mosaiko Homes PRIVACY POLICY

1. Who processes your personal data?

The Data Controller (hereinafter the Controller) of your personal data is:

• FIRST STONES SUITES, S.L.
• B-05275722
• C/Tinajilla 8, Bajo, 18010, Granada
• Email address: info@mosaikohomes.com

The Controller has established this Privacy Policy, which covers all aspects of the processing of your personal data through our website https://mosaikohomes.com/, as well as through our online check-in management software for customers (hereinafter referred to interchangeably as the “Website”).

As a User and data subject, we inform you that your personal data will be included in the processing referred to as “WEB USERS” and “PMS USERS” in the Data Controller's Activity Log, depending on whether your personal data comes from the use of our website or our online check-in management software for customers.

The personal data we request through the Website is, in general, mandatory (unless otherwise specified in the required field) to fulfill the established purposes. Therefore, if you do not provide it or provide it incorrectly, we will not be able to respond to your request or provide the service adequately, without prejudice to the fact that the content of the Website can be viewed freely.

For more information, or to clarify any questions you may have about the processing of your personal data, you can write to us at the postal or email address indicated in this section. You can also consult the website of the AEPD (Spanish Data Protection Agency) at https://www.agpd.es/portalwebAGPD/index-ides-idphp.php.

2. For what purpose do we process your personal data?

The personal data you provide us through the Website is processed by the Data Controller for the following purposes:

• Processing and managing the provision of services to customers, their stay and reservations, including all administrative tasks, managing payments and collections, sending communications related to your reservation such as confirmations, cancellations, and reminders, as well as communicating your personal data to the police and Civil Guard.
• Management and use by the customer of the software for online check-in, including the processing of the customer's biometric data derived from the use of our facial recognition system in order to verify the identity of customers staying at our establishment. With regard to the processing of this personal data, your photograph is processed in real time and then recorded with a token assigned to each customer for the purpose of subsequent recognition, such as who is in the establishment or to verify the identity of the customer when viewing the booking details.
• If, as a customer, you do not wish to use our facial recognition system and therefore do not authorize the processing of biometric data by us, you can always check in physically at our establishment.
• Process your questions, queries, requests, and complaints made through the various means of contact made available to the User on the Website, whether by email, telephone, or contact form provided for this purpose.

Manage your subscription to our newsletter, which involves the sending of commercial communications by the Data Controller with information about our services, discounts, and offers, when you have given your express consent.

3. What personal data do we process about users?

Through the Website, we collect the following categories of personal data:

• Identification data: name and surname of the contact person, ID number or similar identification document, photograph. If you interact with us through social media, your username on social media will also be included in this data.
• Contact details: address, telephone number, town, province, billing address, shipping address, email address, and telephone number.
• Financial data: credit card number, bank account number, for payments and refunds.
• Reservation data: Customer data derived from our establishment's guest register, as well as any details you have included in the Special Requests field of our reservation form.
• Data derived from the contact form: information provided by the User in the comments field.
• Technical data: Internet Protocol (IP) address, login data, browser type and version, time zone and location settings, browser plug-in type and version, operating system and platform, as well as other technologies you may use on your devices to access this website.
• Usage data: relevant information about your use of our website.
• Cookie data: information that we or third parties collect about you through the use of cookies and similar tracking technologies.
• Biometric data: Information derived from the use of our facial recognition system for customer identity verification.
• Marketing and communication data: data about your preferences when receiving direct marketing through our commercial communications.

4. What is the legal basis for processing your data?

The processing of your personal data is based on the following legal grounds:

• Execution of the service provision contract. In order to provide our services correctly, to respond to your queries, suggestions or requests, and to communicate your data to banks for the management of collections and payments, and to our service providers, whenever necessary for the proper provision of the service.
• Your express consent by checking the corresponding box. For the use of our facial recognition system for the purposes indicated, as well as to manage the sending of commercial communications through the means indicated.
• Compliance with legal obligations by the Data Controller. For the communication of your personal data to the Police and Civil Guard, the Tax Agency, and public administrations with competence in the matter.

5. Source of personal data

The personal data we process always and in all cases comes from:

• From the User themselves, when they interact with the Website or stay at our establishment.
• From companies that market accommodation and booking services in hospitality establishments.

6. To whom will your data be communicated?

In order to provide you with the service, your data may be processed by:

• Our administrative, management, tax and labor consulting, and legal services providers in general.
• Our IT service providers, for the maintenance and management of the website.
• Our CRM management service providers and other customer management software, as well as our facial recognition software provider.
• Our web and hosting service providers, data storage and processing providers, commercial communication management providers, and marketing service providers.
• Companies that own the social networks on which the Entity has a profile, provided that you communicate with us through them.
• Banks and financial institutions for the management of collections and payments for the services contracted by the User, such as Paycomet and REDSYS.

In order to comply with the obligations of the Data Controller, your personal data will be communicated to the Police and Civil Guard, in compliance with Article 45.1 of the Schengen Agreement, ratified by Spain on July 23, 1993, as well as Article 12 of Organic Law 4/2015, on the Protection of Citizen Security, and specifically in Order INT/1922/2003, of July 3, on registration books and guest lists in hotels and other similar establishments. Your personal data may also be communicated to the Tax Agency and public administrations with jurisdiction in the matter, in order to respond to any claims by third parties.

Given that some of our service providers are global in nature, the processing of your personal data by them may involve international transfers of your data outside the European Economic Area, as may be the case with the use of WhatsApp to communicate with us. In the event of international transfers, we ensure that they are carried out with the security required by applicable data protection legislation and in accordance with the instructions of the AEPD. For more information, visit the following link https://www.aepd.es/es/derechos-y-deberes/cumple-tus-deberes/medidas-de-cumplimiento/transferencias-internacionales

7. How long will we keep your data?

We will keep your customer data for as long as necessary to provide the service. Subsequently, your personal data will remain blocked and only available to the competent authorities until any liabilities arising from the processing expire, after which it will be securely deleted or anonymized so that we can continue to use it for analytical purposes.

Personal data included in our passenger register will be kept for three years.

With regard to personal data derived from the use of our facial recognition system, both your photograph and biometric data will be kept for a period of twelve months.

We will keep your data as a Website User until you request to be removed or revoke your consent.

We will keep your data for sending commercial communications as long as the information sent to your email does not indicate any error in the delivery or until you revoke your consent.

8. What are your rights?

You can exercise the following rights at any time and free of charge:

• Obtain confirmation as to whether or not we are processing personal data concerning you.
• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request the deletion of your data.
• Revoke your consent to the processing of your data, if you have given it to us, for example for sending commercial communications or for the use of photographs and videos in which you appear.
• Request the limitation of the processing of your data when any of the conditions provided for in the regulations are met.
• Request the portability of your data.
• Object to the processing of your data, if we are using your personal data to send you commercial communications based on our legitimate interest.
• Lodge a complaint regarding the protection of personal data with the Spanish Data Protection Agency (https://www.aepd.es/).

To do so, you can contact us by writing to us or sending an email to the postal or email address indicated in section 1 of this Privacy Policy, attaching a copy of your identity document, with the reference “Data Protection.”

As a User, you should bear in mind that the security of computer systems is never absolute. When personal data is provided over the internet, such information may be collected and processed by unauthorized third parties without your consent and processed by unauthorized third parties.

9. User responsibility

As a User, by providing us with your personal data through the Website, you declare that you are of legal age and that the personal data you have provided us with is yours and is accurate, true, complete, and up to date. For these purposes, as a User, you are responsible for the accuracy of all personal data you provide us with and you must keep the information provided up to date so that it reflects your actual situation.

Furthermore, if you provide us with personal data belonging to third parties, you guarantee that you have informed those third parties of the aspects relating to the processing of their personal data by us and contained in this Privacy Policy. You also guarantee that you have obtained their express authorization to provide us with their personal data for the purposes indicated.

10. Links to third-party websites

Our website includes links to third-party websites, plug-ins, and applications, such as social networks and payment gateways. Clicking on these links or enabling these connections may allow third parties to collect or share data related to you. The processing of personal data carried out by the owners of these websites is not included in the scope of this privacy policy. Therefore, we have no responsibility or control over the information collected by third parties or over the protection and privacy of the information you provide through these websites. We recommend that you carefully review the privacy policy of all third-party websites to learn how they collect and share your information.

We have profiles on some of the main social networks on the Internet, such as Instagram and Facebook. In these cases, the data processing we carry out will be that permitted by the social network for corporate profiles.

On occasion, and provided that it is not prohibited by applicable regulations, we may inform our followers by any means permitted by the corresponding social network about activities, services, products, and offers, as well as provide personalized customer service. Under no circumstances do we extract data from social networks, unless the social network user has given their express consent to do so (for example, for the purpose of holding contests, sweepstakes, and similar activities).

11. Security measures

We treat your personal data confidentially and maintain the duty of secrecy regarding it, adopting at all times the technical and organizational measures necessary to guarantee the security of your data and thus prevent possible alterations, loss, destruction, unauthorized processing or access, according to the state of the art, the nature of the data stored and the processing thereof, and the risks to which they are exposed.

Likewise, all our suppliers responsible for processing sign the corresponding contract with us to ensure, as far as possible, that they comply with current data protection regulations.

12. Modifications

We may update this Privacy Policy due to regulatory changes, recommendations from the competent authorities, or changes in the processing of your personal data. Whenever we make such updates, you will find the latest version of our privacy policy here.