PRIVACY AND DATA PROTECTION POLICY

MOOREA, S.L. (hereinafter, the Entity) is committed to due diligence and compliance with Data Protection regulations.

Below is detailed information on the confidentiality and personal data protection policy in accordance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and Article 11 of the Organic Law 3/2018 of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

The identification and contact details of the Entity, as well as the Data Protection Officer (DPO), are as follows:

• Trading name: CAMPING LA TORRE DEL SOL
• Registered address: AVINGUDA DIAGONAL, 109 - 5º - 1ª – 08005 – BARCELONA (BARCELONA)
• Tax ID: B58474214
• Telephone: 977 81 04 86
• DPO contact: Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo.
• Data Protection Channel: https://corporate-line.com/cnormativo-latorredelsol

---

Purposes of processing

The Entity shall process the information provided by data subjects for the following purposes:

• Managing your visit, attention, and meetings at our facilities.
• Managing the provision and performance of contracted services and products.
• Handling any request, suggestion, or enquiry related to our professional services.
• Managing and addressing information regarding the prevention and response to harassment and violence, especially towards particularly vulnerable groups such as trans people, LGTBI individuals, and minors, ensuring appropriate data processing under current regulations and, in particular, under Law 2/2023 of 20 February, on the protection of whistleblowers and the fight against corruption.
• Informative and commercial communications: to inform you about activities, articles of interest and general information related to our business and contracted services/products.
• Processing data provided by job applicants via CV or other means for recruitment and selection purposes.
• Ensuring the security of offices, facilities, and individuals through access controls, video surveillance systems, and other control/identification mechanisms.
• Compliance with legal obligations applicable to the Entity in health, equality, and occupational risk prevention matters.
• Managing and controlling the implementation of internal mechanisms, policies, and protocols for regulatory compliance, including whistleblowing channels.
• Formalising and managing the relationship with suppliers.
• Participating in the preparation of newsletters and their regular distribution to subscribers.
• All other data processing necessary for compliance with applicable regulations and sector-specific requirements relevant to our activities.

---

Data retention criteria

• Contracted services/products: Data will be retained while the service remains active. After the termination, data may be retained to comply with legal obligations or possible liabilities. Data will be kept in a way that allows identification and the exercise of rights, under appropriate legal, technical and organisational security measures.
• CV management: Your CV will be retained for a maximum of one year. Afterwards, it will be automatically destroyed, in accordance with the data quality principle.
• Employment contracts: Personal data will be retained for the duration of the employment relationship and afterwards where liabilities may arise or a legal obligation exists.
• Legal obligation of registration under security regulations: In compliance with Royal Decree 933/2021 of 26 October, records related to accommodation or vehicle rental services will be retained for a period of three years from the conclusion of the service.
• Others: Any additional user data will be retained as long as necessary to fulfil its purpose and comply with legal obligations.

---

Legal basis

The legal grounds for processing personal data include:

• The consent of the data subjects for processing their requests or queries.
• The consent provided by job applicants for recruitment purposes.
• The contractual framework of service/product provision.
• Legitimate interest to send informative or promotional communications about our activities and services/products.
• Compliance with legal obligations and internal regulatory procedures.
• Legitimate interest in ensuring the security of facilities and individuals.

---

Recipients

No personal data will be transferred to third parties, unless legally required.

No international data transfers are envisaged.

---

Source

Personal data is obtained directly from data subjects and collaborators. Categories of collected data include:

• Identification and contact details
• Postal or electronic addresses
• Bank and/or payment data
• Any data provided and/or consented to by the data subject necessary for the service/product

---

Rights

You have the following rights regarding your personal data:

• Right of access: To know whether your personal data is being processed.
• Right to rectification: To correct inaccurate personal data.
• Right to erasure: To request deletion of personal data when no longer necessary.
• Right to restriction: To limit processing in certain cases, maintaining data only for legal claims.
• Right to object: To oppose data processing, except for legitimate reasons or legal defence.
• Right to data portability: To receive your data in a structured, commonly used format to transfer to another controller.
• Right to withdraw consent: You may withdraw your consent at any time, except when legally required or linked to a contract, without retroactive effect.
• Right not to be subject to automated decisions: To not be subjected to significant automated decision-making, including profiling.

You may exercise your rights and report any potential breaches, cyberattacks, or non-compliance via the dedicated platform: https://corporate-line.com/cnormativo-latorredelsol

In case of disagreement, you may lodge a complaint with the relevant Data Protection Authority. In Spain, this is the Spanish Data Protection Agency (www.aepd.es).

---

Security and Control Measures

General

The Entity shall process personal data with appropriate legal, technical and organisational measures to ensure confidentiality and integrity of the information, in accordance with applicable data protection laws.

We appreciate being informed of any potential security risks via the contact details / channel in this Privacy Policy, so we may take the necessary actions to prevent unauthorised processing, loss, destruction or accidental damage.

Cybersecurity

The Entity applies cybersecurity measures to prevent and manage potential attacks or fraud affecting the privacy and protection of personal data processed in the course of our activities.

We strongly advise that if you receive any suspicious communications or requests for confidential information, payment changes, or bank/card details, do not respond and contact our DPO via the contact details listed in this Policy.

Please help us by reporting any suspicious communications or potential cyber risks that you may come across.

---

Multinormative Channel

The Entity has implemented a secure Channel, ensuring the highest standards of confidentiality, expertise and independence when handling received communications.

This Channel, also for use in the area of Data Protection, is provided through a web platform developed and managed by an independent external expert.

Through this Channel, you may exercise your rights or report any breach or suspicion related to security, cyberattacks or violations of data protection regulations or this Privacy Policy.

Access details for the Channel are provided at the beginning of this Policy.

---

Support and Assistance

Data subjects may contact the Data Protection Officer (DPO) for any doubts regarding personal data processing or interpretation of this Privacy Policy, using the contact information provided at the beginning of this document.