Datenschutzrichtlinie

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (GDPR), Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE), we inform you about the processing of your personal data carried out through the websites www.hotels001.com

NOTE: This privacy policy refers exclusively to the processing of personal data carried out through the Websites of the data controller. Processing derived from the in-person hosting relationship (traveler registration, video surveillance, etc.) is reported via the specific information clause provided to the guest at the establishment.

1. JOINT DATA CONTROLLERS

The personal data collected through the Websites are processed jointly by the following entities, which act as joint controllers in accordance with Article 26 of the GDPR:
DATA CONTROLLERS: FuerteItaka, S.L. and New Fit Canarias, S.L.

Company 1: FuerteItaka, S.L.
NIF: B76108125
Address: C/ Baja de los Erizos 2– Costa Calma, Pájara – 35627 (Las Palmas de Gran Canaria)
Email: admin@nfitcanarias.com
Phone: 928 875 642
Registration details: Registered in the Commercial Registry of Las Palmas, Volume 151, Folio 191, Section 8, Registration Sheet 6805, Entry 1.

Company 2: New Fit Canarias, S.L.
NIF: B76255611
Address: C/ Baja de los Erizos 2 – Costa Calma – 35627 (Las Palmas)
Email: admin@nfitcanarias.com
Phone: 928 875 642
Registration details: Registered in the Commercial Registry of Puerto del Rosario, Section 8, Registration Sheet 7758, Entry 1. Bulletin 220, Sheet 487752.

Websites: www.hotels001.com

Data Protection Officer (DPO): admin@nfitcanarias.com

Both entities have signed a joint responsibility agreement that determines the purposes and means of processing, as well as their respective responsibilities. The essential content of said agreement will be made available to the interested party upon request.

2. DATA PROTECTION OFFICER (DPO)

The joint data controllers have appointed a Data Protection Officer (DPO), whom you can contact for any matter related to the processing of your personal data at the following email address: admin@nfitcanarias.com
Data Protection Officer (DPO)
Email: admin@nfitcanarias.com
You may contact the DPO for any matter related to the processing of your personal data or the exercise of your rights.

3. PURPOSES OF PROCESSING

Through the Websites, we process your personal data for the following purposes:

3.1. Contact forms and information requests
Manage queries, information requests, and communications sent by the User through the forms available on the Websites.
Legal basis: consent of the interested party (art. 6.1.a GDPR). The User consents to the processing by voluntarily submitting the form.

3.2. Online booking management
Manage accommodation bookings and supplementary services (catering, fitness, wellness) made through the Websites or integrated booking platforms.
Legal basis: execution of a contract or pre-contractual measures (art. 6.1.b GDPR).

3.3. Loyalty Club
Manage registration, participation, and maintenance in the Loyalty Club: member registration, accumulation and redemption of points or benefits, personalization of offers, and segmented communications based on booking history and user preferences.
Legal basis: consent of the interested party (art. 6.1.a GDPR). Registration is voluntary and consent can be revoked at any time by requesting to unsubscribe from the Club.

3.4. Commercial communications and email marketing
Sending electronic commercial communications (newsletters, offers, promotions, news) about the services of the joint data controllers via email or other equivalent electronic means.
Legal basis: express consent of the interested party (art. 6.1.a GDPR and art. 21 of Law 34/2002, LSSI-CE). The User may revoke their consent at any time via the unsubscribe link included in each communication or by contacting the DPO.

3.5. Browsing and cookies
Collection of browsing data through cookies and similar technologies for statistical analysis, personalization, and advertising. See the Cookie Policy for detailed information.
Legal basis: legitimate interest for technical cookies (art. 6.1.f GDPR, art. 22.2 LSSI-CE); consent for the rest of cookies (art. 6.1.a GDPR, art. 22.2 LSSI-CE).

4. DATA COLLECTED THROUGH THE WEBSITES

• Contact forms: name, surname, email, phone number, query message.
• Online bookings: name and surname, email, phone number, stay dates, number of guests, accommodation preferences, payment details (processed via secure payment gateway; the data controller does not store full card details).
• Loyalty Club: identification data, email, history of bookings and consumption at the data controller's establishments, preferences, accumulated points.
• Email marketing: name, email, interaction data with communications (opens, clicks), registration and unsubscription date.
• Browsing data: IP address, browser type and version, operating system, screen resolution, visited pages, time spent, access source (see Cookie Policy).

5. RECIPIENTS

• Companies (FuerteItaka, S.L. and New Fit Canarias, S.L.): communication between joint controllers for the joint management of bookings, Loyalty Club, and commercial communications.
• Data processors: service providers that access data on behalf of the joint controllers, with contracts signed in accordance with art. 28 of the GDPR:
  – Hotel management platforms (PMS/Channel Manager).
  – Secure payment gateway.
  – Email marketing platform.
  – Web hosting service provider.
  – Web analysis tools (Google Analytics).
  – External consultancy firms.
• Public Administrations: when there is a legal obligation (AEAT, Courts and Tribunals).

There will be no international data transfers except for those derived from the use of third-party tools (Google Analytics, email marketing platforms), ensuring the appropriate guarantees of Chapter V of the GDPR (standard contractual clauses, EU-US Data Privacy Framework, or adequacy decisions, as applicable).

6. RETENTION PERIODS

• Contact forms: until the resolution of the query and during the legal limitation periods (3 years, art. 1967 of the Civil Code).
• Online bookings: during the term of the contractual relationship and the limitation periods (5 years, art. 1964 of the Civil Code; 4 years, Law 58/2003, General Tax Law).
• Loyalty Club: as long as the status of active member is maintained and, after unsubscription, during the legal limitation periods.
• Email marketing: until revocation of consent or unsubscription request.
• Browsing data: according to the duration of each cookie (see Cookie Policy).

7. RIGHTS OF THE INTERESTED PARTIES

In accordance with Articles 15 to 22 of the GDPR and Articles 12 to 18 of the LOPDGDD, you have the right to:

• Access (art. 15 GDPR): know if we process your data and obtain a copy.
• Rectification (art. 16 GDPR): correct inaccurate or incomplete data.
• Erasure (art. 17 GDPR): request deletion when they are no longer necessary.
• Opposition (art. 21 GDPR): object to the processing, including direct marketing.
• Restriction (art. 18 GDPR): request the limitation of the processing.
• Portability (art. 20 GDPR): receive data in a structured format.
• Revocation of consent: withdraw your consent at any time without affecting the lawfulness of the prior processing (art. 7.3 GDPR).

To exercise your rights, please contact the Data Protection Officer (DPO) by email at admin@nfitcanarias.com, or in writing to C/ Baja de los Erizos Nº2 – Costa Calma, Pájara – 35627 (Las Palmas de Gran Canaria), attaching a copy of your identification document. The request will be attended to within a maximum period of one month from its receipt (art. 12.3 GDPR), which may be extended by an additional two months in case of complexity.

Likewise, you have the right to file a claim with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid – www.aepd.es – Tel. 901 100 099.

8. SECURITY MEASURES

The joint data controllers have implemented appropriate technical and organizational measures in accordance with Article 32 of the GDPR to ensure a level of security appropriate to the risk, including, among others: encryption of communications (SSL/TLS), access control, backups, password policies, staff training, and periodic security assessments.

9. SOCIAL NETWORKS

We may have profiles on social networks (Facebook, Instagram, TikTok, etc.). The processing of followers' data will be what each platform allows for corporate profiles, in accordance with their own privacy policies. No data will be extracted without express consent. The terms of use and privacy of each social network are the responsibility of their respective owners.

10. MODIFICATIONS

The joint data controllers reserve the right to modify this Privacy Policy to adapt it to legislative, jurisprudential, AEPD, or European Data Protection Board (EDPB) criteria. Significant changes will be communicated on the Websites.

Last update: May 2026