Privacy Policy

PRIVACY POLICY

Las Colinas Golf & Country Club understands that privacy is a fundamental part of the very essence of the unique experience we offer, where healthy living and harmony with nature are paramount. The guarantee of protection of your personal data allows you to enjoy all our services and experiences in a unique natural setting without any worries.

The purpose of this Privacy Policy is to clearly and precisely inform Users about the processing of their personal data obtained through the different websites linked to Las Colinas Golf & Country Club, whose main website is https://lascolinasgolf.com/ (hereinafter, all the websites, separately or jointly, the “Website“), carried out by the data controller. The websites linked to the Website are: https://lascolinasresidences.com/es/inicio/, https://lascolinasgolfrealestate.com/, https://restauranteumawa.com , https://restauranteilpalco.com  and https://wowbeach.es

 

2.- OBLIGATION TO PROVIDE THE DATA

The data requested through the Website are, in general, obligatory (unless otherwise specified in the required field) in order to fulfil the purposes for which they are being collected.

Therefore, if they are not provided or are not provided correctly, they cannot be processed.

 

3.- FOR WHAT PURPOSES WILL THE DATA CONTROLLERS PROCESS THE USER’S DATA AND ON THE BASIS OF WHAT LEGITIMISATION?

Las Colinas Golf & Country Club is a complex managed by three different companies, Colinas Green Golf S.L. (B83977868); Campoamor Sun & Beach S.L. (B83835496); and Colinas Golf Residencial S.L. (B83995142), all with registered offices at C/ Luchana 23, 28010 Madrid and belonging to the Gmp Group.

Each of them has an independent and perfectly delimited scope of responsibility depending on the purposes of the specific processing, and therefore for each processing activity a data controller will be indicated, without prejudice to those processing operations common to all data controllers. Thus, the corresponding controller will process the personal data provided by the User or that it may obtain directly through any of the channels provided for this purpose, for the purposes indicated below, in accordance with the basis of legitimacy applicable in each case:

 

a)   Manage the provision and payment of the services contracted by the User:
  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Processing and monitoring of the contracting of the service made by the
  • Management of the collection of the services contracted by the
  • Contact the User when any circumstance of interest related to the contracted services arises.
  • Basis of legitimacy: execution of the contractual relationship derived from the provision of the service.
 
 
b)   Processing and management of bookings and sports services (Sports & Health Club, Golf Academy, Toptracer Range, Racquet Club and Tennis and Padel Academy, Golf outing bookings):
  • Responsible for the treatment: Colinas Golf Residencial L.
  • Purposes of processing:
  • Management of the User’s reservation through the
  • Management of the registration and deregistration of the User registered on the Website.
  • Capture the data necessary to create the profile of the registered User. This data may include, among others, identification data (name, surname, nationality, gender and date of birth), contact data (email and telephone number) and economic or financial data (bank account number, card number or other information linked to the selected payment method).
  • Provision of the sports service requested by the
  • Basis of legitimacy: execution of the contractual relationship or, where appropriate, application of pre-contractual measures arising from the reservation and/or provision of the service.
 
 
c)   Processing and management of reservations and catering services (umawa, iPalco and unik):
  • Responsible for the treatment: Colinas Green Golf L.
  • Purposes of processing:
  • Management of the User’s reservation through the
  • Provision of the catering service requested by the User. Where appropriate, special category data of the User (health data) may be processed, if intolerances or allergies are reported.
  • Basis of legitimacy: execution of the contractual relationship or, where appropriate, application of pre-contractual measures arising from the reservation and/or provision of the service.
 
 
d)   Processing and management of reservations and services offered at WOW Beach:
  • Responsible for processing: Campoamor Sun & BeachL.
  • Purposes of processing:
  • Management of the User’s reservation through the
  • Provision of the catering service requested by the User. Where appropriate, special category data of the User (health data) may be processed, if intolerances or allergies are reported.
  • Basis of legitimacy: execution of the contractual relationship or, where appropriate, application of pre-contractual measures arising from the reservation and/or provision of the service.
 
 
e)   Processing and management of bookings and The Beauty Room services:
  • Responsible for the treatment: Colinas Golf Residencial L.
  • Purposes of processing:
  • Management of the User’s reservation through the
  • Management of the registration and deregistration of the User registered on the Website.
  • Capture the data necessary to create the profile of the registered User. This data may include, among others, identification data (name, surname, nationality, gender and date of birth), contact data (email and telephone number) and economic or financial data (bank account number, card number or other information linked to the selected payment method).
  • Provision of the care and beauty service requested by the
  • Basis of legitimacy: execution of the contractual relationship or, where appropriate, application of pre-contractual measures arising from the reservation and/or provision of the service.
 
 
f)   Carrying out statistics and market research:
  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
  • Analysis and preparation of statistics and internal reports on the degree of satisfaction of Users, the success of commercial campaigns, the preferences of Users as a whole, as well as on any other issue considered to be of interest. Data obtained directly by the Data Controller will always be used for this purpose.
  • Basis of legitimacy: all processing derived from this purpose will be based on legitimate interest, recognised by the regulations for the Data Controller.

This legitimate interest is based on being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.

 
 
g)   To create a profile of the User in order to offer more personalised content and promotional activities:

 

  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Analysis of User behaviour in the context of their use of the
  • Creation of profiles of Users by integrating and processing together the information obtained, as well as any other information already existing about the User in the databases of the Data Controller or obtained from third party sources (other group companies and social networks, including but not limited to Facebook, Instagram, YouTube, Twitter, LinkedIn).
  • Inferring User interests (e.g. golf).
  • Develop segments to send advertising tailored to the interests of the
  • Basis of legitimacy: the present processing will be carried out exclusively with the explicit consent of the data subjects. This consent may be revoked at any time, without this circumstance affecting any processing carried out previously.
 
 
h)   Inform the User by any means of products and services of the Data Controller similar to those purchased by the User:

 

  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Send commercial communications to the e-mail address
  • Basis of legitimisation: the processing derived from this purpose will be based on the legitimate interest, recognised by the regulations for the data controller.

This legitimate interest consists of Users being able to find out about other products offered, similar to those previously contracted.

 
 
i)    To guarantee security in the use of the Website and in the contracting o f services by the User:

 

  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried out.
  • Basis of legitimacy: the processing derived from this purpose will be carried out on the basis of the legitimate interest recognised to the data controller by the

Such legitimate interest shall consist of minimising the risks assumed by the Controller and its customers in the marketing and purchase of its products.

 
 
j)    Respond to questions raised in the contact forms:
  • Data Controller: the corresponding Data Controller of the contracted.
  • Purposes of processing:
  • In cases in which a User raises any type of question, his/her data will be processed in order to manage, process and respond to the User’s requests, applications, incidents or queries.
  • Basis of legitimacy: consent to the execution of the request made by the User by virtue of the existing relationship between the parties.
 
 
k)   Management of applications by sending CVs:
  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Evaluation of the
  • Processing and monitoring of the selection process to which you have
  • Retention of the CV, in the event that the interested party gives his or her consent, for subsequent vacancies or selection processes.
  • Basis of legitimacy: application of pre-contractual measures derived from the application to a vacancy, selective process or sending of CV through the enabled
 
 
l)    Compliance with legal obligations:
  • Data Controller: the corresponding Data Controller of the contracted
  • Purposes of processing:
  • Comply with the provisions of applicable accounting, tax, consumer, regulations.
  • Basis of legitimacy: compliance with the appropriate legal.
 
 
4.- WITH WHICH RECIPIENTS WILL THE USER’S DATA BE SHARED?

The correct provision of the service provided to the User implies that other third party service providers access the User’s personal data as data processors, with whom the corresponding Data Controller has signed the corresponding service provision agreements with access to data.

In turn, personal data may be communicated to other entities of the Gmp group of companies, with your consent where necessary, which may access the personal data and information to assist us in the management of the pre-contractual relationship or processing of the request made. We ensure that all these entities comply with data protection regulations, which are also directly applicable to them.

In addition to the above, the User understands that personal data may be transferred or communicated to fulfil their obligations to the Public Administrations in cases where this is required in accordance with the legislation in force at any given time and, where appropriate, also to other bodies such as the State Security Forces and Bodies and the Judiciary.

 
5.- INTERNATIONAL DATA TRANSFERS

Users’ personal data may be communicated or made available to third parties located outside the EU for the proper performance of the service.

of the contracted services, as well as for the attention of the requests of the Users or for the fulfilment of any of the indicated purposes.

In cases where there is no adequacy decision in force, it is guaranteed that the international transfer of data will be carried out in compliance with the applicable data protection regulations and, in any case, through the granting of the appropriate guarantees. Specifically, by signing t h e standard contractual clauses approved by the European Commission and, where necessary, by adopting such additional guarantees as may be appropriate.

 
6.- DATA RETENTION

Users’ data will be kept for as long as the relationship with the User remains in force, without prejudice to the retention that may be necessary for the formulation, exercise or defence of potential claims and/or as long as permitted by applicable legislation. Once the aforementioned period has expired, the data will be deleted.

As regards the sending of information relating to the management of an application, the personal data will be kept for as long as they are necessary for the selection process to be carried out, and will be subsequently deleted, unless the candidate gives his/her consent for them to be kept for a longer period of time.

 
7.- USER RESPONSIBILITY

The User guarantees that he/she is over eighteen (18) years of age or, if applicable, that he/she is capable of entering into the corresponding contracts for goods and services by him/herself, and that the data provided are true, accurate, complete and up to date. To this effect, the User is responsible for the veracity of all the data provided and will keep the information provided suitably updated, so that it corresponds to his or her real situation.

Likewise, the User guarantees that he/she has informed the third parties whose data he/she provides, if he/she does so, of the aspects contained in this document. Likewise, he/she guarantees that he/she has obtained their authorisation to provide their data for the aforementioned purposes.

In this regard, the User is informed that he/she shall be liable for any false or inaccurate information provided through the contact channels provided and for any damages, direct or indirect, that this may cause to the Data Controller or to third parties.

 
8.- EXERCISE OF RIGHTS

Users may exercise their rights of access, rectification, opposition, deletion, portability and limitation of processing, as well as the right to refuse automated processing of their personal data, free of charge, by sending a written and signed request to the following address: C/Luchana, 23 – Madrid or via privacidad@grupogmp.com. For these purposes, the

User must send such written communication indicating the request or right being exercised, name and surname(s). A copy of your ID card or valid document proving your identity (photocopy of passport) will only be requested in cases where there may be reasonable doubts about it and taking into consideration the nature of the personal data subject to the exercise of the right.

The User has the right to object to the processing of their data for promotional purposes for the receipt of commercial communications by simply notifying their wishes. To do so, the User may send his/her request by means of the procedure described in the previous paragraph. Likewise, the User may cancel the receipt of commercial communications in the manner provided for in each commercial communication (for example, through the link included in each of them).

In addition to the above rights, the User shall have the right to withdraw the consent given at any time by means of the procedure described above, without such withdrawal of consent affecting the lawfulness of the processing prior to the withdrawal of consent. In any case, the User’s data may continue to be processed to the extent permitted by applicable law.

Likewise, the User may lodge a complaint regarding the protection of his/her personal data with the Spanish Data Protection Agency at the address C/ Jorge Juan, 6, 28001 – Madrid, when the interested party considers that the processing of his/her personal data has infringed the rights recognised by the applicable data protection regulations.

 
9.- SECURITY MEASURES

The User’s data will be treated at all times in the strictest confidence and with the mandatory duty of secrecy, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organisational measures to guarantee the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

 
10.- WARNING AND CHANGES

This privacy policy applies only to personal data collected or provided by the user through any of the channels provided. The User should be aware that we are not responsible for the personal data protection practices of the websites whose links may be displayed on the different websites of the companies linked to Las Colinas Golf & Country Club.

These external websites will be responsible for the processing of the personal data provided by the User through said external website, without us being able to acquire any responsibility for said processing. We encourage the User to read the privacy statement of each and every website that collects personal data.

The Controller has the right to review and amend this Privacy Policy from time to time as it deems appropriate, in which case Users will be notified. For this reason, please check this privacy statement regularly to read the most recent version of the Privacy Policy, which is available on this Website.

 

Last update: December 2023.