Hotel San Juan de los Reyes' privacy policy

Last review date: May 31, 2024

0.- Introduction.

Thank you very much for visiting this website. We believe that your privacy is important. For the person responsible for this website, the fact that you read and show interest in this section shows that you are interested in it. You should do this every time you visit new websites, especially if they are going to ask you for personal information. Below, in this document, we explain what personal data we collect, on what basis, for how long it will be stored and aspects related to data protection regulations, in compliance with current legislation. We encourage you to read these terms carefully before providing your personal data. For minors under 14 years of age, the consent of parents or guardians is required for the processing of their data. If you are under 14, you should not leave your data on this website unless your parents authorize it. Under no circumstances will data relating to the professional or economic situation or the privacy of other family members be collected from minors without their consent. If you have any questions in this regard, please contact us through the email addresses of the data controller or, where applicable, the data protection officer. This person responsible assumes a permanent commitment to privacy and guarantees the best practices in the processing of your personal data.

In compliance with the provisions of data protection regulations (EU Regulation 2016/679, of April 27, 2016), Restoledo SL (hereinafter, "The Owner Entity" or simply "The Owner"), Owner of the website www.hotelsanjuandelosreyes.com (hereinafter, the “Website”), establishes the following Privacy Policy, which will continue in the processing of personal data . This policy is understood, in any case, without prejudice to the provisions of the corresponding Legal Notice / General Conditions and the corresponding Cookies Policy.

1.- Responsible for the Treatment

Responsible for the Treatment: Restoledo SL

Address: Reyes Católicos 5, 45002, Toledo

Email: info@hotelsanjuandelosreyes.com

Telephone: 925283535

We try to guarantee the privacy of the users of this website. You should know that we will never request personal information unless it is really necessary for the provision of services, we will never share it with third parties (except in certain cases in which it is essential and based on legitimate and previously informed situations) and we will never use your data for others. purposes that have nothing to do with the contractual relationship. This entity assumes the commitments of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, Regulation (EU) 2016/679 of the European Parliament and of the Council and Law 34/2002 , of July 11, on Information Society Services and Electronic Commerce (LSSICE or LSSI), as well as the regulations that develop or complement them.

This Data Controller guarantees the confidentiality of the personal data subject to processing and informs you that the people who have access to your information are subject to professional secrecy. However, we cannot guarantee the impregnability of this website or the total absence of risks. To the extent that your privacy is considered to have been compromised, this controller undertakes to notify the user without undue delay of any breach of the security of personal data that is likely to entail a high risk for the rights and freedoms, in compliance with the provisions of the General Data Protection Regulation.

Therefore, the data that may be requested from users of this Website through contact forms, those others provided by the mere fact of accessing the Website (cookies), those others related to possible comments on the different corporate pages of the social networks linked from this Website, the personal data that the user enters within the enabled sections or those provided through the rest of the enabled communication channels or channels (for example, email) will be processed by the person responsible for the treatment. always indicated in compliance with current legislation.

2.- What obligations do I have when giving my data?

By providing us with your personal information through electronic channels, the user declares that they are over 14 years of age and that all the data provided is true, accurate, complete and updated. For these purposes, the user confirms that he is responsible for the veracity of the data communicated and that he will keep said information conveniently updated so that it responds to his real situation, being responsible for any false and inaccurate data that he may provide, as well as for damages and damages, direct or indirect, that may arise.

3.- Why do we process your personal data?

When a user visits this website they are providing personal information. This information may include personal data such as your IP address, name, physical address, email address, telephone number, and other information. The purposes for which we process your data will depend on the context or section in which it is requested:

-By simply visiting the Website, there is certain information that is collected on the servers that provide hosting services. Among said information is information related to the IP address from which the Website is accessed. The purpose of the processing in this case is to facilitate your navigation on the website. We may also collect certain information (cookies), which we will process according to the specific Cookies Policy that you can consult.

-If you provide us with the data through one or some of the enabled forms, the purpose will be relative to that indicated in the corresponding form. For example, in the case of providing us with your data in contact forms, the purpose will be to respond, where appropriate, to the query made. If you use the reservation form, the purpose will be the management and, where appropriate, confirmation of the reservation, as well as compliance with the legal obligations associated with this action. If you enter your data in the newsletter form, your email address will be included in our distribution list and you may receive advertising through this medium. If you include data in the restaurant reservation form, your data may be processed for this purpose. If you include your data in the work with us section, we may process your identification data and CV data to manage staff vacancies and study your application.

-If you provide us with personal data via email or through other means (traditional or not), in general we will process your data in relation to the management or query carried out. In compliance with Law 34/2002, on Information Society Services and Electronic Commerce, the Owner will not send commercial communications without identifying them as such and without prior information in this regard. For these purposes, all information sent to interested parties will not be considered commercial communication, provided that its purpose is to maintain the contractual relationship or respond to your request or other information related to your request - if applicable - and that is derive directly from this relationship.

-If you provide us with information through one or some of the social networks that this entity maintains and that are linked through this Website, this entity assuming the role of Responsible for the Treatment of the data provided (for example, photos uploaded by we or third parties, comments that the interested party makes in relation to publications that we make, etc.), we will process the information exclusively in relation to your query, management or comment made, and always within the social network and in its context, Under no circumstances will this data be extracted unless we obtain consent to do so from the interested party. However, the use of these platforms is subject to full acceptance of their conditions, and this implies the processing of your data with conditions other than those set forth here. The official profiles on the social networks linked from this Website have been created so that you can better understand our activity and create an alternative channel of communication with people interested in our entity and the services we offer, but we decline responsibility for the processing of data that The companies that manage the aforementioned social networks do the same.

4.- How long will you keep them?

As a general rule, the data stored by this controller will be deleted as soon as it is no longer necessary for the purposes for which it was stored and there is no legal obligation to store it. However, if the user's data is not deleted because it is necessary for other legally permitted purposes, its processing will be restricted to very specific purposes. This means that the data will be blocked and will not be processed for other purposes. For example, in relation to user data that must be retained for commercial or tax reasons.

It depends on the data processing carried out:

-The data related to the cookies existing on this Website have a retention period indicated in the Cookies Policy itself.

-The data that you send us through the means that this Website makes available (forms, email) will be kept for as long as the relationship with the interested party lasts or the interested party withdraws his consent, if applicable. Subsequently, we will retain the data depending on whether or not there is a legal obligation, in any case the minimum period required depending on the relationship or management carried out. For example, we will retain billing data for legal tax and accounting purposes for 6 years. There is also the 5-year period established in art. 1964 of the Civil Code (personal actions without special deadline). In the event of a room reservation, the record books of entry parties in hotel establishments will be kept for 3 years at the disposal of the state security forces and bodies.

-The data included in the social networks linked through this Website will be maintained by us until the interested party withdraws their consent. However, it is possible that the responsible entities keep this data according to other processing policies for which we are not responsible in any case.

5.- For what reason can we process your personal data?

Because there is a legitimation that includes the data protection regulations themselves. That is, the regulations allow us to process your personal data. It depends on the data processing carried out:

-The existence of one or more legal obligations that oblige us to process. For example, the aforementioned tax obligation in relation to the invoices issued or the obligation derived from the conservation of entry data in hotel establishments (Organic Law 4/2015, of March 30, on the Protection of Citizen Security and Royal Decree 933/ 2021, of October 26, which establishes the obligations of documentary registration and information of natural or legal persons who carry out lodging and motor vehicle rental activities)

-You have given us consent to process your data in the terms set forth, by checking the corresponding acceptance box.

-There is a legitimate interest for the treatment. For example, in the event that the interested party provides us with their data in relation to a task entrusted to us, we will process it because we understand that we have to fully respond to it.

6.- Are we going to give them to someone?

Whenever we subcontract to third parties to provide our services, we will take appropriate legal precautions, as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with relevant legal regulations.

In addition to the Data Controller set out above, the data may be processed by other entities depending on the nature of the data processing:

-Certain companies responsible for the cookies that are hosted on your computer simply by visiting this Website may have information associated with your IP address, browsing habits, etc., as described in the corresponding Cookies Policy.

-Certain service companies related to this Website. For example, the entity that provides us with hosting or reservation management services. In any case we will process your data within the European Economic Area.

-By legal obligation, the Spanish Tax Administration Agency may also request information of tax significance, and we have the obligation to provide it. Or the state security forces and bodies in the development of the functions entrusted to them.

-In case of reservation, and in relation to guest registration: competent authorities in compliance with the provisions of Organic Law 4/2015, of March 30, on the Protection of Citizen Security and Royal Decree 933/2021, of March 26. October, which establishes the obligations of documentary registration and information of natural or legal persons who carry out lodging and motor vehicle rental activities

This Data Controller follows strict criteria for selecting service providers in order to comply with its obligations regarding data protection and undertakes to sign with them the corresponding data processing contract through which it will impose related obligations on them. with the imposition of appropriate technical and organizational measures, process personal data for the agreed purposes and following only the documented instructions and delete or return the data to this person responsible once the provision of the services is completed.

7.- What rights do I have?

Any person has the right to obtain confirmation as to whether this entity is processing personal data that concerns them or not. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In other circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. In those cases in which you have given us consent, we additionally inform you that you have the right to withdraw it at any time, without affecting the legality of the treatment based on consent prior to its withdrawal. If you request it, this entity will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. You can also request that your data be processed by another entity, this entity facilitating the portability of your data to the new controller. To this end, specific forms have been prepared (which are at your disposal and which you can request) so that you can exercise your rights of access, rectification, deletion, limitation of processing, opposition to processing, opposition to automated individual decision-making. including profiling and data portability. In any case, if you consider that these rights have not been adequately satisfied on our part, we inform you that you can file a claim with the control authority (Spanish Data Protection Agency, Jorge Juan 6, 28001, Madrid, or before its headquarters. electronic https://sedeagpd.gob.es).

If you prefer, the interested party can contact it by postal mail to the address listed in the heading, or by email to the indicated email, including document proving identity and request the exercise of the rights mentioned above.

8.- Mandatory or optional nature of the information we request. Veracity of the information.

The user, by checking the corresponding boxes and entering data in the fields, expressly and freely and unequivocally accepts that their data is necessary to respond to their request, by the Data Controller. The user guarantees that the personal data provided is true and correct, and is responsible for communicating any changes thereto. This Data Controller is exonerated from any responsibility if the user enters false data. All data requested through the website is mandatory, since it is necessary at least to contact us. If all data is not provided, it is not guaranteed that the information and services provided are completely tailored to your needs.

9.- Principles that we will apply when we process your personal data

The processing of the User's personal data will be subject to the following principles set out in article 5 of the General Data Protection Regulation:

Principle of legality, loyalty and transparency: the User's consent will be required at all times following completely transparent information about the purposes for which personal data is collected.

Purpose limitation principle: personal data will be collected for specific, explicit and legitimate purposes.

Data minimization principle: the personal data collected will only be strictly necessary in relation to the purposes for which they are processed.

Accuracy principle: personal data must be accurate and always up to date.

Principle of limitation of the conservation period: personal data will only be maintained in a way that allows the identification of the User for the time necessary for the purposes of its processing.

Principle of integrity and confidentiality: personal data will be treated in a way that guarantees its security and confidentiality.

Principle of proactive responsibility: the Data Controller will be responsible for ensuring that the above principles are met.

10.- Special reference to social networks

The Owner Entity maintains several pages and/or profiles on various social networks, linked through this Website. The Owner entity will not be responsible for what is published by third parties on the aforementioned social networks. The use and processing of data that third parties carry out on the aforementioned social networks will be subject to general or particular conditions other than these. The Owner Entity recommends your careful reading and awareness in this regard.

Our presence on the Internet includes a presence on the social network facebook.com and on Instagram, both networks operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can search for us on the aforementioned social network and Click "like" on it. If you are logged in to Facebook, it will be able to assign the navigation to your Facebook account. Please refer to the purpose and scope of data collection and its processing and use by Facebook, as well as your rights in this regard and setting options to protect your privacy, in the Facebook privacy statement: http://www. facebook.com/policy.php. By the mere fact of using this social network and communicating with us, you authorize us to use your personal data only through the platform of the aforementioned social network for the purposes of managing our professional page that we maintain on this social network and communications. that we maintain bidirectionally with our followers through chat, messages or other means of communication that Facebook allows now and in the future. Thus, (1) we will process your data within this social network to manage the list of people who like our page on Facebook and (2) you may receive information related to events, activities and promotions. Outside of these cases we will not use your data.

This website also includes a link to the WhatsApp instant messaging platform. You can consult their privacy policy at

and in

The person responsible for the services is Whatsapp Ireland Limited, which is part of the Facebook group of companies. Therefore, your data may be transferred to external countries, in particular the United States of America. According to its privacy policy, the guarantees given for said transfer are based on the assumption of standard contractual clauses or on adequacy decisions. Under no circumstances should this tool be used to send sensitive information, although the information is transmitted in encrypted form. We only recommend it for general queries regarding our entity. We will not be responsible for the data processing that WhatsApp carries out subsequently, we only provide a link through this website to facilitate contact with this entity through this instant messaging tool.

11.- Cookies and other aspects.

This website includes an SSL certificate. This is a security protocol that ensures that your data travels completely and safely. In this entity we have assumed the appropriate security measures after the corresponding risk analysis carried out. Such security measures include, in particular, the encrypted transmission of data between your browser and our server.

As a user, you are solely responsible for the veracity and correctness of the data you submit on this website. The Owner Entity will not accept any type of responsibility in this regard, ensuring the accuracy, validity and authenticity of the personal data provided.

This Data Controller reserves the right to modify and/or update the information on data protection when necessary for correct compliance with the Data Protection Regulation. If any modification occurs, the new text will be published on this page, where you can access the current policy.

In relation to the cookies collected on this website, we refer you to our Cookies Policy.

We use Google's reCAPTCHA service to determine whether a person or computer is writing to our contact or newsletter form.

The operator and the party responsible for the processing of personal data is

Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, United States.

For more information about the privacy policy, how data is processed and the service, please see:

Google uses the following data to verify whether you are a person or a computer: IP address of the device used, our website that you visit and has the captcha included, date and duration of the visit, identification data of the browser and system type used operating system, Google account, Google sign-in, mouse movements on reCAPTCHA surfaces and tasks that require you to identify images.

This involves the transfer of your data outside the European Economic Area. The privacy guarantees that this entity gives in this regard can be reviewed in its privacy policy (Standard Contractual Clauses).

12.- Safety information for safe navigation

-Always use an updated browser. Do it also through an updated operating system. If applicable, review the apps and programs that you use most frequently. Today's main browsers update automatically, either transparently to the user or through notifications that must be approved. These updates are often avoided because they seem cumbersome, but the reality is that they usually incorporate patches that correct small security gaps. We also recommend that plugins and extensions are set to update automatically. Also, make sure that the installation of these plugins is done from reliable sources.

-It is advisable to disable plugins such as Adobe Flash and Java for unknown services and sites. Mechanisms that allow click and run or the use of certain extensions make this task easier. Likewise, it is recommended to disable JavaScript when browsing unknown web pages.

-It is advisable to review the security and privacy options of the browser. Currently, browsers have such interesting measures as: not accepting third-party cookies, blocking pop-ups, avoiding password synchronization, avoiding autocompletion, deleting temporary files and cookies when closing the browser, blocking geolocation, filtering ActiveX, etc. .

-It is recommended to use the https protocol. It implies that the information between your browser and the server will travel end-to-end encrypted. However, it is important to verify that the certificates sent by “https” services that handle sensitive information have been sent by a trusted entity. Any errors or alerts generated by the browser as a result of certificate validation (for example, self-signed certificates) should be carefully reviewed. Be wary if the beginning of the internet address is not of the type “https”. And in any case, keep in mind that the lock icon in the browser does not guarantee security: the lock only serves to warn that the communication to the web server is encrypted and that you have paid to have it, but it has nothing to do with with the fact that the website is legitimate or a fraud.

-Take the time to set cookies for the website you are visiting. In principle, a correct cookie configuration should allow you to disable them, and they should not be loaded automatically (except essential cookies) in any case.

-Protect your passwords, do not reveal them to third parties in writing or verbally, change your password periodically and never respond to password requests that arrive by email. Use combinations of numbers, letters, and symbols for your passwords. Do not store passwords by default through the browser and use more secure tools for password management (for example, password managers that implement strong encryption). If you decide to use the browser, it is important to use a master key that encrypts the credentials repository.

-Consider the use of additional extensions or plugins that implement functionalities not included in the browser. For example, those that improve privacy during browsing or that block, to the extent possible, advertisements, advertising banners and certain tracking techniques used by third parties.

-We recommend not trusting unknown Wi-Fi networks. When our connections fail, desperation leads us to track and access Wi-Fi networks of dubious origin and legitimacy but presented as free. These fraudulent networks can open the doors of your devices and that is why you should avoid them,

-It is also important to close the session when we have finished browsing, especially if we have done it through a public computer.

13. Control Authority

We trust that we can resolve any questions or concerns that may concern you regarding your personal information. But if you want to file a complaint with the competent authority, you have the right to do so. In Spain, the highest authority on data protection is the Spanish Data Protection Agency (AEPD). Its website is accessible at the address https://www.aepd.es/es and its telephone number is Tel: 91 266 35 17.

14.- Updates to this Privacy Policy.

This controller reserves the right to modify this privacy policy to adapt it to changing legal situations or in the event of modification of our activity or important changes that affect the processing of personal data. However, this applies only to this privacy policy. However, if user consent is necessary, changes will only be made if users authorize it. Users are requested to regularly inform themselves about the content of this Privacy Policy.