HYPERION NEWSLETTERS PRIVACY AND DATA PROTECTION POLICY

This section provides information about data protection for Vibra Hotels newsletter subscribers.

1. WHO IS THE DATA CONTROLLER?

• Identity: HIPERION HOTEL GROUP, S.L. (hereinafter, "HIPERION")
• TAX ID NO: B-86213378
• Address: C/ ZURBARÁN, 30, 1º, 28010. MADRID
• Data Protection Officer (DPO): you can contact our DPO:
  • by email: dpo@vibrahotels.com

you should indicate “Data Protection Officer” in the subject, specify the right to exercise and provide a copy of your ID document.

2. INFORMATION AND CONSENT.

By accepting this Privacy Policy, the user is hereby informed and lends their informed, specific and unequivocal consent for the personal data it provides through the website located at the URL https://www.vibrahotels.com/es (hereinafter the “Website”) as well as the data derived from their browsing and any other data that they may provide to the HIPERIÓN HOTEL GROUP in the future, to be processed by HIPERION HOTEL GROUP, S.L in a clear and simple way, in order to facilitate their understanding and determine freely and voluntarily if they wish to provide HIPERION with personal data.

3. OBLIGATION TO PROVIDE DATA.

The data requested in the website forms is generally obligatory (unless otherwise specified) to comply with the established purposes. Therefore, if it is not provided or not provided properly it can not be looked after, notwithstanding the fact that the user will still be able to view the Website content.

4. WHY DOES HIPERION PROCESS THE USER’S PERSONAL DATA?

4.1. Data provided in order to sign up as a registered user on HIPERION is used to:

• Handle a subscription or unsubscription request as chosen by the user.
• Verify that the user complies with the subscription requirements, as long as HIPERION deems it appropriate.
• Process and respond to the possible information requests sent by users.
• Search for promotions that fit the users needs.
• Send personalised commercial communications from HIPERION.
• Carry out an analysis of Website use and check user preferences and behaviour.
• Handle contact and information requests from the user via the channels established for these purposes on the HIPERION website.
• Send commercial communications, promotions, discounts and news from HIPERION.

4.2. Data provided for publications on HIPERION’s blogs:

• Manage the publication of comments on the Website.
• Manage the Blog Newsletter subscription and/or unsubscription at the request of the user.
• Carry out an analysis of Website use and check user preferences and behaviour.
• In the event that it is necessary, check the content of user comments and, where appropriate, remove the comments with content that does not meet the conditions applicable to this Website at the discretion of HIPERION.
• Manage the Newsletter subscription and/or unsubscription, carried out through the channel provided for such purposes on the HIPERIONWebsite.

5. WHAT USER DATA WILL HIPERION PROCESS?

HIPERION will process the following categories of user data:

• Identification data: name, surname, address and nationality.
• Contact info: email address and telephone no.
• The user and/or owner’s ID codes and/or passwords.
• Personal language settings.

In the event that the user provides the data belonging to a third party, it states to have received their consent to do so and undertakes to make them aware of the Privacy Policy, thereby making HIPERION exempt from any liability in this regard. However, HIPERION may carry out regular checks to confirm this fact and adopt the corresponding measures of due diligence, in accordance with data protection regulations.

6. WHAT ARE THE LEGAL GROUNDS FOR PROCESSING THE USER’S DATA?

The legal grounds for processing personal data are as follows:

1. To manage registration as a registered user: Regarding the consent requested, in cases where the user needs to confirm that they comply with the terms and conditions and for running analyses regarding website use, in the legitimate interest of HIPERION. However, withdrawing consent will not affect the legality of previously processed data.

The consents given for the purposes mentioned are separate, which is why the user may revoke one of them and it will not affect the others.To revoke consent, the User may contact HIPERIÓN via one of the following channels: dpo@vibrahotels.com

• WHY DOES HIPERION PROCESS THE HOLDER’S PERSONAL DATA AND FOR HOW LONG?

We hereby inform you that HIPERION processes the data provided by the account holder for the following purposes:

• To send account-related communications including points balance, card category information, notifications and any other type of communication that keeps the user informed of their account status.
• To send personalised commercial communications via email or using an equivalent means, on offers and services related to the Programme unless the user opposes this kind of processing.

• WHAT USER DATA WILL HIPERION PROCESS?

For proper provision of services, HIPERION will process the following categories of data:

• Identification data: name, surname, address, signature, address and nationality.
• Contact info: email address and telephone no.
• The user and/or owner’s ID codes and/or passwords.
• Goods and services transactions on HIPERION: Purchased goods and services and ones the user shows an interest in.
• Accommodation preferences.
• Browsing data.

The Holders of HIPERION’s newsletter programme guarantee and respond, in any case, for the precision, validity and authenticity of the Personal Data provided, and undertake to keep it up to date as required.

HIPERION HOTEL GROUP, S.L. will not process any data belonging to under 18s in relation to the loyalty programme.

• WHAT ARE THE LEGAL GROUNDS FOR PROCESSING THE USER’S DATA?

The legal grounds for the mentioned processing will be the holder’s consent to receive commercial communications, which may be revoked at any time.

The data requested from the Holder in the registration form is obligatory and used so that the Programme services can be provided properly, and, therefore, refusal to supply this personal data will mean that it is impossible to provide these services. In cases where non-obligatory data is requested, this will be indicated on the form itself.

• WITH WHOM WILL THE USER’S DATA BE SHARED?

HIPERION will not share personal data with third parties.

• INTERNATIONAL DATA TRANSFER

We hereby inform you that your data will not be transferred to third party countries outside the European Economic Area.

• DATA STORAGE

The personal data provided will be stored during your commercial relationship with HIPERION. Should you revoke your consent to receiving commercial information, we will delete all your personal data or failing this we will make it anonymous.

• COMMERCIAL COMMUNICATIONS

So that you can enjoy all the benefits of HIPERION’S newsletter, you must agree to allowing us to send you news, promotions and offers that suit your profile through different channels, including electronic means, as well as communicating your balance, programme categories, promotions and offers by HIPERION. As part of our commitment to privacy, we hereby remind you that you can at all times access the Programmes’s Terms and Conditions on the following website: https://www.vibrahotels.com/es/privacy-policy

You can also oppose the sending of any commercial communication by clicking on the link provided for such purposes on each communication or by sending an email to dpo@vibrahotels.com

• THIRD PARTY DATA PROCESSING

Should the Holder provide third party data at any time, they guarantee that they have their consent and undertake to forward the information held in this clause to them and inform HIPERION of any change or update to this data.

• DATA SECURITY

HIPERION has adopted all the technical and organisational measures required to guarantee that personal data is secure and to prevent its unauthorised alteration, loss, processing or access, given current technology, the nature of the stored data and risks to which it is exposed, either from human action or the physical or natural environment.

The Holder is responsible for keeping their user password strictly confidential, and is responsible for access to our website, HIPERION’s private area and your own use of it as well as use by any one else who may use the password you previously provided, regardless of whether access or use was authorised by you or not, or in your name, even if this person is your employee, relation or agent. You hereby agree (i) to inform us immediately of any unauthorised use of your password, account or any other breach of security and (ii) make sure you log out after each session. The Holder is the only person responsible for sharing and using their password, access and use of their account, and for informing us of their wish to cancel their account.

• HOLDER RIGHTS IN RELATION TO THEIR DATA

By sending an email to dpo@vibrahotels.com with the subject line “Data Protection” and attaching a photocopy of their ID document, the Holder may exercise the rights below at any time and for free:

• Revoke the consent given to personal data processing and communication.
• Obtain information about the processing of personal data or lack thereof.
• Access their personal data.
• Rectify inaccurate or incomplete data.
• Request cancellation of their data when the data is no longer required for the purposes it was collected.
• In certain circumstances and for reasons pertaining to their personal situation, interested parties may object to their data being processed.
• Restrict data processing once any of the conditions established in the data protection regulations are fulfilled.
• Request the portability of your data.
• File a complaint before the Spanish Data Protection Agency using: www.aepd.es

The interested party may contact HIPERION’s Data Protection Officer:

• E-mail: dpo@vibrahotels.com