IDENTIFICATION DATA OF THE PERSON IN CHARGE OF THE TREATMENT
Data controller: Marta María Santalla Castro
NIF: 76412388V
Social address: A Garita S/N, 15565, As Somozas, A Coruña
Telephone: 677837656
E-mail: [email protected]
Activity: rural lodging

INFORMATION TO USERS OF THE WEBSITE AND CONSENT
In accordance with the provisions of the European Data Protection Regulation (EU) 2016/679 and the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, with the acceptance of this privacy policy the user expresses their express, free, informed and unequivocal consent for the personal data that could be provided through the contact channels and forms provided on the website to be incorporated into the files of the company. The data controller informs the interested parties that, as established by the applicable regulations in force, the corresponding technical and organizational security measures have been applied to the personal data processing activities carried out, which have been implemented after the relevant risk analysis has been performed.

wHAT PERSONAL DATA IS COLLECTED ON THE WEBSITE?
Through the website we collect user identification data in order to contact and manage queries and / or requests for information or related to the provision of services developed.
The personal data collected will be treated with the following bases of legitimacy:

• The user's consent in relation to contact, the management of appointment requests, the sending of CVs and the sending of commercial or advertising communications, via mail, cookies or messaging systems
• The execution of a contract or service agreement with Marta María Santalla Castro to enable the development and management of the requested services
  

wHAT IS THE PURPOSE FOR WHICH WE TREAT THE PERSONAL DATA COLLECTED?
The personal data collected by the data controller through the means of contact provided on the website will be processed for specific purposes in each case and in accordance with the following:

- Contact form: there is a generic contact form for queries, suggestions, requests for information or appointments or for professional contact. In this case, e-mail will be used in order to respond to the requests received and send the information requested by the user through the web.

- Booking form: the data collected through the checkout or booking form on the website will be used to:

• Manage the completion of the reservations requested by the user.
• Send confirmation or documentation of the reservation made.
• Processing and response to possible requests for information that may be made by the user
  

hOW LONG WILL WE KEEP THE PERSONAL DATA COLLECTED?
The personal data provided to the data controller will be kept at least and in general while the service provision relationship is maintained and/or the data is needed for the development of the activities of the owner and the execution of the health and therapeutic services requested, or for the development of personnel selection processes, and as long as the deletion of the data is not requested or the consent of the interested parties is not revoked.
With respect to the personal data provided by the interested parties, the specific statute of limitations provided in each case shall apply, with a generic term of 5 years for personal actions without special term, 6 years for invoices and company accounting books and 10 years in relation to the provisions of the Law for the Prevention of Money Laundering and Financing of Terrorism (art.25). A limitation period of 5 years will be applied with respect to the health data provided and in accordance with the provisions of the Patient Autonomy Law.

wHAT IS THE LEGAL BASIS THAT ALLOWS US TO PROCESS THE DATA COLLECTED?
The legal basis of legitimacy that allows us to process the personal data collected through the website is based, with regard to the sending of contact forms with requests for information or appointments, or the sending of CVs, on the express and informed consent of the data subject or his representative collected and granted in accordance with the conditions indicated in art. 7 of the European Data Protection Regulation, according to which data subjects have the right to withdraw this consent at any time. The responsible informs that the data requested through the web forms will be those strictly necessary to meet the specific query or request made by the interested party.

wHAT ARE THE RIGHTS THAT CAN BE EXERCISED BY THOSE WHO PROVIDE US WITH THEIR DATA?
In accordance with the provisions of the European Data Protection Regulation (EU) 2016/679 and the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, interested parties shall have the right to obtain confirmation as to whether or not personal data concerning them are being processed, as well as to exercise the recognized rights over their data.
Data subjects shall have the right to:

• Request access to personal data concerning him/her
• Request the rectification or deletion of their data
• Request the cancellation of the data
• Request the restriction of data processing
• Oppose the processing of data
• Request data portability
  

In the event that the data subject has given consent for a specific purpose, he/she will have the right to withdraw the consent previously given at any time, without affecting the lawfulness of the processing based on the consent given prior to its withdrawal.
If the interested parties consider that we have not processed their personal data in accordance with the reference regulations indicated, and if they understand that we have not satisfied their request to exercise their rights, they may, if they so wish, file a complaint with the Spanish Data Protection Agency as the national supervisory authority at the organization's address at Calle Jorge Juan, 6 - 28001 - Madrid or in the contact channels indicated on the institution's website (www.aepd.es), including the electronic headquarters.
For the exercise of all the aforementioned rights, the interested parties may contact the contact addresses indicated above to request the application form provided by the responsible for this purpose in compliance with its legal obligations, form that the interested party must accompany when submitted or sent a copy of your ID card or equivalent document proving their identity and that of their representative if applicable.
The exercise of the rights will be free of charge, and the request may be delivered by hand, or sent by mail or e-mail to the contact addresses indicated.
The data controller informs data subjects that it has established and implemented specific protocols and measures for compliance with the data protection regulations of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.

tO WHICH RECIPIENTS COULD YOUR DATA BE COMMUNICATED?
The personal data provided by users will only be processed in general by the person responsible for the activity and by the company's own labor staff and authorized freelance collaborators that may have been hired.
Some of the tools used by the website to manage data have been contracted to third parties for the provision of services developed by them and that are necessary for the activity of the responsible.
Occasionally, the development or maintenance company of the website itself or the hosting company may have access to the website, with which in any case the corresponding service provision contract has been formalized, which obliges them to maintain the appropriate level of privacy.
In any case, in general, data will only be transferred to third parties in cases of legal obligation, such as transfers made to Public Authorities and Administrations, or when necessary to enable the development of the services of the data controller and/or the services contracted to external suppliers, including banks, financial institutions, mutual and insurance companies, and data processors, and always in this case within the framework provided in the data processor contract formalized between the data controller and the contracted data processors. The data controller undertakes in any case to inform the data subjects about the need for extraordinary transfers of data to third parties to manage the provision of services so that the data subjects can express their consent to the transfer of data as a prerequisite for the transfer to be carried out.
In the case of international data transfers derived from the use of tools or service providers, they will be carried out under the protection of the international conventions and agreements in force at any given time, which guarantee that North American software companies and those from countries outside the EU comply with European data protection policies in terms of privacy, secrecy and data security.

DATA SECRECY AND SECURITY
Marta María Santalla Castro is committed to the proper use and treatment of the personal data of users, respecting their confidentiality, and to use them in accordance with the purpose of such treatment, as well as to comply with its obligation to save the data and to adapt all the measures in place to prevent alteration, loss, treatment or unauthorized access, and in accordance with the provisions of the data protection regulations in force.
This website includes an SSL certificate, a security protocol that makes your data travel in an integral and secure way, that is, the transmission of data between a server and a user of the web, and in feedback, is fully encrypted or encrypted.
The responsible cannot guarantee the absolute impregnability of the Internet network and therefore the violation of the data through fraudulent access to them by third parties.
Regarding the confidentiality of data processing, Marta María Santalla Castro will ensure that any person who is authorized to process the data of data subjects and/or users, including staff, collaborators and suppliers, is under the corresponding obligation of confidentiality, whether legal or contractual.
When a security incident occurs, once Marta María Santalla Castro becomes aware of it, she will notify the data subject without undue delay and provide the appropriate information related to the security incident and in any case provided that the data subject requests it in a reasonable manner.

ACCURACY AND VERACITY OF THE DATA
The user is solely responsible for the accuracy and correctness of the personal data submitted or sent through www.casaruralsanandresdeteixido.com, exonerating Marta María Santalla Castro of any responsibility in this regard. Users guarantee and respond, in any case, the accuracy, validity and authenticity of the personal data provided, and undertake to keep them updated. The user agrees to provide complete and correct information in the contact form.

CHANGES IN THE PRIVACY POLICY
Marta María Santalla Castro reserves the right to modify this privacy policy to adapt it to new legislation or jurisprudence, as well as industry practices. In these cases, the changes will be announced on the website with due notice before their implementation.

Privacy Policy updated as of August 20, 2022