Privacy policy Arena Food & Beverage
TICKETING GENERAL TERMS AND CONDITIONS AND PRIVACY POLICY
Introduction
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, GDPR) and Organic Law 3/2018 of 5 December on the protection of personal data and the guarantee of digital rights, Arena Food and Beverage S.L. (hereinafter, AFB), with Tax ID No. B21886254, as the party responsible for the website and in compliance with the transparency requirements established by the current regulations, hereby informs all users who provide or are going to provide their personal data that they will be processed pursuant to the provisions of Article 30 of the GDPR and will be duly recorded among AFB's processing activities.
This document contains information about how we collect, process, and protect your personal data, as well as how we guarantee your rights regarding its use and access.
At AFB, we consider the protection of your right to privacy and guaranteeing the security of your personal data as vitally important. Therefore, we process information lawfully, fairly, and transparently, for specific, explicit, and legitimate purposes, and under no circumstances will it be used for purposes incompatible with these purposes.
Furthermore, the personal data processed will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is collected, accurate, and will be retained for the time strictly necessary. AFB will adopt all necessary technical and organizational measures to guarantee its security and confidentiality.
Please read this document carefully to learn more about our Privacy Policy.
Identity and contact details of the data controller
Name and identity: Arena Food and Beverage, S.L. (hereinafter, “AFB”)
Corporate Tax ID: B21886254
Address and post code: C/ Bomber Ramon Duart 12, Valencia (Valencia), 46013.
Contact information: rgpd@roigarena.es
This Privacy Policy governs the following processing of personal data:
- Booking management
- Exercise of the right of admission
- Video surveillance
- Work with us
- Promotional activities
- Social media
➔ Booking management
Data subject | Data of subjects in making a booking or ordering from any of the restaurants located within the Roig Arena, either through the Roig Arena App, the restaurant's own website, or over the phone. |
Data | *Identification and contact information (such as first name, last name, email address, phone number); *Billing information (VAT number, postal address). *Browsing data: IP address, internet browser used, and information about your device's operating system. *Data on food allergies and intolerances, and any other information you choose to share with us. *Data related to your reduced mobility. |
Purpose | - Manage restaurant reservation requests; - Respond to information requests from interested parties; - Create user profiles for internal statistics and promotional activities. - Business management such as invoicing, audits, contract preparation, and complaints handling. |
Legal basis | - Execution of a contract for the provision of the requested service; - Consent of the data subject for the management of contests, draws, and promotional activities. - Legal obligation and legitimate interest for business management and the exercise of the right of admission, respectively. |
Recipients or transfers | We use service providers such as Salesforce, Covermanager, Hosteltactic. In addition, we may share your data with public authorities and private companies to comply with tax obligations for audit purposes. We may also share your data only subject to a legal obligation with public authorities and state forces. |
International data transfers | No international transfers are made. However, if necessary, appropriate protection mechanisms will be adopted to safeguard the rights and freedoms of the data subjects. |
Retention period | Generally, we will retain your data for as long as strictly necessary to fulfill the purpose for which it was collected and to comply with legal obligations. |
➔ Exercise of the right of admission
Data subject | Users who visit the restaurant and engage in behavior that is not permitted by the restaurant. |
Data | Identification data, data relating to prohibited or unacceptable behavior, and any other data that may have been obtained as a result of the user's visit to the restaurant. |
Purpose | Exercise of the right of admission, security, and business management to maintain the restaurant's desired quality and image standards. |
Legal basis | Legitimate interest of the data controller. |
Recipients or transfers | We use service providers such as Salesforce, Covermanager, Hosteltactic. We may also share your data with public authorities and state forces. |
International data transfers | No international transfers are made. However, if necessary, appropriate protection mechanisms will be adopted to safeguard the rights and freedoms of the data subjects. |
Retention period | We will retain your data for a maximum period of 24 months. |
➔ Video
Joint controllers | Name and identity: Licampa 1617 S.L., as the owner of the facilities. Corporate Tax ID: B-98.955.503 Address and post code: C/ Bomber Ramon Duart 12, Valencia (Valencia), 46013. Contact information: rgpd@roigarena.es
Name and identity: Arena Food and Beverage, S.L. Corporate Tax ID: B21886254 Address and post code: C/ Bomber Ramon Duart 12, Valencia (Valencia), 46013. Contact information: rgpd@roigarena.es |
Data subject | All customers of the restaurant |
Data | Image |
Purpose | Security of the establishment |
Legal basis | Our legitimate interest in maintaining security at the establishment. |
Recipients or transfers | Your data may be transferred to the security forces and/or courts if necessary. Some service providers (IT specialists, legal advisors, etc.), as well as Prosegur, may also have access to the data. |
International data transfers | No international transfers are made. However, if necessary, appropriate protection mechanisms will be adopted to safeguard the rights and freedoms of the data subjects. |
Retention period | Recordings will be retained for one month after they are made, except in the event that a right of access is exercised, in which case the recording will be kept until a response has been issued, and no longer than the period established by the Data Protection Regulation for providing a response. They may also be retained for a longer period than indicated when required for submission as part of a judicial proceeding. |
➔ Work with us
Data subject | Potential candidates |
Data | Identification and contact information (name, surname, email, phone number), academic and professional information (CV), and LinkedIn profile |
Purpose | Process your application to work with us, as well as manage the selection process for vacancies and conduct interviews, with a view to you joining our company. |
Legal basis | Undertake pre-contractual measures at the request of the data subject when you apply via LinkedIn. Your consent when sending us your CV by email, via our website, or in person. |
Recipients or transfers | We use service providers such as LinkedIn or Typeform, Bizneo Solutions S.L. |
International data transfers | Yes, LinkedIn may transfer data to the US, implementing mechanisms that guarantee data protection. Typeform stores its data in the US. |
Retention period | Generally, we will retain your data for the time strictly necessary to fulfill the purpose for which it was collected or, where applicable, for the legally established periods. |
➔ Promotional activities
Data subject | Data of subjects in making a booking or ordering from any of the restaurants located within the Roig Arena, either through the Roig Arena App, the restaurant's own website, or over the phone. |
Data | Identification and contact information (such as first name, last name, email address, phone number.) |
Purpose | Promotional activities. Only should you agree to receive commercial communications, we will be able to send you offers, information, and/or promotions related to our catering service. |
Legal basis | Your consent authorizes us to process your data for this purpose and to contract our services. |
Recipients or transfers | Your data may be shared with third-party service providers for the aforementioned purposes, such as Covermanager, Hosteltactil, and Salesforce. |
International transfers | Salesforce may transfer your data to its servers in the United States. They use mechanisms to ensure the security of your data. |
Retention period | The data will be kept for as long as necessary for the purposes indicated. |
➔ Social media
Data subject | Social media users who interact with AFB's profile and customers at AFB's restaurants. |
Data | Identifying data (name, social media username) and images. |
Purpose | Address queries or concerns raised by users; Disseminate images, videos, or other content related to AFB's activities; Publish and manage draws. |
Legal basis | Legitimate interest in managing AFB's presence on social networks, promoting its activities, and providing customer service. |
Recipients or transfers | Service providers such as Meta. |
International data transfers | Meta may transfer your data to other countries, such as the United States where one of its data centers its located or to other countries where its service providers are located. |
Retention period | Generally, we will retain your data for the time strictly necessary to fulfill the purpose for which it was collected or, where applicable, for the legally established periods. |
Recipients of Personal Data
Regarding the recipients of your personal data, you are hereby informed that AFB takes the necessary measures to ensure compliance with the principles of data protection and privacy with the third parties with whom it maintains relationships, and that its primary purpose is to fulfill its duty of care in such activities.
The communication of personal data to third parties is subject to appropriate data protection measures and based on an appropriate legal basis. AFB guarantees that third parties with whom it shares personal data comply with applicable data protection laws and regulations and implement appropriate security and data protection measures to guarantee the privacy and security of personal data.
To fulfill the purposes indicated in this Privacy Policy, it is necessary, on certain occasions, for third parties to provide support in the services offered.
These third parties, depending on their nature, may include:
- Public authorities, regulators, or government agencies: These parties will be recipients of the data in cases in which the transfer thereof is required by law, regulations or in compliance with regulatory obligations.
- Security forces: law enforcement agencies and security forces that may require access to personal data in the performance of their duties and responsibilities.
- Service providers: These are companies that provide services to AFB and may be provided with access to the personal data required to provide those services, such as web hosting providers, email service providers, customer service providers, and other organizations with which AFB has partnership agreements.
- Financial institutions: financial institutions that may require access to personal data to process transactions, payments, and other financial services.
AFB will ensure that providers are selected that offer appropriate safeguards and that their responsibilities regarding personal data are determined.
Your data protection rights
Licampa recognizes and guarantees the exercise, free of charge in the cases established by current legislation, at any time and in an effective and accessible manner, of the following rights:
Access. You have the right to access your data, as well as to know whether or not your personal data is being processed. In this regard, you can obtain a copy of your personal data, although exercising this right cannot adversely affect the rights of other people and their right to data protection.
Rectification. As a data subject, you have the right to obtain, without undue delay, the rectification of inaccurate data or the completion of incomplete data.
Limitation. You have the right to obtain a limitation on the processing of your data, provided that any of the following circumstances apply:
You contest the accuracy of the data, for a period that allows us to verify its accuracy.
When you prefer limitation to deletion of the data.
When your data is not being processed and must be deleted, but it is needed to file a complaint or respond to a request.
When you have objected to the processing, but the legitimate grounds for doing so are being verified.
Objection. You have the right to object at any time, for reasons related to your particular situation, to the legitimate processing of your personal data.
Erasure. You have the right to have your data erased without undue delay, provided there is a justified reason for doing so.
Portability. As the data subject, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, provided that this is technically feasible. This right may not adversely affect the rights and freedoms of others.
Not to be subject to automated decisions. As the data subject, you have the right not to be subject to decisions made as a result of automated processing, including profiling, that may have a significant impact on you.
Furthermore, if AFB's processing of your personal data is based on consent, pursuant to Article 7 of the GDPR, you have the right to withdraw that consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal. Withdrawing consent is just as easy as granting it.
Likewise, AFB hereby informs you that, pursuant to Article 77 of the General Data Protection Regulation (GDPR), you have the right, as a data subject, to file a complaint with the Spanish Data Protection Agency if you believe that our processing of your personal data violates said Regulation.
You can find more information about your rights at the following link.
How to exercise your rights
Any data subject who wishes to exercise any of the rights described above may do so at the following email address: rgdp@roigarena.es.
Following the recommendations established in current legislation and the guidelines of the Spanish Data Protection Agency, you are hereby informed that in relation to minors under 16, the exercise of these rights will always be carried out by the person holding parental authority or their guardians, and that those over 16 years of age may fully exercise them by following the instructions described in this section.
The Spanish Data Protection Agency provides updated information to users to ensure they are fully aware of their data protection rights at all times.
Existence of automated decision-making or profiling and information on the use of artificial intelligence
We may personalize our commercial and promotional offers based on your interests and preferences, provided you give your consent. This profiling will be carried out with the aim of optimizing the offers we offer you, without generating any negative impact on you.
Likewise, you may object to the processing of your data at any time by sending an email to the contact indicated in the previous section (rgpd@roigarena.es).
Security measures applied to personal data
At AFB we are committed to implementing and maintaining appropriate technical and organizational security measures to protect personal data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
These security measures include, among others, data encryption, restricted access to personal data, the implementation of strong password policies, backups, and regular security assessments. In addition, our staff is provided with training and awareness regarding personal data protection and information security.
However, it is important to note that no security measures are completely foolproof, and no system can guarantee the absolute security of personal data.
Therefore, we cannot guarantee that personal data is completely secure and we disclaim any liability for any security breach that may occur, notwithstanding compliance with our legal obligations regarding data breaches.
Minors
AFB hereby informs users that, in relation to the processing of data pertaining to individuals aged under 16, as provided by the Spanish Data Protection Agency, when the collection and processing of such data is based on consent, it must be kept in mind that it must be express and must be given by your parents or guardians.
The processing of personal data of minors aged under 16 will be based on the express consent given by their parents or legal guardians.
Those over this age may provide their own consent for the collection of their data, except in cases where the law requires them to be assisted by their parents or guardians.
As the data controller, AFB will make reasonable efforts to verify that consent was given or authorized by the holder of parental authority or guardianship over the child, taking into account costs and available technology.
Third-party data
If the user provides the personal data of third parties (for example, when making bookings on behalf of other people), they declare that they have previously informed said persons of the details contained in this Privacy Policy and, where applicable, have obtained their consent where necessary.
Furthermore, the user guarantees that the personal data provided is true, accurate, complete, and up-to-date, and undertakes to communicate any changes that may affect its correct processing.
The personal data of third parties provided will be processed solely for the purpose of properly managing the booking and will not be used for any other purposes, except where legally required or with the express consent of the data subject.
Changes and updates to our Privacy Policy
At AFB, we may update and modify our Privacy Policy at any time and when we deem so appropriate to accurately reflect our privacy practices.
In this regard, we recommend that you review this Privacy Policy frequently to ensure you are aware of any changes or modifications.
If you have any queries about our Privacy Policy, you can contact us at: rgpd@roigarena.es.
Information about cookies
Briefly, we also want to inform you that we use cookies to facilitate your experience on the Platform and understand how you interact with us. Please read our Cookie Policy to learn more about the cookies we use, their purposes, and other information of interest.