Confidentiality and security are core values of Casa Rural El Tenado and we therefore undertake to ensure the User’s privacy at all times and not to gather any unnecessary information.
This policy has been designed to explain the information we collect, how and why we collect it, and when it is used. The personal data requested is necessary in order to manage your requests and/or provide you with the services that you can contract.
All the fields that appear on ours forms will be required to be completed, so the omission of any of them may lead to it being impossible for us to meet your request, unless the form itself has fields of voluntary completion. Therefore, if this data is not made available to us, we will not be able to attend to you correctly or provide you with the service that you have requested.
By using our website, you’re agreeing to be bound by this Policy. Please be sure to read this notice carefully.
Who is responsible for processing your data?
As of May 25, 2018, in the European Union the processing of personal data is governed by the General Data Protection Regulation (GDPR). We endeavour to treat everyone’s data in the same secure manner, wherever you are from.
- Party Responsible: María Soledad Bernal Montero (DNI 53103431L)
- Address: Hernán Cortés, 10, 10291 La Aldea del Obispo (Cáceres) (ES)
- Email: casarural[@]eltenado.com
- Activity:Rural Tourism Accommodation. License CR-CC-144.
What information we collect
Personal information means information that can be used to identify and contact you. You do not need to submit personal information to access our website.
We collect information such as your name, contact details, passport details, travel preferences and special needs/dietary requirements that you supply us or is supplied to us, about you and other persons on your booking. We may also keep a record of: the date that you contacted us and how you first found us, booking-related emails and correspondence, tour feedback forms, and details of any previous bookings with us.
By submitting personal information through our website, you authorize to share this personal information for the purposes identified herein, such as responding to user inquiries, processing reservations, etc.
By providing this information to us we will assume that you have given your consent to the collection of such personal information.
How we collect your data
We collect your information when you request from us more details about our services, contact us by email or phone (and vice versa), use our website, connect with us via social media and any other interaction we have with you. We will update your information whenever we can to keep it current, accurate and complete. When you fill out a website form, email us, all the data is collected securely in our database.
You can choose not to provide certain information, but then you might not be able to take advantage of many of our features.
How we use the information we collect
- Purpose: to provide a means for you to contact us and for us to answer your requests for information, and to send you information about our products, services and activities, including by electronic means (email, SMS, WhatsApp), if you check the acceptance box.
- Legal basis: the consent given by the users when they request information through our contact form, and when they check the acceptance box for sending information.
- Storage: once your request has been resolved by means of our form or answered by email, if no new processing has been generated, and if you have agreed to receive commercial mail, until you request cancellation of this.
Sending of Emails
- Purpose: to reply to your requests for information, attend to other requests and reply to your enquiries or doubts.
- Legal basis: the consent given by the users when they request information through the email address.
- Storage: once your request has been answered by email, if no new processing has been generated.
Forms for contracting services
- Purpose: to register you as a client and manage your reservations.
- Legal basis: the consent given by the users when they register through our registration form, and when they check the acceptance box for information to be sent to them.
- Storage: until the users request cancellation of their registration or subsequently during the legally established periods.
- Purpose: register as a user, manage your request to send invoices for our services.
- Legal basis: the user’s consent when making the request through the form and by checking the acceptance box for sending information.
- Storage: until the interested party revokes the consent and requests the withdrawal of the service and during the legally required periods.
Information such as health may be viewed as “sensitive personal data” under the Data Protection Act 1998. We collect it to provide you with our services, cater to your requirements or act in your interest, and we are only willing to accept sensitive personal data on the provision that we have your positive consent. By booking with us you also agree for your insurers, their agents and medical staff to exchange relevant information and sensitive personal data with us in situations where we/they need to act on your behalf or in the interest of passengers or in an emergency.
If you do not agree to our use of your information as described above, we cannot accept your booking.
How long do we keep your data
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected or the law requires. The time period for which we keep data depends on the data type. Most of our data is retained for 3 years. Legally, some financial information must be kept on our files for 6 years. Data is not kept on our systems for longer than is needed, and is periodically reviewed and removed.
We have made every effort to ensure your data is stored and processed securely.
Recipients of your data
Your data is confidential and will not be assigned to third parties, unless this is required in order to manage the services contracted or there is a legal obligation to do so. We never sell or rent data to third parties.
We use the information that is provided to us only for the reason it was gathered. We may use your information to process your enquiry, ask for feedback on our services, or notify you of changes to your booking.
We only permit suppliers to process your personal data for specified purposes and in accordance with our instructions.
The following are some examples of how we may share or disclose your Personal Information.
Sharing with third parties
If you email us a question, we may use your email address to process your request and respond to your question.
Legal Process. We may disclose your personal information to legal or government regulatory authorities in response to their requests for such information.
To selected third-parties including:
Service providers who help us maintain our website and provide other administrative services to us. Including, but not limited to, reservation processing and fulfilment, providing customer service, sending customer communications on our behalf.
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, analysis and other services for us, which may require them to access information about you.
Because such third-party service providers help us administer our website they will have access to users’ Personal Information, if you do not wish for our third-party service providers to have access to your information, please do not register or submit any Personal Information to us.
If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, and we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.
This website only uses technical, personalisation and analysis, first and third party cookies (Google Analytics), which in no case process personal data or gather browsing habits for advertising purposes.
Therefore, when you access our website, in compliance with article 22 of the Law on Information Society Services, and since analysis cookies are used, we have requested your authorisation to use them and provided information about them. At all events, they will be installed after a reasonable period of time, so the user has time to decide whether or not to authorise them.
+ Info: Cookies Policy.
Although our website and communications may contain links to other websites, we are not the owners of these sites, and therefore are not responsible for the privacy practices of such other sites.
Embedded content from other Web sites
Items on this site may include embedded content (e.g., videos, images, articles, etc.). The embedded content of other Web sites behaves exactly the same way as if the visitor had visited the other website.
Protection of your personal data
We have taken all security measures, including encryption and authentication tools, to protect personal data in accordance with the content of the provisions of the GDPR, and has established all the technical means at its disposal to prevent loss, misuse, alteration, unauthorised access and theft of data that you provide.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Our policy towards children
The supply of personal data requires a minimum age of 14, or where applicable, having sufficient legal capacity to enter into an agreement.
We do not knowingly or intentionally collect information from children under 14 years of age. If you are under 14, you can not use our forms, or provide any personal information about you. If you are 14 years old, we recommend that you obtain the consent of your parents or guardians before providing us with your information. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.
Under the GDPR, you have the right to view, edit or request the removal of your personal data. Any person can withdraw their consent at any time.
- Please let us know in writing if you like to see the personal data we hold about you, as you are entitled to a copy of this information and to correct any inaccuracies. We will supply this information within a maximum of 30 days of receiving your request.
- You also have the “Right to be Forgotten”, and as soon as properly notified by you, we will remove all your information from our records.
Where and how to request your rights
By means of a written statement addressed to the person responsible, either by post or email, indicating the reference “Personal Data”, and specifying the right you wish to exercise and in relation to which personal data.
Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to provide you with a full service.
If you are unhappy with how we deal with your Personal Information (and you are based in the EU), you have the right to complain to the relevant Supervisory Body within the EU.
Including in both cases photocopy of your identification document.
Updating your data
It is important for us to keep your personal data up to date and that you inform us of any changes, as otherwise we cannot be held liable for its accuracy.
You will be solely responsible for any false or inaccurate statements that you make and for the damages caused to us or to third parties.
Last updated October 25, 2019