Privacy Policy | LivensaLiving

In accordance with data protection legislation and, more specifically, with the European General Data Protection Regulation (GDPR), this Privacy Policy complies with the duty to inform users referred to the website www.livensaliving.com (hereinafter, the “Website“), in a clear, concise, and transparent language, in the following sections:

1. INTRODUCTION

The user (hereinafter, the “Data Subject“) is hereby informed that his/her personal data will be processed through the Website by LIVENSA LIVING, S.L., which will manage the different processes and any other matter related to our facilities on behalf of the corresponding entities within its Group. Consequently, unless otherwise expressly stated therein, for the purposes of booking processes, the Data Controller will be the entity with which the pre-contractual or contractual relationship with the Data Subject is established.

Please find the list of Group entities involved in Annex I.

If the Data Subject wishes to contact the Data Protection Officer (DPO) in relation to any matter described in this privacy policy, he/she may submit his/her request, query, or suggestion to [email protected] . If the Data Subject prefers to contact the DPO by other means, he/she may contact the DPO at the following address: C/ Poeta Joan Maragall 1, 7º, 28020 Madrid; Ref. Privacy Policy.

2. INFORMATION ON DATA PROTECTION IN RELATION TO SPECIFIC PURPOSES

The Data Controller shall process, manually or digitally, the Data Subject’s information in a lawful, fair, and transparent manner. To this end, it is important that the Data Subject communicates any changes to his/her personal data to keep them up to date.

The Data Controller will process personal data for different purposes. For ease of reference, a table is included below listing the purposes for the processing, the lawful basis for each purpose and the categories of personal data processed therein.

Contact

DATA CONTROLLER	LIVENSA LIVING S.L.
Data Protection Officer	[email protected]
Purposes for the processing	Lawful basis	Categories of personal data
To deal with and manage enquiries through our channels and to learn about your preferences. Taking into account the personal data included in the relevant form and/or survey, we will manage your queries, and, in addition, we will improve our communication and marketing campaigns in the future based on aggregated data. You may contact the Data Controller by different means such as email address, telephone, social media (Instagram) and WhatsApp Business.	Consent	· Personal data included in the relevant form and/or survey. Identification and contact details.
Make an appointment to visit the facilities of our accommodation, for which we will communicate your details to the corresponding building. The Data Subject will be required to provide information on the city and accommodation of preference, as well as their identification details (name, surname, nationality), contact details (telephone number, e-mail address) and appointment details, to appropriately schedule the visit.	Consent	· Identification and contact details. · Information about the city and accommodation of preference.
Whenever the Data Subject contacts the Data Controller by telephone, the conversation with our team will be recorded in order to keep proof of the conversation with the Data Subject in case of complaint.	Legitimate interest*	· Identification and contact details (including voice)
Submission of communications based on the profile of the Data Subject, which will be built on the basis of the preferences provided in the relevant form.	Consent	· Identification and contact details · Identifiers
*Legitimate interest of the Data Controller in the recording of telephone calls: The legitimate interest of the Data Controller consists of being able to exercise the right to effective legal remedy against possible claims, which is understood to counteract the rights and freedoms of the data subject, taking into account that the likelihood of impact for the data subject is low and, above all, considering the nature, risks and benefits of such processing, both for the Data Controller and, in general, for the users, both having effective means of proof against processing that concerns them and which, ultimately, could favour their right of effective legal remedy. For further information on the legitimate interest assessment carried out, please contact our DPO at [email protected].
Data communications	Lawful basis
If the Data Subject wishes to visit the facilities of our accommodation and residences of their preference, their personal data will be communicated to the corresponding Entity of Annex I, exclusively for the purposes of managing the visit.	Consent
When the Data Controller deems it appropriate to exercise its right to effective legal remedy or is obliged to do so, in accordance with the applicable regulations, your data may be communicated to public administrations, judges and/or courts.	Legal obligation and/or legitimate interest, as applicable

Sign up

DATA CONTROLLER	LIVENSA LIVING, S.L.
Data Protection Officer	[email protected]
Purposes for the processing	Lawful basis	Categories of personal data
To manage the creation of an account within the Website in order to carry out certain actions such as providing more information about the chosen accommodation and/or residence or booking a room. This purpose may include contact via the telephone number provided by the user for the purpose of providing and sharing information of interest, clarifying doubts or providing support in the booking process.	Performance of the contract	· Identification data · Contact details · Accommodation preferences
To submit marketing communications by electronic means to the Data Subject with information on related services provided by the Data Controller. The Data Subject has the right, at any time and free of charge, to revoke his/her consent to receive such communications by means of a simple mechanism located in each commercial communication or, alternatively, by submitting a request to the Data Controller via the contact details of the DPO indicated here. See Section “Rights of the data subject”.	Consent	· Contact details
Data communications	Lawful basis
Your personal data will not be disclosed to third parties for these purposes. However, when the Data Controller deems it appropriate to exercise its right to effective legal remedy or is obliged to do so, in accordance with the applicable regulations, your personal data may be communicated to public administrations, judges and/or courts.	Legal obligation or legitimate interest, as appropriate

Booking Process

DATA CONTROLLER	ANNEX I ENTITIES
Your personal data will be processed as Data Controller by the entity with which the pre-contractual or contractual relationship is established. The list of entities of the Group that are regarded as data controllers, as the case may be, is set out in Annex I.
_{Data Protection Officer}	[email protected]
Purposes for the processing	Lawful basis		Categories of personal data
Manage and carry out the booking process in order to contract a room in one of our buildings and finalise the contract with the Data Subject.	Performance of the contract		· Identification data · Contact details · Personal characteristics data · Academic data · Economic data
Contact the Data Subject to invite them to continue with the booking process once they have started it but have not completed it. This communication may be beneficial for the Data Subject to remind him/her that the process is still pending.	Legitimate interest*		· Contact details
* Legitimate interest of the Data Controller in contacting the data subject to invite him/her to continue with the booking process: The legitimate interest of the Data Controller consists of being able to guarantee to potential customers the availability of the accommodation about which they have shown an interest when starting the booking process. It is understood that the interest of the Controller prevails over the rights and freedoms of the data subject, considering that the processing could even be beneficial for the potential customer taking into account that the booking process is generally limited to a specific period of the year. Should you like more information about the legitimate interest assessment carried out, please contact our DPO at [email protected]
Whenever the Data Subject voluntarily provides special categories of data related to his/her health for any of the purposes identified in this policy, such data may be processed in order to meet the needs requested by the Data Subject.	Explicit consent		· Health data
Whenever the Data Subject contacts the Data Controller by telephone, the conversation with our team will be recorded to keep proof of the conversation with the Data Subject in case of complaint.	Legitimate interest		· Identification data (voice)
* Legitimate interest of the Data Controller in the recording of telephone calls: The legitimate interest of the Data Controller consists of being able to exercise the right to effective legal remedy against potential claims, which is understood to counteract the rights and freedoms of the data subject, taking into account that the likelihood of impact for the data subject is low and, above all, considering the nature, risks and benefits of such processing, both for the Data Controller and, in general, for the users, both having effective means of proof against processing that concerns them and which, ultimately, could favour their right to effective legal remedy. For more information on the legitimate interest assessment carried out, please contact our DPO at [email protected] .
Manage and execute the housing agreement for the purposes of invoicing, payment, reimbursement, deposit, room allocation, and other contractual or legal requirements necessary to perform the contract with the Data Subject, which may involve the submission of communications of an exclusively transactional nature to manage said contract.	Performance of the contract		· Identification data · Contact details · Personal characteristics data · Academic data · Financial data (account number)
Manage the provision of the additional services offered, such as parking, half or full board, sports and/or recreational activities promoted by the accommodation and/or residence or the Community Life, issuance of the hosteller card, etc. This may involve the submission of communications of an exclusively transactional nature to manage the said contract.	Performance of the contract		· Identification data (including vehicle registration number) · Contact details · Financial data (account number)
Manage and update access logs (both for guests and visitors) to monitor and control the security of property, individuals, and facilities, as well as to ensure compliance with the Code of Conduct. This purpose may include the processing of personal data through video surveillance systems, provided is not forbidden by applicable regulations.	Public interest/legitimate interest*.		· Identification data (including image) · Contact details
Legitimate interest of the Data Controller in the use of video surveillance systems for compliance with the Code of Conduct: The legal basis for the processing of personal data is the legitimate interest of the Data Controller to, on the one hand, prevent the commission of conducts forbidden by the Code of Conduct of the premises, the effects of which may impact the safety of clients or the staff of Livensa Living and, on the other hand, serve as a means of defence of the interests of the Controller, in accordance with its right to an effective legal remedy. The aforementioned interests counteract the rights and freedoms of the Data Subject, taking into account that the likelihood of impact on the Data Subject is low and, above all, considering the nature, risks and benefits of such processing, both for the Controller and, in general, for users, both having effective means of proof against processing operations concerning them and which could ultimately favour their right to effective legal remedy. For more information on the legitimate interest assessment carried out, please contact our DPO at [email protected]* .
Manage the relevant information channels to allow the Data Subject to report incidents in the premises and appropriate repairs.	Performance of the contract		· Identification data · Contact details · Personal characteristics data
To submit marketing communications by electronic means with information on products and/or services similar to those already contracted by the Data Subject and which may be of his/her interest. The Data Subject has the right, at any time and free of charge, to object to the receipt of such communications by means of a simple mechanism located in each commercial communication or, alternatively, by submitting a request to the Data Controller via the contact details of the DPO indicated here. See Section “Rights of the data subject“.	Consent		· Identification data · Contact details
Request the opinion of individuals on the products and services offered and/or contracted by way of surveys. Likewise, the Data Controller may carry out activities to analyse the information collected in this regard in order to improve services. Although responses will be collected individually for the analysis of opinions, its analysis will be carried out in a general manner, without identifying specific users, by means of statistical information. In any case, the Data Subject may object to providing their opinions, as well as to being contacted for this purpose.	Legitimate interest		· Identification data · Contact details
Take photographs of Data Subjects within the framework of the activities carried out at the Residence for the purpose of promotional dissemination of the activities organised by the Data Controller. More specifically, the Data Controller will process these images to incorporate them on the Livensa Living website, include them in its internal publications (whether digital or in paper format), in advertising and/or promotional materials, as well as on its social media (YouTube, Instagram, Facebook, LinkedIn, Tik Tok).	Consent/ Legitimate interest		· Identification data (including image) · ID no.
* Legitimate interest in sending surveys and analysing its content to monitor the quality of the services and assess the satisfaction of residents when using them. This processing responds to the need for the Data Controller to adapt its operations and the services offered to the preferences and expectations of the residents, for which it is necessary to know their opinion. This processing also contributes to increasing the quality of the services provided. It is therefore understood that the Data Controller’s legitimate interest counteracts the rights and freedoms of data subjects, when carrying out this processing of personal data in accordance with the referred purpose and the expectations of the data subject. Legitimate interest in the use of images of data subjects: With regard to the use of the image of residents when it is clearly of an* ancillary nature or when they are unlikely to be identified, it shall be understood that the Data Controller has a legitimate interest in the use of such material, in accordance with the promotional purpose of its services, the expectations of the data subject in the conditions in which said images are captured and its use (in compliance with the provisions of the regulations on the protection of the right to honour, privacy and image), concluding that the interests of the Controller prevail over the rights and freedoms of the data subjects. Should you like more information about the legitimate interest assessment carried out, please contact our DPO at [email protected].
Data communications		Lawful basis
Financial institutions or third-party payment service providers.		Performance of the contract
Social media.		Consent
When the Data Controller deems it appropriate to exercise its right to effective legal remedy or is obliged to do so, in accordance with the applicable regulations, your data may be communicated to public administrations, judges and/or courts.		Legal obligation or legitimate interest, as appropriate
Third-party entities with which the Data Controller collaborates to provide some of the additional services to residents.		Performance of the contract

….3. RETENTION PERIOD OF PERSONAL DATA

The data will be stored for the aforementioned purposes for as long as the relationship with the Data Controller is in force and thereafter for as long as required by applicable law and until any liability arising from such relationship is extinguished.

With reference to the personal data derived from the contractual relationship, the same shall be kept for as long as the agreement subsists and, afterwards, for the prescription period of the civil actions that may derive from the same, in accordance with the applicable legislation.

With regard to personal data deriving from the data subject’s consent or from the legitimate interests of the Data Controller, personal data shall be kept for as long as the consent is not withdrawn or until the data subject’s right to object is granted, without prejudice to the expiry of any liabilities to which the Data Controller may be subject.

4. MANDATORY DATA AND DATA FORM THIRD PARTIES

Unless otherwise stated, the provision of personal data is mandatory to achieve the aforementioned purposes.

When the Data Subject provides personal data in relation to a third party, such as family members or contact persons within the booking process, he/she undertakes the lawful origin of personal data, and to inform the third party about the purposes of the processing of personal data and other information included in this privacy policy.

5. DATA PROCESSORS

The Data Controller follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into a data processing agreement, as required by law, imposing on them, inter alia, the following obligations: to implement appropriate technical and organisational measures to ensure the security of personal data; to process personal data for the agreed purposes and only in accordance with the documented instructions of the Data Controller; and to delete and return the data to the Data Controller upon completion of the services.

6. INTERNATIONAL DATA TRANSFERS

The personal data provided will be subject to international data transfers outside the European Economic Area (EEA) (e.g. to the United States), which will be regulated in accordance with the mechanisms set out in the GDPR in order to safeguard the rights and freedoms of the Data Subject and to ensure an adequate level of security.

In this regard, the Standard Contractual Clauses (STCs) issued by the European Commission are considered a legal mechanism for transferring data outside the EEA and, where appropriate, the Controller undertakes to sign such STCs where necessary to protect the Data Subject’s personal data at any time.

7. RIGHTS OF THE DATA SUBJECT

In accordance with data protection regulations, the Data Subject may exercise the following rights:

To withdraw their consent at any time, without prejudice to the lawfulness of the processing previously carried out.
Right of access: The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain information on the purposes of the processing, the categories of personal data processed, the recipients to whom the personal data are disclosed and the intended period of storage of the personal data, among other matters.
Right to rectification: The Data Subject has the right to obtain rectification of inaccurate personal data concerning him/her.
Right to erasure: The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
Right to object: The Data Subject has the right to object, on grounds relating to his/her particular situation, at any time, to the processing of personal data concerning him/her which is based on the legitimate interest of the Data Controller (including processing for profiling and direct marketing purposes). In this case, the Data Controller will cease to process the personal data unless it can demonstrate compelling legitimate grounds for the processing.
Right to restriction: The Data Subject may, in certain circumstances (e.g. in the event that the data subject contests the accuracy of his/her data while its accuracy is being verified), request the restriction of the processing of his/her personal data, which will then only be processed for the establishment, exercise or defence of legal claims.
Right to data portability: The Data Subject has the right to receive personal data concerning him/her, in a structured and commonly used machine-readable format, and to have the right to transmit such data to another Data Controller without being prevented from doing so by the latter, in the cases provided for in the regulations to that effect.

The aforementioned rights may be exercised at the contact details indicated in the heading of this Privacy Policy, or by email to the following email address of the DPO: [email protected]. However, the Data Subject may contact the DPO at any time for further information.

In addition, the Data Subject may lodge a complaint in relation to the processing of personal data with the competent supervisory authority, where he/she considers that his or her rights under the applicable regulations have been infringed.

8. MARKETING COMMUNICATIONS

One of the purposes for which the Data Controller processes personal data is to submit marketing communications by electronic means with information on activities, services, competitions, offers and/or promotions on the services of the Residences.

The Data Subject has the right, at any time and free of charge, to object to the receipt of such communications by means of a simple mechanism located in each commercial communication or, alternatively, by e-mail to the following e-mail address of the DPO: [email protected].

9. SECURITY MEASURES

In order to safeguard the security of personal data, we inform you that the Data Controller has adopted all the technical and organisational measures necessary to guarantee the security of the personal data provided in order to avoid its alteration, loss and/or unauthorised processing or access, as required by law, although there is no absolute security.

Likewise, the Data Controller informs the Data Subject that all our staff, regardless of the stage of the processing in which they are involved, have undertaken to process personal data with the utmost care, secrecy, and confidentiality and that their processing will be carried out at all times in accordance with data protection legislation.

Last updated: April, 2023.

ANNEX I

Spain:

Livensa Living Aravaca Madrid: Livensa Madrid 2, S.L.
Livensa Living Barcelona Diagonal Alto: Livensa Bcn Diagonal Alto, S.L.U.
Livensa Living Barcelona Marina: Livensa Bcn Marina, S.L.U.
Livensa Living San Sebastián: Livensa San Sebastián, S.L.U.
Livensa Living Bilbao: Livensa Bilbao, S.L.U.
Livensa Living Pamplona: Livensa Pamplona, S.L.U.
Livensa Living Granada Cartuja: Livensa Granada Cartuja, S.L.U.
Livensa Living Málaga Feria: Livensa Málaga, S.L.U.
Livensa Living Salamanca: Livensa Salamanca, S.L.U.
Livensa Living Sevilla: Livensa Sevilla, S.L.U.
Livensa Living Getafe Madrid: Alba Spanish Propco 2, S.L.U
Livensa Living Granada Fuentenueva: Livensa Granada Fuente Nueva, S.L.U.
Livensa Living Studios Bilbao: Livensa Bilbao, S.L.U.
Livensa Living Studios Málaga Feria: Livensa Málaga, S.L.U.
Livensa Living Studios San Sebastián: Livensa San Sebastián, S.L.U.
Livensa Living Studios Valencia: Livensa Valencia 1, S.L.
Livensa Living Studios Madrid Alcobendas: Livensa Madrid 1, S.L.U.
Livensa Living Studios Valencia Viveros: Livensa Valencia 2, S.L.U.

Portugal:

Livensa Living Coimbra Rio: Livensa Coimbra, Unipessoal, Lda.
Livensa Living Lisboa Cidade Universitaria: Livensa Lisbon Cidade Universitaria, Unipessoal, Lda.
Livensa Living Lisboa Marques de Pombal: Livensa Lisbon 1, Unipessoal, Lda.
Livensa Living Porto Campus: Livensa Porto 1, Unipessoal, Lda.
Livensa Living Porto Boavista: Livensa Porto Boavista, Unipessoal, Lda.