Privacy Policy

Processing of customer data

Informative clause:
Data of the controller:
Identity: Gare de Madrid - 
E-mail: reservas@garedemadrid.es

At Gare de Madrid we treat the information you provide us in order to provide the requested service and make a reservation. The data provided will be kept as long as the commercial relationship is maintained or during the time necessary to comply with the legal obligations and meet the possible liabilities that may derive from the fulfillment of the purpose for which the data was collected. The data will not be transferred to third parties except in cases where there is a legal obligation. You have the right to obtain information about whether we are treating your personal data at Gare de Madrid, so that you can exercise your rights of access, rectification, deletion and opposition and limitation to your treatment before Gare de Madrid, email address reservas@garedemadrid.es, attaching a copy of your ID or equivalent document. Likewise, and especially if it considers that it has not obtained full satisfaction in the exercise of its rights, it may present a claim before the national control authority, addressing to this effect the Spanish Agency for Data Protection, C / Jorge Juan, 34619854874 Madrid.

Registration of activities and treatment

Treatment: customers
a) Identity treatment manager: Gare de Madrid, Email: reservas@garedemadrid.es.
b) Purpose of the treatment: Management of the relationship with customers
c) Stakeholder categories Customers: People with whom a business relationship is maintained as clients
d) Categories of data: Those necessary for the maintenance of the commercial relationship. Accommodation and billing reservations. Identification: name and surname, NIF, postal address, telephone, e-mail
e) Recipient categories: State Tax Administration Agency, Security Forces and Bodies
f) International transfers: No international transfers are planned
g) Termination of suppression: Those foreseen by the tax legislation regarding the prescription of responsibilities and 
legal provisions regarding public safety
h) Security measures: Those described in the documents that make up the Data Protection and Information Security Policy of the AEPD

ANNEXED

ATTENTION OF THE RIGHTS EXERCISE

The controller will inform the staff that deals with the data about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, postal address, etc.) and taking into account the following:
  • Upon presentation of their national identity document or passport, the holders of personal data (interested) may exercise their rights of access, rectification, deletion, opposition and limitation of treatment. The exercise of rights is free.
  • The controller must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with a clear and simple language and keep proof of compliance with the duty to respond to requests for the exercise of rights made.
  • If the request is submitted by electronic means, the information will be provided by these means whenever possible, unless the interested party requests that it be otherwise.
  • Applications must be answered within 1 month of receipt, and can be extended in another two months taking into account the complexity or number of requests, but in that case the interested party must be informed of the extension within a month from of the receipt of the request, indicating the reasons for the delay.

RIGHT OF ACCESS: In the right of access, the interested parties will be provided with a copy of the personal data that is available together with the purpose for which they were collected, the identity of the recipients of the data, the expected conservation periods or the criteria used to determine, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its treatment, the right to file a claim with the Spanish Agency for Data Protection and if the data has not been obtained from the interested party , any information available about its origin. The right to obtain a copy of the data can not negatively affect the rights and freedoms of other interested parties.

RIGHT OF RECTIFICATION: In the right of rectification will proceed to modify the data of the interested parties that were inaccurate or incomplete attending to the purposes of the treatment. The interested party must indicate in the application to which data it refers and the correction that must be made, providing, when necessary, the documentation justifying the inaccuracy or incompleteness of the data subject to treatment. If the data have been communicated by the responsible party to other responsible parties, they must notify them of the rectification of the data unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if so requested.

SUPPRESSION RIGHT: In the right of suppression the data of the interested parties will be eliminated when they manifest their refusal to the treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw the consent given and there is no another legal basis that legitimizes the treatment or it is illegal. If the suppression derives from the exercise of the interested party's right of opposition to the processing of their data for marketing purposes, the identification data of the interested party may be retained in order to prevent future treatments. If the data has been communicated by the responsible party to other responsible persons, it should notify them of the suppression of these unless it is impossible or requires a disproportionate effort, providing the interested party with information about said addressees, if so requested.

RIGHT OF OPPOSITION: In the right of opposition, when the interested parties express their refusal to treat their personal data before the person in charge, the latter will stop processing them as long as there is no legal obligation to prevent it. When the treatment is based on a mission of public interest or the legitimate interest of the responsible, before a request to exercise the right of opposition, the responsible person will stop processing the data unless compelling reasons that prevail over the interests, rights and freedoms of the interested party or are necessary for the formulation, exercise or defense of claims. If the interested party objects to the treatment for direct marketing purposes, the personal data will no longer be processed for these purposes.

RIGHT OF LIMITATION TO TREATMENT: In the right to limit treatment, interested parties may request the suspension of the processing of their data to challenge its accuracy while the responsible performs the necessary verifications or in the case that the treatment is carried out based on the legitimate interest of the responsible or in compliance of a mission of public interest, while verifying if these reasons prevail over the interests, rights and freedoms of the interested party. The interested party may also request the preservation of the data if it considers that the treatment is illegal and, instead of the deletion, requests the limitation of the treatment, or if not yet needed by the person responsible for the purposes for which they were collected, the interested party you need them for the formulation, exercise or defense of claims. The fact that the data processing of the interested party is limited must be clearly stated in the systems of the person responsible. If the data have been communicated by the responsible party to other responsible persons, they should notify them of the limitation of the treatment of these, unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if so requested.

Update: February 2020

Share by: