Who are we?
We are GESTION ATLANTICA LANZAROTE S.L. and we process your data as Data Controller. This means that we are responsible for how to use and protect your personal data.
What do we use your data for?
We use the data that you have provided online or through any other means to
Why do we have it?
We are entitled to process your data for different reasons. By filling in a form or sending an email in which you submit a query or suggestion, we have a legitimate interest in addressing it.
Who do we share your data with?
We will only share the data with those collaborating companies to handle the requests received and provide our services or supply the products, banking entities and bodies required by law. In no case do we sell your data to third parties.
What rights do you have?
You have the right to access, rectify or delete your personal data. You also have the right to object to the use of data that you have previously authorized us to use, to portability and not to be subject to automated individual decisions.
In the processing of your personal data, we apply the following principles to guarantee the greatest protection for you:
Principle of lawfulness, fairness and transparency:
We will always require your consent for the processing of your personal data for one or more specific purposes which we will inform you of in advance with absolute transparency.
Principle of data minimization:
We will only request data that is strictly necessary in relation to the purposes for which it is required. The minimum possible.
Principle of storage limitation:
Data will be kept for no longer than necessary for the purposes of processing, depending on the purpose. We will inform you of the corresponding retention period. In the case of subscriptions, we will periodically review our lists and delete those records that have been inactive for a considerable period of time.
Principle of integrity and confidentiality:
Your data will be processed in such a way as to ensure appropriate security of personal data and confidentiality. You should know that we take all necessary precautions to prevent unauthorized access or misuse of our users’ data by third parties.
In this privacy policy you will find more detailed information about the use we make of the personal data of our clients, suppliers and users, and in general of all persons who maintain contact with us, regardless of the means they have used to communicate (online form, by telephone or by email, in person).
We like to be transparent about what we do with your personal data, that you understand the implications of the uses we carry out, or the rights you have in relation to your data. For this reason, we keep our Privacy Policy, Legal Notice and Cookie Policy updated, information that you can consult on this same website.
In case you have any questions or want to obtain more information about the privacy policy you can continue reading the document.
The person responsible for processing your data is GESTION ATLANTICA LANZAROTE S.L.:
Identity
GESTION ATLANTICA LANZAROTE S.L. – B16699159
Address
TIMANFAYA 2, 1ST FLOOR
35510 – PUERTO DEL CARMEN, TÍAS, LANZAROTE
Telephone
928 81 60 00
Email
lopd@rosahotels.com
lopd@rosagroup.com
GESTION ATLANTICA LANZAROTE S.L. informs the user that the data provided through browsing our website, the different data collection forms or by sending emails, will be processed by GESTION ATLANTICA LANZAROTE S.L. and that said processing is recorded in the Processing Activities Register managed by GESTION ATLANTICA LANZAROTE S.L. in accordance with the provisions of the GDPR.
At https://rosagroup.es/, we process data from both users of our website and third parties who maintain relationships with us.
For the purpose of facilitating your understanding of the processing we carry out of your data, we have differentiated the purpose for which the data is used, the types of data and the legal basis according to the category of persons whose data we process.
Below, we classify the persons whose data we process according to the type of relationship they maintain with GESTION ATLANTICA LANZAROTE S.L..
What data do we collect from our website users?
Data from users who browse our website:
Data provided by cookies and by Google Analytics.
For what purposes will we process your personal data?
When the user accepts our privacy policy, they authorize us to use the personal data provided for the following processing:
How do we obtain your data?
We obtain your data through:
What is the legal basis for processing your data?
The express consent of the user (Article 6.1.a GDPR) expressed by completing the different forms; ticking the box legitimizes the processing by GESTION ATLANTICA LANZAROTE S.L.
The user may revoke consent at any time, although revocation does not affect data processing carried out prior to such revocation.
Legitimate interest for the creation of browsing profiles and detection of preferences through the installation of cookies.
The execution of a contract or the adoption of pre-contractual measures when the client submits a request through the different forms available on our website or requests information about the services provided by GESTION ATLANTICA LANZAROTE S.L..
What data do we collect from our clients? Data from users who browse our website: data provided by cookies and by Google Analytics.
How do we obtain your data?
If you are an online client, we obtain your data through:
Browsing data obtained from the different cookies accepted when accessing https://rosagroup.es/ for the first time.
If you are an in-person client, we obtain your data through:
The client registration form.
Acceptance of the submitted quotation.
The signed contract.
For what purposes will we process your personal data?
Generate and manage documentation associated with your requests and purchases.
Provide you with information about offers, products and services related to your purchase.
Process your reservation or online purchase through our platform.
What is the legal basis for processing your data?
The execution of a pre-contract/contract to send you information and carry out the management of the service provided or product supplied, which would not be possible otherwise.
The user may revoke consent at any time.
Data processed based on the consent of the website user will be kept as long as it remains relevant for the purpose for which it was collected and consent is not revoked.
Data processed based on legitimate interest will be kept for the period linked to the reason that motivated its collection, always ensuring appropriate safeguards and respect for the rights and freedoms of the data subjects.
Data processed based on the execution of a contract or the adoption of pre-contractual measures will be kept for the duration of the contractual relationship, as well as for the subsequent period required by legal obligation.
The IP address obtained through cookies will be kept for a period of one year, for the purpose of demonstrating user consent.
Regarding the cookie retention period, more information can be obtained on our website in the “Cookie Policy” section.
Data processed based on client consent will be kept as long as it remains relevant for the purpose for which it was collected and consent is not revoked.
Data processed based on legitimate interest will be kept for the period linked to the reason that motivated its collection, always ensuring appropriate safeguards and respect for the rights and freedoms of the data subjects.
Data processed based on a contract, as well as when part of the processing is legitimized by a legal obligation, will be kept for the duration of the contractual relationship.
Once the relationship has ended, if processing is linked to a legal obligation, the retention period will be that established by law, and the data may not be deleted except in legally provided data blocking situations.
Only persons over 14 years of age may send email. If you are under this age, you must have the consent of your parents or legal guardians.
The User guarantees the authenticity and accuracy of all data communicated to GESTION ATLANTICA LANZAROTE S.L. and declares that they are over 14 years of age, and will be solely responsible for false or inaccurate statements made.
If you provide us with data of third parties, you state that you have their consent and undertake to transfer the information provided in this clause to them, exempting GESTION ATLANTICA LANZAROTE S.L. from any obligation.
However, GESTION ATLANTICA LANZAROTE S.L. may carry out verifications to confirm that the third party has been informed, adopting the diligence measures established in data protection regulations.
Data will not be transferred to third parties except by legal obligation or where necessary to handle your request.
Among the recipients to whom your data may be communicated are:
HOTEL FARIONES, S.L.
HOTEL AGUERE, S.L.
HOTEL PRINCESA YAIZA, S.A.
GESTION ATLANTICA LANZAROTE S.L.
CENTRO DEPORTIVO FARIONES, S.L.
FINCA DE UGA, S.L.
Public administrations and bodies when required by tax, labor, Social Security or other applicable regulations.
Data processors (fraud detection and prevention providers, technological services, customer service, advertising and marketing services, and in general third-party providers necessary for the provision of services offered by GESTION ATLANTICA LANZAROTE S.L., such as messaging and transport service providers, etc.).
https://rosagroup.es/ is hosted by Cloudflare, which stores data in data centers located in the United States.
The personal data provided by the user may be stored in the United States by Cloudflare based on the service provision relationship between the parties, resulting in an international data transfer.
The international transfer complies with the GDPR as it is based on an adequacy decision, since the United States has been declared a country with an adequate level of protection by the European Commission (EU–USA Data Privacy Framework – Decision of July 10, 2023) and Cloudflare is included in the “Data Privacy Framework List”.
Our website only accesses user data using the following means:
International data transfers may also occur in the context of the aforementioned disclosures/communications, for which GESTION ATLANTICA LANZAROTE S.L. will use the tools provided in Articles 46 and 49 of the GDPR as safeguards.
In any case, third parties with whom certain personal data are shared will have previously accredited the adoption of appropriate technical and organizational measures for their protection.
Acceptance of this privacy policy implies acceptance that an international data transfer may occur in accordance with the indicated safeguards.
The user may exercise the following rights before GESTION ATLANTICA LANZAROTE S.L.:
Access personal data
Rectify inaccurate or incomplete data
Request deletion or cancellation of data
Object to processing
Request restriction of processing
Request data portability
Not be subject to automated decisions
Withdraw consent granted
To exercise these rights, the user must send a written request indicating the right to be exercised, accompanied by proof of identity and a postal or email address for notification.
This request may be sent:
By post to:
GESTION ATLANTICA LANZAROTE S.L.
TIMANFAYA 2, 1ST FLOOR
35510 – PUERTO DEL CARMEN, TÍAS, LANZAROTE
By email to:
lopd@rosahotels.com
lopd@rosagroup.com
GESTION ATLANTICA LANZAROTE S.L. must respond within one month of receipt of the request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests.
Likewise, data subjects have the right to lodge a complaint with the competent Supervisory Authority (Spanish Data Protection Agency) at www.aepd.es.
GESTION ATLANTICA LANZAROTE S.L. has a valid contract with Cloudflare for hosting its website.
In all cases, GESTION ATLANTICA LANZAROTE S.L. guarantees the adoption of appropriate measures to ensure the confidential processing of data and declares that it has implemented the corresponding security policies in accordance with Regulation (EU) 2016/679.
All data provided through our platform are collected via a secure protocol. Our website has an SSL certificate that enables encrypted connections.
If you choose to leave our website via links to other websites not belonging to our entity, GESTION ATLANTICA LANZAROTE S.L. will not be responsible for the privacy policies of those websites or for the cookies they may store on the user’s computer.
Date: 24/12/2025
Version: V.1.0
