Privacy Policy

M2 GESTION TURISTICA & HOTELERA SL (the “Company”) is an Organization in which personal data processing activities take place, which attributes to it an important responsibility in the design and organization of procedures so that they are aligned with the legal compliance in this matter. In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which notifies its Employees and makes available of all its stakeholders.
1. Purpose
The Personal Data Protection Policy is a measure of Proactive Responsibility that has the purpose of ensuring compliance with the applicable legislation in this matter and in relation to it, respect for the right to honor and privacy in data processing. of a personal nature of all the people who are related to The Company. Pursuant to the provisions of this Personal Data Protection Policy, the Principles that govern data processing in the organization are established and, consequently, the procedures, and the organizational and security measures that the people affected by this Policy undertake to implement in their area of responsibility. To this end, M2 GESTION TURISTICA & HOTELERA SL will assign the responsibilities to the personnel who participate in the data processing operations.
2. Scope of application
This Personal Data Protection Policy will be applicable to the Company, its administrators, managers and employees, as well as all persons related to it, with the express inclusion of service providers with access to data (“ Processors")
3. Principles of personal data processing
As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate it (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of «risk approach»).
In relation to the above, M2 GESTION TURISTICA & HOTELERA SL will ensure compliance with the following Principles:
Legality, loyalty, transparency and limitation of purpose. Data processing must always be informed to the affected party, through clauses and other procedures; and it will only be considered legitimate if there is consent for the data processing (with special attention to that provided by minors), or it has another valid legitimacy and the purpose of the same is in accordance with the Regulations.
The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all the contracts and obligations that they formalize or assume and (iv) in the implementation of as many systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. Employee commitment
Workers are informed of this Policy and declare themselves aware that personal information is an asset of the Company, and in this regard they adhere to it, committing to the following:
* Carry out the awareness training in Data Protection that the Company makes available to you
* Apply the security measures at the user level that apply to your job, without prejudice to the responsibilities in its design and implementation that may be attributed to you based on your role within M2 GESTION TURISTICA & HOTELERA SL
* Use the formats established for the exercise of Rights by those affected and inform the Company immediately so that the response can be made effective.
* Inform the Company, as soon as it becomes aware, of deviations from what is established in this Policy, in particular "Violations of personal data security", using the format established for this purpose.
5. Control and evaluation
An annual verification, evaluation and assessment will be carried out, or whenever there are significant changes in the data processing, of the effectiveness of the technical and organizational measures to guarantee the security of the processing.