Official Website

Ushuaia The Mountain Hotel Privacy Policy Arinsal, Andorra

    Free Wifi
    Choose language:
    Languages
    Best price guaranteed at the best price
    To
    Promotional code Do you have a promotional code?

    Privacy Policy

    Ushuaia The Mountain Hotel in Andorra

    In accordance with the provisions of Law 29/2021, of 28 October, on the Qualified Protection of Personal Data (LQPD), the corresponding regulations, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD), regarding the data processing activities to which they apply, in accordance with article 3.2 of this standard, it is stated that personal data collected will be incorporated and processed in files owned by CEDA, S. A. (hereinafter, ‘CEDASA’).
    Our customers and their data are very important to us, and we are thus committed to:
    • Not collect any personal data without prior consent.
    • Collect personal data in accordance with the principle of data minimisation, i.e. only collect the data that is necessary, essential and not excessive for our purposes.
    • Collect and process personal data only for the purposes described in our policy and to inform customers of the recipients of their data.
    • Collect and process only the data necessary for the proper processing of customer requests or for the personalisation of the services requested of us.
    • Maintain our commitment to take appropriate measures to ensure the confidentiality of personal data and prevent its disclosure to unauthorised third parties.
    • In the case of data transfer to authorised third parties, to take all appropriate measures to ensure the security of that transfer.
    • Inform customers about their rights of access, rectification and objection in accordance with Law 29/2021 of 28 October.

    DATA CONTROLLER
    The data controller responsible for the processing of customer data is CEDA, S.A., trading as USHUAIA THE MOUNTAIN HOTEL.
    ● NRT: A-700305-H
    ● Registered address: Ctra. de Comallemple s/n AD400 Arinsal
    ● Telephone: + 376 73 75 75
    ● email: info@ushuaiamountain.com

    The Data Protection Officer may be contacted by e-mail to lqpd@cisagroup.com or by post to the address indicated above.

    TYPE OF DATA
    CEDASA may collect and process personal information provided directly and voluntarily by you, such as your name, address, email address, telephone number, date of birth, billing information, identification document number (passport, ID card), etc. We do not ask for or process sensitive data, such as that related to race, ethnicity, political opinions, religious or philosophical beliefs or sexual orientation.

    PROCESSING ACTIVITIES: PURPOSES AND BASES OF LEGITIMATE INTEREST
    Your personal data is collected when you perform following actions:
    • Contact our booking department by phone or by email.
    • Make a booking on our website.
    • Enter your details when checking in.
    • Send us an email.
    • Share a webpage or special offer by email or on a social network.
    • Answer a satisfaction questionnaire.
    • We manage the services you request.
    • Subscribe to our newsletter.
    • Attend events or activities that we organize at our facilities.
    • Take part in competitions or prize draws.

    The provision of any personal data by means of the different forms and email addresses on this website implies acceptance of and consent to the processing of that data under the terms indicated in this privacy policy.
    Thus, consent and other bases of legitimate interest – such as an executed contract, our legitimate interest, or fulfilment of legal obligations – serve the following purposes, with their respective bases of legitimate interest, and whereby personal data will not be applied to or used for any other purpose than those for which they have been collected.
    Personal data provided by interested parties will be used exclusively for the following purposes:
    • To keep them informed, by electronic means, mobile devices or any other similar means, of incidents, modifications, queries or similar actions in relation to bookings, contracted services and/or enquiries, based on legitimate interest or their prior consent.
    • To improve and personalise our customer care and services, based on legitimate interest or their prior consent.
    • Customer relationship management, in accordance with the executed contract, pre-contractual operations, legitimate interest or their prior consent.
    • To keep them informed, by electronic means, mobile devices, or any other means established and provided for, of special offers, discounts, services, activities or personalised products of CEDASA that may be of interest, in accordance with their consent or the legitimate interest of CEDASA.
    • To manage their access to events or activities held by CEDASA at its facilities, according to the executed contract or their prior consent.
    • To manage and organize contests or prize draws aimed at promoting CEDASA, its establishments and brands, to communicate the winners and deliver prizes where appropriate, in accordance with their prior consent, including publication of the same in CEDASA’s external media, including but not limited to social networks (Facebook, Instagram) and websites (www.ushuaiamountain.com).
    • Statistical analysis of visits to the website for commercial purposes, based on the legitimate interest of CEDASA or their prior consent.
    • Management of their requests for access, rectification, objection, limitation and portability, in compliance with legal obligations.
    • Debt management and litigation, in compliance with legal obligations and legitimate interest.

    CEDASA states that it will not process users’ personal data for any purpose other than those listed in this section, except in cases of legal obligation, a court order or express consent.
    This personal data will not be subject to decisions based solely on automated processing that have legal effects for the data subject.

    Legitimate purpose for the processing of personal data:
    The legal basis for the processing of personal data is the free and lawful acceptance of the legal relationship by the user at the time of acceptance of this Personal Data Protection and Privacy Policy.
    Similarly, the grounds for the processing of their data for each of the purposes of processing personal data outlined above are detailed below:
    • Booking, registration and contracting of products, services or activities: the legal basis for the processing of their personal data is the contractual and, where applicable, pre-contractual relationship established between the interested parties for the execution of the provision of the services and products contracted or requested by the customer, and specifically, for the execution of the booking of our services, activities and products from our establishment that they have made, according to the terms and conditions indicated in the “Terms and Conditions” section and in compliance with the corresponding commercial, fiscal and accounting obligations. This is based on the provisions of article 6.1 sections a) and b) of the LQPD. Refusal to provide the personal data requested for a booking will therefore make it impossible to conclude the contract or the requested booking. For more information on the contracting of our products and services, please consult the section “Terms and Conditions of Contracts”. Once a booking has been made, the customer will receive a confirmation email with the booking details.
    • Provision of information by electronic means, mobile devices, or any other similar means about incidents, modifications, queries or similar in relation to bookings, contracted services or activities and/or any enquiries made. This is based on the provisions of article 6.1 sections a) and f) of the LQPD.
    • Logbook of visitors’ entries in hospitality establishments: the legal basis for the processing of their personal data is the legal obligation established with regard to the collection, management and forwarding to the competent law enforcement agencies required by the Regulation of the Tourist Accommodation Occupancy Register (ROAT). This is based on the provisions of article 6.1 section c) of the LQPD. Refusal to provide the personal data requested will thus make it impossible for the customer to stay at the establishment.
    • Queries: the legal basis for the processing of their personal data is the possibility of responding to queries freely raised by the customer. This processing is carried out on the basis of the provisions of article 6.1 sections a) and b) of the LQPD.
    • Access to the private area “My Booking”: in the event that the customer has registered as a user in order to access, consult, modify or cancel the status of “My Booking” on the website, the legal basis for the processing of their data is the contractual or pre-contractual relationship existing between the interested parties and to allow access to the information on the website regarding the status of their bookings, as well as to modify the details of a booking or cancel it, in the event that they are registered as a user, as well as their acceptance and free and express consent to process their data. This processing is lawful based on the provisions of article 6.1 sections a) and b) of the LQPD. Refusal to provide the personal data requested will make it impossible to access this information on the website.
    • Promotion of products, special offers, discounts, activities and services: the legal basis for sending advertising material related to products, special offers, discounts, activities and services is the user’s own free and express consent given by checking the box corresponding to agreeing to subscribe to the newsletter, or the legitimate interest of the data controller in offering products or services similar to those previously contracted. This processing of personal data is based on the provisions of article 6.1 sections a) and f) of the LQPD. Users have the right to withdraw their consent to this processing at any time, without affecting the lawfulness of the processing based on the consent given prior to its withdrawal. In the event that a user wishes to withdraw consent, they may consult the section ‘Exercise of the Rights of Data Subjects’ for further information.
    • Conclusion of incomplete bookings: the legal basis for processing personal data in this case is the acceptance and express consent of the user to this processing so that the company can contact them in the event of a technical incident occurring at the time of making a booking or contracting a product or service. This processing of personal data is based on the provisions of article 6.1 section a) of the LQPD. Refusal to provide the personal data requested for a booking will therefore make it impossible to carry out and conclude the requested contract or booking.
    • Communicating changes to the privacy policy: the legal basis for processing personal data in this case is based on the requirement of communicating to customers any changes that may occur in the company’s privacy policy, as well as on their free acceptance of and consent to this processing, based on the provisions of article 6.1 sections a) and b) of the LQPD.
    • Competitions or prize draws: the legal basis for processing personal data in the case of participation and the publication of results is based on prior consent as established in article 6.1 section a) of the LQPD.
    • To keep customers informed, by electronic means, mobile devices or any other similar means, of incidents, modifications, queries or similar in relation to their bookings, activities, contracted services and/or enquiries made, based on the provisions of article 6.1. section f) of the LQPD.
    • Statistics: the user’s free acceptance of and consent to this processing, based on the provisions of article 6.1 section a) of the LQPD, provides the legal basis for processing data to carry out market research and statistical analysis of our products and services, without in any case implying solely automated decisions with legal effects for the data subject. Users have the right to withdraw their consent to this processing at any time, without affecting the lawfulness of the processing based on the consent given prior to its withdrawal. In the event that a user wishes to withdraw consent, they may consult the section ‘Exercise of the Rights of Data Subjects’ for further information.

    DATA RETENTION
    The personal data you provide will be kept by CEDASA for as long as there is a contractual or commercial relationship between the interested parties and as long as you do not withdraw your consent, exercise your right to object, to erasure or to limitation of the processing of personal data or, where applicable, for the maximum legal period permitted by the data protection law, including the periods of limitation for legal actions regarding questions of possible liability that may arise from the contractual relationship.
    In the event of the latter, CEDASA will retain the data duly restricted, without using them for any other purpose, as long as they may be necessary for the exercise or defence of claims, or as long as any type of judicial, legal or contractual liability may arise from their processing, which must be resolved and for which their recovery is essential.

    MINORS
    The CEDASA website is not targeted at minors. In any case, we will not collect any personal data from minors under 16 years of age without the consent of their legal representative. The data collected from minors under 16 years of age will be at the time of registration in our hotels, by legal obligation, and only the data necessary to fulfil this obligation.

    DISCLOSURE OF DATA TO THIRD PARTIES
    In general, CEDASA will not disclose users’ personal data to third parties, however, they may be transferred to companies that form part of CEDASA when providing their services and when necessary to fulfil contractual obligations or in compliance with legal obligations, which may include disclosure to authorities that require the data, as may be the case with security and law enforcement agencies.
    Service providers contracted by CEDASA who act on its behalf as data processors may also have access to this data.

    EXERCISE OF THE RIGHTS OF DATA SUBJECTS
    Data subjects (individuals) have the following rights:
    ● Right of access, you may request information about your own personal data that we hold for processing.
    ● Right to rectification, you may modify your personal data when it is inaccurate or incomplete.
    ● Right to erasure or restriction, you may request the limitation or deletion of your personal data.
    ● Right to object, where applicable, you may request that we do not process your personal data in light of particular circumstances.
    ● Right to data portability, where applicable, you may request the portability of the data you have provided to us.
    ● Right not to be subject to a decision based solely on automated processing.
    ● If you have given your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of any processing based on the consent prior to its withdrawal.

    To exercise these rights, users may do so in writing by email to lqpd@cisagroup.com or by post to Ctra. de Comallemple s/n – AD400 Arinsal. The right that the user wishes to exercise must be specified, and a copy of their identification document (e.g. ID card/passport) provided. In the event that additional data is needed for verification of identity, the user will be notified.
    Users also have the right to lodge a complaint with the Andorran Data Protection Agency (APDA –www.apda.ad) if it is considered that we have processed personal data not in accordance with the applicable regulations.

    TRUTHFULNESS OF DATA
    The user declares that all the data they have provided to us are lawful, adequate, relevant, accurate and, if necessary, up to date. The provision of data that does not meet the above requirements will exempt CEDASA from liability.

    MEASURES AND LEVELS OF SECURITY
    CEDASA has adopted the necessary measures to maintain the required level of security, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, as far as possible and always according to best current practice, its alteration, loss, or unauthorised processing or access.
    Similarly, CEDASA also ensures that it has implemented mechanisms to:
    1. Ensure the ongoing confidentiality, integrity and resilience of processing systems and services.
    2. Restore availability and access to personal data promptly in the event of a physical or technical incident.
    3. Regularly verify, evaluate and assess the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
    4. Pseudonymise and encrypt personal data, where appropriate.

    INTERNATIONAL TRANSFER
    In the provision of its services, CEDASA does not carry out international data transfers. In any case, if a provider acting on our behalf processes personal data in a third country, CEDASA will transfer the data on the basis of an adequacy decision or otherwise assess whether the third country ensures an adequate level of data protection, and implement all measures and controls at its disposal to protect its customers’ personal data, including the signing of standard contractual clauses approved by the European Commission, the adoption of binding corporate rules, and the application of approved and recognised certifications or codes of conduct.

    COOKIES
    Access to our website may imply the use of cookies. Cookies are small blocks of data that are stored in the browser of each user so that the server can recall certain information for later use. This information allows us to identify the user as a specific customer and to save their personal preferences, as well as technical information such as website visits or specific pages that have been visited.
    Users who do not wish to receive cookies or who wish to be informed before cookies are stored on their computer may configure their browser accordingly.
    For more information, see our Cookie Policy.

    SOCIAL NETWORKS
    As a user you are informed that CEDASA has created profiles on the social networks Facebook and Instagram in order to distribute information about its products, services and activities.
    User data is usually processed by social networks for research purposes. In order to protect your privacy, having incorporating the abovementioned social media login buttons on our website, they do not install cookies when our webpages are loaded on your device.
    Each social network has its own privacy policy covering how it processes personal data when a user accesses its website. Thus, when a user accesses or consults our profile on Facebook or Instagram, these networks will request express consent to accept cookies. Users are recommended to carefully read the information on data protection offered by each social network provider.

    CUSTOMER CONSENT
    As a user and customer, you declare that you have read and expressly accepted this Privacy Policy when registering with CEDASA, giving your unequivocal and express consent to CEDASA to process your data in accordance with the purposes and services described herein.

    CONFIDENTIALITY AND PROFESSIONAL SECRECY
    The data we collect in all private communications between CEDASA and customers will be treated with absolute confidentiality, by which we commit ourselves to the obligation of the secrecy of personal data, the duty to store them and take all necessary measures to prevent their alteration, loss or unauthorized access or processing, in accordance with the provisions of the applicable data protection law.
    In addition, information of any kind exchanged between the interested parties, which the parties agree is of a confidential nature, or which merely relates to the content of such information, will also have the status of confidential information.

    MODIFICATIONS
    CEDASA reserves the right to modify its security and data protection policy in order to adapt it to new legislative or legal developments, as well as those that may arise from relevant codes of conduct in force, or due to strategic corporate decisions, with effect from the date of publication of the modification on our website.

    LAST MODIFIED AUGUST 2024