DATA PROTECTION POLICY

This is the data protection policy of Lavandaría La Pajarita S.L.U. It relates to data processed in the exercising of its specialised linen cleaning and rental services for the hotel sector, thus complying with the General Data Protection Regulations ((EU) Regulation 2016/679 of the European Parliament and of the Council, of 27 April 2016, and Organic Law  3/2018, on Personal Data Protection and the Guarantee of Digital Rights.

Who is responsible for the processing of your personal data?

The data controller for the personal data is Lavandaría La Pajarita S.L.U. (hereinafter, La Pajarita), with Company Tax ID No. (NIF) B57872756 and address in Gremi Boneters nº49, 07009 Palma de Mallorca, tel. 972 971 43 29 53, info@lavanderialapajarita.comwww.lavanderialapajarita.com.

For what purposes is your data processed?

At La Pajarita, we process your personal data for the following purposes:

Contact. To answer the requests for information of the people who contact us using the contact forms on our website. We use it solely for this purpose.

Telephone service. To answer the calls of people who contact us through this channel. In order to offer better service quality, conversations may be recorded. Callers are advised of this possibility beforehand.

Staff selection. Receipt of CVs sent to us by people interested in working with us and the management of the personal data generated for participation in staff selection processes, for the purpose of matching candidates’ profiles with vacancies or new positions. We keep the details of the people we don’t end up hiring for a maximum period of one year in case another vacancy or new position should open up. Nonetheless, in the latter case, we immediately delete the data if requested to do so by the interested party.

Services for clients. To register new clients and record any additional data generated as a result of the commercial relationship with the clients. During the contracting process, essential data, which includes bank details (current account or credit card number) is requested and sent to the banking entities that manage collections (it can only be used for this purpose).  The service provision relationship includes other processing, such as the incorporation of data during accounting, invoicing or the provision of information to the tax authorities.

Information on our products and services. Whilst the contractual relationship with its clients remains in force, La Pajarita uses their contact details to send information in relation to this relationship, information that may include circumstantial references to our products or services, whether of a general nature or more specifically related to the client’s particular characteristics and needs.

Management of the data of our service providers. We record and process the data of the service providers who provide us with goods or services. This may be the data of people working as freelancers and also the data of the representatives of legal entities. We obtain the necessary data to maintain the commercial relationship, using this solely for this purpose and in a manner that is appropriate for this type of relationship.

Video surveillance. When accessing our facilities you are informed, where applicable, of the existence of video surveillance cameras by means of standardised signs. The cameras record images only in areas where this is justified to guarantee the security of people and property and the images are used solely for this purpose.

Users of our website. The browsing system and the programming that enables the functioning of our website collect data that is ordinarily generated in the use of Internet protocols. This data category includes the IP address or domain name of the computer used by the person connecting to the website, amongst other things. This information is not associated with specific users and is used for the sole purpose of obtaining statistical information on the use of the website. Our website uses cookies which allow the identification of specific individuals who use the website. The use of cookies is limited to the collection of technical information to facilitate accessibility and efficient use of the site.

Other channels through which data is obtained. We also obtain data through face-to-face relationships and other channels such as the receipt of emails. In all cases, the data is use solely for the explicit purposes justifying the collection and processing thereof.

What is the legal basis for the processing of your data?

The data processing we carry out has various legal bases depending on the nature of each type of processing.

The fulfilment of a pre-contractual relationship. This is the case of the data of possible clients or service providers we have a relationship with prior to the formalisation of a contractual relationship, such as the drawing up of a quote or studying of different quotes. This is also the case with the processing of the data of people who have sent us their CV or who participate in selection processes.

The fulfilment of a contractual relationship. This is the case of the relationships with our clients and service providers and all actions and uses involved in these relationships.

The fulfilment of legal obligations. The communication of data to the tax authorities as established in the laws that regulate commercial relationships. We may have to send data to legal authorities or security forces also in compliance with legal regulations that require collaboration with these public establishments.

Based on consent. When we send information on our products or services, we process the contact details of the recipients with their authorisation or express consent. Any browsing data we may obtain through cookies is obtained with the consent of the person visiting our website and can be revoked at any time by uninstalling said cookies.

Legitimate interest. The images we obtain with our video surveillance cameras are processed in virtue of our company’s legitimate interest in preserving its property and installations. Our legitimate interest also justifies the processing of the data we obtain from contact forms.

Who is the data sent to?

As a general rule, we only send data to administration bodies or public authorities and always in order to comply with legal obligations. In the issuing of invoices to clients, data may be sent to banking entities. In cases where this is justified, we will send the data to the security forces or competent judicial authorities. No data is transferred to outside the European Union (international transfer).

At the same time, for certain tasks we obtain the services of companies or people who provide us with their experience and specialist knowledge. These external companies sometimes need to access the personal data under our responsibility. This is not data transfer strictly speaking but rather the entrusting of data processing. We only use the services of companies that guarantee compliance with the data protection regulations. When these companies are contracted, their confidentiality obligations are formalised and their activity monitored. This is the case with data housing services, IT support services or legal, accounting and tax advisory services.

How long do we keep data for?

We comply with the legal obligation of limiting the data retention period as much as possible. For this reason, it is only kept for the necessary, justified period of time for the purpose that gave rise to the collection thereof. In certain cases, as with data included in accounting and invoicing documentation, tax law requires this to be kept until the expiry of liability in this respect. In the case of data processed based on the consent of the interested party, this is kept until the person in question should revoke their consent. Images obtained by video surveillance cameras are kept for a maximum of one month, although in the case of incidents where this is justified, they may be kept for the necessary time to facilitate the actions of the security forces or judicial authorities.

What rights do people have in relation to the data we process?

As set out in the General Data Protection Regulations, the people whose data we process have the following rights:

To know whether or not their data is being processed. Any person has the right, in the first place, to know whether or not we are processing their data, regardless of whether or not there has been a prior relationship.

To be informed of the collection of data. When the personal data is obtained directly from the interested party, at the time of providing this, this party must have clear information on the purposes for which this will be processed, who the data controller will be and all other aspects in relation to said processing.

To access this. A very broad right that includes that of knowing precisely which personal data is subject to processing, for what purpose it is processed, what data will be communicated to third parties (if applicable) and the right to obtain a copy of the data or know the expected duration of retention.

To request the rectification of the data. This is the right to have any inaccurate data subject to processing on our part rectified.

To request the erasure of the data. In certain circumstances people have the right to request the erasure of their data when, amongst other reasons, this is no longer necessary for the purposes for which it was collected and which justified the processing thereof.

To request the restriction of the processing. The right to request restricted processing of the data in certain circumstances. In this case, this will cease to be processed and will only be kept for the purpose of filing claims or defending the company in the event of claims made against it, in accordance with the General Data Protection Regulations.

Portability. In the cases foreseen in the regulations, the right to obtain one’s own personal data in a structured format of common use, legible by machine, is recognised, in order to send this to another data controller if the interested party should so wish.

To oppose the processing. A person may give reasons in relation to their particular situation that justify the ceasing of processing of their data to the degree or measure to which this might cause detriment to them, except for legitimate reasons or for the purpose of filing claims or defending the company in the event of claims made against it.

Not to receive commercial information. We will deal immediately with requests to stop receiving commercial information from people who had previously authorised this.

How can people exercise or defend these rights?

The rights we have listed above can be exercised by sending a written request to La Pajarita at the following postal address: Gremi Boneters nº49, 07009 Palma de Mallorca, tel. 972 971 43 29 53, or via the electronic form available at www.lavanderialapajarita.com, or also by sending an email to info@lavanderialapajarita.com, indicating “Personal Data Protection” in all cases.

If you should fail to obtain a satisfactory answer in the exercising of your rights, you can submit a claim to the Spanish Data Protection Agency using the forms and other channels available on its website www.agpd.es.