DATA PROTECTION POLICY

0. Introduction

GESTION GOLF DEL SUR S.L.U (the Company) wishes to inform you about our privacy policy and how we process personal data.

We will process your data in accordance with the provisions of the General Regulation (EU) 2016/679 on Data Protection, and Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights.

Here you can find information about what data we process, how we obtain it, for what purpose we use it, how long we keep it, and what measures we take to protect your personal data, as well as other information that you should know about the processing of your data. For this reason, we ask you to read our privacy policy carefully.

1. Data controller

The data controller is:

• Identity: GESTION GOLF DEL SUR S.L.U. – NIF: B38572939
• Postal address: Avd. J.M Galván Bello, Urbanización Golf del Sur, Casa Club S/N, CP 38639, San Miguel de Abona, province of Santa Cruz de Tenerife
• Telephone: 676076903 – 922 73 81 70 – Email: golfdelsur@golfdelsur.es

2 How do we obtain personal data?

Depending on the type of data processed, the sources of data collection may be the following:

1. By communicating them through our contact forms on our website, previously accepting our privacy policy.
2. By signing our forms and forms physically at our facilities.
3. Once our contractual relationship has been established, they may be generated as a consequence of the management, maintenance, and development of our relationship.
4. We may obtain them from external sources, if you have previously consented to it.

3. What is the company’s legitimacy for processing your personal data?

The basis for the processing of your personal data is:

1. Your own consent to the development and execution of the relationship formalized with you.
2. Our legitimate interest in the processing of data, as long as it does not undermine the privacy rights of each person.
3. In compliance with the legal obligations of the company and your unequivocal consent.

The Company is authorized to collect and process personal data, in terms of personal data of clients, potential clients, suppliers, candidates or employees, in terms of general data, in accordance with the provisions of article 6 of the European Regulation 2016/679 on the Protection of Personal Data.

For the collection and processing of data not covered by the provisions cited in the previous paragraph, prior authorization will be requested.

4. Relevant information about minors

For the processing of data of persons under 14 years of age, which requires the consent of the interested party, this must be provided by their parents or legal guardians. Their consent will not be necessary for the processing of data that is legitimized by compliance with a law.

5. What type of data do we process?

1. DATA COLLECTED FROM THE CONTACT FORM ON OUR WEBSITE:

We will collect data on the name, surname and email of the user who accesses our contact form, and we will process them to fulfill the following purposes:

• Management of queries, complaints/incidents, claims and requests made by the user and organization of appointments with users.
• Computer control of the website.
• Data processing for the management of cookies. You can consult our cookie policy by accessing the following link: cookie policy.

Please avoid providing us with particularly relevant data (health data, ideology, beliefs, union membership, religion, racial origin and/or sexual life) unless we expressly request it with your prior consent, after information on the processing of your data.

The Company will process the data obtained from the website for the time necessary to attend to the request made by the user. In this sense, we will keep your personal data blocked during the period of prescription of the actions that may arise from the relationship maintained with the interested party or to attend to requests from public authorities.

2. DATA REQUIRED FOR THE PROVISION OF CONTRACTED SERVICES:

In order to provide the contracted services, we will collect the following data, which are necessary to fulfil our obligations once the provision of the services has been contracted:

– Identification data (name and surname, NIF/DNI, Social Security/Mutual Fund number, address, telephone number, signature, image, signature).

– Personal characteristics data (marital status, family details, date of birth, place of birth, age, sex, nationality, mother tongue).

– Data on social circumstances (accommodation/housing characteristics, hobbies and lifestyle, membership in clubs or associations, licences, permits or authorisations).

– Academic and professional data (training/qualifications, academic history, professional experience, membership in professional associations or colleges).

– Employment details data (profession, job position, employee history). Economic and financial data (bank details, economic payroll data).

– Service data.

Please avoid providing us with particularly relevant data (health data, ideology, beliefs, union membership, religion, racial origin and/or sexual life) unless we expressly request it with your prior consent and after providing information on the processing of your data.

3. DATA OF JOB APPLICANTS: SENDING CURRICULUM VITAE:

If you wish to work with us, you can provide us with your CV. In this case, the Company will process your data for the PURPOSE of including you as a candidate for the various vacancies that arise in our organization.

DURATION: The data provided will be kept until a job is awarded, with a maximum period of one year from the date of receipt of your application. After this period, we will proceed to destroy the data. However, you may exercise your right to cancellation before the end of the indicated periods: in this case, we will proceed to immediately delete your CV from our database.

You have the right to access your personal data, rectify inaccurate data or request its deletion when the data is no longer necessary. The data provided will not be transferred to third parties. Likewise, we ask that in the event of any alteration or modification of your data, you notify us as soon as possible.

6. What are the purposes of processing this data?

Once the provision of our services has been contracted, the Company will process your personal data to achieve the purposes detailed below:

1. For the DEVELOPMENT OF OUR ACTIVITY, for the provision of our services such as reservations, waiting lists, etc.
2. To respond to QUERIES AND REQUESTS.
3. To provide INFORMATION ABOUT OUR PRODUCTS AND SERVICES via postal mail, email, SMS and other means of electronic communication.
4. For BILLING, COLLECTION AND PAYMENT MANAGEMENT as a result of the provision of our services.

Only in the event that you expressly authorize us to do so, we may use your data for the following purposes:

5. To capture images and share them on social networks, platforms, video conferences. Remember that we can only do so if you expressly authorize us to do so.
6. For the creation of profiles through marketing studies and statistical and segmentation techniques and procedures that allow for improvements and the selection of appropriate product and service offers based on your characteristics and needs.

7. How long does data processing last?

We will retain the data relating to the provision of our services for the time necessary to do so, provided that you have not exercised your right to deletion (set out below), or for the time necessary to comply with our legal obligations that apply in each specific case, the type of data and the purpose of the processing.

In the event that you request the deletion or limitation of the processing of your personal data prior to the terms indicated, or in the event that the purpose for which they have been collected ends, in accordance with the provisions of art. 32 of LO 3/2018 of PDYGGD, we will proceed to block the data, as long as our right or duty to retain them persists. The blocking of data consists of the identification and reservation of the same, adopting the technical and organizational measures to prevent their processing, to comply with possible liability requirements arising from the processing and only for the limitation period of the same. After this period, we will proceed to destroy the data.

8. What are our data protection principles?

• Legality: we will process your data in accordance with current regulations.
• Data minimisation: we will only collect the data strictly necessary to fulfil the specific purposes of which you have been informed.
• Security: we have the appropriate protection measures in place to guarantee the security, resilience, confidentiality and availability of your data.
• Relevance: the data is relevant to the provision of the contracted services or the relationship established between you.
• Accuracy: we do not modify or alter personal data.

9. Protection Measures

The Company has the necessary technical and organizational measures to guarantee the security of your personal data. Only authorized persons or those who must comply with legal requirements (competent authorities) may access them. If you wish to receive information about the technical and organizational measures adopted, please contact the Company at the information email address.

10. International transfers, communication or assignment of personal data.

The Company will not carry out international transfers of personal data. Nor will we transfer them to third parties, unless we request your express authorization to do so. In that case, we will inform you about what data we wish to transfer, to whom and for what purpose we wish to make said transfer.

Our company communicates with other companies in the same group (Elron Villas & Luxury sl, Elrondaguel S.l. Elron-Infraestructuras Sl.), as well as other external companies with which we maintain continuous collaboration for the effective development of our services. With all these companies Gestión Golf del Sur SL has signed a joint responsibility contract, in which each joint controller of the treatment undertakes to comply with the obligations that apply to it in accordance with the legislation on data protection, and in particular, they are obliged to implement appropriate technical, legal and organizational measures to guarantee the correct protection of personal data in accordance with article 32 of the RGPD and art. 32 LOPDGDD.

The email address golfdelsur@golfdelsur.es has been indicated as the common contact point.

In any case, the personal data processed by the Company to achieve the purposes detailed above, depending on the legitimate basis of the communication, may be communicated to the following recipients:

• Public bodies and administrations, as well as entities authorized to do so by virtue of a legal mandate.
• Financial entities for the management of collections and payments.

Such data communications seek to guarantee the correct development of the contractual relationship, as well as to comply with legal obligations that require the aforementioned communications to be made.

11. What are your rights in relation to the processing of your data?

In articles 12 and following of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, and articles 15 and following of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the Protection of Natural Persons with regard to the processing of personal data and the free circulation of these data, you can find legal protection for the exercise of your rights related to the protection of personal data. In any case, you can exercise the following rights related to your personal data:

• ACCESS to verify whether your personal data is being processed, and if so, what data we process.
• RECTIFICATION of incorrect or incomplete data.
• CANCELLATION for excessive or inadequate data.
• DELETION: we recommend that you consult with us if there could be any changes in the provision of our services as a result of the exercise of this right.
• REQUEST PORTABILITY: if you want another entity to provide our services and for us to provide you with your data.
• OPPOSITION to the processing of data: in cases where: it is not a necessary treatment, it is for commercial prospecting, it is automated data processing.
• LIMITATION to uses for which consent has not been given.

These rights may be exercised on those data covered by your consent.

Therefore, we are obliged to comply with the exercise of your rights, except for those data covered by a legal obligation or a legitimate interest.

Remember that you can exercise these rights by writing to the email address golfdelsur@golfdelsur.es. In both cases, we ask that you indicate the following text in the subject section: Data Protection Rights.

In both cases, it is required to prove the identity of the person exercising their rights, by sending a copy of their ID, NIE, Passport or equivalent document, on both sides. The Company will provide you with the requested information within a maximum period of one month from receipt of the request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests.

12. Claims

Please note that if you have not obtained satisfaction in the exercise of your rights, you may file a claim with the Spanish Data Protection Agency (the competent Control Authority in this matter), by writing to it, C/ Jorge Juan number 6, 28001 Madrid or through the website: https://www.agpd.es. However, in the first instance, you may file a claim with the Data Protection Officer, who will resolve the claim within a maximum period of two months.