Las Colinas Golf & Country Club understands that privacy is a fundamental part of the very essence of the unique experience we offer, where healthy living and harmony with nature are paramount. The guarantee of protection of your personal data allows you to enjoy all our services and experiences in a unique natural setting without any worries.
The purpose of this Privacy Policy is to clearly and precisely inform Users about the processing of their personal data obtained through the different websites linked to Las Colinas Golf & Country Club, whose main website is https://lascolinasgolf.com/ (hereinafter, all the websites, separately or jointly, the "Website"), carried out by the data controller. The websites linked to the Website are:
https://lascolinasresidences.com/es/inicio/
https://lascolinasgolfrealestate.com/
https://restauranteumawa.com
https://restauranteilpalco.com
https://wowbeach.es
3. FOR WHAT PURPOSES WILL THE DATA CONTROLLERS PROCESS THE USER´S DATA AND ON THE BASIS OF WHAT LEGITIMISATION?
Las Colinas Golf & Country Club is a complex managed by three different companies :
- Colinas Green Golf S.L. (B83977868)
- Campoamor Sun & Beach S.L. (B83835496)
- Colinas Golf Residencial S.L. (B83995142)
All with registered offices at C/ Luchana 23, 28010 Madrid and belonging to the Gmp Group..
Each of them has an independent and perfectly delimited scope of responsibility depending on the purposes of the specific processing, and therefore for each processing activity a data controller will be indicated, without prejudice to those processing operations common to all data controllers.
Thus, the corresponding controller will process the personal data provided by the User or that it may obtain directly through any of the channels provided for this purpose, for the purposes indicated below, in accordance with the basis of legitimacy applicable in each case:
a. Processing and management of bookings and sports and wellness services (The Beauty Room, Sports & Health Club, Golf Academy, Toptracer Range, Racquet Club and Tennis and Padel Academy, Golf outing bookings):
- Responsible for the treatment: Colinas Green Golf S.L.
- Purposes of the treatment:
- Management of the Users reservation through the Website.
- Management of the registration and deregistration of the User registered on the Website, where applicable.
- Provision of the sports service requested by the User.
- Processing and monitoring of the contracting of the service made by the User.
- Management of the collection of the services contracted by the User.
- To contact the User when any circumstance of interest related to the contracted services arises.
- Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
- Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried out.
- Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.
- Basis of legitimacy:
- For purposes 1 to 6, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre-contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).
- For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.
- For purpose 8, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.
- For purpose 9, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).
b. Processing and management of bookings and accommodation and lodging services (Colinas Residences):
- Data controller: Campoamor Sun & Beach S.L.
- Purposes of processing:
- Management of the Users reservation through the Website.
- Management of the registration and deregistration of the User registered on the Website, where applicable.
- Provision of the sports service requested by the User.
- Processing and monitoring of the contracting of the service made by the User.
- Management of the collection of the services contracted by the User.
- To contact the User when any circumstance of interest related to the contracted services arises.
- Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
- Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried out.
- Comply with the provisions of the applicable regulations on accounting, tax, consumer, etc., as well as police in terms of the obligation to register overnight stays and collect identification data in official documents; all of this in relation to the contracting that may have been carried out.
- Basis of legitimacy:
- For purposes 1 to 6, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre-contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).
- For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.
- For purpose 8, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.
- For purpose 9, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).
c. Processing and management of reservations and catering services (Umawa, Ilpalco and Unik):
- Responsible for the treatment: Colinas Green Golf S.L.
- Purposes of the treatment:
- Management of the Users reservation through the Website.
- Management of the registration and deregistration of the User registered on the Website, where applicable.
- Provision of the catering service requested by the User. Where appropriate, special category data of the User (health data) may be processed, if intolerances or allergies are reported.
- Processing and monitoring of the contracting of the service made by the User.
- Contact the User when any circumstance of interest related to the contracted services arises.
- Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
- Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried out.
- Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.
- Basis of legitimacy:
- For purposes 1 to 5, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre-contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).
- For purpose 6, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.
- For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.
- For purpose 8, the basis of legitimacy is compliance with the relevant legal obligations of the data controller (art.6.1.c) GDPR).
d. Processing and management of reservations and services offered at WOW Beach:
- Data controller: Campoamor Sun C Beach S.L.
- Purposes of processing:
- Management of the Users reservation through the Website.
- Management of the registration and deregistration of the User registered on the Website, where applicable.
- Provision of the service requested by the User. In the case of provision of catering services, special category data of the User (health data) may be processed, if intolerances or allergies are reported.
- Processing and monitoring of the contracting of the service made by the User.
- To contact the User when any circumstance of interest related to the contracted services arises.
- Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
- Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried out.
- Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.
- Basis of legitimacy:
- For purposes 1 to 5, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, application of pre-contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).
- For purpose 6, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.
- For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.
- For purpose 8, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).
e. To inform the User by any means of products and services related to Complejo Las Colinas Golf and Country Club, by sending commercial communications:
- Responsible for the treatment: Colinas Golf Residenciel S.L.
- Purposes of processing: Send commercial communications to the e-mail address and telephone number, if any, provided by the user for this purpose.
- Basis of legitimacy: the processing derived from this purpose will be based on the express consent of the User by expressly accepting, without any kind of obligation, the subscription to the communications service of Las Colinas Golf & Country Club by e-mail or telephone messaging (art. 6.1.a) RGPD).
f. Respond to questions raised in the contact forms:
- Responsible for the treatment: Colinas Golf Residencial S.L.
- Purposes of processing:
- In cases in which a User raises any type of question, his/her data will be processed in order to manage, process and respond to the Users requests, applications, incidents or queries.
- The reception of curricula vitarum does not form part of the purposes foreseen for the questions and doubts section. However, in the event that Users spontaneously send them requesting their consideration, they may be processed exclusively for the purpose of taking them into account in selection processes opened by the company.
- Basis of legitimacy:
- The processing derived from the purpose of resolving doubts, questions or queries will be based on the express consent of the User when expressly accepting, without any kind of obligation, to be contacted through the data provided in order to respond to their request (art. 6.1.a) RGPD).
- In the case of CVs received, they may be processed on the basis of the legitimacy of the pre-contractual interest expressed when sending the CV and/or covering letter (art. 6.1.b) GDPR).
4. WITH WHICH RECIPIENTS WILL THE USER´S DATA BE SHARED?
The correct provision of the service provided to the User implies that other third-party service providers access the User´s personal data as data processors, with whom the corresponding Data Controller has signed the corresponding service provision agreements with access to data.
In turn, personal data may be communicated to other entities of the Gmp group of companies, with your consent where necessary, which may access the personal data and information to assist us in the management of the pre-contractual relationship or processing of the request made. We ensure that all these entities comply with data protection regulations, which are also directly applicable to them.
In addition to the above, the User understands that personal data may be transferred or communicated to fulfil their obligations to the Public Administrations in cases where this is required in accordance with the legislation in force at any given time and, where appropriate, also to other bodies such as the State Security Forces and Bodies and the Judiciary.
In the case of the curricula vitarum received, your data may be passed on to companies belonging to the group of companies of which Gmp Property SOCIMI
S.A. is the parent company of the group to which all those responsible for the processing of the Websites belong, exclusively for the purposes and subject to the conditions indicated herein (section 3f).
5. INTERNATIONAL DATA TRANSFERS
Users personal data may be communicated or made available to third parties located outside the EU for the proper performance of the service, as well as for the attention of the requests of the Users or for the fulfilment of any of the indicated purposes.
In cases where there is no adequacy decision in force, it is guaranteed that the international transfer of data will be carried out in compliance with the applicable data protection regulations and, in any case, through the granting of the appropriate guarantees. Specifically, by signing the standard contractual clauses approved by the European Commission and, where necessary, by adopting such additional guarantees as may be appropriate.
6. DATA RETENTION
Users data will be kept for as long as the relationship with the User remains in force, without prejudice to the retention that may be necessary for the formulation, exercise or defence of potential claims and/or as long as permitted by applicable legislation. Once the aforementioned period has expired, the data will be deleted.
In the case of curricula vitarum received, they may be kept for one year and thereafter - limited to the contact details and possible positions for which the users profile fits - may be duly blocked for up to three years.
7. USER RESPONSIBILITY
The User guarantees that he/she is over eighteen (18) years of age or, if applicable, that he/she is capable of entering into the corresponding contracts for goods and services by him/herself, and that the data provided are true, accurate, complete and up to date. To this effect, the User is responsible for the veracity of all the data provided and will keep the information provided suitably updated, so that it corresponds to his or her real situation.
Likewise, the User guarantees that he/she has informed the third parties whose data he/she provides, if he/she does so, of the aspects contained in this document. Likewise, he/she guarantees that he/she has obtained their authorisation to provide their data for the aforementioned purposes.
In this regard, the User is informed that he/she shall be liable for any false or inaccurate information provided through the contact channels provided and for any damages, direct or indirect, that this may cause to the Data Controller or to third parties.
8. EXERCISE OF RIGHTS
Users may exercise their rights of access, rectification, opposition, deletion, portability and limitation of processing, as well as the right to refuse automated processing of their personal data, free of charge, by sending a written and signed request to the following address: C/Luchana, 23 - Madrid or via privacidad@grupogmp.com. For these purposes, the User must send such written communication indicating the request or right being exercised, name and surname(s). A copy of your ID card or valid document proving your identity (photocopy of passport) will only be requested in cases where there may be reasonable doubts about it and taking into consideration the nature of the personal data subject to the exercise of the right.
The User has the right to object to the processing of their data for promotional purposes for the receipt of commercial communications by simply notifying their wishes. To do so, the User may send his/her request by means of the procedure described in the previous paragraph. Likewise, the User may cancel the receipt of commercial communications in the manner provided for in each commercial communication (for example, through the link included in each of them).
In addition to the above rights, the User shall have the right to withdraw the consent given at any time by means of the procedure described above, without such withdrawal of consent affecting the lawfulness of the processing prior to the withdrawal of consent. In any case, the User´s data may continue to be processed to the extent permitted by applicable law.
Likewise, the User may lodge a complaint regarding the protection of his/her personal data with the Spanish Data Protection Agency at the address C/ Jorge Juan, 6, 28001 - Madrid, when the interested party considers that the processing of his/her personal data has infringed the rights recognised by the applicable data protection regulations.
9. SECURITY MEASURES
The User´s data will be treated at all times in the strictest confidence and with the mandatory duty of secrecy, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organisational measures to guarantee the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.
10. WARNING AND CHANGES
This privacy policy applies only to personal data collected or provided by the user through any of the channels provided. The User should be aware that we are not responsible for the personal data protection practices of the websites whose links may be displayed on the different websites of the companies linked to Las Colinas Golf & Country Club.
These external websites will be responsible for the processing of the personal data provided by the User through said external website, without us being able to acquire any responsibility for said processing. We encourage the User to read the privacy statement of each and every website that collects personal data.
The Controller has the right to review and amend this Privacy Policy from time to time as it deems appropriate, in which case Users will be notified. For this reason, please check this privacy statement regularly to read the most recent version of the Privacy Policy, which is available on this Website.
Last update: February 2024.