Privacy Policy


In accordance with the provisions of article 11 of Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD) and article 13 of the General Data Protection Regulation 2016 /679 we inform you of:

1.1.- Identification of those responsible:

The data that you provide us through this portal may be processed by the following data controllers:

PINK ELEPHANT, SL. With address at Passeig de Sant Pol, 97, Sant Feliu de Guíxols – Girona

The corporate data protection officer e-mail:

2.1.2.- Purposes of treatment, legal basis and conservation period.

Purpose Legal basis Conservation.

Provision of services Contractual relationship 5 years.

Sending commercial information Consent and legal authorization (art. 21.2 of the LSSI) Until consent is revoked or you exercise your rights.

Labor management – Contractual relationship and legal authorization – 5 years

CVs – Contractual relationship and consent – 1 year

Video surveillance – Legitimate interest. Security maintenance inside the hotel – 30 days

1.3.- Categories of recipients.

To comply with the above purposes, they will have access to your data:

The personnel duly authorized by the management of the data controller.

The providers necessary to fulfill your request, including, but not limited to:

Financial entities.
Software maintenance companies
Hardware maintenance companies
Advertising and marketing companies
Accommodation reservation portals
Auxiliary services

Public administration within the scope of its powers. In accordance with the provisions of Royal Decree 933/2021, of October 26, which establishes the obligations of documentary registration and information of natural or legal persons who carry out activities of lodging and rental of motor vehicles, the data that collected may be accessible to the police and public authorities in the performance of their respective powers in the field of crime prevention, detection and investigation assigned to them.

The hotels of the group that appear in section 1.1 of this document.

1.4.- International data transfer.

To perform its functions, the data controller may deposit data in:

a.- Google systems. The data controller has signed an agreement with Google, in accordance with the resolution of the Spanish Data Protection Authority of June 22, 2017. You can obtain more information about G-Suite’s privacy policies by visiting the following links: /

b.- Microsoft. You can obtain more information about its privacy policy at:

Standard data protection clauses adopted by the Commission have been signed with the above companies in accordance with the provisions of article 46 of Regulation (EU) 2016/649 General Data Protection (GDPR).

1.5.- Rights as affected

Right of access. It is regulated in article 15 of GDPR 2016/679 of April 27, 2016. It is about asking the person responsible for the treatment to obtain free of charge all the information they have about their own personal data and the communications that have been made, or that are have planned to do.

Right of rectification. It is regulated in article 16 of the GDPR. It is about asking the person responsible for the treatment to change the content of the information about his person and his data, following the instructions of the owner of the information.

Right of erasure. It is regulated in article 17 of GDPR 2016/679. It consists of asking the person responsible for the treatment to delete any information about the person who owns the data. The deletion implies blocking all the data and keeping it available to the public administrations during the period established for the right to exercise legal action to expire.

Right to limit processing. Regulated in article 18 of GDPR 2016/679 of April 27, 2016. It is about asking the data controller to limit the processing of your data when any of the following conditions are met:

i.- the personal data is not exact;
ii.- the processing is unlawful;
iii.- the data controller no longer needs to process the data;
iv.- When the reasons to stop processing the data alleged by the affected party prevail over those of the data controller.
The right to portability of information. It is in article 20 of GDPR 2016/679 of April 27, 2016. It consists of asking the person responsible for the treatment to provide the personal data of the owner of the information in a structured format, commonly used and mechanical reading,in order to transmit them to another controller when the processing is carried out using automated means and is based on express consent.
Opposition right. Regulated in article 21 of GDPR 2016/679 of April 27, 2016. It is about asking the data controller to process the data following certain instructions made by the owner of the personal information.
Right to revoke consent. Regulated in article 13.2.c) of GDPR 2016/679 of April 27, 2016. It is an order given by the owner of the data to the person responsible for the treatment notifying him that he withdraws the consent he gave him for processing his data .
Rights not to be involved in automated individual decisions. It is the request to the controller that all decisions that have legal effects are not taken exclusively by machines.

To exercise the above rights, you can write to the addresses of the data controller, or send an email to the address (…) with the text “DATA PROTECTION” in the subject line and attaching a photocopy of your DNI, NIE or passport. in that email.

1.6.- Right to claim.

You can contact the internal compliance officer using the complaints channel that you will find on the website (

The competent body to know the correct application of the rules on information processing is the Spanish Data Protection Authority, with address at Jorge Juan street n. Madrid 6.

1.7.- Obligations of the affected party.

The affected party must provide truthful and updated information in all data collection processes, being solely responsible for the violation of this obligation.

The data that must be provided is marked on the data collection forms, depending on the request made by the affected party. Failure to provide this data may mean that it is impossible to participate in the activity or provide the requested service.

1.8.- Elaboration of profiles

They are not done.


It is understood that the user accepts the established conditions if he presses the ‘ACCEPT’ button found in all the data collection forms, or if he sends a message by email.

Personal data is stored in the company’s general administration database, in any case, it guarantees technical and organizational measures to preserve the integrity and security of the information it deals with.


The general database is endowed with the mandatory security document and all the technical means at our disposal have been established to prevent the loss, misuse, alteration, unauthorized access and theft of the data that you provide us. The processing of personal data is in accordance with the regulations established in Organic Law 3/2018 on data protection and guarantee of digital rights and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.


A user’s browsing on this website leaves the IP address that has been assigned by their Internet access provider as a trace. This address is only used for exclusively internal purposes, such as Portal access statistics.

For the use of this website, cookies may be used. The cookies that can be used are only associated with the browser of a specific computer (an anonymous user), and do not themselves provide any personal data of the user. This website may use the following types of cookies:

Analysis cookies: allow the number of users to be quantified and thus carry out measurements and statistical analysis of the use and activity of users of our website, as well as the preparation of user navigation profiles on these pages and in our applications, with the objective of introducing improvements.

Technical cookies: allow the user to navigate through the web page and use the different options or services that exist in it, such as controlling traffic and data communication, identifying the session, accessing access parts restricted, remember the elements that make up a request, carry out the purchase process of a request, apply for registration or participation in an event, use security elements while browsing or storing, disseminating and/or sharing content.

The user has the possibility of configuring their browser to be notified on the screen of the reception of cookies and to avoid their installation on their hard drive. All browsers allow you to make changes in order to disable the configuration of cookies. These settings are located in the “options” or “preferences” from your browser menu. Below, you can find the links for each browser to disable cookies by following the instructions:






We inform you that there is a possibility that the deactivation of a cookie prevents or hinders navigation or the provision of the services offered on this website.


To facilitate the search for resources that we believe may be of interest to you, you can find links to other web pages on this website.

This privacy policy is only applicable to this website. The controller does not guarantee compliance with this policy on other websites nor is it responsible for access through links on this website.