Privacy Policy

EU Privacy Policy

PRIVACY POLICY

In accordance with the General Data Protection Regulation EU 2016/679 (hereinafter, “GDPR“) and Organic Law 3/2018, of 5 December, on Data Protection and Guarantee of Digital Rights (“LOPDGDD“), you are hereby informed about the collection, processing and use of your personal data through this website.

This Privacy Policy applies to the information, products and services provided by Sociedad Residencias de Estudiantes S.L. – RESA in Spain.

1. Who is the data controller?

Sociedad Residencias de Estudiantes S.L. (hereinafter, “RESA”), with address at Calle Serrano nº 41 4ª planta 28001 Madrid (Spain), with Tax Identification Number (C.I.F.) B-60109188, and email address privacy@resa.es.

On this website, you can hire accommodation owned by various companies. Therefore, depending on the accommodation you choose, the data controller of the data collected may be one of the Owner Companies listed in section 2 of the Legal Notice. These Owner Companies will be considered independent data controllers in accordance with the provisions of Article 4.7 of GDPR. They will process the data to handle the reservation and/or stay you requested in accordance with their internal data protection policies.

 

2. Why do we process your personal data, and what is the legitimate basis for processing them?

RESA will use the personal data collected through forms and those deriving from the use of this website and your relationship with the data controller for the following purposes:

• Contact form and “Chat”: We will contact you as requested after receiving your application. Said contact includes but is not limited to answering any queries you may have in relation to the products or services made available on this website.

The legal ground for processing the data is a legitimate interest (art. 6.1 f) of the GDPR) to respond to a request you have submitted. Therefore, under no circumstances may your interests be considered to be affected.

• Booking application form: To process your request to book accommodation and, therefore, forward the data to the company that owns the residence hall so that it can process your booking request. As an independent data controller, it will process the data for admission and, where appropriate, contracting procedures. Once the resident-client has been admitted, the data collected in the booking form may be used in connection with RESA HUB/RESA LIFE activities. The contact details provided for emergencies will be processed by the selected establishment and the Company that owns the establishment.

The legal ground for processing the data is the performance of a contract in accordance with Article 6.1 b) of GDPR, understood as the booking conditions accepted at the time of formalising the reservation for the accommodation. Your data needs to be processed to ensure the correct provision of the contracted service.

• Arranging visits to the accommodation: Should you express an interest in visiting the accommodation, the data provided will be processed to arrange the visit to the chosen accommodation. The data will be forwarded to the company that owns the residence, which is an independent data controller, to be processed and managed for the visit.

The legal ground for processing the data is the implementation of pre-contractual measures following your request in accordance with article 6.1 b) of the GDPR, as it is understood that you have an interest in contracting the accommodation services of one of the assets of the data controllers. Your data must be processed for the visit to be conducted correctly.

• Sending commercial communications: If you expressly consent, your data may be processed for sending commercial communications, including by electronic means, about RESA products and/or services.

The legal ground for processing your personal data is your express consent (art. 6.1 a) of GDPR). You may withdraw your consent at any time without affecting the legitimate basis for processing the data based on your consent prior to its withdrawal.

• Disclosure of data to Group companies: If you consent, your data may be disclosed to RESA Group companies so that they can send you commercial information, including by electronic means, about their products or services. You can find the RESA Group entities at the following URL: https://www.resa.es/es/aviso-legal/.

The legal ground for processing your personal data is your express consent (art. 6.1 a) of GDPR). Should you wish to revoke your consent for this purpose, you may do so at any time by sending your request to privacy@resa.es.

• Contact related to Quality Surveys: We will contact you through any channel, for example, by telephone, to obtain your opinion regarding the products contracted and/or services rendered by RESA.

The legal ground for processing your data is the legitimate interest of RESA (art. 6.1 f) of the RGPD) to assess your level of satisfaction in relation to the products contracted and/or services provided with a view to improving RESA’s processes and services.

After conducting the corresponding analysis, RESA has considered that your interests as the person affected are not harmed in any way since the surveys will allow you to report on your experience with RESA, which may benefit the service you receive in the future.

 

3.What personal data do we process?

To comply with the purposes detailed in the previous section, RESA will mainly process identification and contact data, such as your name and surname, address, and the contact telephone number and email address you have provided, and any other information related to your reservation request.

 

4.To whom will your data be disclosed?

We hereby inform you that RESA will not disclose your personal data to third parties except in compliance with legal obligations. Furthermore, no personal data will be transferred internationally.

However, the data may be disclosed to RESA Group companies so that they can send you commercial information, including by electronic means, about products or services similar to those contracted with your data controller, provided that you have consented to this. These companies offer accommodation services. You can find the RESA Group entities at the following URL: https://www.resa.es/es/aviso-legal/

On the other hand, to provide you with our services, we hereby inform you that we require the support of service providers. These third parties may have access to your data and will act on our behalf and on our account, following our instructions, and in no case will they have access to your data for their own purposes.

 

5.How long will we retain your personal data?

RESA will retain your personal data for as long as necessary to fulfil the purpose for which it was collected. More specifically:

Personal data provided solely to handle an enquiry through a contact form or chat will be retained for a maximum of 24 months, except when RESA is legally required to retain said data duly blocked for a longer period. Following the expiry of this period, after which no further legal liability can be derived from the service provided, your data will be permanently deleted.

Personal data provided to process the booking of accommodation will be retained for as long as the business relationship is maintained and, once it has ended, duly blocked for as long as possible legal actions related to the booking may arise. Following the expiry of this period, after which no further legal liability can be derived from the service provided, your data will be permanently deleted.

Data provided to arrange visits to the residence/establishment will be kept while the visit is being arranged and, once the visit has taken place, will be duly blocked for as long as possible legal actions related to said visit may arise. Following the expiry of this period, after which no further legal liability can be derived, your data will be permanently deleted.

Personal data provided for marketing purposes will be retained for as long as you do not revoke your consent.

 

6.What are your rights as the data subject?

You are hereby informed that you have rights in relation to the processing of your personal data, such as the right of access, rectification or erasure of your personal data, or the right of restriction of processing, to object to such processing, as well as the right to data portability in accordance with the terms set out in the data protection legislation in force. You can exercise your rights by contacting privacy@resa.es, clearly indicating the right you wish to exercise.

The exercise of these rights shall be free of charge except where requests are manifestly unfounded or excessive.

Should you consider that RESA has not processed your personal data in accordance with applicable regulations, you may file a complaint with the Spanish Data Protection Agency through the website www.aepd.es.