?ref=pf
Instagram https://help.instagram.com/155833707900388
Whatsapp : https://www.whatsapp.com/legal/#privacy-policy
How long will we keep personal data?
We can only view or delete your data in a limited manner if you have a specific profile. We will process it for as long as you allow us to continue following us, becoming our friend, or clicking "like," "follow," or similar buttons.
Any corrections to your data or restrictions on information or publications must be made through your profile or user settings on the social network itself.
+ VIDEO SURVEILLANCE
For what purposes will we process your personal data?
• Video surveillance of our facilities.
• Control of our employees.
• Sometimes they can be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for processing your data?
The unequivocal consent of the interested party upon accessing our facilities after viewing the information sign for the video-surveilled area .
+ JOB SEEKERS
For what purposes will we process your personal data?
• Organization of selection processes for hiring employees.
• Schedule you for job interviews and evaluate your candidacy.
• If you have given us your consent, we may share your information with collaborating or related entities, for the sole purpose of helping you find employment.
What is the legitimacy for processing your data?
The legal basis is your unequivocal consent, upon submitting your CV and receiving and signing information regarding the processing we will carry out.
How long will we keep personal data?
Your resume will be stored for one year , after which, if we have not contacted you, it will be deleted.
+ HR
For what purposes will we process your personal data?
• Management of the employment relationship and the employee's file.
• Carry out all administrative, tax, and accounting procedures necessary to fulfill our contractual commitments and obligations regarding labor regulations, social security, occupational risk prevention, tax, and accounting matters.
• Payroll payment management through a financial institution.
• Time control through the fingerprint/card access control system (if applicable).
• Management of the entity's collective insurance/pension plan.
• Carry out training activities, both subsidized and non-subsidized.
What is the legitimacy for processing your data?
The legal basis for processing your data is the execution of your employment contract, compliance with relevant legal obligations, and the consent of the data subject.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Do we include personal data of third parties?
No, as a general rule, we only process data not provided by the data subjects. If you provide us with data from third parties, you must first inform them and request their consent, otherwise you release us from any liability for failure to comply with this requirement.
And data on minors?
By legal requirement, we do not process data from minors under 14 years of age on our website. Therefore, please refrain from providing it if you are under that age.
Will we communicate electronically?
• These will only be used to process your request, if it is one of the contact methods you have provided to us.
• If we make commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
Rest assured: We have adopted the highest level of protection for the personal data we handle, and we have implemented all available technical means and measures, in accordance with the state of the art, to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data.
To what extent will decision-making be automated?
URIBEN HOTELS SERVICES SL does not use fully automated decision-making processes to establish, develop, or terminate a contractual relationship with the user. If we use these processes in a particular case, we will keep you informed and inform you of your rights in this regard, if required by law.
Will profiling take place?
In order to offer you products and/or services tailored to your interests and improve your user experience, we may create a "commercial profile" based on the information you provide. However, no automated decisions will be made based on this profile.
To which recipients will your data be communicated?
Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial institutions for the collection of the service provided or product purchased , as well as to the data processors necessary for the execution of the agreement.
In the case of a purchase or payment, if you choose an app, website, platform, bank card, or other online service, your data will be transferred to that platform or processed within its environment, always with the utmost security.
Your data may be transferred to the entities that make up the HIDDEN AWAY HOTELS group. It will not be transferred to other third parties, except under legal obligation.
If you have given us your consent to process your name, images, and other information related to the activities of URIBEN HOTELS SERVICES SL , they will be disclosed on the company 's various social media platforms and website .
International transfers.
If URIBEN HOTELS SERVICES SL is required to carry out international data transfers , it will ensure that such transfers are possible in compliance with the General Data Protection Regulation or any other requirement established by applicable regulations. To this end, the company will adopt the necessary agreements to guarantee a level of data protection equivalent to that provided for in European regulations.
In case of working in a shared folder system in applications such as Dropbox, Google Drive, Microsoft OneDrive , Amazon, Apple, HubSpot , etc., an international transfer will be made to the United States under the authorization of article 49.c) of the General Data Protection Regulation or any other mechanism that guarantees a level of data protection equivalent to that provided for in European regulations.
What Rights Do You Have?
• To know whether we are processing your data or not.
• To access your personal data.
• To request rectification of your data if it is inaccurate.
• To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent you granted.
• To request the restriction of the processing of your data, in certain cases, in which case we will only retain it in accordance with current regulations.
• To transfer your data, which will be provided to you in a structured, commonly used, or machine-readable format. If you prefer, we can send it to the new controller you designate. This is only valid in certain cases.
• To file a complaint with the Spanish Data Protection Agency if you believe we have not served you properly.
• To revoke consent for any treatment to which you have consented, at any time.
If you change any of your information, please let us know so we can keep it updated.
Do you want a form to exercise your rights?
• We have forms for exercising your rights. Request them by email, or if you prefer, you can use those developed by the Spanish Data Protection Agency or third parties.
• These forms must be signed electronically or accompanied by a photocopy of your ID.
• If someone represents you, you must attach a copy of their ID, or have them sign it electronically.
• The forms can be submitted in person, sent by letter, or sent by email to the Controller's address at the beginning of this text.
You have the right to file a complaint with the Spanish Data Protection Agency if you believe your rights have not been adequately addressed.
The maximum period for URIBEN HOTELS SERVICES SL to resolve a matter is one month, starting from the effective receipt of your request by us.
You have the right to revoke your consent at any time for any of the processing for which you have given it.
Do we process cookies?
If we use cookies other than those necessary, you can consult the cookie policy by clicking on the corresponding link at the top of our website.
How long will we keep your personal data?
• Personal data will be retained as long as you remain associated with us.
• Once you unsubscribe, the personal data processed for each purpose will be retained for the legally established periods, including the period in which a judge or court may request it in accordance with the statute of limitations for legal actions.
• The data processed will be retained as long as the aforementioned legal deadlines do not expire, if there is a legal obligation to retain it, or if there is no such legal deadline, until the data subject requests its deletion or revokes the consent granted.
• We will retain all information and communications related to your purchase or the provision of our service for as long as the product or service warranties last, in order to address any potential claims.
• For each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
| Data relating to | Document | Conservation |
| Customer and Suppliers | By way of example and without limitation, the following are some of the most significant documents: Invoices (issued by the company and issued to the company). Contracts between merchants (sale, commission, transportation, provision of services, etc.). Contracts with individuals. Real estate contracts (leases of business premises, sale, exchange, etc.). Commercial correspondence. Banking contracts and documentation (current accounts, deposits, leasing, renting , etc.). Expense notes | Obligation to retain documentation for a minimum of 6 years. It is advisable to retain it depending on the case of statute of limitations. Article 30 of the Commercial Code establishes that business owners must retain books, correspondence, documentation, and supporting documents related to their business for six years from the last entry made in the books. However, this rule merely establishes a minimum period during which, in the interests of a general nature, the business owner must retain documents generated during the course of their activity. |
| Documents and records of tax significance | General Tax Law, articles 66 to 70 4 previous years | |
| Obliged subjects of the Money Laundering Prevention Act, supporting documentation for compliance with AML obligations | Law 10/2010 art. 25 10 years | |
| Human Resounces | Payrolls, TC1, TC2, etc | 10 years (Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infractions and Sanctions in the Social Order). |
| Resumes | Until the end of the selection process, and up to 2 more years unless the interested party revokes consent or requests deletion | |
| Worker training | Art 5.2, Order TAS/2307/2007 4 years | |
| Working Hours Records | Art. 34.9 Royal Legislative Decree 2/2015, approving the consolidated text of the Workers' Statute Law. 4 years | |
| Severance pay documents. Contracts. Data on temporary workers. | RD 425/2005 section 3 Additional Provision 1 4 years Article 30 of the Commercial Code establishes a minimum storage period of 6 years. Organic Law 7/2012 recommends storing it for 10 years. | |
| Worker's file. | Up to 5 years after discharge (Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infractions and Sanctions in the Social Order). | |
| Documentation or computer records proving compliance with occupational health and safety regulations | RDL 5/2000 art. 4 5 years | |
| Marketing | Databases or website visitors. | While the treatment lasts |
| Access control and video surveillance | Visitor registration | Instruction 1/1996 AEPD 30 days |
| Video surveillance video surveillance systems will be deleted within a maximum of one month of their capture. Recordings will be destroyed within a maximum period of one month from their capture, unless they are related to serious or very serious criminal or administrative violations in matters of public safety, with an ongoing police investigation or with an open judicial or administrative procedure. | Instruction 1/2006 AEPD 30 days | |
| Accounting | Accounting Books and Documents. Annual Accounts Shareholder and board of directors agreements, company bylaws, minutes, regulations of the board of directors and delegated committees. Financial statements, audit reports Records and documents related to grants | Commercial Code art. 30: 6 years |
| Corporate Documentation | Deeds of incorporation of the company together with the bylaws, deeds of elevation of social agreements, granting/renewal of powers, deed of sale of shares, deed of sale of assets, shares, dissolution/liquidation, etc.) | It is recommended that they be retained for the entire life of the company, from its incorporation until at least six years after its dissolution and liquidation. If the deeds will incorporate rights or obligations for the company, it is recommended to adhere to the aforementioned statute of limitations. |
| Minutes books of general meeting meetings and board of directors (commercial companies), regulatory action logbook, shareholder logbook, sole shareholder contract logbook, and other books. | Obligation to retain documentation for a minimum of 6 years. From the date of the last entry in the books. Documents must be kept for the entire life of the company, from its incorporation until at least 6 years after its dissolution and liquidation. | |
| Other types of corporate documentation (private share purchase agreements, participating loans, share pledges, etc.) | It is recommended that they be retained throughout the life of the company, from its incorporation until at least 6 years after its dissolution and liquidation. | |
| Fiscal/Tax | Management of the entity's administration, rights and obligations related to the payment of taxes. Administration of dividend payments and tax withholdings. All documents that justify the taxpayer's tax activity (income and expense receipts), including both accounting records and supporting documentation (contracts, invoices, receipts, delivery notes, etc.). All types of tax returns. | Obligation to retain documentation: Minimum 4 years. Articles 66, 67, and 68 of the General Tax Law. The general statute of limitations for tax obligations is 4 years. For tax returns, the 4-year statute of limitations begins on the day the voluntary tax filing deadline ends. If subsequent action by the Administration (inspection, partial audit) or the taxpayer (corrective return, appeal) interrupts the statute of limitations, a new 4-year period begins from that action. However, it is advisable to retain tax documentation. Organic Law 7/2012 recommends keeping it for 10 years. Order EHA/962/2007 contemplates the possibility of destroying invoices received in paper form if a certified digitalization process has been previously performed, obtaining electronically signed digital copies. |
| Safety and Health | Medical Records. Medical Records of Workers Health data of Spa clients ( wellness treatments). | Article 17.1 of Law 41/2002 of November 14, on patient autonomy and rights and obligations regarding information and clinical documentation 5 years |
| Insurance | Insurance policies | 6 years (general rule) 2 years (damages) 5 years (personal) 10 years (life) |
| Legal | Intellectual and Industrial Property Documents. Contracts and agreements. | 5 years |
| Permits, licenses, certificates | 6 years from the expiration date of the permit, license or certificate. 10 years (criminal statute of limitations) | |
| Confidentiality and non-competition agreements | Always the duration of the obligation or confidentiality | |
| Data protection regulations | Records and documents proving compliance with the requirements of data protection regulations (audits, reports, data processor contracts, etc.) | While the data is being processed and afterwards during 3 years |
| Documentation proving that the interested parties' requests to exercise their rights are being met | During 3 years after the application | |
| Logs / Records of access to information systems | 2 years | |
| If the processing is based on the data subject's consent, proof of consent | While the data is being processed and afterwards during 3 years | |
| Traffic data relating to internet connections, emails and calls sent or received from landlines | User identifier, IP address (source/destination), telephone number, IMSI and IMEI (source/destination), date and time of communication (start/end), identification of the type of service or communication used (voice, data, SMS or MMS) | Article 5 of Law 25/2007, on the conservation of data relating to electronic communications and public communications networks. 1 year |
| Biometric data (fingerprint, facial recognition), if applicable, in accordance with the guidelines published by the AEPD. Their use is currently not permitted. | Biometric data is recorded in the tool/software enabled for this purpose by the entity, if a positive Impact Assessment has been carried out, within the current legal framework. | In compliance with the principle of retention limitations, personal data may be processed no longer than necessary for the purposes of the processing. Therefore, taking into account the provisions of Article 34.9 of the ET (Spanish Workers' ... Building access control: 30 days, files for access control (Inst. 1/1996 AEPD) INACTIVE FOOTPRINTS: 6 MONTHS OF INACTIVITY. RECORDS: EMPLOYEES, 4 YEARS; NON-EMPLOYEES: 30 DAYS |
| Academic data, academic history, student identification data, attendance data, sanctions, psychopedagogical reports, continuous assessment data and final results, scholarship and grant applications. | Academic record, personal data file of the educational center, academic history, disciplinary reports and reports, evaluation records and report card, scholarship application and resolution files | Academic record and history: permanently. Disciplinary reports and parts: 5 years. Evaluation records and report cards: permanently for records and 5 years for report cards. Scholarship application and resolution files: 6 years from the resolution. |
| Guest | Traveler/guest check - in. | 3 years (Organic Law 4/2015 on the protection of citizen security, Order INT/1922/2003 and in RD 933/2021, of October 26 (obligations to record documents and provide information on natural or legal persons who carry out accommodation activities). |