1-Intellectual property of the web
All the intellectual property rights of the content of this web page, its graphic design and its source codes, are the exclusive property of Atlantic Ambassador S.L., entitling us to the exclusive use of the exploitation rights of the same.
Therefore, its reproduction, distribution, public communication and transformation, in whole or in part, without the express authorization of Atlantic Ambassador S.L. is prohibited, likewise all trade names, brands or different signs of any kind contained in this web site are protected by law.
2- Website content and links
At Atlantic Ambassador S.L. we are not responsible for the misuse of the contents of our website www.zthotels.com, being the sole responsibility of the person who accesses or uses them.
Nor do we assume any responsibility for the information contained in the web pages of third parties that can be accessed by links or search engines from the www.zthotels.com. web. Atlantic Ambassador S.L. reserves the right to update, modify or eliminate the information contained in its website www.zthotels.com, and its configuration or presentation, at any time, without prior notice, and without assuming any responsibility for it.
3- Notes on technical aspects
At Atlantic Ambassador S.L. we do not assume any responsibility for technical problems or faults in computer equipment, not attributable to our Company, which occur during connection to the Internet network, as well as damages that may be caused by third parties through illegitimate interference outside the control of Atlantic Ambassador SL.
We are also exonerated of all responsibility for possible damages or losses that the user may suffer as a result of errors, defects or omissions in the information that we provide when it comes from sources beyond our control.
4- User data processing
Until the entry into force of the General Data Protection Regulation last May 2016, the existing regulations in the Spanish State regarding the Protection of Personal Data has been Organic Law 15/1999 of December 13, on the Protection of Personal Data and its Security Measures Regulation that was approved by Royal Decree 1720/2007, on December 21. This regulation was the result of adaptation to Directive 95/46 of the European Union. The LOPD obliged anyone who processed personal data to have a Security Document that would at least regulate the following aspects:
- Scope of application of the document with detailed specification of the protected resources.
- Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required in this Regulation.
- Functions and obligations of the staff.
- Structure of the files with personal data and description of the information systems that process them.
- Procedure for notification, management and response to incidents.
- Procedure for making backup copies and recovering data in files or automated treatments.
- The measures that are necessary to adopt for the transport of supports and documents, as well as for the destruction of documents and supports, or where appropriate, reuse of the latter.
- Identification of the person or persons responsible for security. (Medium-high level).
- Periodic checks that must be carried out to verify compliance with the provisions of the document itself. (Medium-high level)
The new General Data Protection Regulation (RGPD) entered into force in May 2016 and is applicable as of May 2018. The RGPD is a directly applicable regulation, which does not require internal transposition norms, nor, in the majority of cases, of development or application norms. Therefore, the reference standard is the RGPD and not the aforementioned national standards, which are repealed. However, the law that will replace the current Organic Law on Data Protection (LOPD) in the future may include some details or developments in matters in which the RGPD allows it.
The RGPD contains many concepts, principles and mechanisms similar to those established by Directive 95/46 and by the national regulations that applied it, that is why there is continuous reference to aspects of the previous regulation that we are going to demonstrate in this manual. However, the RGPD modifies some aspects of the previous regime and contains new obligations that must be analysed and applied by each data controller taking into account their own circumstances.
Two general elements constitute the greatest innovation of the RGPD for those responsible and are projected on all their obligations:
- The principle of proactive responsibility: The RGPD describes this principle as the need for the controller to apply appropriate technical and organizational measures in order to guarantee and be able to demonstrate that the treatment is in accordance with the Regulation. In practical terms, this principle requires organizations to analyse what data they process, for what purpose they do it and what type of processing operations they carry out. Based on this knowledge, they must explicitly determine the way in which they will apply the measures that the RGPD provides, ensuring that these measures are adequate to comply with it and that they can demonstrate this to the interested parties and to the supervisory authorities. In short, this principle requires a conscientious, diligent and proactive attitude on the part of organizations in relation to all the processing of personal data that they carry out.
- The risk approach: The RGPD indicates that the measures aimed at guaranteeing its compliance must take into account the nature, scope, context and purposes of the treatment as well as the risk to the rights and freedoms of people. According to this approach, some of the measures that the RGPD establishes will be applied only when there is a high risk to rights and freedoms, while others must be modulated according to the level and type of risk that the treatments present. The application of the measures provided by the RGPD must therefore be adapted to the characteristics of the organizations. What may be suitable for an organization that handles the data of millions of data subjects in complex treatments involving sensitive personal information or significant volumes of data on each affected person is not necessary for a small business that carries out a limited volume of non-sensitive data processing.
On the other hand and as a more recent legislation, Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, has as its object, as established in its Article 1, the aforementioned organic law aims to: "Adapt the Spanish legal system to Regulation (EU) 2016/679 of the European Parliament and the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of their personal data and free movement of these data, and complete its provisions. "
The scope of Law 3/2018 is, according to the provisions of its article 2, “it applies to any fully or partially automated processing of personal data, as well as to the non-automated processing of personal data contained or intended to be included in a file."
Atlantic Ambassador SL, informs its clients that the personal data provided will be transferred to ZT Hotels & Resorts SL, to Finanvac SA, to Marbelo 2015 SL, to Hotels and Complexes ZT SL, Residencial Ciudad Diagonal SL and Hotelera Glories Parc SL, for the processing of orders and sending commercial offers in the future on products and services that may be of interest to our customers.
The clients of Atlantic Ambassador S.L. may at any time exercise the rights of access, rectification, cancellation, opposition, forgetfulness and portability, communicating it in writing to our email address firstname.lastname@example.org.
5- Access security
Access to the pages through which Atlantic Ambassador S.L. clients consult personal data, request additional information or contract any of the products we offer, is done through a secure line.
6- Applicable law and jurisdiction
In general, relationships with our clients, which are derived from the provision of the services contained in our website, are subject to Spanish legislation and jurisdiction. The users of our website are aware of all the above and accept it voluntarily. If you wish to make a comment or suggestion, you can use our contact form.