Privacy Policy

Protection of personal data

TWIINS works to guarantee privacy in the processing of your personal data and wishes to be as transparent as possible with our customers and users. Therefore, we have updated our Privacy Policy to give clear information about how we compile, use and store the data of the people who get in touch and/or require our Organisation’s products and/or services, as well as to inform them of their rights as regards protection of personal data.

Who is the data controller for your data?

Identity: SIRENIS SERVICE, S.L. (hereinafter, TWIINS) Tax ID No.: B07910185
Address: C/ Des Cubells, 32, 07800 Ibiza (Illes Balears, Spain)
Companies House of Ibiza.- Folio: 133, Volume: 79, Page: IB-3834.
Telephone: +34 971312512
Email address: lopd@sirenishotels.com
We inform you that we have a Data Protection Officer (DPO) who ensures compliance with the data protection regulations.
DPO’s contact details: C/ Des Cubells, 32 – 07800 Ibiza (Illes Balears, Spain) – dpd@sirenishotels.com

INFORMATION AND CONSENT

By reading this Privacy Policy, the user/data subject is informed as to the way in which TWIINS gathers and processes the personal data provided to it either through the website www.theibizatwiins.com (hereinafter, the “website”), or through the TWIINS App (hereinafter, the “App”), as well as those concerning their connection and browsing through the Website and any other data that they may provide in the future to TWIINS through the Accommodation Contract or any other means enabled.
The user/data subject must carefully read this Privacy Policy, which we have written as clearly and simply as possible, to make it easier to understand, and determine freely and voluntarily whether they wish to provide their personal data, or those of third parties, to TWIINS.

Upon filling out any form and clicking on the “I accept the privacy policy” or similar box, the user states that they have read and expressly accepted this privacy policy and grants theirs/ unequivocal and express consent to having their personal data processed according to the purposes set out.

INFORMATION ABOUT THE DIFFERENT TYPES OF PROCESSING:

A.- PROCESSING of CUSTOMERS’ data (guests)

Why do we process your personal data?

At TWIINS we process the personal data that the customers provide to us, mainly for the following purposes:

  • Management of the provision of the contracted accommodation service: bookings made, including changes and/or cancellations, as well as payment management (where appropriate) and management of their requests and preferences, and, where appropriate, the provision of the services of restaurants and banquets and event organisation.
  • Management of sending informative and/or commercial communications about our products and/or services through electronic and/or conventional means.
  • Management of satisfaction surveys to assess satisfaction with the service provided to the customer.
  • TWIINS’ internal administrative management, accounting and tax.
  • Management related to the partners (ULC).
  • Management of the processing of possible claims.

How long will we keep your information for?

The data shall be preserved while the commercial relationship exists. Moreover, they shall be preserved for the time necessary to comply with the legal obligations, always respecting the statute of limitations on liabilities. In all cases, the data shall be preserved duly blocked.

What is the legal basis for processing your data?

  • The execution of a contract: provision of the requested services and registration on the SIRENIS FRIENDS program, as well as, where applicable, managing the relationships with the partners (ULC).
  • Compliance with the legal obligations: administrative management.
  • Legitimate interest of the data controller: sending commercial information; sending satisfaction surveys, as well as managing claims.

To what recipients will your data be sent?

The data will be sent to the following recipients:

  • Platforms for sending advertisements through electronic means, in order to send them reliably and to obtain statistical data.
  • Where appropriate, Banks and Building Societies and Tax authorities, as well as the police, in order to comply with legal obligations.
  • Companies operating the hotels managed by the SIRENIS GROUP, investee companies or companies in the business group, only for internal administrative purposes, as well as for sending commercial communications.

What about International data transfers?

Data transfers to third parties are planned (companies in the SIRENIS GROUP, whose parent company is MATUR, S.L., holder of Tax ID No. B070029465), by means of appropriate guarantees including those covered by signing the standard clauses for international data transfer published by the European Commission; the purpose is the internal management of the group, as well as sending commercial communications.

How have we obtained your data?

The personal data we process at TWIINS come from the data subject or their legal representative.

The data categories that may be processed are:

  • Postal and email addresses.
  • Commercial information.
  • Identifying, contact, preference, and personal characteristic details.
  • Financial and bank details, or details of the card, necessary to make the booking payment or to guarantee it, as well as to pay for the stay or the services associated thereto.
  • Details corresponding to the SIRENIS FRIENDS loyalty programme.
  • Geolocation data with your consent, only when you use the APP.
  • Health data for claims files, where appropriate.

B.- PROCESSING of the USE of PERSONAL IMAGES

Why do we process your personal data?

At TWIINS we process the data that are subject to this processing (image) in order to publicise our services and events, as well as to carry out marketing campaigns through social media the website. Where appropriate, also to manage sending commercial communications about our activities, events, and services.

How long will we keep your information for?

The data shall be preserved from when the user gives their consent until they withdraw said consent.

What is the legal basis for processing your data?

Express consent of the data subject. Use of photographs and videos where the image of the person concerned appears.

Moreover, we inform you that, by giving consent, the images may be published on the company’s website, social networks, and any format that the company deems appropriate to publicise its activities, events, and services.

To what recipients will your data be sent?

The data may be published on the company’s website and/or social networks and they may be communicated to companies in the SIRENIS GROUPS (and associated companies) in order to promote the group.

What about International data transfers?

Data transfers to third parties are planned (companies in the SIRENIS GROUP, whose parent company is MATUR, S.L., holder of Tax ID No. B070029465), by means of appropriate guarantees including those covered by signing the standard clauses for international data transfer published by the European Commission.

What category of personal data do we process?

Identifying details and image

C.- PROCESSING CONTACT details using the WEBSITE FORM

Why do we process your personal data?

At TWIINS we process the information provided to us by the data subjects in order to deal with their request and to send them information about our activities and services as well as, where appropriate, our newsletters.

How long will we keep your information for?

The data shall be preserved while the data subject does not request their erasure, respecting the statutes of limitations on liabilities, a period during which they shall be preserved duly blocked.

What is the legal basis for processing your data?

Express consent of the data subjects upon ticking the selection box enabled for that purpose at the bottom of the website form.

To what recipients will your data be sent?

They shall not be transferred to third parties, except where there is a legal obligation to do so.

What about International data transfers?

No data transfers to third parties are planned.

How have we obtained your data?

The personal data we process at TWIINS come from the data subject himself/herself or, where appropriate, from third parties.

D.- PROCESSING of the data of VISITORS to the PREMISES

Why do we process your personal data?

At TWIINS we carry out this personal data processing to keep a log of who accesses our premises and to record the information they have been given.

How long will we keep your information for?

For four years.

What is the legal basis for processing your data?

Legitimate interest of the data controller: Logging and managing visits to the premises.

To what recipients will your data be sent?

They shall not be transferred to third parties, except where there is a legal obligation to do so.

Data transfers to third countries

No data transfers to third parties are planned.

What category of personal data do we process?

Identifying details

E.- PROCESSING of VIDEO SURVEILLANCE data

Why do we process your personal data?

At TWIINS we process the images we capture by means of the cameras in order to guarantee the security of people, goods and premises.

How long will we keep your information for?

The data shall be preserved for a maximum of 30 days, except if communicated to Law Enforcement Agencies and/or Courts and Tribunals.

What is the legal basis for processing your data?

Public interest mission: To guarantee the security of people, goods, and premises.

To what recipients will your data be sent?

The data shall be sent, where appropriate, to the following recipients:

National law enforcement agencies, as well as Courts and Tribunals, in order to provide the images if a crime or infraction has been committed.

Data transfers to third countries

No data transfers to third parties are planned.

What category of personal data do we process?

Image

F.- Data PROCESSING for STAFF SELECTION

Why do we process your personal data?

At TWIINS we process the information that the interested persons provide us in order to carry out the staff selection processes: registering the data subject in job offers, sending reminders and communications, changes in the status of the applications, as well as contacting them on behalf of companies in the group. It is possible that the profile may be created automatically.

How long will we keep your information for?

They shall be preserved for two years, unless the data subject withdraws their consent before the maximum preservation period expires. Or during the entire employment relationship, always complying with the statute of limitations on liabilities.

What is the legal basis for processing your data?

Consent of the data subjects: Participating in the staff selection processes.

To what recipients will your data be sent?

The data may be communicated to the companies of the Sirenis group in order that they may be used in the staff selection processes.

What about International data transfers?

No data transfers to third parties are planned.

What categories of data do we process?

  • Identifying details
  • Postal and email addresses
  • Academic and professional details

For applications sent through the Sirenis Jobs app, see: https://www.sirenisjobs.com/public/index/legal

WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE YOUR DATA TO US?

Anyone has the right to obtain confirmation of whether or not TWIINS is processing personal data relating to them.

Data subjects have the right to access their personal data, as well as to request rectification of inaccurate data or, where appropriate, to request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were gathered.

In certain circumstances, the data subjects may request the restriction of the processing of their data, in which case we will only keep said data to bring or defend claims.

In certain circumstances and for reasons related to their particular situation, the data subjects shall be able to object to the processing of their data. If they do so, TWIINS shall stop processing the data, except for mandatory legitimate reasons, or to bring or defend possible claims.

They shall also have the right to request, where appropriate, the portability of their personal data. This means that they shall have the right to receive the personal data that they have provided to us in a structured, commonly-used and machine-readable format, to be able to send it directly to another party, as long as this is technically possible.

If they have granted their consent for some specific purpose, they have the right to withdraw the consent granted at any time, without this affecting the legality of the processing based on the consent prior to its withdrawal.

They may exercise their rights by contacting the controller in person, by postal mail, enclosing a photocopy of their national identity document or official identifying document, or by email at the Controller’s email address, attaching with the application/request a photocopy of their national identity document or official identifying document. The forms for exercising/requesting rights may be found on the website of the Spanish Data Protection Agency:
https://www.aepd.es/reglamento/derechos/index.html#section1

If they believe that their rights concerning the protection of their personal data have been breached, especially when they have not achieved satisfaction in the exercise of their rights, they may submit a complaint to the relevant Control Authority for Data Protection by accessing the website of the Spanish Data Protection Agency (C/ Jorge Juan, 6, 28001-Madrid):
https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/queSede.jsf

OBLIGATION TO PROVIDE THE DATA

The data requested on the forms that are accessible from TWIINS’s Website are, in general, obligatory (unless otherwise specified in the required field) to meet the purposes set out. Therefore, if they are not provided or they are not provided correctly, they cannot be dealt with.

In the event that the data subject provides third-party data, they state that they have their consent and undertake to transfer to the data subject, the owner of said data, the information contained in this Privacy Policy, exempting TWIINS from any liability in this regard. However, TWIINS may carry out the verifications necessary to establish this fact, adopting relevant due diligent measures according to the data protection regulations.

The processing of data necessary to meet the aforementioned purposes that require the consent of the data subject to carry them out, shall not be executed without it.

LIABILITY OF THE DATA SUBJECT

The data subject/user guarantees that they are of legal age or have been legally emancipated, have full legal capacity, and that the data they provide to TWIINS are true, accurate, complete and up to date. For these purposes, the data subject is answerable for the veracity of all the data they communicate and shall keep the information provided appropriately up to date, so that it reflects their real situation.

They shall be liable for any false or inaccurate information they provide through the Website and for the damages and harm, whether direct or indirect, that this may cause to TWIINS or to third parties.

COMMERCIAL AND PROMOTIONAL COMMUNICATIONS

One of the purposes for which TWIINS processes the data subject’s data shall be to send commercial communication, by electronic and/or conventional means, with information related to products, services, promotions, offers, events or news that are relevant to the data subjects. Whenever a communication of this type is made, it shall be addressed solely and exclusively to those data subjects who had authorised their receipt and/or who had not previously stated their refusal to receive them.

To do the foregoing, TWIINS may analyse the data obtained, in order to prepare data subject profiles that make it possible to define in greater detail the products that may be of interest to them.

In the event that the data subject wishes to stop receiving commercial or promotional communications from TWIINS, they may ask to be de-registered by taking up the option provided in each of the commercial communications sent.

GEOLOCATION DATA

Some of the functionalities of TWIINS’s App make it possible to geolocate the device (Tablet, Smartphone, etc.) on which it is installed.

The data subject may disable this option directly on the device itself, however, deactivating this option may impede use of some of the App’s functionalities.

SECURITY MEASURES

The personal data shall be processed legally, fairly and transparently in relation to the data subject (“legality, fairness and transparency”); gathered for certain, explicit and legitimate purposes, and they shall not be processed subsequently in a way that is incompatible with said purposes; appropriate, pertinent and limited to what is necessary in relation to the purposes for which they are processed, maintained such that it is possible to identify the data subjects for no longer than the time necessary for the purposes of the processing of the personal data; processed such that adequate security of the personal data is guaranteed, including protection against unauthorised or illegal processing and against their loss, destruction or accidental damage, by applying appropriate technical or organisational measures (“integrity and confidentiality”).

At TWIINS we follow strict selection criteria for service providers, in order to comply with their data protection obligations, as well as to enter into a data processor contract with them, which shall impose upon them the following obligations among others: applying appropriate technical and organisational measures; processing the data by following TWIINS’s instructions; and erasing or returning the data to TWIINS once the provision of the services ends.

TWIINS shall contract the provision of services by third-party suppliers who carry out their activity in sectors including, but not limited to, the following: legal advice, technological service supplier companies and IT service supplier companies.