Privacy Policy

Introduction

The protection of the right to privacy and, in particular, the right to the protection of personal data is one of the core principles of the Catalana Occidente Group.

Grupo Catalana Occidente Activos Inmobiliarios S.L.U. (hereinafter, GCOAI) is the entity belonging to GCO (Catalana Occidente Group) responsible for the management of Torre Bellesguard by Antoni Gaudí, as well as for its official website https://bellesguardgaudi.com/. In this regard, this Entity is responsible for the processing of the personal data of visitors to Torre Bellesguard and of users of any of the services provided by this Entity, such as browsing the aforementioned website.

The purpose of this privacy policy is to explain, in accordance with the provisions of Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights, and its implementing regulations in force at any given time (the “Personal Data Protection Regulations”), how the personal data that may be collected from the aforementioned data subjects will be processed.

Who is the Data Protection Officer?

The Data Protection Officer is the person appointed by GCO (Catalana Occidente Group) to ensure compliance with the Personal Data Protection Regulations. You may contact the Data Protection Officer, particularly if you consider that your data protection rights and freedoms have not been duly respected, via the postal address of the entity responsible or via the email address dpo@gco.com.

Who is the personal data protection supervisory authority?

The supervisory authority is the Spanish Data Protection Agency, headquartered in Madrid (28001), Calle Jorge Juan, no. 6, which is the independent public authority responsible for safeguarding citizens’ privacy and data protection rights. Data subjects may submit enquiries and/or complaints to this authority should they consider that their data protection rights and freedoms have not been adequately addressed. For further information, please consult the following website: https://www.aepd.es.

What personal data is processed?

The personal data processed will include personal data collected directly from users and/or customers, including any documents containing such data, as well as any data that may be obtained for the purchase of tickets and/or in connection with the use of the premises for events, or as a result of browsing this website, before, during and after the establishment of their relationship with GCOAI.

What categories of data are processed?

In general, the categories of personal data processed consist of the data subject’s identification and contact details, as well as data generated as a result of browsing this website.

In the contact forms that GCOAI may make available to data subjects, and once the information prior to data collection has been provided with reference to this privacy policy, the data necessary to establish the requested contact will be processed.

What are the purposes of the processing of personal data?

The main purpose of processing personal data is the development and/or performance of the relationship established with GCOAI or of the services provided by GCOAI.

With regard to browsing this website, users always have this privacy policy available for informational purposes, as well as the Catalana Occidente Group’s cookie policy, adapted to the guidelines of the Guide on the Use of Cookies issued by the supervisory authority. Users also have the possibility at all times to manage and customise their preferences regarding the use of cookies.

Likewise, with regard to contact forms, telephone numbers, email mailboxes and social media profiles that may be made available, personal data will be processed in order to (i) respond to and manage enquiries and requests submitted through the telephone numbers, contact forms and social media profiles provided for this purpose in relation to the purchase of tickets or any other services; and (ii) respond to and manage suggestions, requests, complaints and other enquiries submitted through the relevant form.

Finally, where the user has authorised it, personal data will also be processed in order to send information, including by means of remote communication, about promotions and events relating to Torre Bellesguard by Antoni Gaudí, and to display personalised advertising on the website, search engines and social media.

What is the legal basis for processing personal data?

The legal basis for the processing activities described above is the performance of the relationship established or the provision of the service by GCOAI and, where applicable, the data subject’s specific consent.

Lastly, the processing of personal data for sending information, including by means of remote communication, about promotions and events relating to Torre Bellesguard by Antoni Gaudí is based, where applicable, on the consent given.

How long will we keep your personal data?

Personal data will be retained for as long as the relationship with GCOAI remains in force. Once this relationship has ended, the data will be retained for the period required by the applicable legislation in force at any given time, and will remain available to the courts and tribunals, the Public Prosecutor’s Office, State Security Forces and Corps and/or the competent public authorities, in particular the competent personal data protection supervisory authorities, in order to address any potential legal or contractual liabilities arising from the relationship or service on which the processing was based, and for the applicable statutory limitation period.

Guidelines regarding the retention, erasure and blocking periods for personal data are set out in the internal regulations on the retention, erasure and blocking of personal data, as a development of the Catalana Occidente Group’s Personal Data Protection and ICT Resources Use Policy.

To whom will your personal data be disclosed?

(i) Entities of the Catalana Occidente Group

We inform you that the entities of the Catalana Occidente Group share, to varying degrees of integration, common services in order to take advantage of existing synergies, optimise resources and provide a better service to data subjects. For this reason, they have entered into various framework agreements for the reciprocal provision of services, which involve access to personal data managed by other entities of the Catalana Occidente Group and which cover a range of services, including, by way of example and without limitation, the following:

  1. Services provided to the entities of the Catalana Occidente Group by Grupo Catalana Occidente, Tecnología y Servicios A.I.E.:
    (i) hosting and data storage, (ii) maintenance and management of systems, communications and IT equipment, (iii) information security and security of the systems supporting it, (iv) development and maintenance of IT applications, (v) provision of claims handling services, (vi) reporting of information related to the services provided, (vii) maintenance and management of time and attendance control systems, security systems and video surveillance, and
    (viii) document management, printing, reprographics and labelling.
  2. Services provided to the entities of the Catalana Occidente Group by Grupo Catalana Occidente Contact Center A.I.E.:
    (i) provision of customer service through any means, including remote channels such as telephone, the internet and/or social media, and (ii) carrying out satisfaction campaigns and surveys.

(ii) Public bodies and authorities

Personal data will be disclosed to all recipients to whom GCOAI is legally obliged to communicate such information, including, by way of example and without limitation, the competent public bodies and authorities, such as the Spanish State Tax Administration Agency or the regional tax authorities, personal data protection supervisory authorities, courts and tribunals, the corresponding supervisory bodies, the Public Prosecutor’s Office and/or the State Security Forces and Corps.

What rights do you have when you provide us with your personal data?

As the data subject, you are entitled to the rights set out below, which you may exercise by proving your identity before the Data Protection Officer, via the contact email address dpo@gco.com:

  1. Right of access. You may request information about the personal data that GCOAI holds about you and about the processing activities to which they are subject, as well as obtain a copy of such data in a structured, commonly used and easily readable format.
  2. Right to rectification. You may request the rectification of inaccurate personal data and also have the right to request that incomplete personal data be completed, including by means of a supplementary statement.
  3. Right to erasure. You may request the erasure of your personal data when it is no longer necessary for the purposes for which it was collected by the data controller, or when you withdraw the consent on which the processing is based. This request shall not apply where processing is necessary on the grounds set out in the section “What is the legal basis for processing personal data?” above.In this respect, in the digital environment, if you exercise your right to be forgotten, the Entity will contact the internet service provider to forward your request for the cessation of the processing of the personal data concerning you, taking into account the technology available and the cost of its implementation. In such cases, the data will only be retained by the controller for the establishment, exercise or defence of legal claims. This request shall not apply where processing is necessary on the grounds set out above, where processing is required for the exercise of the right to freedom of expression and information, or for reasons of public interest.
  4. Right to object. You may object to the processing of your personal data, unless there are legitimate grounds which, after assessment, justify the continuation of the processing. In such cases, the personal data will only be retained by the controller for the establishment, exercise or defence of legal claims. This request shall not apply where processing is necessary on the grounds set out in the section “What is the legal basis for processing personal data?” above.
  5. Right to restriction of processing. You may request the restriction of the processing of your personal data, which may involve the blocking of the data, in the following circumstances: (i) where you contest the accuracy of the personal data; (ii) where the controller opposes the erasure of the data because the processing is lawful; (iii) where the controller no longer needs the data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or (iv) where you have objected to the processing, while the controller verifies whether its legitimate grounds override yours.
    In these cases, the personal data will only be retained by the controller for the establishment, exercise or defence of legal claims.
  6. Right to data portability. Where technically feasible, you may request that the personal data concerning you that is subject to automated processing be transmitted to another controller or to yourself, in a structured, commonly used and easily readable format, without prejudice to your rights to erasure or to be forgotten. In such cases, the data will only be retained by the controller for the establishment, exercise or defence of legal claims.

All communications and actions carried out in the context of exercising your rights shall be free of charge. Where requests are manifestly unfounded or excessive, particularly because of their repetitive nature, GCOAI may charge a reasonable fee based on the administrative costs incurred.

Confidentiality of personal data

From the outset of the processing of personal data, GCOAI will implement the technical, organisational and security measures required, taking into account the state of the art, in order to ensure the integrity, confidentiality, availability and resilience of personal data, and to prevent unauthorised alteration, loss, processing or access.

We inform you that the servers of some service providers of the Catalana Occidente Group may be located in countries outside the European Union. In cases where the level of privacy protection is not equivalent to that established in the Personal Data Protection Regulations, due to the absence of an adequacy decision by the European Commission, the Entity will adopt the appropriate safeguards provided for in the applicable regulations for transfers to third countries and international organisations, with the expressly provided exceptions for specific situations, in order to ensure that the level of protection of data subjects is not undermined, as well as the appropriate and necessary measures to safeguard data subjects’ rights and information security, based on the technical measures available at any given time.

Validity of the privacy policy

GCOAI states that the privacy policy published on this website shall always be the version in force at any given time, and reserves the right to modify it whenever necessary. If visitors and/or users of this website wish to access previous versions, they may contact the Data Protection Officer via dpo@gco.com.

Copyright

The Entity reserves all rights relating to the content of this privacy policy. Any reproduction, distribution, transformation, manipulation, public communication or any other act of exploitation, whether total or partial, free of charge or for payment, of this document is strictly prohibited without prior written authorisation.

GCOAI reserves the right to make, at any time and without prior notice, any modifications, variations, deletions or cancellations it deems necessary to the contents and to the way in which they are presented.