Privacy Policy
Instituto Hotel Lamaro SA (hereinafter, Hotel Lamaro) as the Data Controller and of this website, in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection Regulation and Organic Law 3/2018, of December 5, on Personal Data Protection and the guarantee of digital rights, provides you with this privacy policy in order to inform you, in detail, about how we process your personal data and protect your privacy and the information you provide to us.
In this privacy policy, we explain what your rights are regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent authority in data protection matters, we provide you with the contact information.
We, the data controllers of your data
Identity: Hotel Lamaro SA
NIF: A-08010043
Address: Av. Catedral, 7, 08002, Barcelona
Email: privacy@lamarohotel.com
What type of information about you could we collect?
The personal data we collect from users, clients, and patients can be grouped according to the following categories:
- Basic and contact data: such as name, surname, billing address, email, and phone number.
- Financial and economic data: this group includes payment, refund, and reimbursement details, as well as commercial transactions carried out with us. Including identity verification data for the acceptance of payments and the relevant financial checks to carry out commercial transactions.
- Professional and employment data: this category encompasses your professional interests and your professional identity published online. For example, your LinkedIn profile.
- Technical data: including IP address, registration data, browser and version used, time zone and time zone usage, type of plugins installed in your browser, operating system, and other technology used during access to our platform.
- Browsing data: includes information related to your browsing mode when visiting our platform.
- Marketing and communication preferences: we collect your preferences for receiving commercial communications and our news, the consents granted for this, and your chosen channel.
- Images captured by video surveillance cameras: this includes the images that may be captured by video surveillance cameras in the hotel.
How do we collect your personal data?
As a general rule, most of your personal information is provided to us directly by you, either in person at the hotel, by phone, email, web forms, or by responding to surveys. However, we can also obtain information from:
- Third parties linked to us, such as, for example:
- From a third party that has previously obtained your explicit consent for this,
- From the cookies we enable on our website – For expanded information on the use of our cookies, you can visit our cookie policy.
- From our access systems to the facilities, when applicable. For example, entry and reception logs, timekeeping systems in the case of employees, video surveillance cameras, communication and instant messaging systems, email or social networks.
What may happen if you do not provide us with your personal information?
In those cases where the regulations require us to collect certain personal data, or when such data is essential to formalize and execute a contract with you, the failure to provide this information will prevent the provision of the service.
In the event that, for this reason, it is necessary to cancel a reservation or provision of service, we will notify you in advance and justified.
For what purpose do we process your personal information?
We attach a detailed table with the purpose for which we collect your data and the legal basis that legitimizes us to do so.
Purpose of processing | Legal basis |
Provide our services, reservations, accept payments and due charges | (1) Contractual execution (2) Legitimate interest |
Register as a web user or new client | (1) Express consent of the data subject (2) Contractual execution |
Manage our relationship with our clients, which includes: (1) Notify of changes in our terms or policies (2) Request responses to surveys or evaluations of our products/services | (1) Contractual execution (2) Compliance with a legal obligation (3) Legitimate interest (to update our records and understand our clients’ opinion about our services) |
Send commercial communications, newsletters, and advertising through any communication channel (unless they have opted out, as indicated online or by sending an email to privacy@lamarohotel.com) | (1) Express consent of the data subject (2) Legitimate interest (if they have not opted out of receiving communications) |
Respond to inquiries and/or provide information requested by the data subject, including sending quotations | (1) Legitimate interest (2) Contractual execution (3) Consent of the data subject (4) Compliance with a legal obligation |
Manage users’ interactions on our social media | (1) Compliance with a legal obligation (for example, to remove offensive, racist, vulgar, or injurious comments; maintain a respectful and inclusive environment; protect minors’ privacy, etc.) (2) Legitimate interest (when we remove third-party advertising from our social media, for example) |
Use analytical data to improve web navigation experience, implement marketing strategies, and optimize hiring processes using cookies. | (1) Legitimate interest (2) Consent of the data subject (e.g., when accepting analytical cookies) |
Administer and protect our business and website. This includes detecting navigation issues, data analysis, web testing, etc. | (1) Compliance with a legal obligation (2) Legitimate interest (business management, securing our networks, fraud prevention, etc.) |
Suggest and recommend products and services that may be of interest | (1) Legitimate interest (to grow our business) |
Provide personal information to authorities or by judicial request | Compliance with a legal obligation |
Enhance security of our physical facilities (CCTV/video surveillance, access control) | Legitimate interest and interest of third parties (e.g., to detect harmful acts toward employees or clients) |
Update and improve our client records | (1) Compliance with a legal obligation (2) Contractual execution (3) Legitimate interest (to ensure we can remain in contact with our clients regarding their subscriptions or acquired services) |
Ensure workplace safety, personnel administration, and employability of candidates | (1) Compliance with a legal obligation (2) Legitimate interest for our business and third parties (to improve employees’ experience in performing their duties) |
Resolve claims, incidents, or inquiries through authorized channels (email, phone, instant messaging – WhatsApp –) | (1) Consent of the data subject (2) Legitimate interest (3) Legal obligation
|
Provide complaint forms to users requesting them via customer service (contact form, phone, or email) | (1) Compliance with a legal obligation |
Follow the European Commission’s online dispute resolution procedure, particularly via the ODR platform: http://ec.europa.eu/consumers/odr/ Follow user complaints and procedures before Consumer Agencies (record with identification key) | (1) Compliance with a legal obligation |
Who might we share your personal data with?
We may need to share your personal information with:
- Third-party companies that we subcontract or service providers we use to provide our services. For example, payment gateway providers, booking management, etc.
- Third parties we need to manage our business. For example, advertising agencies, lawyers, IT professionals, etc.
- Insurance companies, brokers
- The banking entities we work with.
All suppliers we work with are contractually linked to us. We can ensure that they comply with all necessary security measures to safeguard your personal information, and that they will use your personal data solely for the specified purposes, in accordance with our instructions.
We will also share personal information with law enforcement agencies when the law requires us to do so.
Where do we store your personal information?
All information you provide to us, whether through this website or through other channels, will be stored on Microsoft’s cloud servers. These servers are located within the European Economic Area.
How long will we keep your personal data?
Your data will be retained for as long as the business relationship with us lasts or you exercise your right to cancellation or opposition, or limitation on processing.
Also, if we have not maintained relevant contact with you for a period of two years, we will delete your personal data from our systems, unless the law requires us to keep it (for example, at the request of an authority, or in connection with potential litigation).
We inform you that our data retention policies comply with the deadlines set by the various legal responsibilities for prescription:
- As a general rule:
According to Article 30 of the Commercial Code, and unless other criteria apply, all documents and/or information of the company will be kept for 6 years.
This applies to all accounting, tax, labor, or commercial documentation, including correspondence.
- Specific deadlines:
Our company must also set minimum deadlines based on the type of data and the different prescription periods, which each department must be aware of.
The following table lists the prescription periods that affect or may affect our organization:
Subject | Prescription | Regulation |
Labor, for violations | 3 years | Art. 4.1 RD 5/2000 |
Social Security, for violations | 4 years | Art. 4.2 RD 5/2000 |
Occupational Risk Prevention, for violations | 5 years | Art. 4.3 RD 5/2000 |
Tax, for tax debts | 4 years | Art. 66 Law 58/2003 |
Tax, for checks on compensated quotas or deductions applied | 10 years | Art. 66 bis Law 58/2003 |
Accounting and commercial | 6 years | Art. 30 of the CC |
Crimes against Public Treasury and Social Security | 10 years | Art. 131 LO 10/1995 |
You will not be subject to decisions based on automated processing that produces effects on your data.
Our communications
All personal information that you communicate to us will be incorporated into our information systems. If you accept this privacy policy, it means that you grant Hotel Lamaro your express consent to carry out the following activities and/or actions, unless you indicate otherwise:
- To send you commercial, promotional, and direct marketing communications by any enabled communication means, to inform you about the activities, services, promotions, advertisements, news, offers, and other information regarding the services and products related to us and our group.
- To send communications electronically, provided you have subscribed to our NEWSLETTER and have not unsubscribed.
- The retention of data for the periods specified in the applicable provisions.
How to stop receiving marketing communications (opt-out)?
At any time, you can revoke any express consent you have given us to send you commercial information. To do this, you can request your unsubscribing through the opt-out option when it is enabled on our website, or by sending us an email with the subject “unsubscribe” to privacy@lamarohotel.com
In accordance with the LSSICE, we never engage in SPAM, therefore we will not send you commercial emails unless they have been requested or authorized by you. However, in all our communications, you will have the opportunity to revoke your consent.
We will not process your personal data for any other purposes described except for legal obligations or court requirements.
User responsibility - Declaration of truthfulness
By providing us with your personal information through electronic channels, the user declares that they are over 18 years old and that all data provided to Hotel Lamaro are true, accurate, complete, and updated. For these purposes, the user confirms that they are responsible for the veracity of the data communicated and that they will keep such information duly updated to reflect their real situation, being responsible for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise.
If you send us your resume
In the event that you would like to send us your CV via our email, we inform you that the provided data will be processed to involve you in any selection processes that may exist, carrying out an analysis of your professional profile with the aim of selecting the most suitable candidate for the possible vacancy.
We do not accept resumes sent through other channels (for example, delivered by hand in paper format). In case of any modification in the data, we kindly ask you to communicate it to us in writing as soon as possible, in order to keep your data duly updated.
Resumes will be kept for a maximum period of two years after which they will be securely destroyed and all included data will be deleted. We guarantee total respect for confidentiality. In this regard, after the mentioned period, if you wish to continue participating in possible selection processes, you must resend your resume.
The data may be processed and/or communicated to the companies in our group during the retention time of your resume and for the same purposes previously informed.
How do we keep your information secure?
We take the protection of your data very seriously. For this reason, we guarantee the implementation of appropriate security measures, controls, and procedures of a physical, organizational, and technological nature, to prevent your information from being accidentally lost, misused, or accessed maliciously.
We limit access to your data to authorized persons and entities and ensure that all our staff are properly trained. All individuals involved in the processing of your personal data are subject to the obligation of confidentiality.
Additionally, we apply technical procedures to respond to any suspicion of a possible data security breach. If necessary, we will notify you as well as the control authority (the AEPD in Spain), in accordance with current regulations.
How to exercise your ARCOLP rights?
Both the GDPR and the Spanish transposition law (the LOPDGDD) guarantee you the exercise of the following rights. You can exercise them at any time and always free of charge:
Right of access | The right to receive a copy of your personal information. |
Right to rectification | The right to request the correction of errors in personal information. |
Right to cancellation/deletion (right to be forgotten) | The right to ask us to delete your personal information in certain situations. |
Right to restriction | The right to request the restriction of the processing of your data. |
Right to object | The right to object to: -the processing of your data for direct marketing (including profiling). -in certain circumstances to us continuing to process your data. For example, processing carried out based on our legitimate interest. |
Right to data portability | The right to receive your personal information in a structured form, in a readable format and/or to transfer this data to a third party – in specific situations. |
Automated individual decisions | The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you. |
To exercise any of the mentioned rights, you can write to us with your request at the specifically designated email: privacy@lamarohotel.com
You must attach to your request information about what you need exactly and, in any case, proof of your identity.
The supervisory authority in data protection
We hope to be able to resolve any issues or concerns you may have regarding your personal information. But if you wish to lodge a complaint with the competent authority, you have the right to do so.
In Spain, the highest authority in data protection is the Spanish Data Protection Agency (AEPD).
https://www.aepd.es/es - Tel: 91 266 35 17.
Changes to this privacy policy
Hotel Lamaro reserves the right to modify this policy to adapt it to legislative or jurisprudential developments.
Last updated October 2025