- Identity and contact details of the data controller
- How we obtained your personal data and types of data
- Mandatory and current information
- Storage period
- International transfers
- Exercise of rights
- Identity and contact details of the data controller
- CETIRO ITG, S.L.U. (real-estate-related activity, specifically development and sale of the properties on the Resort). Registered address in Madrid, Calle Serrano, 41, 4ª, 28001, with tax code (NIF) B-88001045 and telephone number [
- FERINO ITG, S.L.U. (golf course management and operation on the Resort). Domiciled in Madrid, Calle Serrano, 41, 4ª, 28001, with tax code (NIF) B-88001052 and telephone number [
How we have obtained your personal data and types of data
We process the personal data you share with us and other data generated in the context of your use of the Website and our services, by lawful means only. Here are some specific examples:
Data obtained from the data subject: if you are an existing or potential customer, member, player or user of the facilities or complexes on the Resort, or merely a user of our Website, any data you provide, either offline or online, to request our services, or when contacting us for information, or, for example, when visiting our offices.
We may process personal data (i) that identifies you (first name, last name, gender, telephone number, e-mail address, postal address) and (ii) banking information (such as details of the card that you use to pay).
Data obtained automatically when you visit our website: if you provide us with data through this Website or any of its subdomains and microsites any of our apps. For example, we collect information, when you visit the page, when you fill forms with personal data and when you download and use our apps; or contact us directly by email.
We may process personal information about your browsing habits (such as information collected through cookies). Such data is gathered automatically and stored by us or by third parties on our behalf.
Communication of a data subject’s information by a third party: if the data subject’s information is shared with us by a third party, always in accordance with the regulations in force, by hotels on the Resort, real estate agents or agents to manage green fees, by our golf schools, and so on.
Users undertake to keep their data correct and current, the data controller waives all liability if this is not done.
Regarding other data subjects’ information, their privacy must be respected when sharing their personal data. Please note that, as a user, you may only share and consent to the processing of your own personal data, not those of third parties. If you provide us with data about third parties, you must obtain their express consent to share this with us and you are responsible for informing the data subjects that their data is included in our files.
Sharing third-party data without the data subject’s consent may infringe data protection regulations as well as the right to honour, privacy and image of the data subjects, rights protected by Organic Law 1/1982 of 5 May on Civil protection of the right to honour, personal and family privacy, and individual likeness.
Mandatory and current information
All personal data you share with the Data Controller is necessary for the Data Controller to provide the services required.
When you provide us with personal data, you undertake that you have been authorised to share this information and that it is truthful, accurate and current, that it is not confidential, does not breach any contractual provisions or third-party rights and that you will not impersonate other users.
To ensure that the information provided is always up to date and error-free, you must inform the data controller as soon as possible of any changes or corrections to your personal data by writing to the following email: [email@example.com].
Your data may be processed for the following purposes:
a) If you are a current or potential customer of our real estate services, to contact and communicate with you, and to manage the contractual and/or commercial relationship derived from our services.
b) If you are a current or potential customer, subscriber, player, or user of our golf course, to contact and communicate with you, and to manage the contractual and/or trade relationship derived from our services, which includes organising and managing events, competitions, and tournaments.
c) If you are solely a user of our Website, or the sender or recipient of an e-mail or participant in events or contests we promote or organise, to manage your online requests and your invitation, registration and/or participation in those events or contests and to contact and communicate with you, and, in the case of contests, to arrange to deliver prizes to you and to publish the winners’ identity and, solely in relation to the contest, which you expressly authorise by the mere fact of entering, this being a sine qua non condition for your participation and winning any prize draws. Authorisation does not give data subjects the right to receive remuneration or benefits other than the prize.
d) If you send us your curriculum vitae or information from your curriculum vitae, the information will be used to contact you and manage your application in our recruitment processes.
e) Photographs and videos captured at events, competitions and tournaments may be published on the Internet (on this Website, in our social media profiles and on YouTube), and on paper (in advertising or information posters, brochures, programmes, magazines, reports and other printed media that the organisation uses to report on or promote its activities), and in the resort’s own facilities, to report on or document events and activities and become part of the organisation’s photo/video report.
f) Carry out opinion and/or satisfaction surveys and send you electronic messages that contain information about activities, products, and services similar to those you have requested (including advertising and marketing messages for the purposes of Section 21 LSSICE 34/2002). If we already have a contractual relationship, we will send you such messages on the basis of our legitimate interest. If we you do not have a prior contractual relationship, we will only send you the messages you authorise by checking the option expressly included in the relevant forms. The electronic messages we send to you will include the option to stop receiving them. If you choose to do so, we will stop sending you these messages.
In the case of current or potential customers of our real estate services, we will store your personal information for the duration of the contractual or commercial relationship and, once concluded, and provided that data subject does not request their deletion for two (2) years from the last interaction with the data subject. All this notwithstanding our obligation to block your data and store it for the periods specified in the data protection regulations.
In the case of current and potential customers, subscribers, players and users of our golf course, the data will be stored for the duration of the contractual or commercial relationship and, once these are concluded, and provided that data subject does not request their deletion or until two (2) years have elapsed since the last interaction with the data subject. All this notwithstanding the obligation to block the data and store it for the periods specified in the data protection regulations.
If you are a mere user of the Website, we will store your data until you ask us to delete it, or until two (2) years have elapsed since your last interaction with the Data Controller. All this notwithstanding the obligation to block the data and store it for the periods specified in the data protection regulations.
If you are a job candidate and have submitted your curriculum vitae to us, we will store your data until you ask us to delete it to enable us to contact you for recruitment purposes, or until two (2) years have elapsed since your last interaction with the Data Controller. All this notwithstanding the obligation to block the data and store it for the periods specified in the data protection regulations.
There are several legal grounds on which we may process your data, depending on the purpose of the processing:
It may be our legal relationship in the case of current or potential customers, subscribers, players, or users of the Resort facilities, or offers, estimates, requests or pre-contractual relationships of any kind between the parties if you are a potential customer/supplier.
The legal justification may be your consent if you are interested in receiving marketing messages or if you have sent us your curriculum vitae. In this case, you may withdraw your consent at any time by sending an e-mail to firstname.lastname@example.org. Withdrawal of your consent will not affect the processing of your data for the other purposes described.
We may also process your data to comply with legal requirements regarding, for example, tax, money laundering, consumer, and user regulations, national or regional golf federation regulations …
In accordance with recital 47 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, another legal grounds for us to process your data is our legitimate interest as an organisation to:
- Receive, manage, and respond to requests for information, suggestions, or any claims you may make through the website.
- To improve our relationship with our current customers and to strengthen loyalty or to attract the attention of potential customers who may be considering our services, and to improve them, giving them exposure, to adapt them as far as possible to the changing needs of our current or potential customers or the market, to keep in touch with you and to inform you of our activities, products and services similar to those requested (including advertising and marketing messages for the purposes of Section 21 LSSICE 34/2002); if we have an existing contractual relationship, we will send you these messages based on our legitimate interest. In the absence of a contractual relationship, we will only send you messages if you give your consent by checking the box included for the purpose in the forms in question. In any case, the emails we send to you will include the option to stop receiving them. If you choose to do so, we will stop sending you these messages.
- Take photographs and videos of the activities and events that we organise and sponsor as an organisation, to publicise and document them, and to be part of the organisation’s photographic/video record. Such photographs and/or videos may be published, either on the Internet (on our Website or on the event sponsor’s website, in our social media profiles, or on YouTube), or on paper (in advertising or information posters, brochures, programmes, magazines, reports and other media that the organisation may use to report on or sponsor its activities), and on the Resort’s facilities.
You are hereby informed that the data you provide to us may be communicated to third parties for purposes directly related to the legitimate functions of assignor and assignee such as:
- To other companies of the ARANGOR group (consisting of CETIRO ITG, S.L.U. and FERINO ITG, S.L.U.) for internal administrative purposes, including the processing of personal data of customers and/or suppliers or employees.
- To banks to manage collections and payments and to the different entities necessary to provide the different services to manage online reservations and the payments and collections derived from them.
- Hotels, sports centres, and other facilities located on the Resort when necessary to satisfy or manage your requests on the website.
- To real estate agents, in the framework of their services, when necessary to satisfy or manage your requests on the website.
- Any comments you post in social media profiles may be posted on our Website, as well as the photograph included in those comments.
- To organisations and agencies with which we have a legal obligation to share data (e.g., Tax Agency, Treasury General of the Social Security).
- Judges and courts in compliance with their orders (legal obligation) or for the filing, enforcing, and defending claims.
- To the Spanish Golf Federation and regional Federations at the golf course location, to manage federation licences, competitions and to manage and update handicaps.
- Where appropriate, other clubs to manage other competitions in which the golf clubs that we manage participate.
- If you participate in any of our competitions, please note that winners’ details will be shared with the companies providing the prize (e.g. hotels, restaurants …) the identity and image of the winners, solely in relation to the competition, they will be published on our website and social networks, which you expressly authorise when you participate, since this is a condition sine qua non to receive the prize. Your authorisation does not give the data subject the right to receive remuneration or benefits other than the prize.
As data processors, some of the Data Controller’s service providers may have access to your personal data within the framework of the services they provide to us, such as: hosting, housing, software as a service, remote backup, computer support or maintenance services, e-mail senders, e-mail marketing and file transfer services, administrative service providers, legal service providers. With these suppliers, who provide us with a service, we sign a contract that obliges them to protect them in accordance with Spanish and European data protect law and not to use them for any purpose other than the provision of the service hired and to return or destroy them without keeping a copy on expiry of the contractual relationship.
No international data transfers will be made.
Exercise of rights
You are hereby informed that you may exercise the following rights:
Right to access: You may ask us which personal data we are processing and how it is processed, and even ask us for a copy of the data.
Right to rectification: You may request any inaccurate data to be rectified or completed if they are incomplete, even by making an additional statement.
Right to erasure (to be forgotten) You may request we erase your personal data when: they are not necessary for the purpose for which they were collected, withdraw your content, when there has been illegal processing or to comply with a legal obligation.
Right to limited processing: You can request limited processing of your data when their accuracy, legality or need to process the data is questionable, in which case we will only keep them to exercise or defend claims.
Right to object: You may object to the processing of your data if it is based on the legitimate interest of the Data Controller.
Right to portability: You may request the portability of your personal details when the legal basis that entitles us to process them is the existence of a contractual relationship or your consent.
You also have a right to withdraw your consent, without this affecting the legality of the processing of your personal data based on your consent.
When any of the above requests are received, we will answer you within the legally established terms.
Likewise, you are informed that you may file claims with the Agencia Española de Protección de Datos (The Spanish Data Protection Agency) if you believe that there has been a breach of your personal data rights. If you would like more information about your rights and to obtain forms to exercise those rights, you can visit the website of the Agencia Española de Protección de Datos, www.aepd.es
The personal data that the Data Controller collects through the Website will be processed confidentially, and will be kept secret, adopting all necessary measures to prevent their alteration, loss, processing, or unauthorised access, in accordance with the applicable law.
The Data Controller has implemented and maintains strict security in accordance with the personal data protection regulations to prevent unauthorised access, processing and disclosure considering the state of the technology, the nature of the data stored and the risks to which they are exposed. This notwithstanding, transmission of information through the internet is not totally secure; therefore, although the Data Controller will make its best efforts to protect your data, it cannot guarantee their security during transit to the Website. All the information that you provide is sent at your own risk. Once your data is received, the Data Controller will use strict procedures and security functions.