Privacy Policy

This Privacy Policy applies to the processing of personal data carried out by Attica21 when you use our website and contract any of the services we offer to our customers and users.

1.- Identity and contact details of the data controlle

All personal data provided (hereinafter, ‘Personal Data’) will be incorporated into a processing activity register owned by Attica21 Hoteles, S.L.U. (‘Attica21’), with registered office at Avenida Linares Rivas, nº 1-4, bajo, (15005) – A Coruña and Tax Identification Number (CIF)B- 70.201.553.

2.- Sources from which we receive information about our customers

We may receive your Personal Data through two sources or channels of information:

• DDirectly from our users, when they access our website and contact us directly.
• Through partners and collaborators, such as travel agencies, booking engines and hotel intermediation platforms with which the booking has been managed for any of the Attica21 establishments.

In both cases, we will process the information, including Personal Data, for any of the purposes set out below.

3.- Purposes and legal bases for processing

The purposes of the processing and the types of data used are shown below.

1. Managing bookings. We will process your personal information to manage your booking at one of the Attica21 establishments. This information includes your identification details (name and surname), contact details (telephone number, email address and postal address), information relating to payment methods, as well as any other information you provide us with regarding specific requests (including tastes and preferences).Likewise, we inform you that in compliance with our legal obligations, we may collect additional information about all guests in your booking, in accordance with the provisions of Annex I of Royal Decree 933/2021, of 26 October, which establishes the obligations of documentary registration and information of natural or legal persons engaged in accommodation activities (or any other regulations that may modify it in the future). This information includes information on all guests in the booking, including name and surname, nationality, date of birth, place of habitual residence, contact details, and family relationship, among others.
   The legal basis that justifies the processing of your personal data is your consent at the time of making the booking, the execution of the service provision contract signed with Attica21, as well as the fulfilment of our legal obligations.
2. Customer Service. We will process the information you provide us through the forms and contact channels available on our website, such as your name, surname, and email address, as well as any other information you provide, so that our team can contact you and we can properly respond to your request.
   In particular, Attica21 offers users a virtual assistant available 24 hours a day to answer their queries. This assistant is an artificial intelligence-based chatbot that provides users with the information they request in relation to the services offered on the Website, as well as support in managing their booking. We remind users that the virtual assistant is a chatbot that is not attended by people, although if users so request, their query will be forwarded to one of our agents.
   When users contact Attica21 to request information, including via the chatbot, we may collect their contact details, a description of their query, possible responses, or other information that the user may voluntarily provide during the conversation. The information provided may be reviewed by our teams to improve the chatbot’s results and learning, as well as to process your request personally.
   The legal basis that justifies the processing of your personal data is your consent when completing the contact form and/or sending your requests through the enabled contact channels. In the case of a request related to an existing booking, the legal basis for its processing will be the execution of the relationship maintained with you.
3. Services provided in our establishments. Similarly, when you access our facilities, we may process your personal data for the provision of catering and recreational services. The basis that justifies the processing of your personal data is your consent, as well as the execution of the contract for the provision of the requested service.
   We may also process your personal data for video surveillance purposes, to ensure the security of our facilities. The basis that justifies the processing of your personal data is our legitimate interest. Personal data collected in this way will be kept for a period of 1 month and will then be destroyed, unless we are required to keep it for the investigation of incidents and/or requests from the competent authorities.
4. Sending of marketing information. If you have expressly agreed to receive commercial communications through our website or the channels provided for this purpose, we will process your contact details in order to send you such content. Likewise, if Users have contracted any of Attica21’s services, we will also be able to communicate with Users to inform them about other similar products and services.
   he legal basis that justifies the processing of your personal data is the consent of the interested party, demonstrated by subscribing to the sending of commercial communications. Likewise, based on legitimate interest, we may send Users information about products and services similar to those previously contracted.
   If you are not interested in receiving further commercial emails, you can contact our team at any time using the unsubscribe function provided in each email message, or by sending an email to rgpd@attica21hotels.com.
5. Information on the accessing and use of our website. We may also collect information about your use of our website as a user. This information relates to the type of equipment or device you use to access our content, as well as other data and browsing habits, such as language, IP address, search engine, date and time, among others.
   This information is collected through the use of cookies, based on our legitimate interest, as it allows us to improve the appearance and functionality of our website.You can find more information by consulting our Cookies policy.
6. Compliance with legal obligations. Whenever the competent administrative authorities or courts require us to do so, Attica21 may disclose the personal data you have provided to us. The basis that justifies the use of your data for these purposes is compliance with a legal obligation, as well as our legitimate interest in protecting our rights and those of our partners and employees.
   Attica21 will not process the information you provide to us for purposes other than those described above.

4.- How long do we keep your personal data 

Your Personal Data will be retained by Attica21 for the period necessary to fulfil the purposes for which it was collected, including compliance with any legal and/or financial obligations.

To determine the retention period, we take into account the volume, nature and sensitivity of the personal data we collect, the applicable limitation periods, the potential risk of harm from unauthorised access or disclosure of personal data, the purposes for which we process your Personal Data, and finally, whether we can achieve those purposes through other means.

You may revoke your consent to the processing of your personal data at any time. To do so, simply send a written request to the email address rgpd@attica21hotels.com or to Avenida Linares Rivas, nº 1-4, bajo, entreplanta (15005)- A Coruña.

5.- Security Measures

Attica21 will treat your Personal Data with absolute confidentiality. It has also implemented appropriate technical and organisational measures to ensure the security of your Personal Data and prevent its destruction, loss, unlawful access or unlawful alteration. When determining these measures, criteria such as the scope, context and purposes of the processing, the state of the art and the existing risks have been taken into account.

6.- Recipients of Personal Data

Your Personal Data will not be transferred to third parties, except in cases where there is a legal obligation to do so or where it is necessary for the fulfilment of a processing purpose.

In relation to the latter case, and in order to fulfil the aforementioned purposes, Attica21 may communicate and/or give access to your Personal Data to the entity Inveravante Inversiones Universales, Ltd.., which belongs to its group of companies.

We may also share your Personal Data with third-party service providers, such as advertising agencies, marketing agencies, or web hosting services. These third parties are Attica21’s data processors and apply the necessary measures to protect the confidentiality, integrity, and security of your Personal Data in accordance with the latest industry standards. We have entered into the corresponding data processing agreement with them.

Finally, we will disclose your Personal Data to the competent authorities when you use our facilities as a guest, in compliance with our legal obligations as a provider of accommodation services.

7.- International Transfers

On some occasions, it may be necessary to share personal data with third parties to ensure the proper provision of services. When such third parties are located outside the European Economic Area (EEA), Attica21 will ensure an adequate level of protection for the data transferred and will implement appropriate measures and safeguards to protect the integrity, confidentiality and security of the data, for example by signing the relevant Standard Contractual Clauses approved by the European Commission.

8.- Rights

You have the right to exercise, free of charge and at any time, your rights of access, rectification, erasure, objection, restriction of processing, portability and the right not to be subject to automated decisions, under the terms provided for in current legislation.

In certain circumstances, when a user exercises their right to object to the processing of their personal data, we may limit the exercise of that right for legitimate reasons provided for in current legislation, or for the defence of possible future claims.

To exercise the rights described above, you must write to Attica21, via email at rgpd@attica21hotels.com or at Avenida Linares Rivas, nº 1, 2 y 3, bajo, entreplanta (15005) – A Coruña, indicating in the subject line ‘Exercising of data protection rights’ and specifying in your request the right you wish to exercise.

In order to properly respond to your request, we may need to request additional information to help us confirm your identity. No compensation will be required for exercising your rights.

Furthermore, if you believe that your request has not been dealt with correctly, we inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency, using the forms provided for this purpose on its website: www.aepd.es. However, we would appreciate the opportunity to resolve your complaints directly with us, prior to lodging an administrative complaint.

9.- Updating of the Privacy Policy

Attica21 may review and make changes to this Privacy Policy in order to comply with current legislation or for other reasons. Any changes made to this Privacy Policy will be published and, as far as reasonably possible, communicated to you. In any case, please visit this document frequently so that you are always properly informed.

10.- Contact

If you have any further questions, wish to exercise any of your rights, or have complaints about the content of this Privacy Policy, you can send us an email to rgpd@attica21hotels.com.