In compliance with the principles of lawfulness and transparency, and to provide the data subjects with the information established by articles 13 and 14 of the General Data Protection Regulation [Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016], we inform you about the features of the data processing carried out under the responsibility of TAOYO, S.L.:
Data processing: (I) Web views. (II) Billing, fiscal and accounting management. (III) Taoyo Suites reservation management. (IV) Support regarding the data subjects’ privacy rights. (V) Cardex. (VI) Sending of newsletters.
Purpose: (I) To meet the requests received through the website. (II) To issue invoices to the customer, prepare official accounting statements and calculations, tax filing and payment, draw up commercial documents, such as balance sheets and reports. (III) To provide the requested accommodation service. (IV) To meet the requests regarding the exercise of the rights related to personal data, as well as security breaches that may affect the data subjects’ rights and freedoms. (V) To communicate the legally established data to the State Security Forces and Bodies. (VI) To send commercial information, if you authorise us to do so.
Legal grounds: (I) Legitimate interest. (II) General Taxation Law 58/2003 of 17 December. (III) Implementation of contractual and pre-contractual measures. (IV) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data. (V) Organic Law 4/2015 of 30 March on Citizen Security, and Order INT/1922/2003 of 4 July. (VI) The data subject’s consent.
Storage period: (I) The period required to meet the requests, and as long as the responsibilities that may arise from them exist. (II) Six years for business purposes, and the period required to meet any responsibilities resulting from tax payment. (III) As long as the provision of the service lasts and during the necessary time period to meet any responsibilities derived from it. (IV) The period required to serve this purpose, and as long as any possible resulting responsibilities last. (V) For the purpose of disclosure to the State Security Forces and Bodies. (VI) As long as the data subject does not unsubscribe from any communications they may receive, and the period required to comply with any possible responsibilities that may result from all data processing mentioned above.
Recipients: (III) Avirato.com (IV) Spanish Data Protection Agency. (V) Data shall only be transferred to third parties when there is a legal obligation to do so—such as a requirement from the State Security Forces and Bodies.
Exercise of rights: You may exercise your rights of access, rectification, erasure, restriction of and objection to the processing, on the terms and conditions laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data, by sending an email to: info@taoyo.org or by sending a written request to Calle Perdomo 8 E Local 5, CP 35002 Las Palmas de Gran Canaria, Las Palmas (Spain). In any case, please quote “Data protection” as a reference, along with a document accrediting your identity —such as a copy of your ID card. You may also file a complaint with the Spanish Data Protection Agency.
PRIVACY POLICY
Who is responsible for processing your data?
The owner of the company and this website is TAOYO, S.L. Consequently, any personal data you supply through this website or by filling out the data collection forms at our premises will be processed under the responsibility of TAOYO, S.L.
Which personal data do we collect? (How do we get them?)
We will ask you to provide us with the minimum necessary data to comply with the purposes indicated in the section above. Typically, the data requested are your name and surname/s, address, and contact details.
How do we use the personal data that are managed under our responsibility?
We use your data for the following purposes:
(I) Meet the requests received through the website.
(II) Invoicing, accounting and fiscal management.
(III) Customer management.
(IV) Meet the requests regarding the subjects’ data privacy rights.
(V) Cardex.
(VI) Sending of newsletters.
We use the data as strictly necessary according to each purpose — for instance, in compliance with Law 4/2015 on Protection of Citizen Security, which states that “individuals, as well as legal entities that carry out any activities that are relevant to citizen security, such as accommodation, passenger transportation, commercial access to telephone or telematic services […], are subject to the obligations of documentary record and information” to provide the State Security Bodies with them. Thus, we must disclose the data of the guests that stay at the hotel.
For how long?
If a regulation requires the processing of data, the regulation will establish the data processing or storage period. For instance, the Commercial Code establishes the obligation to store data for accounting and commercial purposes for six years, although in certain cases (like tax deductions, which require the storage of financial supporting documents) more extended periods are necessary—sometimes up to fifteen years.
Disclosure to third parties
As with the cases indicated above, the data we provide to third parties are always minimal. For instance, to manage your reservation, we use a booking management programme which is external to TAOYO, S.L. and which is provided by AVIRATO. Thus, this software requires processing our guests’ personal data to provide appropriate booking services. Taoyo has checked that the supplier Avirato, has a suitable privacy policy published on its website.
Which Security measures do we implement with regard to personal data?
TAOYO, S.L. has appropriate policies in place, as well as technical and organisational means to safeguard and protect your personal data against unauthorised or illegal access, accidental loss or destruction, damage, unauthorised or illegal use or disclosure.
We will also take all reasonable precautions to guarantee that our staff and suppliers that have access to your personal data adequately comply with the regulations on personal data protection.
Which are your rights as a data subject?
You are entitled to request the erasure of your data when, among other reasons, these are no longer necessary for the purposes they had been collected. You are entitled to obtain a confirmation of whether or not TAOYO, S.L. is processing personal data concerning you. You are entitled to access your personal data and obtain copies of it, as well as to request rectification of inaccurate data or, if applicable, request the erasure of your data when they are no longer necessary for the purposes they have been collected, among other reasons. Under certain circumstances, you will be able to request the limitation of the processing of your data; in this case, we will only store them for the exercise or defence of claims. Under certain circumstances and for reasons that are related to your particular situation, you may be able to object to the processing of your data. TAOYO, S.L. will stop processing data except for compelling legitimate grounds or the exercise or defence of eventual claims. You may also revoke your consent. You can exercise these rights by submitting a request by email at info@taoyo.org or by submitting a written request to Calle Perdomo 8 E Local 5, CP 35002 Las Palmas de Gran Canaria, Las Palmas (Spain) with a copy of your ID card or any other document that proves your identity, clearly indicating the right you wish to exercise. Lastly, we wish to inform you that you can file a complaint with the Spanish Data Protection Agency, especially if you have not been successful in exercising your rights.
