Privacy Policy
Introduction
We have a high level of commitment to the privacy of individuals, so the protection of personal data is important to us.
We process data in accordance with Regulation (EU) 2016/679 General Data Protection, Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee, and other current regulations in this regard.
This Privacy Policy has been revised in June 2026 to comply with the information and transparency duties of the website itself and the data controller in general, in order to provide the general terms of the data controller in the matter to any interested party and not just to website users. There may be variations until its next revision.
Who is responsible for processing your data?
Responsible: HOTELES DE MURCIA S.A.
Tax ID: A30163547
Address: ALAMEDA RAFAEL MÉNDEZ Nº 34. 30800 LORCA (MURCIA)
Email: info@hotelesdemurcia.com
This Privacy Policy has been reviewed in June 2026 to comply with the information and transparency duties of the website owner and the responsible party in general, to provide general terms of the responsible party in the matter to any interested party, not just website users. There may be variations until its next review.
What is the origin and type of data we handle?
The origin of the information we handle can be any of the following categories:
- Forms on paper, electronic, or digital support.
- Communication and messaging systems: email and messaging applications, phone, etc.
- Other lawful sources and origins of information.
The different categories of data that we may process depending on the type of data subject (user, client, provider, employee, etc.) and the nature of the activities of the controller and the different data processing are:
- Identifying data, for example: name and surname, image.
- Identification codes or keys, for example: username, employee code.
- Postal or electronic contact addresses, for example: phone, email, social media profile.
- Personal and professional characteristics data, for example: age, date of birth, qualifications, professional experience, curriculum vitae.
- Economic, financial, and insurance data; for example: bank details, credit card, etc.
- Payroll economic and non-economic data and other labor-related information; for example: job position, payroll document, etc.
- Transaction data, for example: supplied and received goods and services.
- Special category data, for example: health, union membership, racial origin.
- Other necessary or implied data and information in the development of our activities, services, and purpose.
OBLIGATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE DATA SUBJECT.
The data subject, by checking the corresponding boxes and entering data in the fields marked as mandatory (for example, with an asterisk) in the contact form or presented in download forms, expressly and freely and unequivocally accepts that their data is necessary to fulfill their request by the controller, with the inclusion of data in the remaining fields being voluntary.
The data subject guarantees that the personal data provided to the controller is truthful and agrees to communicate any modifications to it. The data requested through the website, indicated as mandatory, is necessary for the provision of an optimal service to the data subject. In case all the data is not provided, it is not guaranteed that the information and services provided will be fully tailored to their needs.
What is the purpose of processing your personal data?
In general, data is processed to successfully carry out the actions implicit in the normal development and management of the activities of the data controller. Although we can specify different purposes of processing depending on the possible existing categories of data subjects:
- Clients and potentials: management and maintenance of commercial, pre-contractual and contractual relationships; internal administration; economic management; advertising and marketing, customer service.
- Collaborators, creditors and suppliers: management and maintenance of commercial relationships, internal administration and economic management.
- Employees: management, development and maintenance of the employment relationship, HR management, communications, training activities, occupational risk prevention, timekeeping, and other purposes derived from legal obligations and the development of labor relations.
- Candidates: management of received resumes, management of job offers and personnel selection.
- Web and social media users: user support and communication management between parties.
- Visitors: visitor support and access control to facilities.
- Any other existing information category of data subjects processed by the data controller will be carried out in the framework of its activities, strict compliance with applicable regulations and under the general criteria of this Privacy Policy.
Other general purposes that the data controller may implement are:
- Creation of a commercial profile, with the aim of improving your experience by personalizing offers and communications. No individual decisions will be made based on such a profile and actions will be taken in the legitimate interest.
- Video surveillance, for security of assets and people, as well as corresponding labor control based on legitimate interest.
- Telephone switchboard, to record communications for security, guarantee and quality of service, based on legitimate interest.
- Financial management and control of monetary obligations. In case of debtors with certain, overdue and enforceable payments, the controller may communicate this circumstance to credit bureaus, debtors’ files, and debt management or recovery services, among others, based on legitimate interest.
- Communications: development and execution of communications through available data and contact methods (email, instant messaging, etc.) with internal (employees) and external (clients, potentials, collaborators, suppliers, etc.) categories of data subjects. The purposes of such communications may be informative, organizational, commercial and advertising, as appropriate based on informed consent and the legitimate interest of the data controller.
- Other purposes derived from the nature of the data controller, motivated in the normal development and exercise of its activities, from a valid legitimizing basis.
For how long will we keep your data?
In general, personal data will be kept at least as long as there is a relationship with the interested party, until its deletion is requested, until responsibilities may arise, or as long as there is a legal provision for retention.
Regarding the data of job candidates and applicants, they will be immediately deleted when they are no longer of interest to the controller.
The data controller has in place a data protection plan with an inventory of retention periods to manage the different applicable retention periods.
The deletion of data will always be carried out ensuring the confidentiality of the data.
What is the legitimacy for the processing of your data?
The data controller observes and applies the different legitimizing bases that are applicable to each processing purpose. These are:
- Informed consent of the data subject.
- Pre-contractual or contractual commitments.
- Legitimate interest of the data controller.
- Applicable legal obligations.
- Other legally prescribed legitimizing bases.
Who will your data be communicated to?
The data of the interested parties will not be disclosed to any third party by default, except: a) auxiliary services, authorized data processors, or other third parties necessary for the proper provision of goods and services; b) competent authorities and public administrations in the exercise of their functions; c) other legitimate interested parties and third parties legally provided for.
What are your rights when you provide and/or we process your data?
As an interested party, you may at any time request the exercise of any of the following rights that assist you in data protection:
- Access to the personal data of the interested party to confirm whether data concerning you is being processed and to obtain more information about this processing.
- Rectification or Deletion of personal data concerning the interested party when, among other reasons, they are inaccurate or are no longer necessary for the purposes for which they were collected.
- Limit the processing of personal data of the interested party in certain circumstances, in which case they will only be kept for the purpose of exercising or defending claims, for the protection of the rights of another person or for reasons of public interest.
- Receive the personal data that concern you, which you have previously provided to us, and in a structured format when possible. (Portability of your data).
- Object to the processing of your data in certain circumstances and for reasons related to your particular situation. The company will stop processing your data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
- Revoke consent, which may result in the cancellation or termination of the existing business or contractual relationship, if any. Without prejudice to treatments carried out prior to the withdrawal of consent.
To do this, you only have to contact us through the email or postal address indicated at the beginning.
Optionally, you can also contact our data protection officer appointed, or to the Data Protection Agency to learn more about your rights or request the protection of these by the supervisory authority.
Data Security
We adopt in our information system the necessary technical and organizational measures to guarantee an adequate level of confidentiality, integrity, availability, and resilience of the data in order to protect the rights and freedoms of the data subjects.
The controller complies with the provisions and principles described in the GDPR to process data lawfully, fairly, and transparently in relation to the data subject, and adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
However, to the extent permitted by law, we do not assume any responsibility for damages and harm caused by alterations that third parties may inflict on our information system. Any security breach will be appropriately and immediately reported to the competent authority and/or the state security forces and bodies.
Sending communications or information
Our policy regarding sending information through telematic means (email, instant messaging, etc.) is limited to sending communications that we consider of interest to our users and stakeholders, related to the functions and activities of the company, or that you have consented to receive.
If you prefer not to receive these messages, we will offer you through them the possibility of exercising your right to cancel and opt out of receiving these messages, in accordance with the provisions of Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce.
Social networks
The data controller may have a presence on social media through the corresponding profiles, with the provisions of this section and any legal and privacy terms on the website applicable to the processing of data from users or interested parties who become followers or in any way connect to these profiles.
The purposes of using these profiles by the data controller are for communication, business development, marketing and advertising, processing queries raised to the data controller and user support, informing about actions, activities and events organized by the data controller or in which they participate, and interacting through official profiles.
The legitimizing bases set forth in the previous section 6 are complemented in this case because the user or interested party may have a profile on the same social network as the data controller and have decided to join or connect with the data controller’s profile, thus showing interest in the information published by the data controller. Therefore, by following the data controller’s profiles, they give their consent for the processing of the data available on their profile.
Users can access the privacy policies and terms of the corresponding social network at any time, as well as configure the privacy settings that can be carried out on their profile. The publications made by the user will be known to other users, so the user themselves is primarily responsible for their privacy.
Followers and/or participants in our profiles should refrain from:
- Posting content or information contrary to laws, morality, and good faith. No illicit, annoying, inappropriate use or behavior is allowed that may generate negative opinions on the profile or infringe on the rights of individuals.
- Behaving contrary to principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, protection of consumers, and intellectual and industrial property rights.
The data controller reserves the right to remove any content deemed inappropriate without prior notice. Likewise, they are released from any liability regarding security measures on each platform, with users being required to familiarize themselves with them along with the legal terms and conditions of use of the platform itself.
The data controller will be expressly exempt from any liability that may arise from the use of social media by minors or individuals with special needs. The data controller’s social media platforms consciously do not collect any personal information from minors, therefore, if the user is a minor, they should not register, use the data controller’s social media, or provide any personal information. Particularly in Spain, the processing of personal data of a minor can only be based on those aged 14 and older. Furthermore, if any regulation or law requires it, or the user has special needs, the intervention of the holder of their parental authority or guardianship, or their legal representative with a valid document proving representation, will be necessary.
Employment and candidate management
Interested parties in accessing job offers from the responsible party can provide their data and professional information to the responsible party through different channels, preferably through existing forms, email addresses, and existing means for this purpose, if applicable.
This data will be processed in accordance with the present privacy terms here for the purpose of managing applications for potential job offers, internships, and training from the responsible entity and any subsidiary companies or belonging to the same business organization, when applicable.
The processing will be based on the informed consent of the interested party or another valid legitimizing basis.
The provided data, if not of professional interest to the entity or once they are no longer necessary for the purposes for which they were collected, will be deleted ensuring their confidentiality and anonymization.
Any interested party may revoke their consent and exercise their rights regarding privacy under the terms outlined in this privacy policy.