Privacy Policy

1. DATA CONTROLLER

In compliance with the provisions of Regulation (EU) 2016/679 (GDPR) and current data protection regulations, users are informed that the personal data they provide will be processed by:
Owner: FINCA GAYETA, S.L.
Tax ID: B87639761
Registered office: Pg. de Gràcia, 112, 3º, 08008 Barcelona (Spain)
Contact email: unicoadmin@unicohotels.com
The controller undertakes to process personal data lawfully, fairly, transparently, appropriately, relevantly and limited to what is necessary in relation to the purposes for which they are collected.

2. PURPOSES OF PROCESSING

Personal data will be processed for the following purposes:
• Management of reservations and provision of hotel services, including booking, modification and cancellation of reservations, as well as assistance during the stay.
• Administrative, accounting and tax management, including invoicing, payments and compliance with legal obligations.
• Handling requests for information, queries or communications made by the user through the available channels.
• Compliance with legal obligations, especially those arising from public security regulations (guest registration), tourism regulations and tax regulations.
• Sending of own commercial communications related to services similar to those contracted, based on legitimate interest or consent where required.
Under no circumstances will data be used for purposes incompatible with those described.

3. LEGAL BASIS FOR PROCESSING

The legal bases legitimizing the processing of data are:
• Performance of a contract: when processing is necessary for the provision of accommodation services or reservation management.
• Compliance with legal obligations: when processing is necessary to comply with applicable regulations (guest registration, tax obligations, etc.).
• Legitimate interest of the controller: for sending commercial communications to existing customers, in accordance with Article 21.2 of the LSSI-CE, always guaranteeing the right to object.
• Consent of the data subject: for sending commercial communications to non-customers, as well as for the installation of non-essential cookies.

4. DATA RETENTION PERIOD

Personal data will be retained for the time necessary to fulfill the purposes for which they were collected and, subsequently, for the periods required by applicable regulations.
In particular:
• Customer data: during the contractual relationship and subsequently during the legal retention periods in tax and accounting matters.
• Data for commercial purposes: until the user withdraws consent or objects to the processing.
Once these periods have ended, the data will be duly blocked and subsequently deleted.

5. DATA RECIPIENTS

Personal data may be communicated to:
• Public administrations, when necessary for compliance with legal obligations.
• Law enforcement authorities, in compliance with guest registration regulations.
• Service providers acting as data processors (booking platforms, hotel management systems, technological services, payment gateways), with whom the corresponding contracts have been formalized in accordance with Article 28 of the GDPR.
No data will be transferred to third parties for their own purposes without the prior consent of the data subject.

6. INTERNATIONAL DATA TRANSFERS

In the event of using providers located outside the European Economic Area (for example, technological services such as Google or Meta), the controller will ensure that such transfers are carried out in accordance with applicable regulations through:
• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions or other legally valid mechanisms

7. DATA SUBJECT RIGHTS

Users may exercise at any time their rights of:
• Access
• Rectification
• Erasure
• Objection
• Restriction of processing
• Data portability
To do so, they may send a written request together with a copy of their identity document to the email: unicoadmin@unicohotels.com
They also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that the processing does not comply with current regulations.

8. SECURITY MEASURES

The controller has adopted the necessary technical and organizational measures to ensure a level of security appropriate to the risk, preventing alteration, loss, unauthorized processing or access to personal data.

9. DATA OF MINORS

The services are not specifically directed at minors. If data of children under 14 years of age are collected, the consent of their legal representatives will be required.

10. POLICY UPDATE

The controller reserves the right to modify this privacy policy in order to adapt it to legislative developments or changes in its processing activities.
Users are advised to review it periodically.