More info about Privacy Policy

Hotel Prisma Barcelona

Privacy Policy

At Whistestone SL we work to offer you the best possible experience through our products and services. In some cases, it
is necessary to collect information in order to achieve this. We care about your privacy and believe we should be
transparent about it.

For this reason, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 27 April 2016 (hereinafter “RGPD”) on the protection of individuals with regard to the processing
of personal data and on the free movement of such data, and Law 34/2002, of 11 July, on Information Society Services and
Electronic Commerce (hereinafter, “LSSI”), Whistestone SL informs the user that, as the party responsible for processing, it
will incorporate the personal data provided by users in an automated file.

Our commitment begins by explaining the following:

Your data is collected so that the user’s experience improves, attending to your interests and needs.

We are transparent in relation to the data we obtain about you and the reason why we do so.

Our intention is to offer you the best possible experience. Therefore, when we are going to use your personal information,
we will always do so in compliance with the regulations, and when necessary, we will ask for your consent.

We understand that your details belong to you. Therefore, if you decide not to allow us to process them, you can ask us to
stop processing them.

Our priority is to guarantee your security and to treat your data in accordance with European regulations.

If you would like more information about how your data will be treated, please refer to the different sections of the privacy
policy below:

Who is the controller your personal data?

Identity: Whistestone SL
Registered office: Avda. Josep Tarradellas, 119-121
C.I.F. nº.: B-31448822

Whistestone SL has appointed a Data Protection Delegate or an internal contact
person within your organisation. If you wish to make a query regarding the
processing of your personal data, you can contact him by email at

What personal data do we collect?

The personal data that the user may provide:

  • Name, address and date of birth.
  • Telephone number and email address.
  • Location.
  • Information regarding payments and returns.
  • IP address, date and time you accessed our services, Internet browser you use and data about the operating system
    of the device.
  • Any other information or data you choose to share with us.

In some cases, it is mandatory to fill out the registration form to access and enjoy certain services offered on the web,
likewise, not providing the personal data requested or not accepting this data protection policy means the inability to
subscribe, register or participate in any of the promotions in which personal data are requested.

Why do we treat your data?

In Whistestone SL we treat the information provided by interested people with the following purposes:

  • Manage orders or hire any of our services, either online or in physical stores.
  • Manage the sending of the information requested.
  • Develop commercial actions and carry out the maintenance and management of the relationship with the user, as
    well as the management of the services offered through the website and the information work, being able to carry
    out automatic valuations, obtaining profiles and segmentation work of customers in order to personalize the
    treatment according to their characteristics and needs and improve the customer’s online experience.
  • Develop and manage contests, sweepstakes or other promotional activities that may be organized.
  • In some cases it will be necessary to provide information to the Authorities or third companies for auditing purposes,
    as well as handle personal data from invoices, contracts and documents to respond to complaints from customers
    or Public Administrations.

We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of
Activities and Treatment Operations (RAT), which will be updated periodically in accordance with the provisions of the

What is the legitimacy for the treatment of your data?

The processing of your data may be based on the following legal bases:

  • Consent of the interested party for the contracting of services and products, for contact forms, requests for
    information or registration in e-newsletters.
  • Legitimate interest in the processing of customer data for direct marketing purposes and express consent of the
    data subject for all matters relating to automatic valuations and profiling.
  • Fulfilment of legal obligations for fraud prevention, communication with public authorities and claims of third

How long do we keep your data?

The processing of data for the purposes described will be maintained for as long as necessary to meet the purpose of
collection (for example, for the duration of the business relationship), as well as for compliance with legal obligations
arising from the processing of data.

To which recipients will your data be communicated?

In some cases, only when necessary, Whistestone SL will provide user data to third parties. However, the data will never be
sold to third parties. External service providers (e.g. payment providers or delivery companies) with whom Whistestone SL
works may use the data to provide the corresponding services, however they will not use this information for their own
purposes or for transfer to third parties.

Whistestone SL seeks to ensure the security of personal data when it is sent outside the company and ensures that third
party service providers respect confidentiality and have adequate measures in place to protect personal data. These third
parties have an obligation to ensure that the information is treated in accordance with data privacy regulations.

In some cases, the law may require that personal data be disclosed to public bodies or other parties, only what is strictly
necessary for the fulfilment of such legal obligations will be disclosed.

Personal data obtained may also be shared with other companies in the group.

Where is your data stored?

In general, data is stored within the EU. Data sent to non-EU third parties will ensure that they offer an adequate level of
protection, either because they have Binding Corporate Rules (BCR) or because they have adhered to the Privacy Shield.

What rights do you have and how can you exercise them?

You can address your communications and exercise your rights by petition at the following email address:

Under the RGPD you can apply:

  • Right of information: you can request information about those personal data that we have about you.
  • Right of rectification: you can communicate any change in your personal data.
  • Right to erasure: you can request the prior deletion blocking of personal data.
  • Right to restriction of processing : this means restricting the processing of personal data.
  • Right to data portability : in some cases, you can ask for a copy of the personal data in a structured format,
    commonly used and mechanically read for transmission to another data controller.
  • Right to object and automated individual decision-making: you can request that decisions not be taken which are
    based solely on automated processing, including profiling, which produces legal effects or significantly affects the
    data subject.

In some cases, the request may be refused if you request that data necessary for the fulfilment of legal obligations be

Also, if you have a complaint about the processing of data you can make a complaint to the data protection authority.

Who is the controller for the accuracy and veracity of the data provided?

The user is solely responsible for the accuracy and correctness of the data included, exonerating Whistestone SL of any
responsibility in this regard. Users guarantee and respond, in any case, the accuracy, validity and authenticity of the
personal data provided, and undertake to keep them properly updated. The user agrees to provide complete and correct
information in the registration or subscription form Whistestone SL reserves the right to terminate the services contracted
with users, in the event that the data provided are false, incomplete, inaccurate or are not updated.

Whistestone SL is not responsible for the veracity of the information that is not of its own elaboration and for which
another source is indicated, therefore it does not assume any responsibility as far as hypothetical damages that could
originate from the use of this information are concerned.

Whistestone SL reserves the right to update, modify or eliminate the information contained in its web pages and may even
limit or deny access to said information Whistestone SL of respondents are exonerated.

The user also certifies that he or she is over 14 years of age and that he or she has the necessary legal capacity to give
consent for the processing of his or her personal data.

How do we treat the personal data of minors?

In principle, our services are not specifically aimed at minors. However, in the event that any of them is addressed to
minors under fourteen years, in accordance with Article 8 of the RGPD and Article 7 of LO3/2018 of 5 December
(LOPDGDD), Whistestone SL will require the valid, free, unequivocal, specific and informed consent of their legal guardians
to process the personal data of minors. In this case, the identity card or other form of identification of the person giving
consent will be required.

In the case of persons over fourteen years of age, the data may be processed with the consent of the user, with the
exception of those cases in which the Law requires the assistance of the holders of parental authority or guardianship.

What security measures do we apply to protect your personal data?

Whistestone SL has adopted the legally required levels of personal data protection security, and tries to install those other
means and additional technical measures within its reach to prevent the loss, misuse, alteration, unauthorized access and
theft of personal data provided to Whistestone SL.

Whistestone SL is not responsible for any hypothetical damages that may arise from interferences, omissions,
interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused
by causes beyond the control of Whistestone SL of delays or blockages in the use of the present electronic system caused
by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other
electronic systems, as well as of damages that may be caused by third parties through illegitimate intrusions beyond the
control of Whistestone SL However, the user must be aware that Internet security measures are not impregnable.

Links to other websites

The website may contain links to other websites. By clicking on one of these links
and accessing an external website, the visit will be subject to the privacy policy of that website, being Whistestone SL
disassociated from any responsibility about its privacy policy.

Can the privacy policy be modified?

This privacy policy may be modified. We recommend that you review the privacy policy from time to time.

This website uses cookies so that you have the best user experience. If you continue browsing you are giving your consent for the acceptance of the aforementioned cookies and the acceptance of our cookies policy + info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.