1.- PRIVACY POLICY

Las Colinas Golf C Country Club understands that privacy is a fundamental part of the very essence of the unique experience we offer, where healthy living and harmony with nature are paramount. The guarantee of protection of your personal data allows you to enjoy all our services and experiences in a unique natural setting without any worries.

The purpose of this Privacy Policy is to clearly and precisely inform Users about the processing of their personal data obtained through the different websites linked to Las Colinas Golf C Country Club, whose main website is https://lascolinasgolf.com/ (hereinafter, all the websites, separately or jointly, the “Website”), carried out by the data controller. The websites linked to the Website are: https://lascolinasresidences.com/es/inicio/, https://lascolinasgolfrealestate.com/, htts://restauranteumawa.com, https://restauranteilpalco.com and https://wowbeach.es

2.- OBLIGATION TO PROVIDE THE DATA

The data requested through the Website are, in general, obligatory (unless otherwise specified in the required field) in order to fulfil the purposes for which they are being collected.

Therefore, if they are not provided or are not provided correctly, they cannot be processed.

3.- FOR WHAT PURPOSES WILL THE DATA CONTROLLERS PROCESS THE USER’S DATA AND ON THE BASIS OF WHAT LEGITIMISATION?

Las Colinas Golf C Country Club is a complex managed by three different companies, Colinas Green Golf S.L. (B83977868); Campoamor Sun C Beach S.L. (B83835496); and Colinas Golf Residencial S.L. (B83995142), all with registered offices at C/ Luchana 23, 28010 Madrid and belonging to the Gmp Group.

Each of them has an independent and perfectly delimited scope of responsibility according to the purposes of the specific processing, and therefore for each processing activity a data controller will be indicated, without prejudice to those processing operations common to all data controllers. Thus, the corresponding data controller will process the personal data provided by the User or which it may obtain directly through any of the channels provided for this purpose, for the following purposes

The purposes set out below, in accordance with the basis of legitimacy applicable in each case:

a. Processing and management of bookings and sports and wellness services (The Beauty Room, Sports s Health Club, Golf Academy, Toptracer Range, Racquet Club and Tennis and Padel Academy, Golf outing bookings):

Responsible for the treatment: Colinas Green Golf S.L. Purposes of the treatment:

  1. Management of the User’s reservation through the
  2. Management of the registration and deregistration of the User registered on the Website, where
  3. Provision of the sports service requested by the
  4. Processing and monitoring of the contracting of the service made by the
  5. Management of the collection of the services contracted by the
  6. To contact the User when any circumstance of interest related to the contracted services arises.
  7. Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
  8. Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in thetransactions carried
  9. Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.

Basis of legitimacy:

For purposes 1 to 6, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre- contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).

For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.

For purpose 8, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.

For purpose 9, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).

b. Processing and management of bookings and accommodation and lodging services (Colinas Residences):

Data controller: Campoamor Sun C Beach S.L. Purposes of processing:

  1. Management of the User’s reservation through the
  2. Management of the registration and deregistration of the User registered on the Website, where
  3. Provision of the sports service requested by the
  4. Processing and monitoring of the contracting of the service made by the
  5. Management of the collection of the services contracted by the
  6. To contact the User when any circumstance of interest related to the contracted services arises.
  7. Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
  8. Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in the transactions carried
  9. Comply with the provisions of the applicable regulations on accounting, tax, consumer, etc., as well as police in terms of the obligation to register overnight stays and collect identification data in official documents; all of this in relation to the contracting that may have been carried

Basis of legitimacy:

For purposes 1 to 6, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre- contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).

For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.

For purpose 8, the basis of legitimacy is the legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the

Data Controller and its customers in the marketing and purchase of its products.

For purpose 9, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).

c. Processing and management of reservations and catering services (Umawa, Ilpalco and Unik):

Responsible for the treatment: Colinas Green Golf S.L.

Purposes of the treatment:

  1. Management of the User’s reservation through the
  2. Management of the registration and deregistration of the User registered on the Website, where
  3. Provision of the catering service requested by the User. Where appropriate, special category data of the User (health data) may be processed, if intolerances or allergies are
  4. Processing and monitoring of the contracting of the service made by the
  5. Contact the User when any circumstance of interest related to the contracted services arises.
  6. Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
  7. Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in thetransactions carried
  8. Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.

Basis of legitimacy:

For purposes 1 to 5, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, the application of pre- contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).

For purpose 6, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.

For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.

For purpose 8, the basis of legitimacy is compliance with the relevant legal obligations of the data controller (art.6.1.c) GDPR).

d. Processing and management of reservations and services offered at WOW Beach:

Data controller: Campoamor Sun C Beach S.L. Purposes of processing:

  1. Management of the User’s reservation through the Website
  2. Management of the registration and deregistration of the User registered on the Website, where
  3. Provision of the service requested by the User. In the case of provision of catering services, special category data of the User (health data) may be processed, if intolerances or allergies are
  4. Processing and monitoring of the contracting of the service made by the
  5. To contact the User when any circumstance of interest related to the contracted services arises.
  6. Making enquiries to Users regarding the quality and their satisfaction with the goods or services provided.
  7. Management of the security of the Website by means of the security measures implemented, as well as for the detection and prevention of fraud in thetransactions carried
  8. Comply with the provisions of the applicable regulations on accounting, tax, consumer matters, etc. in relation to the contracting that may have been carried out.

Basis of legitimacy:

For purposes 1 to 5, the basis of legitimacy is the execution of the contractual relationship or, where appropriate, application of pre- contractual measures arising from the reservation and/or provision of the service (art. 6.1.b) RGPD).

For purpose 6, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of being able to offer Users products with the highest quality and best possible experience, as well as to establish mechanisms to facilitate contact and the relationship with the service provider.

For purpose 7, the basis of legitimacy is legitimate interest (art. 6.1.f) RGPD), consisting of the minimisation of the risks assumed by the Data Controller and its customers in the marketing and purchase of its products.

For purpose 8, the basis of legitimacy is the fulfilment of the relevant legal obligations of the controller (art.6.1.c) GDPR).

e. To inform the User by any means of products and services related to Complejo Las Colinas Golf and Country Club, by sending commercial communications:

Responsible for the treatment: Colinas Golf Residenciel S.L.

Purposes of processing: To send commercial communications to the e-mail address and mobile phone provided for this purpose by the user.

Basis of legitimacy: the processing derived from this purpose will be based on the express consent of the User when expressly accepting, without any kind of obligation, the subscription to the communications service of Las Colinas Golf C Country Club by e-mail or telephone messaging (art. 6.1.a) RGPD).

f. Respond to questions raised in the contact forms:

Responsible for the treatment: Colinas Golf Residencial S.L.

Purposes of processing: In cases in which a User raises any type of question, his/her data will be processed in order to manage, process and respond to the User’s requests, applications, incidents or queries.

The reception of curricula vitarum does not form part of the purposes foreseen for the questions and doubts section. However, in the event that Users spontaneously send them requesting their consideration, they may be processed exclusively for the purpose of taking them into account in selection processes opened by the company.

Basis of legitimacy: the processing derived from the purpose of resolving doubts, questions or queries will be based on the express consent of the User when expressly accepting, without any kind of obligation, to be contacted through the data provided in order to respond to their request (art. 6.1.a) RGPD).

In the case of CVs received, they may be processed on the basis of the legitimacy of the pre-contractual interest expressed when sending the CV and/or covering letter (art. 6.1.b) GDPR).

4.- WITH WHICH RECIPIENTS WILL THE USER’S DATA BE SHARED?

The correct provision of the service provided to the User implies that other third party service providers access the User’s personal data as  data processors, with which the corresponding Data Controller has signed the corresponding service provision agreements with access to data.

In turn, personal data may be communicated to other entities of the Gmp group of companies, with your consent where necessary, who may access the personal data and information to assist us in the management of the pre-contractual relationship or processing of the request made. We e n s u r e  that all these entities comply with data protection regulations, which are also directly applicable to them.

In addition to the above, the User understands that personal data may be transferred or communicated to fulfil their obligations to the Public Administrations in cases where this is required in accordance with the legislation in force at any given time and, where appropriate, also to other bodies such as the State Security Forces and Bodies and the Judiciary.

In the case of the curricula vitarum received, your data may be passed on to companies belonging to the group of companies of which Gmp Property SOCIMI

S.A. is the parent company of the group to which all those responsible for the processing of the Websites belong, exclusively for the purposes and subject to the conditions indicated herein (section 3f).

5.- INTERNATIONAL DATA TRANSFERS

Users’ personal data may be communicated or made known to third  parties located outside the EU for the correct execution of the provision of the contracted services, as well as for the attention of Users’ requests or for the fulfilment of any of the indicated purposes.

In cases where there is no adequacy d e c i s i o n in force, it is guaranteed that the international transfer of data will be carried out in compliance with the applicable data protection regulations and, in any case, through the granting of the appropriate guarantees. Specifically, by signing the standard contractual clauses approved by the European Commission and, where necessary, by adopting such additional guarantees as may be appropriate.

6.- DATA RETENTION

U s e r s ‘ data will be kept for as long as the relationship with the User remains in force, without prejudice to the retention that may be necessary for the formulation, exercise or defence of potential claims and/or as long as permitted by applicable legislation. Once the aforementioned period has expired, the data will be deleted.

In the case of curricula vitarum received, they may be kept for one year and thereafter – limited to the contact details and possible positions for which the user’s profile fits – may be duly blocked for up to three years.

7.- USER RESPONSIBILITY

The User guarantees that he/she is over eighteen (18) years of age or, if applicable, that he/she is capable of entering into the corresponding contracts for goods and services by him/herself, and that the data provided are true, accurate, complete and up to date. To this effect, the User is responsible for the veracity of all the data provided and will keep the information provided suitably updated, in such a way that it corresponds to his or her real situation.

Likewise, the User guarantees that he/she has informed the third parties whose data he/she provides, if any, of the aspects contained in this document. Likewise, he/she guarantees that he/she has obtained their authorisation to provide their data for the aforementioned purposes.

In this regard, the User is informed that he/she will be responsible for any false or inaccurate information provided through the contact channels provided and for any damages, direct or indirect, that this may cause to the Data Controller or to third parties.

8.- EXERCISE OF RIGHTS

Users may exercise their rights of access, rectification, opposition, deletion, portability and limitation of processing, as well as the right to refuse automated processing of their personal data, free of charge, by sending a written and signed request to the following address: C/Luchana, 23 – Madrid or via privacidad@grupogmp.com. To this end, the User must send such written communication indicating the request or right being exercised, name  and surname. A copy of your ID card or valid document proving your identity (photocopy of your passport) will only be requested in cases where there may be reasonable doubt as to your identity and taking into consideration the nature of the personal data that is the object of the exercise of the right.

The User has the right to oppose the processing of his/her data  for promotional purposes for the reception of commercial communications by simply

notification of his or her wishes. To do so, the User may send his/her request by means of the procedure described in the previous paragraph. Likewise, the User may cancel the receipt of commercial communications in the manner provided for in each commercial communication (for example, through the link included in each of them).

In addition to the above rights, the User shall have the right to withdraw the consent given at any time by means of the procedure described above, without such withdrawal of consent affecting the lawfulness of the processing prior to the withdrawal of consent. In any case, the User’s data may continue to be processed to the extent permitted by applicable law.

Likewise, the User may lodge a complaint regarding the protection of his/her personal data with the Spanish Data Protection Agency at the address C/ Jorge Juan, 6, 28001 – Madrid, when the interested party considers that the processing of his/her personal data has infringed the rights recognised by the applicable data protection regulations.

G.- SECURITY MEASURES

The User’s data will be treated at all times in the strictest confidence and with the mandatory duty of secrecy, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organisational measures to guarantee the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

10.- WARNING AND CHANGES

This privacy policy applies only to personal data collected or provided by the user through any of the channels provided. The User should be aware that we are not responsible for the personal data protection practices of the websites whose links may be displayed on the different websites of the  companies linked to Las Colinas Golf C Country Club.

These external websites will be responsible for the processing of the personal data provided by the User through said external website, without us being able to acquire any responsibility for said processing. We encourage the User to read the privacy statement of each and every website that collects personal data.

The Controller has the right to review and amend this Privacy Policy from time to time as it deems appropriate, in which case it will

will communicate to Users. For this reason, please check this privacy statement regularly to read the most recent version of the Privacy Policy, which is posted on this Web Site.

Last updated: May 2024