Privacy

Privacy policy

Privacy policy of RIMC Camp de Mar Hotelmanagement S.L.

We are pleased that you are visiting our website and thank you for your interest in our hotel. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

In the following, RIMC Camp de Mar Hotelmanagement S.L. (hereinafter referred to as "we", "us", etc.) would like to inform the public about the type, scope and purpose of the personal data it processes. Furthermore, data subjects are informed of their rights by means of this privacy policy.

Right to withdraw any consent you may have given for data processing

If the data processing is based on Art. 6 para. 1 lit. a GDPR, i.e. your express consent, you have the right to withdraw this consent at any time (pursuant to Art. 7 para. 3 sentence 1 GDPR). The respective legal basis on which processing is based can be found in this privacy policy.

The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation (pursuant to Art. 7 para. 3 sentence 2 GDPR).

Right to object to the collection of data in special cases and to direct advertising

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Definitions

Our data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this privacy policy and on our website:

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "person concerned"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Rights of the data subject

As a data subject affected by the processing of your data, you can assert certain rights against us in accordance with the GDPR and other relevant data protection regulations. Under the GDPR, you have the following rights in particular as a data subject:

Right to information

You can request information from us at any time about the data we hold about you. This information concerns, among other things, the categories of data processed by us, the purposes for which we process them, the origin of the data if we have not collected them directly from you and, if applicable, the recipients to whom we have transmitted your data. You can receive a copy of your data from us free of charge. If you are interested in further copies, we reserve the right to charge you for the additional copies.

Right to rectification

You can ask us to correct your data. We will take reasonable steps to keep the information we hold and process about you accurate, complete and up to date, based on the most current information available to us.

Right to erasure

You can request that we erase your data if the legal requirements for this are met. According to Art. 17 GDPR, this may be the case if:

the data are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw your consent, which is the basis for the data processing, and there is no other legal basis for the processing.
you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes;
the data has been processed unlawfully
unless the processing is necessary,
to ensure compliance with a legal obligation that requires us to process your data; in particular with regard to statutory retention periods;
to assert, exercise or defend legal claims.

Right to restriction of processing

You can request that we restrict the processing of your data if:

you contest the accuracy of the data, for the period of time we need to verify the accuracy of the data;
the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead;
we no longer need your data, but you need it to assert, exercise or defend legal claims;
you have objected to processing pending the verification whether our legitimate grounds override yours.

Right to data portability

At your request, we will transfer your data - insofar as this is technically possible - to another controller. However, you are only entitled to this right if the data processing is based on your consent or is necessary to perform a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another controller specified by you.

Right to object

You can object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for the processing which override your interests or if we need your data for the establishment, exercise or defense of legal claims.

Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union or other provisions of a data protection nature.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Routine deletion and blocking of personal data

The controller shall process (in this sense also: store) personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example by e-mail, to the controller. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller.

Security

We take numerous technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure or access.

Nevertheless, internet-based data transmissions, for example, can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line.

If encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of general data and information

Our website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. It can be recorded:

the browser types and versions used
the operating system used by the accessing system
the website from which an accessing system arrives at our website (so-called referrer)
the sub-websites which are accessed via an accessing system on our website
the date and time of access to the website
a web protocol address (IP address)
the Internet service provider of the accessing system
other similar data and information that serve to avert danger in the event of attacks on our information technology systems

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to

to deliver the contents of our website correctly
to optimize the content of our website and, if applicable, the advertising for it
to ensure the permanent functionality of our information technology systems and the technology of our website
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Data transfer from forms

The data subject has the option of registering on the controller's website by entering personal data for data transmission via forms. Which personal data is transmitted to the controller is determined by the respective input mask used for the entries. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. Data transmission from forms is always encrypted.

The controller may arrange for the personal data to be passed on to one or more processors (e.g. a parcel service provider), who will also use the personal data exclusively for internal purposes attributable to the controller.

When data is transmitted on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of the transmission are also stored. This data is stored against the background that this is the only way to prevent misuse of the services offered and, if necessary, to enable criminal offenses and copyright infringements to be investigated. In this respect, the storage of this data is necessary to safeguard the controller. This data will not be passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal or legal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users.

Booking system OnePageBooking

We use the OnePageBooking service of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online room reservations. Click on the corresponding button to open a browser window which will redirect you to the OnePageBooking website.

If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your booking. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. The data is entered into an input mask and transmitted to us and stored.

Data will also be passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers - depending on the payment method selected.

The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between us and HotelNetSolutions GmbH.

The mandatory data collected is required to fulfill the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your inquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offenses.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after the contract has been executed, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after the last contract has been executed.

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to the voluntary data, you can declare your revocation to the controller at any time. In this case, the voluntary data will be deleted immediately.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

Newsletter dispatch with Smart Host

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

This website uses the services of "Smart Host" to send newsletters. The provider is Smart Host GmbH, Am Kupfergraben 6A, 10117 Berlin.

Smart Host is a service that can be used to organize and analyze the sending of newsletters, among other things. When you open an email sent with Smart Host, a file contained in the email (known as a web beacon) connects to the Smart Host servers. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). This information is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by Smart Host, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of Smart Host after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

We have concluded an order processing contract with Smart Host in accordance with Art. 28 para. 3 GDPR. In this contract, we oblige this service provider to protect our customers' data and not to pass it on to third parties.

Further information on data protection at Smart Host can be found in their privacy policy at: https://www.smart-host.com/de/datenschutzerklaerung

Links to other websites

This website contains links to other websites (so-called external links).

As a provider, we are responsible for our own content in accordance with the applicable European and national legislation. Links to content provided by other providers are to be distinguished from our own content. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions. Please refer to the data protection declarations provided on the respective websites.

Cookies

We use cookies to make our website user-friendly for you and to optimize it to your needs. Cookies are small text files that are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) as soon as you visit a website.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified via the unique cookie ID. This information is used to automatically recognize you when you visit the website again with the same end device and to make navigation easier for you.

You can also consent to or reject cookies - including for web tracking - via the settings of your web browser. You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. via "Delete browser data"). This is possible in all common web browsers. You can find further information on this in the operating instructions or in the settings of your browser.

First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word "party" refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A issues a cookie A, which is not recognized by website B, but can only be recognized by website A. This means that data cannot be passed on to third parties.

Third-party cookies: With a third-party cookie, the cookie is set and collected by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about the website visitor via their advertisements on other websites. These are data records that are stored in the user's web browser when they visit a page with advertising. If they visit a page with advertising from the same provider again, they will be recognized.

Further distinguishing features:

Transient cookies: Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies: Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

Cookiebot

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, DK (hereinafter referred to as "Cookiebot") is loaded on our website. Cookiebot enables us to provide you with accurate and transparent information about the use of cookies on our website. You receive an up-to-date and data protection-compliant cookie notice and decide for yourself which cookies you wish to allow.

For this purpose, Cookiebot shows you a list of cookies organized by function group when you first visit. Here you can activate the cookies by clicking on the corresponding box. Please note that the technical cookies are already stored when you access the website and the relevant box is preset. If you deselect technical cookies, the use of the website or individual functions on the website may be restricted or even impossible.

If you allow cookies, the following data will be transmitted to Cybot:

IP address (in anonymized form, the last 3 digits are set to 0)
Date and time of your consent
our website URL
Technical browser data
Encrypted, anonymous key
the cookies you have allowed (as proof of consent)

The legal basis for the use of Cookiebot arises from our legitimate interest in functional cookie management and is therefore in accordance with Art. 6 para. 1 lit. f GDPR. A further legal basis arises from the fulfillment of data protection requirements in connection with cookies requiring consent (e.g. also through the "cookie ruling" of the European Court of Justice) and is therefore carried out in accordance with Art. 6 para. 1 lit. c GDPR.

If you have consented to the setting of cookies when visiting this website, you can revoke your consent by calling up Cookiebot (see below) and deselecting the relevant cookie category. In addition to the revocation option via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent the processing of data through browser plug-ins. An additional option for controlling the use of cookies is to make the appropriate settings in most browsers.

For more information about "Cookiebot" and the company behind it, Cybot, please refer to the privacy policy at https://www.cookiebot.com/de/privacy-policy/

Google Analytics 4

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of processing

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be

Page views
First visit to the website
Start of the session
Websites visited
Your "click path", interaction with the website
Scrolls (whenever a user scrolls to the end of the page (90%))
Clicks on external links
internal search queries
Interaction with videos
File downloads
Viewed / clicked ads
Language setting

Also recorded:

Your approximate location (region)
Date and time of the visit
Your IP address (in abbreviated form)
technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
Your Internet provider
the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Receiver

Recipients of the data are/may be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

Storage duration

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.

Revocation

You can withdraw your consent at any time with effect for the future by accessing the cookie settings at the bottom left of the screen and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of your consent until you withdraw it.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link.

do not give your consent to the setting of the cookie or
download and install the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Google Ads with extended conversions

On our website, we use the remarketing and conversion tracking function of Google Ads, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as "Google").

The remarketing function is used to present interest-based advertisements to website visitors within the Google advertising network. The conversion tracking function in turn enables us to measure how effective the ads we place and which are clicked on by website visitors are.

When Google Ads is used, the following data is collected and transmitted to Google in the USA: Data on the device and browser (host name, browser type, referrer, language), IP address and the respective user interaction on our website as well as on other websites on which our ads are placed (e.g. which page a user visits or which ads a user clicks on). In addition, a cookie is used to assign a random, pseudonymous ID to a user, to which the aforementioned information is assigned.

We also use conversion tracking as part of the Google Ads service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 (our setting at Google) or a maximum of 90 days (according to Google itself), do not contain any personal data and are therefore not used for personal identification. The information collected with the help of the conversion cookie is used to create conversion statistics.

We have set up Enhanced Conversions for this purpose.

Enhanced Conversions is a feature that can improve the accuracy of conversion tracking while protecting user privacy by supplementing existing conversion tags with the hashed first-party conversion data from the website. Hashing the first-party data before sending it to Google Ads ensures privacy by converting personal information such as (here: email address) into a hashed / pseudonymized (SHA256) string.

The legal basis for the use of Google Ads is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Google bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

You can prevent the installation of these cookies by refusing your consent to the storage of these cookies when you enter the website, deleting existing cookies or deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com"(https://www.google.de/settings/ads ). Please note that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Information on data protection at Google Ads can be found at: https://ads.google.com/intl/de_de/home/ads-experts-support/

DialogShift chat application on our website

Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes (and in this sense also: stores) data for the purpose of web analysis, to operate the chat application and to respond to inquiries.

To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognize you as a customer.

A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognizes the device and can call up past chat logs. This cookie is stored for 90 days since it was last used. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies.

The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data will be deleted after 90 days.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in effective customer support, for statistical analysis of user behavior and for optimization purposes of our offers.

DialogShift offers further information on the processing (in this sense also collection and use) of data as well as on your rights and options for protecting your privacy at https://www.dialogshift.com/datenschutz.

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, "X" etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Facebook"). According to Facebook, the data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Facebook on joint processing (Controller Addendum).

This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

https://www.facebook.com/settings?tab=ads

Details can be found in Facebook's privacy policy: https://www.facebook.com/privacy/center/

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Name and address of the person responsible:

The controller within the meaning of the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:

RIMC Camp de Mar Hotelmanagement S.L.

Calle Taula 2

ES - 07160 Camp de Mar

Phone: +34 (0) 971 13 65 65

Fax: +34 (0) 971 13 60 70

E-mail: reservations.campdemar@steigenberger.com

Managing Director: Marek N. Riegger

Camp de Mar, January 2025

Changes to the privacy policy

We reserve the right to change our data protection practices and this privacy policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.

Camp de Mar Mallorca

1 Steigenberger Hotel & Resort Camp de Mar

1 Airport - Palma de Mallorca

2 Steigenberger Hotel & Resort Camp de Mar

Privacy

Privacy policy

HOTEL

SPORT

SPA

MEETINGS