1. DATA CONTROLLER

In accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and current data protection legislation, users are hereby informed that the personal data they provide will be processed by:

Company name: UNICO LUCES SL

Company registration number: B88118138

Registered office: Pg. de Gràcia, 112, 3rd floor, 08008 Barcelona (Spain)

Contact email: unicoadmin@unicohotels.com

The data controller undertakes to process personal data in a lawful, fair, transparent, appropriate and relevant manner, and to limit such processing to what is necessary in relation to the purposes for which the data is collected.

2. PURPOSES OF THE PROCESSING

Personal data will be processed for the following purposes:

• Reservation management and the provision of hotel services, including the booking, amendment and cancellation of reservations, as well as guest services during their stay.
• Administrative, accounting and tax management, including invoicing, collections and compliance with legal obligations.
• Handling of requests for information, enquiries or communications submitted by users via the various available channels.
• Compliance with legal obligations, particularly those arising from public safety regulations (registration of travellers), tourism regulations and tax regulations.
• Sending our own marketing communications relating to services similar to those contracted, based on legitimate interest or consent where necessary.

Under no circumstances will the data be used for purposes incompatible with those described.

3. LEGAL BASIS FOR PROCESSING

The legal bases justifying the processing of data are:

• Performance of a contract: where processing is necessary for the provision of accommodation or booking management services.
• Compliance with legal obligations: where processing is necessary to comply with applicable regulations (passenger records, tax obligations, etc.).
• Legitimate interest of the data controller: for the sending of marketing communications to existing customers, in accordance with Article 21(2) of the LSSI-CE, whilst always guaranteeing the right to object.
• Consent of the data subject: for sending marketing communications to non-customers, as well as for the use of non-essential cookies.

4. DATA RETENTION PERIOD

Personal data will be retained for as long as is necessary to fulfil the purposes for which it was collected and, thereafter, for the periods required by the applicable regulations.

In particular:

• Customer data: during the term of the contract and thereafter for the statutory periods applicable to tax and accounting matters.
• Data for commercial purposes: until the user withdraws their consent or objects to the processing.

Once these periods have expired, the data will be duly blocked and subsequently deleted.

5. RECIPIENTS OF THE DATA

Personal data may be disclosed to:

• Public authorities, where necessary to comply with legal obligations.
• Law enforcement agencies, in accordance with regulations governing the registration of passengers.
• Service providers acting as data processors (booking platforms, hotel management systems, technology services, payment gateways), with whom the relevant contracts have been entered into in accordance with Article 28 of the GDPR.

No data will be disclosed to third parties for their own purposes without the data subject’s prior consent.

6. INTERNATIONAL DATA TRANSFERS

Where suppliers located outside the European Economic Area are used (for example, technology services such as Google or Meta), the data controller shall ensure that such transfers are carried out in accordance with current legislation by:

• Standard Contractual Clauses approved by the European Commission
• Adaptation decisions or other legally valid mechanisms

7. RIGHTS OF DATA SUBJECTS

Users may exercise their rights at any time to:

• Access
• Correction
• Deletion
• Opposition
• Restriction of processing
• Data portability

To do so, please send a written request, together with a copy of your ID, to the following email address: unicoadmin@unicohotels.com

You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you believe that the processing of your data does not comply with current legislation.

8. SAFETY MEASURES

The data controller has implemented the necessary technical and organisational measures to ensure a level of security appropriate to the risk, thereby preventing the unauthorised alteration, loss, processing or access to personal data.

9. DATA RELATING TO MINORS

The services are not specifically aimed at minors. Should data be collected from children under the age of 14, the consent of their legal guardians will be required.

10. POLICY UPDATE

The data controller reserves the right to amend this privacy policy to bring it into line with new legislation or changes to its data processing practices.

Users are advised to check it regularly.