This Policy applies to the visitors of this website (our Website), to the users of the services that the Hotel offers for the purposes described in section 4 of this Policy (the Services), and to all persons the personal data of which (for example, their images) may appear on our Website or in the context of the Services.
- Qualified law 29/2021, of October 28, for the Protection of Personal Data of the Principality of Andorra (hereinafter, “the LQPD”), and the regulations that develop it, and
- Regulation (EU) 679/2016 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with respect to the processing of personal data and the free movement thereof (hereinafter, "the GDPR").
We have structured this policy in the following drop-downs to facilitate access to the points of your interest, however we recommend that you read it in its entirety.
Last updated: November 26, 2022
The sole person responsible for the use of your personal data as indicated in the previous section is the owner of this website:
Grup INUIT, SAU (Hotel), with Tax Register Number A-709959W and registered office at Ctra. General 2, no. 19 AD100 Canillo, (Principality of Andorra).
We have an external Data Protection Officer ̶ Win2win, SLU, an Andorran company specialized in privacy and personal data protection ̶ whom you can contact by emailing email@example.com.
Additionally, if you are in the European Union, you are interested in knowing that our representative for the purpose of data protection is the company COMPLIANCE GAP MITIGATION, domiciled at Calle Ferraz 28, 2nd Esq. 28008 Madrid, (Spain), whom you can contact by telephone (+34) 917589441 and (+34) 915482701, or (preferably) by email GrupINUIT@compliancegapmitigation.com
The Hotel is not responsible for the activities carried out by other websites, even if they are accessed through links on our website. That is why we strongly recommend that you carefully read the information provided by these other responsible parties before giving them your personal data (especially the privacy and cookie policies of each website you visit), and that you communicate with this manager if you have any concerns or questions.
In general, you are the one who, directly, provides us with your personal data ̶ for example, through the forms on this website ̶ . The only exceptions to this rule are:
- Your image, when it is eventually collected by our video surveillance cameras;
- Data provided to us by third parties who reserve or purchase our Hotel products or services on your behalf (as beneficiary);
- Contact details provided to us by our service and product providers when you represent them;
- The last four digits of your credit card, which together with the amount of the purchase and the transaction number is returned to us by our payment service provider in case you want to consult or revoke the transaction;
- Photographs of events we organize or participate in, and in which you may appear;
- The images that correspond to any news in which we consider that the public interest and the right to information prevail over the possible interests of the people whose image or other personal data are published on our website;
- The personal data that may appear about you in the e-mails we receive; and
The cookies of this website, about which you will find more information in our cookies policy
To manage your stay in our facilities
We collect your data for the purpose of:
- Complete the arrival and departure registration;
- Collect a copy of the identity documents of all the guests (on request of the Andorran Police Department);
- Process your promotional codes and your payments;
- Provide you with a consistent and personalized service, advising you on the services you can enjoy in our facilities (based on the use you have made previously or on the preferences you have communicated to us);
- Provide you with luggage, safe and parking services;
- Buy or reserve on your behalf services offered by third parties (for example, coordinate excursions and other tourist visits, reserve ski passes, facilitate the rental of ski equipment, offer you taxis or vehicles with a driver, and facilitate reservations in restaurants and events), when you so request;
- Administer and facilitate access to Wi-Fi, television and other connectivity services (including access to business center services such as fax and photocopy services) and entertainment systems (such as PlayStation or videos on demand);
- Facilitate the in-room catering service (which includes respecting your food and health restrictions) or any other type of personal needs that you communicate to us;
- Provide you with room service (including room cleaning, laundry services, and anything you want to request from us for your comfort that we can provide, such as a pillow, a duvet or a mobile phone charger);
- Manage the rest of your requests and queries, or your complaints and suggestions; and
- Determine if you qualify to enjoy age-restricted products and services (such as alcohol or adult entertainment in the room).
The legal bases that legitimize us to process your data in relation to each of the above purposes are the fact that it is necessary for the execution of the contract of your stay in our facilities or the acquisition contracts of services provided from third parties, our legal obligations (for example, regarding the collection of identity documents or the issuing of invoices), the consent you express by telling us your food or health preferences, and our legitimate interest to respect such preferences (for example, in relation to whether you want your room to be near the lift or on a high floor).
To create a user account for our hotels
We collect the data you provide us when you register on our website, to create a personal account, to facilitate the management of your reservations or purchases and the assessment of our services.
The legal basis that legitimizes this processing activity is the execution of the user contract signed at the end of the registration.
To manage your reservations and deliver your purchases
We process the data you provide us in relation to the reservation or purchase of tickets and other services, products or promotions that combine our services and products with those of our partners, to formalize your purchase or reservation and communicate with you by e-mail or by telephone any information related to it, as well as to manage and issue documents certifying the reservation or sale and any related communication that is necessary for the formalization of this.
We can also process the data you provide us during your purchase or reservation to manage, administer, provide, expand and improve the contracted services and products, and to extract statistics in relation to the interest these and our promotions arouse. Specifically, we can collect the number and expiration date of one of your credit cards, together with the name of the card holder, as a guarantee of the reservation and for fraud control, and add to this data the code that appears in the back of this card to use it as a payment guarantee at your check-in to the hotel.
The legal basis that legitimizes these processing activities is the sales contract or the product or service reservation agreement that you sign when completing the purchase or reservation, and our legitimate interest in improving the quality of the services we offer you.
To analyze your assessment of our services and the interest our marketing campaigns arouse, in order to improve them
We can process the data you provide us, for example during the purchase or reservation of products or services, to request an assessment of the customer care you received.
We may also extract aggregated statistics (i.e. which does not include personal information of any kind) in relation to the interest generated by our marketing campaigns.
The legal basis that legitimizes these processing activities is our legitimate interest in improving the quality of our services and the events we manage or promote, as well as our marketing campaigns.
To send you information, promotions and discounts of your interest
We collect your e-mail when you subscribe to our commercial communications service in order to send you our catalogs by e-mail and to inform you about news, discounts or promotions, and contests or raffles so that you can make the most of our facilities and our services.
Additionally, we process the e-mail that you give us when you register or purchase our services, to inform you about news, events, exclusive content, discounts or promotions and contests or raffles, so that you can make the most of the services of your interest.
If you have subscribed through our website, the legal basis for this processing is your consent, and you can withdraw it at any time by exercising your right as indicated later in this policy, or through the link at the foot of each email. The only consequence of withdrawing consent is that you will no longer receive the information we sent you by email, and you will no longer be able to participate in promotions, contests or raffles reserved for our subscribers.
If you receive the information because you have purchased one of our services, the legal basis for this treatment is our legitimate interest in keeping you informed about our products and services related to those you have purchased, which you can object to at any moment, as in the previous case and with identical consequences, exercising your right as indicated later in this policy or through the link that, to that effect, appears at the foot of all our e-mails.
To attend to your requests, inquiries or complaints
We collect the personal data you provide us in your emails, by phone, or through the form on the contact page, or through the requests to exercise your rights, to attend to your requests, inquiries or complaints in relation to our services or the rights you have over your personal data.
The legal basis for this processing activities is the consent you express when sending or giving us these data, our legal obligation to attend to your rights requests, and our legitimate interest in attending to you. The supply of your personal data is therefore voluntary, although if you do not provide them, we will not be able to process your request, query or claim. You can revoke your consent whenever you wish, although such revocation will also make it impossible to continue processing your request, inquiry or claim.
To manage any future claims
We retain the data that may be necessary to manage your possible claims, or ours, on the basis of our legitimate interest to defend ourselves to safeguard our rights.
To control access to our facilities, events or services through tickets or credentials
We process the details of your reservation, and sometimes those of your ID card or passport, and even a document certifying your status of protection against Covid-19 (the latter, only if we are legally obliged to do so), to authorize or deny your access to restricted areas of our events, facilities or services, to analyze and monitor the occupancy and logistics of the various areas, and to ensure your health and safety (including the prevention of the spread of diseases and the contact tracing of people affected by Covid-19).
The legal basis for this processing is the sales contract or the services contract to which you are a party, and, in the event that we request documents certifying your status of protection against Covid-19, our legal obligation.
To custody and return the objects you lose in our facilities
If you have lost a mobile phone or any other object containing personal data and it is found or delivered to us, we will hold that personal data until the rightful owner of the lost object successfully claims it at our customer service point or, after a reasonable period of time, we hand it over to the Police so that they are the ones who manage its custody and eventual return.
The basis that legitimizes us to process the personal data of mobile phones, wallets, backpacks and other objects that may contain personal data in this way is our legitimate interest in preventing their theft and returning them to you.
To give media coverage to events
If you participate in person at our events or awards, the independent press and our own professionals may record your image and, sometimes by prior agreement, your voice, in the context of the event or award.
The legal basis for this processing of your image is our legitimate interest in the media coverage of the events we organize or sponsor for the purpose of using the recordings in their promotional materials, including our website and our social networks.
You are not obligated to appear in a recording. If you wish, you have the right to object to our legitimate interest and ask us to remove the material in which you are identified. To be able to evaluate your opposition to our legitimate interest, and if necessary to immediately remove the images that identify you, we will ask you to tell us where you saw them.
To promote our facilities, products and services
If you have entered into a contract or an image rights assignment consent with us, we may collect photographs or videos of our facilities, products or services in which you are identified, and may be heard, for us to use them in promotional campaigns or to publish them in the media, such as the national or international press, our website, or our social networks. If you have signed an image rights assignment consent, we inform you that you can revoke it at any time so that we remove your image from our website and/or our social networks, without the revocation having any effect on the dissemination of your image that took place before it was processed.
Additionally, we may graphically record the atmosphere of our facilities to promote our premises, and its products and services and, eventually, your image may appear in this graphic material. Unlike what is indicated in the previous paragraph, in this case the legal basis for the processing of your images is our legitimate interest, which you can oppose at any time if you consider that it is contrary to your own interests. In order to be able to evaluate your opposition to our legitimate interest, and in their case to immediately remove the images that identify you, we will ask you to tell us where you saw them.
To initiate and maintain the relationship with our suppliers
If you represent a supplier of products or services, we collect your contact details and your signature to:
- Manage our relationships of all kinds with the supplier you represent.
- Manage the inclusion of the supplier in our list of authorized suppliers.
- Manage the budgets and invoices of the supplier you represent.
The processing activities linked to purposes a) and b) are legitimized by the employment or the service contract you have signed with the supplier you represent, and our legitimate interest in contacting them. And the processing activities linked to purpose c) are legitimized for being necessary for the execution of the contract you have signed with us.
To preserve security through video surveillance
We collect your image through our video surveillance systems in order to preserve the safety of people, the properties and the facilities themselves.
The legal basis of legitimacy for the aforementioned processing is the public interest in public safety, our legitimate interest in the security of our establishments, and the legitimate interest of third parties who wish to seek judicial protection over a crime that may be proven by a section of a recording.
To select and hire our staff
We process the CV data that you voluntarily send us, together with the data that appears in your profile on strictly-professional social networks, as is the case of LinkedIn, and the data that we can collect during the interviews and tests that you voluntarily agree to carry out , to manage the relationship with you regarding your application for a job in the Hotel, including the process of searching, filtering and storing the CV as a potential candidate, the staff selection process and the recruitment process.
The legal basis for the aforementioned processing activities is your consent, which you express when you send us your CV, fill-in a test or attend an interview, and the fact that they are necessary for the execution of pre-contractual measures, if you request them, and if we do not have an open selection process or you are not hired and we consider that you may fit into future selection processes, our legitimate interest in retaining your CV for the purpose of including it in such future selection processes. The legal basis that legitimizes us to consult your profile on strictly-professional social networks, such as LinkedIn, is our legitimate interest in enriching the professional information of candidates in order to reduce the time that both you and us will take in the selection process. You can withdraw your consent or object to our legitimate interest as set out in section 7 of this policy, and doing so will have no effect other than the destruction of your CV (if you withdraw your consent) or the limitation of its conservation to the selection process for which you have sent us your CV.
To guarantee the operation of our website (functional cookies)
We use functional cookies (technical and preferences) to guarantee the correct operation of our website.
Since these are cookies necessary for the proper functioning of the website, their use does not require you to give us your express consent, and the basis that legitimizes us to use them is our legitimate interest in being able to offer you the services of our website.
To extract aggregate statistics of the use of our website (analytical cookies)
We use analytical or statistical cookies to identify the most and least visited pages, analyze which content is of greatest interest to our visitors, and measure the success of our information campaigns, all with the aim of improving the services we offer you through this Website. All these purposes provide aggregated results, in which it is not possible to identify the interests of any particular person.
As these cookies are not strictly necessary for the Website to work, we will not use them until we have your consent, and not giving it to us or withdrawing it will have no more effect than hindering our goal of improving the web through analysis of aggregated statistics of our visitors' browsing.
To improve the interest of the advertising you receive (advertising cookies)
We download advertising cookies from third parties. These files help these third parties to infer your interests based on the pages you visit, the content you click on, and other actions you take online.
Since these are non-necessary cookies, we will not use them until we have your consent, and not giving it to us or withdrawing it from us will have no more effect than your visit to our website could not be used to improve the interest of the advertising you receive.
To be able to use Google services
Additionally, as an obligation that Google LLC, a company of which Google Ireland Ltd is a subsidiary, imposes on entities that, like us, use the Google reCAPTCHA, Analytics and Google Ads tools, we inform you that these two services are operated by Google Inc., domiciled at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, and that Google Inc. is a beneficiary of these.
We inform you that we have enabled the IP anonymization feature on our website to add additional safeguards in the standard contractual clauses that protect this international transfer of data to the US. With this, Google will shorten your IP address before transmitting it to the USA (the process of obfuscating its identity). Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. Google guarantees that the IP address transmitted by your browser to Google Analytics will not be processed together with any other data held by Google.
You can check the categories of personal data processed by these services at privacy.google.com/businesses/adsservices
To notify you of security breaches
In our Hotel we take security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information; however, if we determine that your data has been misappropriated (even by an employee or ex-employee of this Hotel), has been exposed through a security breach or has been improperly acquired by a third party , exposing you to a high risk, we will immediately inform you about this security breach, misappropriation or acquisition, and about the measures we have taken and those we recommend you take so that the breach does not affect you.
The basis that legitimizes this treatment is the legal obligation set out in article 37 of the LQPD (34 of GDPR), and our legitimate interest in preventing this security breach from harming you.
For other purposes that are not incompatible with the above
We may use your personal data for other purposes that are not incompatible with those indicated above (such as archival purposes for reasons of public interest, scientific or historical research purposes, or statistical purposes), whenever permitted by current personal data protection laws, and of course, acting in accordance with those and with the rest of the applicable regulations.
We do not give your personal data to anyone, unless:
- You are the one that request it.
- We have a legal obligation to do so.
- It is necessary, in accordance with the terms and conditions of use of our cards, an establishment associated with our benefit programs can give you the benefit that corresponds to your purchase when you show them our card.
- We act as intermediaries, for example, when we need to make a booking on your behalf (for example, at a show).
- You contract our products or services through intermediaries (for example, a travel agency) to whom we have to deliver products or services that they have purchased on your behalf, either with the consent you have given them, or because we you have explicitly contracted it from us (for example, admission to a show),
- Let us be co-responsible for the collection of data, so that, always with your consent, other entities treat them on their own behalf. This is the case of:
- We need to protect your rights, our rights, those of our employees, or those of third parties (which may require disclosure to the police for security reasons or to health authorities to prevent the spread of disease, for example by for contact tracing purposes). For example:
- If our video surveillance cameras record a theft on our premises, or
- If a third-party requests video surveillance images from us on the basis of their legitimate interest in requesting effective judicial protection with respect to the commission of a crime or compensation for damages evidenced by the provided images, and with the commitment of said third to use them exclusively for the reporting of this crime or for the claim for the damages suffered, and reducing the transfer of images to the minimum and indispensable to fulfill the purpose pursued.
- We need them to be processed by our service providers, on our behalf, and under the terms and conditions of the relevant data processor contract.
Any international transfer that we eventually need to carry out will comply with what is established by the regulations in force that apply to us at any given time.
The Hotel keeps your personal data exclusively for as long as the treatments that require them last and, then, for as long as it takes to prescribe the legal responsibilities that could apply to us at any time, derived from the processing in question (including the obligation to be able to demonstrate that we have attended to your request for the destruction of personal data).
For example, we will retain video surveillance recordings for a maximum of 30 days when they are incident-free, and, exceptionally, if a security incident has occurred during this period or there are indications that a crime has been committed (for example, a theft), we will extract a copy of the part of the recording that records the incident, which will be kept until it is handed over to the police or to the data subject involved who requires it from us to prove his/her request for judicial protection.
We will destroy your CV when it is more than five years old, as we consider that it is outdated in relation to the purpose for which it would be dedicated.
We will destroy any unnecessary or disproportionate personal data about you that may appear in emails and instant messages we receive, or through forms on our website as soon as we receive it.
We will destroy (and rectify) any personal data that we find to be inaccurate as soon as we verify its inaccuracy.
If you send us a copy of an identity document, we will destroy this copy as soon as we have verified that it fulfills the function for which you sent it to us.
When we do not have a legitimate purpose for processing some of your personal data, we will delete or anonymize them, and if this is not possible (for example, because they are stored in backup copies), we will secure that they are stored securely and block them to isolate them from any further processing until their removal is possible.
You have the right to obtain confirmation as to whether or not we have any of your personal data.
Below, we explain what other rights you have and how to exercise them.
You can request us to enforce the following rights:
- Access to your personal data.
- Rectification of some of your personal data, specifying the reason.
- Deletion of some or all of your personal data.
- Limitation of the processing of your data, specifying the reason for the limitation.
- Opposition to the processing of your personal data.
- Portability of your data when the legitimate basis for collection has been consent or a contract.
- Right not to be subject to automated individual decisions.
The consent given, both for the processing and for the transfer of the data of the data subjects, can be revoked at any time by communicating it to us, just like any other right, as indicated in the following section. This revocation will in no case be retroactive.
Where and how you can exercise your rights
You can exercise your rights:
- By sending a written request to the Hotel, addressed to our postal address, indicated in section 2 of this policy, indicating a means of contact with you to be able to respond to your request, or ask you for more information if necessary. We would appreciate it if you marked the envelope with the text "Exercise of Personal Data Protection Rights".
In both cases, if it is not possible for us to verify that you are who you say you are, we will ask you to kindly send us a proof of your identity, and in this way ensure that we only respond to the data subject or his/her legal representative.
If the person sending the mail does so in the capacity of representative of the data subject, the representative's accreditation must be done through documents or legal instruments that correctly identify the data subject and the representative and specify the order or procedure for the which representation is delegated.
Finally, and especially if you consider that you have not obtained full satisfaction from the attention to the exercise of your rights, we inform you that you can submit a claim to the national control authority, by contacting the Agency Andorran Data Protection Authority (APDA).
Forms for exercising your rights
In order to facilitate the exercise of your rights, we recommend that you use the corresponding application forms from the following:
- Form for exercising the right of access
- Form for exercising the right of rectification
- Form for exercising the right of deletion
- Form for exercising the right of opposition (model A and model B)
- Form for exercising the right to limit treatment
- Form for exercising the right to portability
- Form for exercising the right not to be subject to automated individual decisions
We are fully committed to the protection of your privacy and your personal data. We have drawn up the record of all the personal data processing activities that we carry out, we have analyzed the risk that each of these activities may pose to you, and we have implemented the appropriate legal, technical and organizational safeguards to avoid, as far as possible, the alteration of your personal data, its misuse, loss, theft, unauthorized access, or unauthorized treatment. We conveniently keep our policies up to date to ensure that we provide you with all the information we have about the processing of your personal data, and to ensure that our staff receive appropriate guidance on how they should handle your personal data. We have signed data protection clauses and data processor contracts with all our service providers, taking into account the need that each of them has to process personal data.
We restrict access to personal data to those employees who really need to know it to carry out any of the treatments referred to in this policy, and we have trained them and made them aware of the importance of maintaining confidentiality, the integrity and the availability of information, as well as on the disciplinary measures that would involve any eventual infringement in this matter.
However, if the Hotel determines that your data have been misused (even by an employee of the Hotel), have been exposed through a security breach, or have been improperly acquired by a third party, the Hotel will notify you immediately of such security breach, misappropriation or acquisition.
If you have any questions about this policy, please do not hesitate to let us know by emailing us at firstname.lastname@example.org.