Privacy Policy
Privacy Policy
This Policy explains how we process users’ personal data when they browse the Website, contact us or use our services.
Contents
2. What data do we process and how do we obtain it?
3. Purposes and legal basis
4. Recipients and data processors
5. International transfers
6. Retention periods
7. Rights of data subjects
8. Safety measures
9. Minors
10. Updates
1. Data controller
Responsable: ISLA CANELA TOURS AND SERVICES SL (en adelante, “ICT”).
Domicilio: Avda. Cayetano Feu, 41, Ayamonte (Huelva), España.
Email (privacy and exercising your rights): admin@homanetwork.com
For further corporate and contact details, please refer to the Website’s Legal Notice.
2. What data do we process and how do we obtain it?
2.1. Source of the data: how we obtain it
- Information provided by the user: for example, when filling in forms, making a booking or contract, or contacting us by email or telephone.
- Data derived from the use of the Website: technical and browsing information (e.g. IP address, online identifiers and usage data), particularly where the user consents to this through the use of cookies or similar technologies.
- Third-party data provided by the user: for example, details of accompanying persons in a booking. In such cases, the person providing the data declares that they have the necessary authorisation and have informed the third party.
2.2. Categories of data we may process: what data
- Personal details: first name, surname(s), identification document (ID card/passport or equivalent), nationality (where applicable).
- Contact details: email address, telephone number, postal address (where necessary for the provision of the service).
- Booking/service details: information required to manage the booking and your stay.
- Financial data: payment details (e.g. card details) when processing payments or guarantees, usually through specialist providers.
- Browsing data: IP addresses, online identifiers and website usage data, in particular through the use of cookies and similar technologies, where applicable.
- Special categories of data (Article 9 of the GDPR): As a general rule, we do not process special categories of data. In exceptional cases (e.g. allergies disclosed by the user in order to provide the service), such data will only be processed where necessary and on an appropriate legal basis.
3. Purposes and legal basis
| Purpose | Legal basis | Examples |
|---|---|---|
| Management of contractual relationships and bookings | Performance of a contract or pre-contractual measures (Article 6(1)(b) of the GDPR) | Managing bookings, providing the service, operational communications regarding the booking/stay, and guest support. |
| Handling enquiries and requests | Consent (Art. 6(1)(a)) and/or legitimate interest (Art. 6(1)(f)), depending on the channel and the specific case | Responding to forms, emails or requests for information. |
| Sending of commercial communications | Consent (Art. 6(1)(a)) and/or legitimate interest for customers in accordance with the LSSI | Newsletters and promotions. Users may object at any time. |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c) of the GDPR) | To comply with requests from authorities; sector-specific obligations (e.g. passenger registration where applicable). |
| Website improvements, statistics and security | Legitimate interest (Art. 6(1)(f)) and/or consent where non-essential cookies are required | Aggregated analytics, detection of misuse, usability improvements. |
| Cookies and similar technologies | Consent where these are not technical/necessary (Art. 6(1)(a) + Art. 22(2) of the LSSI) | Audience measurement, unsolicited personalisation, advertising (if used). See our Cookie Policy. |
Marketing communications: You may opt out of receiving marketing communications at any time by writing to admin@homanetwork.com and/or using the unsubscribe link (where available) in the communications.
Cookies: detailed information can be found in the website’s Cookie Policy, and settings can be managed via the cookie panel.
4. Recipients and data processors
Personal data may be disclosed to or made available to third parties only where necessary for the purposes described, and in particular:
- Public authorities, law enforcement agencies, and courts, where there is a legal obligation or a formal request.
- Suppliers necessary for the provision of the service (e.g. accommodation providers, tourist operators, etc.), where necessary to manage the booking or the service contracted.
- Technology providers (hosting, website maintenance, email, analytics tools, payment gateways, etc.) who may access data in their capacity as data processors, under a contract in accordance with Article 28 of the GDPR.
5. International data transfers
Some technology providers may operate from outside the European Economic Area. In such cases, ICT will implement the safeguards required by Articles 44 et seq. of the GDPR (e.g. Standard Contractual Clauses) and will apply additional measures where necessary.
You can request information about the guarantees in place by writing to admin@homanetwork.com
6. Retention periods
The data will be retained for as long as necessary to fulfil the purpose for which it was collected and, thereafter, for the periods required by law or for the limitation periods applicable to liability.
- Data retention/contractual relationship: for the duration of the relationship and, following its termination, for the applicable statutory limitation periods.
- Enquiries: for as long as is necessary to process and close the request, and subsequently for the duration of the limitation periods.
- Marketing communications: until you withdraw your consent or object (as applicable).
- Cookies/datos de navegación: según la duración de las cookies y la configuración elegida por la persona usuaria (ver Política de Cookies).
7. Rights of data subjects
Where applicable, you may exercise your rights of access, rectification, erasure, objection, restriction and data portability, and you may withdraw your consent at any time where the processing is based on your consent.
To exercise these rights, you can write to admin@homanetwork.com or send a request to the address given in the “Data Controller” section.
If you feel that your request has not been dealt with satisfactorily, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
8. Safety measures
ICT will treat the data as confidential and will take appropriate technical and organisational measures to prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the data and the risks involved in the processing.
9. Minors
In general, the services provided on the Website are not intended for children under the age of 14. If a child provides personal data without authorisation, ICT may take reasonable steps to delete such data and/or to obtain the necessary authorisation where appropriate.
10. Updates
ICT may update this Privacy Policy to reflect changes in legislation or modifications to the Website and/or the processing activities carried out. We recommend that you review it periodically.