Privacy Policy
Instituto Hotel Lamaro SA (hereinafter, Hotel Lamaro) as Data Controller and of this website, in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection Regulation, and Organic Law 3/2018, of December 5, on Protection of Personal Data and guarantee of digital rights, makes this privacy policy available to you in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us.
In this privacy policy, we explain what your rights are regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent authority on data protection, we provide the contact details.
"We, the data controllers of your data"
Identity: Hotel Lamaro SA
Tax ID (NIF): A-08010043
Registered Office: Av. Catedral, 7, 08002, Barcelona
Email: privacy@lamarohotel.com
What type of information about you might we collect?
Personal data collected from users, clients, and patients can be grouped into the following categories:
- Basic and contact data: such as name, surname, billing address, email, and phone number.
- Financial and economic data: this group includes payment details, returns, and reimbursements, as well as commercial transactions made with us. Including identity verification data for payment acceptance and relevant financial checks to carry out commercial transactions.
- Professional and employment data: this category includes your professional interests and your professional identity published online (e.g., your LinkedIn profile).
- Technical data: including IP address, registration data, browser and version used, time zone and usage, type of plugins installed in your browser, operating system, and other technology used during access to our platform.
- Navigation data: includes information regarding your browsing mode when visiting our platform.
- Marketing and communication preferences: we collect your preferences for receiving commercial communications and news from us, the consents granted for this, and the channel of your choice.
- Images captured by video surveillance cameras: here images that could be captured by video surveillance cameras in the hotel are grouped.
How do we collect your personal data?
As a general rule, most of your personal information is provided directly by you, either personally at the hotel, by phone, mail, web forms, or responding to surveys. However, we may also obtain information from:
- Third parties linked to us.
- A third party that has previously obtained your express consent for this.
- The cookies we enable on our website – For extended information on the use of our cookies, you can visit our cookies policy.
- Our facility access systems, where applicable. Examples include entry and reception logs, clocking systems for employees, video surveillance cameras, communication and instant messaging systems, email, or social networks.
What can happen if you do not provide us with your personal information?
In cases where regulations require us to collect certain personal data, or when such data is essential to formalize and execute a contract with you, failure to provide this information will prevent the provision of the service.
In the event that, for this reason, it is necessary to cancel a reservation or service provision, we will notify you in advance and with justification.
For what purpose do we treat your personal information?
We attach a detailed table with the purpose for which we collect your data and the legal basis that legitimizes us to do so.
Processing Purpose | Legal Legitimacy |
Provide our services, reservations, accept payments and due collections | (1) Contractual execution (2) Legitimate interest |
Register as a web user or new client | (1) Express consent of the interested party (2) Contractual execution |
Manage our relationship with our clients, which includes: notifying changes in conditions/policies; requesting survey responses/valuations (1) Notify of changes in our terms or policies (2) Request responses to surveys or evaluations of our products/services | (1) Contractual execution (2) Compliance with a legal obligation (3) Legitimate interest (updating records and knowing client opinion) |
Send commercial communications, Newsletters, and advertising by any channel (unless opposed) | (1) Express consent of the interested party (2) Legitimate interest (provided no 'opt-out' expressed) 108 |
Respond to inquiries and/or provide required information, including sending quotes | (1) Legitimate interest (2) Contractual execution (3) Consent (4) Compliance with a legal obligation |
Manage user interactions on our social networks | 1) Compliance with a legal obligation (e.g., removing offensive comments) 2) Legitimate interest (removing third-party ads) |
Use analytical data to improve web experience, marketing strategies, and optimize processes via cookies | (1) Legitimate interest (2) Consent (e.g., accepting analytical cookies) |
Administer and protect our business and website (detection of issues, data analysis, testing, etc.) | (1) Compliance with a legal obligation (2) Legitimate interest (running business, network security, fraud prevention) |
Suggest and recommend products and services that may be of interest | (1) Legitimate interest (to grow our business) |
Provide personal information to authorities or by judicial requirement | Compliance with a legal obligation |
Provide greater security to our physical facilities (CCTV/access control) | Legitimate interest and interest of third parties (e.g., detecting harmful acts) |
Update and improvement of our client records | (1) Compliance with a legal obligation (2) Contract execution (3) Legitimate interest (verifying contact for subscriptions/services) |
Ensure workplace security, personnel administration, and candidate employability | (1) Compliance with a legal obligation (2) Legitimate interest (improving employee experience) |
Resolve complaints, incidents, or inquiries through enabled channels | (1) Consent (2) Legitimate interest (3) Legal obligation
|
Provide complaint forms to users who request them | (1) Compliance with legal obligation |
Follow-up of online dispute resolution (ODR) procedure of the European Commission | (1) Compliance with a legal obligation |
With whom might we share your personal data?
We may need to share your personal information with:
- Third-party companies we subcontract or service providers we employ to provide our services (e.g., payment gateways, reservation management).
- Third parties we need to manage our business (e.g., advertising agencies, lawyers, IT specialists).
- Insurance companies, brokers.
- Banks with which we work.
All providers we work with are contractually bound to us. We can guarantee that they comply with all necessary security measures to safeguard your personal information and will use your data solely for the specified purposes, according to our instructions.
We will also share personal information with law enforcement bodies when the law requires us to do so.
Where do we host your personal information?
All information you provide us, both through this website and via other channels, will be hosted on Microsoft cloud servers. These servers are hosted within the European Economic Area.
How long will we keep your personal data?
Your data will be kept as long as the commercial relationship with us lasts or until you exercise your right of cancellation, opposition, or limitation of treatment.nbsp;
Likewise, if we have not maintained relevant contact with you for a period of two years, we will delete your personal data from our systems, unless the law requires us to keep them (e.g., at the request of an authority or regarding possible disputes).
Our information retention policies conform to the deadlines set by various legal responsibilities for prescription purposes:
- General Rule:
Under Article 30 of the Commercial Code, company documents/information are kept for 6 years.(accounting, tax, labor, or commercial documentation).
- Specific Deadlines:
- Labor (infractions): 3 years
- Social Security (infractions): 4 years
- Occupational Risk Prevention (infractions): 5 years
- Tax (tax debts): 4 years
- Tax (checks on quotas/deductions): 10 years
- Accounting and commercial: 6 years
- Crimes against Public Treasury/Social Security: 10 years
You will not be subject to decisions based on automated processing that produce effects on your data.
Our communications
All personal information you communicate to us will be incorporated into our information systems. By accepting this privacy policy, you grant Hotel Lamaro express consent to carry out the following activities until you indicate otherwise:
- Send commercial, promotional, and direct marketing communications to inform you of activities, services, and offers related to us.
- Send electronic communications, provided you have subscribed to our NEWSLETTER and have not unsubscribed.
- Retention of data during the periods provided for in applicable provisions.
How to stop receiving marketing communications (opt-out)?
You can revoke any express consent granted for commercial information at any time. To do so, request your removal via the opt-out option on our web or by writing an email with the subject "unsubscribe" to privacy@lamarohotel.com.
In accordance with LSSICE, we do not SPAM; we will not send commercial emails if not requested or authorized. In all communications, you will have the possibility to revoke your consent.
User Responsibility - Declaration of Veracity
By providing personal information through electronic channels, the user declares they are over 18 years old and that all data provided to Hotel Lamaro is true, exact, complete, and up-to-date. The user is responsible for the veracity of communicated data and for keeping it updated, being liable for false or inaccurate data and any resulting damages.
If you send us your CV
If you send your CV via email, the data will be treated to include you in selection processes, analyzing your profile for vacancies.
We do not accept CVs via other channels (e.g., paper). CVs will be kept for a maximum of two years, after which they will be destroyed.
Confidentiality is guaranteed. Data may be shared with group companies during the retention period for the same purposes.
How do we keep your information secure?
We take data protection very seriously. We implement physical, organizational, and technological security measures appropriate to prevent accidental loss, unauthorized use, or access.
We limit access to legitimate persons and train our staff. All parties involved are subject to the duty of confidentiality. In case of a security breach, we will notify you and the control authority (AEPD) as required.
How to exercise your ARCOLP rights?
The GDPR and LOPDGDD guarantee the following rights, which can be exercised at any time free of charge:
Right of access | Receive a copy of personal information. |
Right of rectification | Request correction of errors. |
Right of cancellation/suppression (right to be forgotten): | Request deletion of information. |
Right of limitation | Request restriction of processing. |
Right of opposition | Object to processing (e.g., for marketing). |
Right of portability | Receive information in a structured format or transmit it to a third party. |
Automated individual decisions: | Right not to be subject to decisions based solely on automated processing. |
To exercise these rights, write to: privacy@lamarohotel.com attaching proof of identity.
You must attach to your request information about what you need exactly and, in any case, proof of your identity.
Data Protection Control Authority
If you wish to file a complaint, the maximum authority in Spain is the Spanish Data Protection Agency (AEPD).Website:
https://www.aepd.es/es - Tel: 91 266 35 17.
Changes to this privacy policy
Hotel Lamaro reserves the right to modify this policy to adapt it to legislative changes.
Last updated November 2025