JOSE LUIS LEANDRES CALERO (HOSTAL LA PLAYA) (the "Company") is an Organization in which personal data processing activities take place, which gives it an important responsibility in the design and organization of procedures so that they are aligned with legal compliance in this matter.

In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which notifies its Employees and makes available of all its interest groups.

1. Purpose

The Personal Data Protection Policy is a proactive Responsibility measure that aims to ensure compliance with the applicable legislation in this matter and in relation to it, respect for the right to honor and privacy in the processing of data. of a personal nature of all the people who are related to The Company.

In development of the provisions of this Personal Data Protection Policy, the Principles that govern the processing of data in the organization are established and, consequently, the procedures, and the organizational and security measures that the people affected by undertake to implement this Policy in their area of responsibility.

To this end, the Directorate will assign responsibilities to the personnel involved in data processing operations.

2. Scope

This Personal Data Protection Policy will apply to the Company, its administrators, directors and employees, as well as to all persons related to it, with the express inclusion of service providers with access to data (“ Treatment Managers”)

3. Principles of the processing of personal data

As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate it (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of “risk approach”).

In relation to the foregoing, JOSE LUIS LEANDRES CALERO will ensure compliance with the following Principles:

– Lawfulness, loyalty, transparency and purpose limitation. The treatment of data must always be informed to the affected party, through clauses and other procedures; and it will only be considered legitimate if there is consent for the processing of data (with special attention to that provided by minors), or if it has another valid legitimacy and the purpose of the same is in accordance with the Regulations.

– Data minimization. The data processed must be adequate, pertinent and limited to what is necessary in relation to the purposes of the treatment.

- Accuracy. The data must be exact and, if necessary, updated. In this regard, the necessary measures will be adopted so that the personal data that is inaccurate with respect to the purposes of the treatment are deleted or rectified without delay.

– Limitation of the retention period. The data will be kept in a way that allows the identification of the interested parties for no longer than is necessary for the purposes of the treatment.

– Integrity and Confidentiality. The data will be treated in such a way as to guarantee adequate security of the personal data, including protection against unauthorized or illicit treatment and against its loss, destruction or accidental damage, through the application of appropriate technical or organizational measures.

– Data transfers. The purchase or obtaining of personal data from illegitimate sources or in those cases in which said data has been collected or transferred in contravention of the law or its legitimate origin is not sufficiently guaranteed is prohibited.

– Hiring suppliers with access to data. Only suppliers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for contracting. With these third parties, the due Agreement will be documented in this regard.

– International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.

– Rights of those affected. The Company will facilitate the exercise of the rights of access, rectification, deletion, limitation of treatment, opposition and portability to those affected, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and timely, which they must satisfy, at least, the applicable legal requirements in each case. The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all the contracts and obligations that they formalize or assume and (iv) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

4. Commitment of the workers

Workers are informed of this Policy and declare that they are aware that personal information is an asset of the Company, and in this regard they adhere to it, committing to the following:

– Carry out the awareness training in Data Protection that the Company makes available to you.

– Apply the security measures at the user level that apply to their job, without prejudice to the responsibilities in their design and implementation that may be attributed to them based on their role within JOSE LUIS LEANDRES CALERO.

– Use the formats established for the exercise of Rights by those affected and inform the Company immediately so that the response can be made effective.

– Inform the Company, as soon as it becomes aware, of deviations from what is established in this Policy, in particular of “Security violations of personal data”, using the format established for this purpose.

5. Control and evaluation

An annual verification, evaluation and assessment will be carried out, or each time there are significant changes in data processing, of the effectiveness of the technical and organizational measures to guarantee the security of the processing.