Privacy Policy

Vileal, SL, in application of the current regulations on the protection of personal data, informs you that the personal data collected through the forms on the Website https://paxhoteles.com are included in the specific automated files of users of the services of Vileal, SL.

The collection and automated processing of personal data has the purpose of maintaining the commercial relationship and carrying out tasks of information, training, advice and other activities of Vileal, SL.

This data will only be transferred to those entities that are necessary for the sole purpose of fulfilling the aforementioned purpose.

Vileal, SL adopts the necessary measures to guarantee the security, integrity and confidentiality of the data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the former LOPD, the new Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

The user may at any time exercise the rights of access, objection, rectification, cancellation, restriction and portability recognised in the aforementioned Regulation (EU). The user may exercise these rights by email to: privacidad@paxhoteles.com or at the address: C/ Sama de Langreo, s/n, postal code 28250 – Torrelodones (Madrid), for which we may request information proving your identity if necessary.

The user declares that all the data provided by them are true and correct, and undertakes to keep them updated, communicating any changes to Vileal, SL.

VILEAL, S.L. is the entity that owns the Website and acts as the central entity of the PAX HOTELES group. The PAX HOTELES group is made up of the following companies:

  • VILEAL, S.L.
  • PAX ATOCHA, S.L.
  • PARAJE DE VALDENAZAR, S.L.
  • EL ARVERJAL, S.L.

Depending on the hotel selected by the user during the booking process, the personal data may be communicated to the entity that owns the corresponding establishment, which will act as an independent data controller for the management of the booking and the provision of hotel services.

Likewise, VILEAL, S.L. acts as joint controller of the processing, in accordance with Article 26 of Regulation (EU) 2016/679 (GDPR) and Article 29 of Organic Law 3/2018 (LOPDGDD), together with each of the entities indicated, exclusively in relation to the processing necessary for the management of bookings, the provision of hotel services, customer service and the management of the contractual relationship.

There is no joint controllership between PAX ATOCHA, S.L., PARAJE DE VALDENAZAR, S.L. and EL ARVERJAL, S.L.

Purpose of the processing of personal data

For what purpose will we process your personal data?

At Vileal, SL, we will process your personal data collected through the Website https://paxhoteles.com for the following purposes:

  • Manage the contractual and administrative relationship arising from the hotel services.
  • Comply with the applicable legal, tax and accounting obligations.
  • Manage personnel selection processes by processing the CVs received through the form enabled for this purpose.
  • Carry out operational communications related to the booking or the contracted services.
  • For security or fraud-prevention purposes.
  • Provide the services contracted by the user.
  • Manage hotel bookings and the provision of the requested services: Process and organise booking requests through the web platform. To manage these bookings, when you select the “Booking” option, you will be automatically redirected to the external platform https://direct.witbooking.com/chain/pax_agr, owned by WITBOOKING, S.L. Upon accessing that platform, the user will be subject to the terms and conditions and privacy policy of WITBOOKING, S.L., which will act as data processor or as an independent controller, as appropriate, for the correct technical management of the booking process. VILEAL, S.L. is not responsible for the processing of personal data carried out directly by WITBOOKING, S.L. outside the scope of this Privacy Policy.
  • Attend to queries, requests or incidents raised by users.

We remind you that you may object to the sending of commercial communications by any means and at any time, by sending an email to the address indicated above.

The fields in these records are mandatory; it is impossible to carry out the stated purposes if such data are not provided.

For how long is the personal data collected kept?

The personal data provided will be kept for as long as the commercial relationship is maintained, or as long as you do not request its deletion, and for the period during which legal liabilities may arise from the services provided. Likewise, we will keep your data for as long as you do not object to the processing.

Legitimacy

The processing of your data is carried out on the following legal bases that legitimise it:

  • Compliance with legal obligations, in order to comply with the legal, tax, accounting or administrative obligations applicable to PAX HOTELS.
  • The request for information and/or the contracting of the services of Vileal, SL, whose terms and conditions will be made available to you in any case, prior to any eventual contracting.
  • Free, specific, informed and unequivocal consent, insofar as we inform you by making this privacy policy available to you, which, after reading it, if you agree, you may accept by means of a statement or a clear affirmative action, such as ticking a box provided for this purpose.
  • The legitimate interest in attending to and managing the requests, queries or communications sent by the user through any of the enabled contact channels, as well as in ensuring fraud prevention and the security of the website. Likewise, the legitimate interest of the group’s entities in the proper organisation, management and operation of their services.

If you do not provide us with your data, or you do so erroneously or incompletely, we will not be able to attend to your request, making it entirely impossible to provide you with the requested information or to carry out the contracting of the services.

Origin of the data and manner of obtaining it

The personal data we process has been provided directly by you. If you provide us with data belonging to other people, you guarantee that you have their express consent and that you have informed them of the content of this Policy. Likewise, you release us from any liability arising from the breach of this obligation.

Accuracy of personal data

If you do not provide us with your data, or you do so erroneously or incompletely, we will not be able to attend to your request, making it entirely impossible to provide you with the requested information or to carry out the contracting of the services.

The data owner guarantees that the data provided are truthful, accurate, complete and up to date. You will inform us of any modification of the data provided through the channels indicated in the header of this policy.

International Data Transfers and Recipients

The personal data may be communicated:

  • To the entities of the PAX HOTELES group, depending on the hotel selected, for the correct management of the booking and provision of the service.
  • To suppliers that provide services necessary for the activity (technology platforms, IT services, consultancies), which will act as data processors.
  • To Public Administrations and competent authorities, when there is a legal obligation.

We inform you that making contact through the WhatsApp tool may involve your data being transferred from WhatsApp Ireland Limited to various Meta companies and other companies owned by Meta in order to receive their services, as established in the “How we work with other Meta companies” section of its Privacy Policy. In this case, the information shared is handled on behalf of WhatsApp Ireland and only in accordance with its instructions. You can consult the specific entities to which WhatsApp Ireland transfers the data via the following link: https://faq.whatsapp.com/481188387305001/. In this regard, we inform you that the entities to which data are transferred have an adequacy decision or appropriate safeguards in accordance with the GDPR. WhatsApp LLC and Meta Platforms Inc are certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework. For more information about WhatsApp’s privacy practices, including additional information about what, why and how WhatsApp processes personal information, see the EU-U.S. and Swiss-U.S. Data Privacy Framework Disclosure at the following link: https://www.whatsapp.com/legal/data-privacy-framework.

The data will not be transferred to additional third parties, except by legal obligation.

Data collected by users of the services

In cases where the user includes files with personal data on the shared hosting servers, Vileal, SL is not responsible for the user’s non-compliance with the GDPR.

Intellectual property rights https://paxhoteles.com

Vileal, SL is the owner of all copyright, intellectual and industrial property rights, “know-how” and all other rights related to the contents of the website https://paxhoteles.com and the services offered on it, as well as the programs necessary for its implementation and the related information.

The reproduction, publication and/or non-strictly-private use of the contents, in whole or in part, of the website https://paxhoteles.com is not permitted without prior written consent.

Intellectual property of the software

The user must respect the third-party programs made available by Vileal, SL, even if they are free and/or publicly available.

Vileal, SL holds the necessary exploitation and intellectual property rights to the software.

The user does not acquire any right or license, through the contracted service, over the software necessary for the provision of the service, nor over the technical information for monitoring the service, except for the rights and licenses necessary for the fulfilment of the contracted services and only for the duration thereof.

For any action that exceeds the fulfilment of the contract, the user will need written authorisation from Vileal, SL. The user is prohibited from accessing, modifying or viewing the configuration, structure and files of the servers owned by Vileal, SL, assuming the civil and criminal liability arising from any incident that may occur in the servers and security systems as a direct consequence of negligent or malicious action on their part.

Intellectual property of the hosted contents

Any use of the services provided by Vileal, SL that is contrary to the legislation on intellectual property is prohibited, and in particular:

  • Use that is contrary to Spanish laws or that infringes the rights of third parties.
  • The publication or transmission of any content that, in the opinion of Vileal, SL, is violent, obscene, abusive, illegal, racial, xenophobic or defamatory.
  • Cracks, program serial numbers or any other content that infringes the intellectual property rights of third parties.
  • The collection and/or use of personal data of other users without their express consent or in contravention of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  • The use of the domain’s mail server and email addresses for sending unwanted bulk mail.

The user has full responsibility for the content of their website, the information transmitted and stored, the hypertext links, third-party claims and legal actions regarding intellectual property, third-party rights and the protection of minors.

The user is responsible with respect to the laws and regulations in force and the rules relating to the operation of the online service, electronic commerce, copyright, maintenance of public order, as well as universal principles of Internet use.

The user shall indemnify Vileal, SL for the expenses generated by the attribution of liability to Vileal, SL in any proceeding for which liability is attributable to the user, including fees and legal defence costs, even in the case of a non-final judicial decision.

Protection of the hosted information

Vileal, SL makes backup copies of the contents hosted on its servers; however, it is not responsible for the loss or accidental deletion of data by users. Likewise, it does not guarantee the total replacement of data deleted by users, since said data may have been deleted and/or modified during the period of time elapsed since the last backup.

The services offered, except for specific backup services, do not include the replacement of the contents kept in the backups made by Vileal, SL when this loss is attributable to the user; in this case, a fee will be determined according to the complexity and volume of the recovery, always subject to prior acceptance by the user.

The replacement of deleted data is only included in the price of the service when the loss of content is due to causes attributable to Vileal, SL.

Commercial communications

In application of the LSSI, Vileal, SL will not send advertising or promotional communications by email or other equivalent means of electronic communication that have not previously been requested or expressly authorised by the recipients thereof.

In the case of users with whom there is a prior contractual relationship, Vileal, SL is authorised to send commercial communications regarding products or services of Vileal, SL that are similar to those initially contracted with the client.

In any case, the user, after proving their identity, may request that no more commercial information be sent to them through the Customer Service channels.