Reservar AlojamientoBOOK
Book your
Studio
with us now
Quiero Visitar la ResidenciaVISIT
Come on! Come
see your new accommodation.
Reservation visit
Quiero Llamar al AlojamientoCALL US
Call us now
We answer all
your doubts
Quiero Llamar al Alojamiento Quiero Visitar la ResidenciaVISIT Reservar AlojamientoBOOK

PRIVACY POLICY

LIVENSA LIVING STUDIOS

  1. INTRODUCTION

The user (hereinafter, the “data subject”) is informed that his or her personal data will be processed through the Website by LIVENSA LIVING, S.L., which will be managing the different processes and any other related issues regarding the Accommodations on behalf of the entities which are established as lessors within its Group. Consequently, unless otherwise expressly stated therein, for the purposes involving booking processes, the Data Controller will be the corresponding lessor, that is to say, the corresponding entity which establishes the pre contractual or contractual relationship with the data subject.

Please find the list of Group entities involved in Annex I.

If the data subject wishes to contact the Data Protection Officer (DPO) in relation to any matter described in this Privacy Policy, he/she can submit any request, query, or suggestion at [email protected]. If the data subject prefers to contact the DPO by other means, he/she can do so at:

Address: DPO. Ref.: Privacy Policy. C/ Poeta Joan Maragall 1, 7º. 28120 Madrid.

  1. DATA PROTECTION INFORMATION IN RELATION TO SPECIFIC PURPOSES

The Data Controller established below will process, manually or automatically, the information that the data subject provides through the Website, in a lawful, fair, and transparent manner. To this end, it is important that the data subject reports any changes that occur in his/her personal data, to keep them updated.

The Data Controller will process the data subject’s personal data for the following purposes. For the ease of reference, data protection information is divided according to the activity carried out by the data subject from time to time.

CONTACT

Identification of the Data Controller

The data subject is informed that his/her personal data will be processed by LIVENSA LIVING, S.L. as a Data Controller (hereinafter, the “Data Controller”). If the data subject wishes to contact the Data Controller, he/she may contact the Data Protection Officer (DPO) at any time at [email protected]

Purposes for the processing and lawful basis

In case the data subject submits any query, request, or suggestion through the available means within the Website, the Data Controller will process his/her personal data for the following purposes:

  1. a) Attend to, manage, your queries and know your preferences.

Considering the personal data included in the corresponding form and/or survey, we will manage your queries and, additionally, improve our communication and marketing campaigns in the future based on aggregated data.

  1. b) Answering queries, doubts or questions raised by different channels and contact you if you requested further information.

The data subject may address the Data Controller by different means such as email address, telephone, social networks (Instagram) and WhatsApp Business.

In this regard, provided the data subject contacts the Data Controller by telephone, the conversation with our team shall be recorded for the purposes of increasing the quality of the services provided and, additionally, for keeping evidence of the conversation held with the data subject in order to collect proof of consent for marketing purposes, where applicable.

  1. c) Make an appointment to visit the facilities of the Accommodation or Accommodations chosen.

In order to arrange a view to the facilities of a specific Accommodation the data subject will be required to provide information regarding his/her city and Accommodation of interest as well as his/her identification data (name, surname, nationality), contact details (telephone number, email address) specifics of the appointment in order to provide a suitable slot for the visit.

  1. d) Where express consent has been given, the sending of commercial communications based on the profile of the data subject which will be built from their interests provided in the relevant form.

On one hand, the legal basis for the processing of personal data according to the above-mentioned purposes is the data subject’s consent when submitting such queries, requests, surveys, or suggestions in the relevant forms. Consequently, the data subject may revoke his/her consent at any time, irrespective of the lawfulness of the processing up to that time.

On the other hand, the lawful basis for the processing of personal data by recording the telephone calls of the data subject as explained above is the legitimate interest of the Data Controller in increasing the quality of its services to improve competition and, additionally, to allow the Data Controller to properly evidence the user’s consent, only when granted by such means, to submit commercial communications as explained in this Privacy Policy.

To this end, after a thorough legitimate interest analysis under the supervision of the DPO, it is concluded that the legitimate interest of the Data Controller in this regard override that of the data subject, taking into account that the likelihood of impact in the data subject’s rights and freedoms is rather low and, especially, considering the nature, the risks posed and the benefits of such processing both for the Data Controller and, in general, for the market when improving market activities and competition.  Should you wish to obtain further information of the legitimate interest assessment carried out in order to enable this processing activity you can contact our DPO at [email protected]

Mandatory data and data from third parties

Except otherwise stated in the corresponding form, the provision of personal data is mandatory in order to achieve the above-mentioned purposes.

In the event that the data subject provides data from a third party, he or she states that such personal data have been lawfully provided and undertakes that the third party is aware of the purposes of the processing of his/her personal data.

Data retention period of personal data

The personal data will be stored for the above-mentioned purposes for as long as required by the applicable law and until any liability arising from the processing is extinguished. Notwithstanding the aforementioned, should the data subject revoke his/her consent or object to such processing, data will be deleted, except where such personal data needs to be duly blocked until potential responsibilities have expired.

Data Communication

If the data subject wishes to visit the premises of the Accommodation of interest, his/her personal data shall be communicated to the corresponding lessor of the Accommodation, that is to say, the corresponding entity which will establish the pre contractual or contractual relationship with the data subject, exclusively for the purposes of managing the referred visit.

The Data Controller has the collaboration of third-party service providers who may have access to personal data and who will process the data on behalf of, and for the account of, the Data Controller, as a consequence of their services.

In this respect, the Data Controller follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into a data processing agreement, whereby it will impose on them, inter alia, the following obligations: to apply appropriate technical and organisational measures so as to ensure the security of personal data; to process personal data for the agreed purposes and in accordance only with the documented instructions of the Data Controller; and to delete and return the data to the Data Controller upon completion of the services.

International data transfers

The personal data provided will be subject to international data transfers outside the European Economic Area (EEA)(eg, to the United States), which will be regulated according to the mechanisms established in the GDPR in order to safeguard the rights and freedoms of the data subject and ensure a sufficient level of security.

In this regard, please note that Standard Contractual Clauses (SCC) issued by the European Commission are considered as a lawful mechanism to transfer data outside the EEA and, where applicable, the Data Controller undertakes to sign those SCC, where necessary, in order to protect the data subject’s personal data at any time.

Rights of the data subject

Please see Section 3 “Rights of the data subjects” to get further information on how to exercise the rights that the data protection legislation provides to data subjects.

REGISTRATION PROCESS

Identification of the Data Controller

The data subject is informed that his/her personal data will be processed by LIVENSA LIVING, S.L. as a Data Controller (hereinafter, the “Data Controller”). If the data subject wishes to contact the Data Controller, he/she may contact the Data Protection Officer (DPO) at any time at [email protected]

Purposes for the processing and lawful basis

In case the data subject initiates the registration process within the Website, the Data Controller will process his/her personal data in order to:

  1. a) Manage the creation of an account within the Website in order to carry out certain actions such as bookings a Room or adding one to the shortlist.

The legal basis for the processing of personal data in this case is the performance of the contractual relationship with the data subject through the acceptance of the Terms and Conditions. Consequently, the provision of personal data is mandatory given that, otherwise, it would not be possible to carry out such purpose.

  1. b) Submit commercial communications by electronic means to the data subject with information of related services provided by the Data Controller.

The legal basis for the processing of personal data for this purpose is the legitimate interests of the Data Controller, which is granted by the applicable regulations. Nevertheless, the data subject has the right, at any time and free of charge, to object the receipt of such communications by a simple mechanism located on each commercial communication or, alternatively, by submitting a request to the Data Controller through the contact details of the DPO indicated herein. Please see Section 3 “Rights of the data subject”.

  1. c) Comply with all applicable requirements and obligations to which the Data Controller might be subject in accordance with applicable legislation.

The legal basis for the processing of personal data is the need for the Data Controller to comply with legal obligations. Consequently, the processing of personal data is mandatory given that, otherwise, it would not be possible to carry out such purpose.

Mandatory data and data from third parties

Except otherwise stated in the corresponding form, the provision of personal data is mandatory in order to achieve the above-mentioned purposes.

In the event that the data subject provides data from a third party, he or she states that such personal data have been lawfully provided and undertakes that the third party is aware of the purposes of the processing of his/her personal data.

Data retention period of personal data

The data will be stored for the above-mentioned purposes for as long as the contractual relationship with the Data Controller is in force and then for as long as required by the applicable law and until any liability arising from the contractual relationship is extinguished.

Data communication

The personal data of the data subject will not be communicated to third parties for these purposes unless public administrations and/or Law enforcement agencies request it.

Nevertheless, the Data Controller has the collaboration of third-party service providers who may have access to personal data of the data subject and who will process the data on behalf of, and for the account of, the Data Controller, as a consequence of their services.

In this respect, the Data Controller follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into a data processing agreement, whereby it will impose on them, inter alia, the following obligations: to apply appropriate technical and organisational measures to ensure security of personal data; to process personal data for the agreed purposes and in accordance only with the documented instructions of the Data Controller; and to delete and return the data to the Data Controller upon completion of the services.

International data transfers

The personal data provided will be subject to international data transfers outside the European Economic Area (EEA) (eg, to the United States), which will be regulated according to the mechanisms established in the GDPR in order to safeguard the rights and freedoms of the data subject and ensure a sufficient level of security.

In this regard, please note that Standard Contractual Clauses (SCC) issued by the European Commission are considered as a lawful mechanism to transfer data outside the EEA and, where applicable, the Data Controller undertakes to sign those SCC where necessary in order to protect the data subject’s personal data at any time.

Rights of the data subject

Please see Section 3 “Rights of the data subjects” to get further information on how to exercise the rights that the data protection legislation provides to data subjects.

BOOKING PROCESS

Identification of the Data Controller

The data subject is informed that his/her personal data will be processed by the corresponding lessor, that is to say, the corresponding entity which establishes the pre contractual or contractual relationship with the data subject as a Data Controller (hereinafter, the “Data Controller”).

Please find the list of Group entities which are considered as Data Controller as the case may be in Annex I.

If the data subject wishes to contact the Data Controller, he/she may contact the Data Protection Officer (DPO) at any time at [email protected]

Purposes for the processing and lawful basis

In case the data subject initiates the booking process within the Website, the Data Controller will process his/her personal according to the following information.

  1. a) Manage and carry out the booking process for the purposes of booking a Room and perform the agreement with the data subject.

The legal basis for the processing of personal data for this specific purpose is the performance of the contractual relationship. Consequently, except otherwise expressly stated therein, the provision of personal data is mandatory given that, otherwise, it would not be possible to carry out such purpose.

  1. b) Contact the data subject to invite him/her to continue with the booking process should such has been started but not finished. This communication might be beneficial to the data subject in order to remind him/her that the process is still pending.

The legal basis for the processing of personal data for this purpose is the user’s consent to receive such communications by checking the corresponding box. Consequently, the data subject may revoke his/her consent at any time, irrespective of the lawfulness of the processing up to that time.

  1. c) Manage and execute the agreement for the purposes, of invoicing, payment, inventory, deposit, room allocation, and other contractual or legal requirements necessary to formalize the agreement with the data subject.

The legal basis for the processing of personal data for this purpose is the fulfilment of the contractual relationship. Consequently, the provision of personal data is mandatory given that, otherwise, it would not be possible to carry out such purpose.

  1. d) Manage the provision of the services offered by the Accommodation such as the postal log, the sauna, the gym, sport and/or recreational activities, etc. Additionally, if the data subject voluntarily provides information relating to his/her health condition, special categories of data might be processed by the Data Controller exclusively in order to meet the specific needs of the data subject, if applicable.

The legal basis for the processing of personal data for this purpose is the fulfilment of the contractual relationship. Consequently, the provision of personal data is mandatory (unless otherwise stated) given that, otherwise, it would not be possible to carry out such purpose. Furthermore, the legal basis for the processing of special categories of data such as health data is the explicit consent of the data subject by checking the corresponding box.

  1. e) Manage and update the facility access logs to monitor and control the security of goods, individuals, and premises.

The legal basis for the processing of personal data is the legitimate interest of the Data Controller in ensuring the security of individuals, goods, and premises, which, in this case, override the interests, fundamental rights and freedoms of the data subject.

  1. f) Manage the corresponding reporting channels to enable the data subject the communication of incidents on the premises and relevant repairs.

The legal basis for this processing of personal data is the fulfilment of the contractual relationship. Consequently, the provision of personal data is mandatory given that, otherwise, it would not be possible to carry out such purpose.

  1. g) Comply with all applicable requirements and obligations to which the Data Controller might be subject in accordance with applicable legislation.

The legal basis for the processing of personal data is the need for the Data Controller to comply with legal obligations. Consequently, the provision of personal data is mandatory given that, otherwise, it would not be possible to comply with such obligations.

  1. h) Submit commercial communications by electronic means to the data subject with information of similar products and/or services to those which have already been contracted by the data subject and which might be of his/her interest.

The legal basis for the processing of personal data for this purpose is the legitimate interest of the Data Controller, which is granted by the applicable regulations. Nevertheless, the data subject has the right, at any time and free of charge, to object the receipt of such communications by a simple mechanism located on each commercial communication or, alternatively, by submitting a request to the Data Controller through the contact details of the DPO indicated herein. Please see Section 3 “Rights of the data subject”.

Data retention period of personal data

The data will be stored for the above-mentioned purposes for as long as the agreement with the Data Controller is in force and then for as long as required by the applicable law and until any liability arising from the agreement is extinguished.

With reference to personal data derived from the contractual relationship, the data subject’s personal data will be kept for as long as the agreement subsists and once ended, for a period of 5 years, except for any applicable legislation which might extend such period.

With reference to the personal data derived from the consent of the data subject or the legitimate interest of the Data Controller, personal data will be kept for as long as consent is not revoked or, until right to object of the data subject is successfully granted, without prejudice of the expiration of potential liabilities to which the Data Controller may be subject.

Mandatory data and data from third parties

Except otherwise stated therein, the provision of personal data is mandatory in order to achieve the above-mentioned purposes.

When the data subject provides personal data in relation to a third party, he or she undertakes that the provision of his/her personal data is lawful and undertakes that the third party is aware of the purposes for the processing of personal data.

Data Communication

The personal data of the data subject might be communicated to:

– Public Administrations, to the extent necessary to comply with applicable law and with the requirements set out in the application thereby.

– Courts and Law Enforcement agencies, to the extent necessary to comply with applicable law.

– Third party providers engaged with the Data Controller for the provision of specific services (such as, among others, payment services) to the data subjects.

– Temprano Capital, S.L., as group entity, in accordance with the legitimate interests of the Data Controller, exclusively for internal administrative purposes.

Furthermore, the Data Controller follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into a data processing agreement, as established by law, whereby it will impose on them, inter alia, the following obligations: to apply appropriate technical and organisational measures to ensure security of personal data; to process personal data for the agreed purposes and in accordance only with the documented instructions of the Data Controller; and to delete and return the data to the Data Controller upon completion of the services.

International data transfers

The personal data provided will be subject to international data transfers outside the European Economic Area (EEA) (eg, to the United States), which will be regulated according to the mechanisms established in the GDPR in order to safeguard the rights and freedoms of the data subject and ensure a sufficient level of security.

In this regard, please note that Standard Contractual Clauses (SCC) issued by the European Commission are considered as a lawful mechanism to transfer data outside the EEA and, where applicable, the Data Controller undertakes to sign those SCC where necessary in order to protect the data subject’s personal data at any time.

Rights of the data subject

Please see Section 3 “Rights of the data subjects” to get further information on how to exercise the rights that the data protection legislation provides to data subjects.

  1. Rights of the data subject

In accordance with data protection regulations, the data subject has the right to:

– Withdraw his/her consent at any time, without prejudice to the lawfulness of the processing previously carried out.

– Right of access: The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her are being processed, and, if so, access to the personal data and information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data is disclosed, and the envisaged period for which the personal data will be stored, among other information.

– Right to rectification: The data subject has the right to obtain the rectification of inaccurate personal data concerning him/her.

– Right to erasure: The data subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her when, among other reasons, the data is no longer necessary for the purposes for which such was gathered.

– Right to object: The data subject has the right to object, on grounds relating to his/her her particular situation, at any time, to processing of personal data concerning him/ her which is based on the legitimate interest of the Data Controller (including processing with profiling and direct marketing purposes). In this case, the Data Controller will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing.

– Right to restriction: The data subject may, under certain circumstances (for example, in the event that the data subject refutes the inaccuracy of his/her data for as long as such accuracy is verified), ask for the restriction of the processing of his/her personal data, which will then only be processed for the establishment, exercise or defence of legal claims.

– Right to data portability: The data subject has the right to receive the personal data concerning him/her, in a structured, commonly used machine-readable format and have the right to transmit those data to another Data Controller without hindrance from this Data Controller, in the cases foreseen in the regulations to this effect.

The aforementioned rights may be exercised in the contact details indicated in the header of this Privacy Notice, or by email to the following email address of the DPO: [email protected], provided the data subject proves his or her identity by adding a copy of ID or Passport. The data subject may however contact the DPO at any time for further information.

The data subject is informed that the Data Controller will respond to the right exercised within one month, counting from the reception of the request. This period may be extended by two months, considering the complexity and number of applications, and in any case the user must be notified in order to inform him/her of this.

Additionally, the data subject may lodge a complaint in relation to the processing of personal data with the competent supervisory authority, when he/she considers that his/her rights set forth in the applicable regulations have been violated.

  1. Commercial communications

One of the purposes for which the Data Controller processes the personal data is for the submission of electronic communications with information regarding activities, services, competitions, special offers and/or promotions about the services of the Accommodations.

Should the data subject wishes to stop receiving such commercial or promotional communications, he/she may revoke his/her consent to the submission of communications or request objection to such submission where a contractual relationship exists between the data subject and the Data Controller by email to the following email address: [email protected] or indicating it by means of the unsubscribe option provided in each of the commercial communications submitted.

  1. Security measures

In order to safeguard the security of personal data, please note that the Data Controller has taken all necessary technical and organisational measures to ensure the security of the personal data provided in order to avoid their alteration, loss, and/or unauthorized processing or access, as required by the regulations, although absolute security does not exist.

Likewise, the Data Controller informs the data subject that all our personnel, whatever the phase of the processing in which they intervene, have adopted the commitment to process your personal data with the utmost care, secrecy, and confidentiality and that their processing will be carried out in accordance with the data protection legislation.

Last updated: March 2024.

ANNEX I

Livensa Living Studios Bilbao: Livensa Bilbao, S.L.U.
Livensa Living Studios Málaga Feria: Livensa Málaga , S.L.U.
Livensa Living Studios San Sebastián: Livensa San Sebastián, S.L.U.
Livensa Living Studios Valencia: Livensa Valencia 1, S.L.U.
Livensa Living Studios Madrid Alcobendas: Livensa Madrid 1, S.L.U.
Livensa Living Studios Valencia Viveros: Livensa Valencia 2, S.L.U.