Sign Up
Check In Scan Logo

Annex II: Personal Data Processing Agreement

INTRODUCTION

This personal data processing agreement regulates the terms of the access and treatment of personal giving by CHECK-IN SCAN in the framework of the provision of customer services, in the detailed terms in the general conditions of the hiring, which is attached and of which this agreement is part.

 

  1. Definitions

For the best understanding of this personal data processing agreement, the following concepts are detailed below:

RGPD : Regulation (EU) 2016/679, of the European Parliament and the Council of April 27, 2016, regarding the protection of natural persons in regards to the processing of personal data and the free circulation of these data or any other legislation promulgated by the European Union on the same matter in the future

Data protection regulations in countries of the European Union, the European Regulations and all national laws and regulations that are complemented by said regulation; Any guide or code of conduct written by local regulators responsible for ensuring compliance and application of personal data protection legislation. In countries that do not belong to the European Union it means any similar or equivalent legislation or regulation whose purpose is the protection of the privacy and security of the personal data of natural persons

Personal data : all information about a natural person identified or identifiable; Any person whose identity can be determined, directly or indirectly, in particular through an identifier, such as a name, an identification number, location data, an online identifier or one or several elements of the physical, physiological, genetic, psychic, economic, cultural or social identity will be considered identifiable.

Interested: person likely to be directly or indirectly identified. Without prejudice to the above, and in relation to this agreement, the term "interested" is interpreted as referring to client guests who use the Check-In Scan .

Responsible for the treatment: natural or legal person, public authority, service or other organism that, alone or together with others, determine the aims and means of treatment. For the purposes of this Agreement, the figure of responsible for the client is attributed.

Treatment manager : natural or legal person, public authority, service or other agency that treats personal data on behalf of the treatment. CHECK-IN SCAN is attributed .

Safety incident : eventuality in which Check-In Scan or its subcontractors, in the course of operations that imply the use, storage or transmission of personal data, have reasons founded to estimate that the safety of said personal data is found or can be compromised or has occurred or an access to them can occur per unauthorized person.

Treatment : Any operation or set of operations on personal data or sets of personal data, either by automated procedures or not, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of access, comparison or interconnection, limitation, suppression or destruction; as described in the European regulations or in applicable data protection laws.

Confidential Information : All information, documentation or data that any of the parties provides to the other in the development and execution of the service, in the terms provided in these general conditions.

 

  1. OBJECT

The purpose of this Agreement is to define the conditions according to which CHECK-IN SCAN will deal with the personal data to which it has access during the provision of agreed services. CHECK-IN SCAN undertakes to treat the personal data referred to due diligence and according to their best professional criteria and dedication.

 

  1. Purpose of personal data processing

CHECK-IN SCAN undertakes to deal with personal data only for the provision to the client the services indicated in the general conditions of the hiring and, where appropriate, in the particular conditions, in accordance with the client's instructions. If CHECK-IN SCAN considers that any of the instructions violates any disposition in data protection, will immediately inform the customer.

CHECK-IN SCAN acts in accordance with the applicable legal regulations in force at all times, limiting themselves to performing the necessary actions to correctly develop the agreed services, no longer apply or use them for the purpose of which stipulated in this contract, or communicate them, not even for their conservation to other people.

The client is the one who determines the aims of processing and use of personal data transferred to CHECK-IN SCAN in the context of the provision of services.

CHECK-IN SCAN deals with the personal data of guests according to customer instructions and only to the extent that such treatment is necessary for the correct provision of services or to comply with the legislation applicable to each case.

CHECK-IN SCAN deals with the personal data of the client's guests respecting their integrity and accuracy, which can imply the correction, deletion or blocking of them to the extent that the functionalities of the services do not allow the client to implement actions to ensure the integrity and accuracy of the personal data.

CHECK-IN SCAN will notify the client if he considers that an instruction of this can contravene the legislation of data protection applicable to the specific case.

CHECK-IN SCAN as the person in charge of the treatment will communicate to the client, without unjustified delay, any notification or requirement you receive from any competent data regulatory authority (if said communication is allowed) in relation to customer personal data.

 

  1. Identification of personal information accessed

For the execution of the benefits derived from the fulfillment of the purpose of this commission, CHECK-IN SCAN, will have access to the personal information of guests and, where appropriate, of employees and customer agents, with the scope and purposes established in the general conditions of the hiring and, where appropriate, in the particular conditions that are applicable.

 

  1. Confidentiality

The information accessed by CHECK-IN SCAN is strictly confidential. CHECK-IN SCAN is responsible for not disseminating third information accessed as a result of this relationship. CHECK-IN SCAN is obliged to:

  1. Maintain the duty of secret regarding the personal data to which you have had access by virtue of this commission, even after its object ends.
  2. Ensure that the authorized persons to deal with personal data are expressly and in writing, to respect the confidentiality and to comply with the corresponding security measures, of which they must be conveniently informed.

Confidential information does not include information that:

  1. It is already in the public domain at the time of dissemination or becomes part of the public domain subsequently without being derived from breach of the terms of this agreement ;;
  2. CHECK-IN SCAN has developed independently without using confidential information or obtaining access to it.

 

  1. Information to guests

CHECK-IN SCAN, will facilitate the customer the legal legend model to inform guests in the registration process of travelers about the processing of their personal data. This legal legend is drafted by CHECK-IN SCAN in compliance with the requirements established in European Data Protection (GDPR). However, this legal legend is subject to prior approval of the client, who assumes the responsibility of its content against the host. The client must complete the legal legend model in order to include their identifying and contact data, as well as the postal/electronics address enabled for the exercise of rights.

 

  1. LEVENDY OF THE PERSONAL DATA OF GUESPEDES

Check -in Scan will request the guest, exclusively, the data required by the applicable regulations in the traveler registration process acting in any case, on behalf of the client. In this context, identifying, contact, housing and data data related to the transaction will be collected, as well as the guest signature, which will be obtained by rubric with its finger or with electronic pencil, in the signature space for tactile screen that facilitates the application. The identifier, the access code and the tactile screen firm that the guest will be considered electronic signature for all purposes. It will have the same value with respect to the data consigned in the electronic documents generated as the handwritten firm in relation to the data consigned on paper.

 

  1. Data communications to third parties

CHECK-IN SCAN undertakes not to communicate the data to third parties, unless it has the express authorization of the client, in the legally admissible assumptions, as well as when necessary for the correct provision of the contracted services. In this context, CHECK-IN SCAN can communicate the personal data of guests to:

  1. Competent authorities, when said communication is mandatory for legal imperative or for the correct provision of customer services.
  2. Other customer treatment in charge, according to its instructions. In this case, the client will identify, in a previously and in writing way, the entity to which the data, data to be communicated and the security measures to be applied to proceed to the communication must be communicated.
  3. Check In Scan suppliers, provided that the specifications indicated in this Agreement in case of subcontracting services that imply access to personal data are fulfilled.

If CHECK-IN SCAN should transfer personal data to a third country or an international organization, by virtue of the right of the Union or of the Member States that is applicable to it, it will inform the client of that legal requirement in a previous way, unless such a right prohibits it for important reasons of public interest.

 

  1. Exercise of rights

CHECK-IN SCAN will assist the client by supporting the response to the exercise of the rights of:

  • Access,
  • Rectification,
  • Suppression,
  • Opposition,
  • Limitation,
  • Portability,
  • Not to be subject to automated individualized decisions (including profiles).

However, the client will be solely responsible for the response provided to the guest in response to the requests received.

 

  1. Security measures

CHECK-IN SCAN adopts the technical and organizational measures to guarantee the security of the treated information, based on the criteria marked by the legislation of data protection applicable to each case, to protect the personal data assigned to avoid their revelation or improper alteration or the unauthorized access to them, given the state of the technology, the nature of the stored data and the risks to which they are exposed, they already come from the physical action or of the physical environment or of the physical action or natural.

The client understands and accepts that the technical and organizational measures of security are subject to progress and technological development. Therefore, the application of alternative security measures or the use of facilities in different locations is expressly allowed as long as the applied security levels are maintained and the legislation is complied with then Check-In Scan force. In the case of material and significant changes in the application of technical and organizational measures Check-In Scan will communicate it to the client and provide the appropriate documentation explaining these changes.

  • The application of Check-in Scan as a whole, that is, the connection to the user's web control panel and any of its mobile applications in iOS and Android, connects using maximum security https called SSL EV certificate, of extended validation. Transport data will be encrypted at 2048 bits.
  • CHECK-IN SCAN figure all the data of the travelers who store in the database using 1024 bits encryption. We do not reveal specific data of the encryption to protect our systems but can contact us if you need more information.
  • CHECK-IN SCAN performs daily back-ups of its web application and the database (ON-SITE).
  • CHECK-IN SCAN performs daily back-ups of its web application and the database (OFF Site FTP).
  • The data transferred by CHECK-IN SCAN online in the context of the provision of services will be encrypted to protect the client. The parts nevertheless admit that the transmission of internet data cannot be completely ensured.
  • In case of PMS integration, our systems use safe integration methods to allow data communication without compromising safety and confidentiality. The CHECK-IN SCAN integration system guarantees encryption, authentication and minimal privilege policies, so that only authorized parties can access and exchange their data.

CHECK-IN SCAN is not responsible for client accesses made through the Internet or the alterations or losses of data that are made through the Internet. If there is suspicion of a security threat from an Internet connection, CHECK-IN SCAN can immediately suspend the provision of services through the Internet until an investigation elucidates the seriousness of said threat; This suspension will always be subject to the sending of a suspension notice to the client that will be done as reasonably possible and the adoption of all measures that can be reasonably taken to restore the provision of services through the Internet.

 

  1. Registration of treatment activities

CHECK-IN SCAN undertakes to manage the carrying, in writing, of a record of all categories of treatment activities carried out on behalf of the client, which contains:

  1. The identification and contact data of the customer on behalf of which CHECK-IN SCANacts.
  2. The categories of treatments carried out on behalf of the client.
  3. In its case, personal data transfers to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers indicated in article 49 section 1, second paragraph of the RGPD, the documentation of adequate guarantees.
  4. A general description of the technical and organizational measures of security related to:
  5. The ability to guarantee the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  6. The ability to restore availability and access to personal data quickly, in case of physical or technical incident.
  7. The process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures to guarantee the security of the treatment.

 

  1. Incident management

CHECK-IN SCAN will notify the client in writing, without improper delay and, in any case, before the maximum period of 48 hours, the violations of the safety of the personal data in his charge of which he has knowledge, together with all the relevant information for the documentation and communication of the incidence. Notification will not be necessary when it is unlikely that such security violation constitutes a risk to the rights and freedoms of natural persons. If it is available, at least, the following information will be facilitated:

  1. Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of affected interested parties, and the categories and the approximate number of records of personal data affected.
  2. The name and contact data of the data protection delegate or from another point of contact in which more information can be obtained.
  3. Description of the possible consequences of the violation of the safety of personal data.
  4. Description of the measures taken or proposals to remedy the violation of the safety of personal data, including, if applicable, the measures taken to mitigate the possible negative effects.

If it is not possible to facilitate information simultaneously, and to the extent that it is not, the information will be gradually facilitated without improper delay. It corresponds to the client to communicate in the shortest possible time the violations of the security of the data to the control authority and, where appropriate, to the interested parties, when the violation is likely to suppose a high risk for them. However, the parties may agree otherwise, in cases where the gap affects the internal operation of CHECK-IN SCAN, beyond the object of the commission.

 

  1. Data Protection Delegate

CHECK-IN SCAN will appoint a data protection delegate and communicate your identity and contact data to the client when the designation of this figure is mandatory.

 

  1. Cooperation and support

CHECK-IN SCAN will support the client in the realization of the consultations prior to the control authority, where appropriate, as well as in the realization of impact evaluations related to data protection, where appropriate.

Additionally, CHECK-IN SCAN will keep available to the client the documentation accrediting compliance with the obligations established in the previous sections.

 

  1. Data destination Once the services have been finished

The contract agreement will remain in force during the period of service provision. The termination, resolution or extinction of the relationship between the client and CHECK-IN SCAN, will force the latter to cancel the personal data provided by the client. CHECK-IN SCAN must return the data to the client. Without prejudice to the above, CHECK-IN SCAN can conserve the strictly necessary, and duly blocked data, as responsibilities of their relationship with the client could be derived, only for the period of time in which legal actions could be exercised. Once this period has elapsed, CHECK-IN SCAN, will destroy the information that, where appropriate, still retain.

 

  1. Subcontracting

CHECK-IN SCAN reserves the right to hire external and subcontractor suppliers, including treatment sub-training. The client accepts the exercise of this right by Check-In Scan provided that CHECK-IN SCAN meets the following conditions:

  1. that CHECK-IN SCAN submits to its external and subcontractor suppliers to a due diligence process and is responsible in accordance with the terms of the agreement for the correct provision of the portion of the services of which they are commissioned and of compliance by CHECK-IN SCAN and of said external and subcontractor suppliers of the legislation of data protection applicable to a sub-person in charge of the treatment equivalent legal) in the jurisdictions where they operate;
  2. That CHECK-IN SCAN enables access to personal data of guests only to those external subcontractors and suppliers who have direct participation in the provision of services, only and exclusively for this purpose and only to the extent that such access is strictly necessary for the provision of the part of the services that have been outsourced;
  3. That, subject to the client's previous requirement, Check-In Scan provides the client with details, within the reasonable and without prejudice to the confidentiality obligations that the subcontractor and CHECK-IN SCAN are due mutually, to identify the subcontractors and external suppliers of CHECK-IN SCAN that participate in the provision of the services described in the contract and to identify the contracts of personal data associated with it;
  4. That CHECK-IN SCAN ensures their subcontractors adopt the reasonably adequate measures, according to the legislation for the protection of applicable personal data, to maintain the integrity and safety of the personal data to which they have access.
  5. That, subject to the client's previous requirement, Check-In Scan provides the client assistance, within the reasonable, so that the client complies with the obligations that the applicable legislation in data protection requires in relation to the use by CHECK-IN SCAN of sub-contractists or external suppliers.
  6. In cases where the client acts as responsible for the processing and treats the data on behalf of and on behalf of a third party, CHECK-IN SCAN will assume the figure of sub-founded treatment. In these cases, the client will be solely responsible for collecting prior authorization from the person responsible for the processing of data to proceed to the subcontracting of services to Chek-in Scan. Additionally, the client recognizes in these cases that CHECK-IN SCAN will comply with its obligations as a sub-armed treatment, as long as it complies with the instructions indicated in this Agreement.

 

  1. Chek In Scan responsibility

In the case of non-compliance by CHECK-IN SCAN of any of the stipulations of this contract, it will be considered responsible for the treatment, and must respond to the infractions in which it had incurred personally.

 

  1. Customer responsibility

The client states that:

  1. It has proceeded to collect the personal data under this agreement in accordance with the laws applicable to said process in each jurisdiction where this contract is operational and that is duly authorized to yield to CHECK-IN SCAN these personal data for their treatment as provided in this agreement;
  2. He has obtained the necessary consent, both of the guests and the competent authorities, so that CHECK-IN SCAN can use the personal data of the guests in the context of the provision of customer services;

 

  1. Applicable legislation and competent courts

In this is not provided for in this contract, as well as in the interpretation and resolution of the conflicts that may arise between the parties as a result, the Spanish legislation will apply. For the resolution of any controversy that could be derived from this contract, both parties will be submitted to the jurisdiction of the courts of Malaga, expressly renouncing any other jurisdiction that could correspond to them.

And for the record, and in proof of conformity by both parties, this document is signed by duplicate in the place and date indicated in the heading.

 

 

Final modification date: 04/02/2025

 

 

 

Check in scan Logo

FAQs Support Who we are Contact

Part of travelers SES.HOSPEDAJES Integrations Press Events

Hotel Hostel Tourist Housing Camping Rural Accommodation Area Caravans and Campers Hostels and Hostels

Self Check-in Automatic Check-in Online Check-in In-Person Web Check-in Legal Control Panel Traveler Registration
Check in scan Logo
+34 951 82 98 60 info@checkinscan.com
google play store
app store
Help
FAQs Support Who we are Contact
Links of Interest
Part of travelers SES.HOSPEDAJES Guide Integrations Press Events
Newsletter
I accept the Privacy Policy*
google play store
app store
© 2025 Check-in Scan.
Legal Notice.
Privacy Policy.
Cookies Policy.
Sitemap.
CONTACT