1-Intellectual property of the website
All intellectual property rights of the content of this website, its graphic design and source codes, are the exclusive property of Atlantic Ambassador S.L., corresponding to us the exclusive exercise of the rights to exploit them.
Therefore, its reproduction, distribution, public communication and transformation, in whole or in part, without the express authorization of Atlantic Ambassador S.L. is prohibited. Likewise, all trade names, trademarks or distinctive signs of any kind contained in this web site are protected by law.
2-Web content and links
Atlantic Ambassador S.L. is not responsible for the misuse of the contents of our website www.zthotels.com, being the sole responsibility of the person who accesses or uses them.
Nor do we assume any responsibility for the information contained in the web pages of third parties that can be accessed by links or search engines from the web www.zthotels.com. Atlantic Ambassador S.L. reserves the right to update, modify or delete the information contained in its website www.zthotels.com, and the configuration or presentation of the same, at any time, without prior notice, and without assuming any responsibility for it.
Atlantic Ambassador S.L. assumes no liability that may arise from technical problems or failures in computer equipment, not attributable to our Company, that occur during connection to the Internet, as well as damage that may be caused by third parties through illegal interference beyond the control of Atlantic Ambassador S.L.
We are also exonerated from any liability for any damages that the user may suffer as a result of errors, defects or omissions in the information we provide when it comes from outside sources.
4-Treatment of user data
Until the entry into force of the General Data Protection Regulation last May 2016, the existing regulations in the Spanish State regarding Personal Data Protection have been the Organic Law 15/1999 of December 13, 1999, on Personal Data Protection and its Regulation on Security Measures which was approved by Royal Decree 1720/2007, of December 21. All these regulations were the result of the adaptation to the European Union Directive 95/46. The LOPD obliged anyone processing personal data to have a Security Document that regulated, as a minimum, the following aspects:
– Scope of the document with detailed specification of the protected resources.
– Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required in this Regulation.
– Personnel functions and duties.
– Structure of the files containing personal data and description of the information systems that process them.
– Procedure for notification, management and response to incidents.
– Procedure for backing up and recovering data in files or automated processing.
– The measures to be adopted for the transport of media and documents, as well as for the destruction of documents and media, or, as the case may be, the reuse of the latter.
– Identification of the person or persons responsible for security (medium-high level).
– Periodic controls to be carried out to verify compliance with the provisions of the document itself. (medium-high level)
The new General Data Protection Regulation (GDPR) came into force in May 2016 and is applicable as of May 2018. The GDPR is a directly applicable standard, which does not require internal transposition rules or, in most cases, implementing or application rules. Therefore, the reference standard is the GDPR and not the aforementioned national rules, which are repealed. However, the law that will replace the current Organic Law on Data Protection (LOPD) in the future may include some clarifications or developments in matters in which the RGPD allows it.
The GDPR contains many concepts, principles and mechanisms similar to those established by Directive 95/46 and by the national rules that applied it, which is why the continuous reference to aspects of the previous regulation that we will demonstrate in this manual. However, the GDPR modifies some aspects of the previous regime and contains new obligations that must be analyzed and applied by each data controller taking into account its own circumstances.
Two general elements constitute the major innovation of the GDPR for data controllers and affect all their obligations:
– The principle of proactive accountability: The GDPR describes this principle as the need for the controller to implement appropriate technical and organizational measures in order to ensure and be able to demonstrate that the processing is compliant with the Regulation. In practical terms, this principle requires organizations to analyze what data they process, for what purposes, and what kind of processing operations they carry out. Based on this knowledge, they must explicitly determine how they will implement the measures provided for in the GDPR, ensuring that these measures are adequate to comply with the GDPR and that they can demonstrate this to data subjects and supervisory authorities. In short, this principle requires a conscious, diligent and proactive attitude on the part of organizations with regard to all the processing of personal data that they carry out.
– The risk approach: The GDPR states that measures to ensure compliance must take into account the nature, scope, context and purposes of the processing and the risk to the rights and freedoms of individuals. According to this approach, some of the measures established by the GDPR will be applied only when there is a high risk to rights and freedoms, while others will have to be modulated according to the level and type of risk that the processing operations present. The application of the measures provided for by the GDPR must therefore be adapted to the characteristics of the organizations. What may be appropriate for an organization that handles data on millions of data subjects in complex processing involving sensitive personal information or significant volumes of data on each data subject is not necessary for a small business that carries out a limited volume of non-sensitive data processing.
On the other hand, and as more recent legislation, Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, aims, as stated in its Article 1, the referred organic law aims: “To adapt the Spanish legal system to Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, and to supplement its provisions.”
The scope of application of Law 3/2018 is, according to the provisions of its Article 2, “applies to any fully or partially automated processing of personal data, as well as to the non-automated processing of personal data contained or intended to be included in a file.”
Atlantic Ambassador S.L., informs its customers that the personal data provided will be transferred to ZT Hotels & Resorts SL, Finanvac SA, Marbelo 2015 SL, Hoteles y Complejos ZT SL, Residencial Ciudad Diagonal SL and Hotelera Glories Parc SL, for the processing of orders and to send commercial offers in the future about products and services that may be of interest to our customers.
Atlantic Ambassador S.L. customers may at any time exercise their rights of access, rectification, cancellation, opposition, oblivion and portability, by writing to our email address firstname.lastname@example.org.
The access to the pages through which the client of Atlantic Ambassador S.L. consults personal data, requests complementary information or contracts any of the products that we offer is done through a secure line.
6-Applicable legislation and jurisdiction
In general, the relations with our customers, arising from the provision of the services contained in our website, are subject to Spanish legislation and jurisdiction. The users of our website are aware of all the above and accept it voluntarily. If you have any comments or suggestions, please use our contact form.