Book now

Privacy policiy

In accordance with the regulations in force concerning data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD), the Data Protection and Privacy Policy of our company is as follows:


The personal data controller is the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the processing. In this case, the details of the data controller are:

Identity: ROSAMAR SA

Company Tax No.: A-17/014630

Postal Address: Avinguda Pau Casals 8-10 de Lloret de Mar (17310)

Telephone: + 34 972 364 650

Email Address: rosamar@rosamarhotels.com

Other Rosamar Group companies:

ROSAMAR SA as the data controller and person responsible for the website, in accordance with the legislation in force, and specifically, what is laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (GDPR), as well as Spanish Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), you are informed that we have implemented appropriate technical and organisational measures in accordance with the state of the art and the cost of their implementation with regards to the risks and nature of the personal data processed to guarantee and protect the confidentiality, integrity and availability of the personal data.


Personal data is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. There is a wide range of information that can be classed as personal data, for example: name, contact details, identification number, computer IP address, etc. For further details about this information, you can consult the website of the Spanish Data Protection Agency or the website of the Catalan Data Protection Authority, among others.


“Processing” is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.


Why do we process personal data?

Personal data provided by data subjects will be processed for the following purposes:

The company informs you that it will not process your personal data for any purpose other than those listed in this section, except where there is a legal obligation or injunction. Personal data will not be subject to automated decision-making that produces legal effects for the data subject.

How long will we keep your personal data?

The personal data you provide will be stored for the time required to provide the service requested or contracted and for a maximum period of 5 years from the last confirmation by you of the existence of an interest in us keeping your data. This is without prejudice to possible longer retention for the purpose of compliance with possible legal obligations and for the exercise and monitoring of any legal and judicial actions that might be relevant. After the periods mentioned have elapsed, we will delete the personal data.


The legal basis for processing of your personal data is the free and legitimate acceptance of the legal relationship by the user in the moment he or she accepts this personal Data Protection and Privacy Policy.Similarly, the legitimation for processing your data is set out below for each of the personal data processing purposes previously identified


Personal data will be shared with other companies in the group of undertakings for purposes connected to the processing of the personal data of clients or users. In order to better deliver the services requested from us, we provide certain data to processors with which we have signed the corresponding contracts regarding data protection. In these cases, the data provided is only that strictly necessary for the specific activity to be performed. Services which can be processors include but are not limited to: suppliers of IT services, security companies, tax or legal advice, etc. This list­ is provided as an example and the company may use services from companies from other business sectors in order to provide quality services. Outside of these cases, no data transfer within or without the EU is foreseen. Information will also be provided to third parties if this is required by the regulations in force or when there is an injunction (public authorities, courts and tribunals, law enforcement agencies and security services, tax agency, etc.)


As a data subject you have the following rights:

Data subjects can obtain additional information about their rights from the website of the Spanish Data Protection Agency or the website of the Catalan Data Protection Authority.


You can exercise your rights by writing to the postal address Avinguda Pau Casals 8-10 de Lloret de Mar (17310) or the email address rosamar@rosamarhotels.com, with the subject “Personal Data”, attaching a photocopy of your identity document or any similar method established in law.


If the data subject believes his or her rights have not been appropriately respected, he or she has the right to present a claim with the Spanish Data Protection Agency or any competent supervisory authority.


What categories of personal data do we process?

We try to ensure that the information we request and process is the minimum necessary to manage the purposes that appear in this Data Protection and Privacy Policy.

Our company can process the following categories of personal data:

These are not specially protected data or special categories of data. The categories of data subjects whose personal data we process are the people interested in our company’s products and services and in contracting or booking them. Persons who register with the job list or submit their CVs will also be classed as data subjects. The data subject guarantees that the personal data he or she provides is truthful and accepts responsibility for notifying the company of any modification to it or error in it, and so answers for its truthfulness and accuracy at all times. If the data subject intends to disclose the personal data of third parties, he or she must first notify the third party and obtain his or her consent, in accordance with our Data Protection and Privacy Policy. Therefore, if the user enters the personal data of a third party, he or she declares and guarantees that he or she has the third party’s consent to disclose this data and for its subsequent processing by our company, and that he or she has previously informed the third party whose data it is of the content of this Data Protection and Privacy Policy.

Personal data we collect automatically.

When the data subject visits our web pages, we collect certain information automatically, including whether he or she makes a booking or hires a service in the end. This information may include the IP address, the date and time when our services were accessed, information about the hardware, software or web browser used and the language selected, among others. This information allows us to improve the services and user experience of our website, and identify potential fraudulent use and attacks on the security of our website, as well as preparing statistics on the use and effectiveness of the website. This data will not be kept unless fraudulent use or an attack on the security of the website is detected. In no case will automated decision-making based on this information which produces legal effects for the user be used. For more information, see the cookies section.


Whenever the data subject makes a booking or contracts a service or product, he or she will be sent an email confirming the booking or contracting and giving information about it. In addition, we may contact the data subject for the purpose of informing him or her of any modification or news relating to it. Furthermore, the company may send commercial communications relating to the products or services it offers on condition that the data subject has expressly and specifically given consent for this by ticking the box provided for this purpose or by any express statement of consent for it. The data subject may withdraw his or her consent to receive any type of commercial communication at any time by sending a message in the terms stated in the “Rights of data subjects” section. In addition, this option will also be offered to the data subject in every commercial communication he or she receives via email or SMS.


The services offered through this website are only available to persons of legal age. Persons who are not of legal age must not provide personal data in the website.


Our website might contain links to the websites of third-party companies and entities. As we cannot accept responsibility for how these companies handle the protection of their users’ privacy and personal data, we advise you to read closely the privacy policy statements relating to the use, processing and protection of personal data of these websites that do not belong to the company.


Our company uses social networks to publicise its services and products and share information and experiences with users and followers.

As we cannot accept responsibility for how these companies handle the protection of privacy and of personal data, and as each of them has its own policy in this matter, we advise you to read closely the privacy policy statements of each social network regarding how they process their users’ personal data before using them.


The company reserves the right to modify this Data Protection and Privacy Policy in accordance with the processing of data it carries out and with the applicable legislation at all times. If it does modify it, notification will duly be given on the website and so we recommend that data subjects periodically check it to stay informed of how the company processes and protects their personal data.


If you have any questions or doubts about this privacy policy, please contact us by sending an email to rosamar@rosamarhotels.com with “Privacy Policy” as the subject.


By contracting our services with the "Stay safe with this travel insurance" you are authorizing us to transfer your personal data to the company FLEXMYROOM INSURETECH, S.L., domiciled in Benidorm (03503 – Alicante), Calle Gerona, 13, Local CA 18, and with CIF number B42687616, with the sole purpose of protecting your reservation enjoying the services and insurance products offered. Only the data strictly necessary for the activation of the insurance

(name and surname, identity number, postal address and contact information) will be transferred, in our common interest. This entity will cancel your personal data when the service has ended and the legally established deadlines have been met. You can exercise your rights of access, rectification, deletion, limitation of treatment, data portability, and opposition to treatment and not be subject to automated decisions at the email address datos@flexmyroom.com

Book now