- Name: Tablafina (hereinafter, the “RESTAURANT”)
- Tax ID no. (NIF): A28027944
- Address: NH Nacional. PSO. DEL PRADO 48, 28014- Madrid
- Data Protection Officer (DPO): our DPO may be contacted at:
- E-mail: DPO@nh-hotels.group.com
- Telephone: Central office on calle Santa Engracia 120, 7ª, 28003, Madrid
Please indicate “Data Protection Officer” in the subject field.
2 INFORMATION AND CONSENT.
3 WHY DOES THE RESTAURANT PROCESS THE PERSONAL DATA OF USERS?
The HOTEL processes the personal data provided via the Website for the following purposes:
- To manage users’ contact and information requests through the channels intended for this purpose on the HOTEL’s website.
- To manage requests.
- To process user reservations.
- To conduct analyses about Website use and track user preferences and behaviours.
4 WHICH USER DATA DOES THE RESTAURANT PROCESS?
The RESTAURANT processes the following categories of user data:
- Identification details: name, surname(s).
- Contact details: email, telephone number.
- Goods and services transaction details.
- Other details: data provided by the interested parties in the open fields on Website forms and attached documents.
5 HOW IS THE PROCESSING OF USER DATA AUTHORISED?
The processing of personal data is authorised by the consent of the user. The execution of web use analysis is considered part of the legitimate interest of the RESTAURANT.
To revoke consent, users must contact the RESTAURANT at: firstname.lastname@example.org
6 WITH WHICH RECIPIENTS IS USER DATA SHARED?
User data may be shared with:
- NH HOTEL GROUP, S.A. for internal administrative purposes and/or for the purposes previously indicated.
Moreover, data may be accessible by RESTAURANT suppliers in order to comply with legal obligations and/or the previously indicated purposes. These suppliers will not process user data for purposes that have not been previously disclosed by the RESTAURANT.
7 DATA RETENTION.
User data will be retained for the time necessary to process and respond to requests, and thereafter for a period of 5 years.
8 USER LIABILITY.
- Claim to be over the age of eighteen (18) and guarantee that the data provided to the RESTAURANT is true, accurate, complete, and up-to-date. To that end, users are responsible for the veracity of the data and agree to keep the information updated, in such a way that it corresponds to their actual situation.
- Guarantee that they have informed the third parties whose data these use, if any, of the aspects contained in this document. They also guarantee that they have obtained their consent to provide their data to the RESTAURANT for the indicated purposes.
- Will be liable for false or inaccurate information provided through the Website, as well as for any direct or indirect damage this may cause the RESTAURANT or third parties.
10 EXERCISE OF RIGHTS.
Users can write to the RESTAURANT at the address indicated in the header of this Policy, or by electronic means at email@example.com, attaching a photocopy of their identification document, at any time and free of charge, in order to:
- Revoke the consent granted.
- Obtain information about whether the RESTAURANT is processing personal data concerning the user.
- Access their personal data.
- Amend incorrect or incomplete data.
- Request the deletion of their data when it is no longer needed, among other reasons.
- Obtain data processing limitation from the RESTAURANT when any of the terms stipulated in the data protection regulation are met.
- Request the portability of the data provided by the user in those cases stipulated by regulation.
- Contact the RESTAURANT DPO via the following email address: DPO@nh-hotels.group.com
- File a claim regarding the protection of their personal data with the competent national Data Protection Authority when the interested party considers that the RESTAURANT has violated the rights recognised by data protection regulation.
11 SECURITY MEASURES.
At all times, the RESTAURANT will process user data in an absolutely confidential manner, upholding the mandatory duty of secrecy with regard to the same, in accordance with the provisions of the applicable regulation and adopting the necessary technical and organisational measures to ensure the safety of the data and prevent its alteration, loss, or unauthorised processing or access, taking into account the state of technology, the nature of the data stored, and the risks to which it is exposed.
Last updated: 21 June 2018.