Check In Scan Logo
Login

INTRODUCTION

I.- That Check-in Scan and the CLIENT maintain a professional collaboration relationship, whereby Check-in Scan makes available to the CLIENT the Check-in Scan , which facilitates compliance with the notification, documentation and registration obligations established by the regulations applicable to accommodations for tourist purposes.

II.- That in order to carry out the aforementioned services, the CLIENT requires CHECK-IN SCAN to communicate information about the check-in process to its provider in charge of the PMS integration process, hereinafter, the PROVIDER.

III- That for this reason and in compliance with the provisions of Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as in compliance with the provisions of Article 33 of Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), CHECK-IN SCAN and the CLIENT freely agree to regulate the data communication process in accordance with the Clauses established in this Addendum.

 

  1. DEFINITIONS

For a better understanding of this Addendum, the following concepts are detailed below:

Client : Natural or legal person to whom the Check-in Scan . The natural person who accepts this Addendum on behalf of the legal/natural person to whom the service is provided declares that they have sufficient power and/or authorization to bind said entity/professional.

Check-in Scan : Legal entity providing the Check-In Service to the Client: Check-in Scan , SL, NIF: B-93578862. Registered office: Bulevar de la Cala, Local 1, La Cala de Mijas, CP 29649, Mijas (Málaga). Telephone: +34 951 82 98 60. Email: info@checkinscan.com .

SUPPLIER: Legal entity that provides the PMS integration service to the Client. 

GDPR : Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, or any other legislation enacted by the European Union on the same subject in the future

Personal data : Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Data Controller: A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Addendum, the CLIENT is designated as the Data Controller.

Data Processor : A natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. For the purposes of this Addendum, the role of Data Processor is attributed to CHECK-IN SCAN and the SUPPLIER.

General Conditions : Terms and conditions applicable to the use of the Service in a transversal manner, regardless of the Subscription Modality selected by the CLIENT for access to the Service.

Integration Instructions Specifications provided to CHECK-IN SCAN by the CLIENT or, failing that, by the SUPPLIER on behalf of and for the account of the CLIENT, in order to coordinate the integration process.

Processing : Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; as described in the European Regulation or in applicable Data Protection Laws.

Confidential Information : All information, documentation or data that either party provides to the other in the development and execution of the Service, in

 

  1. OBJECT

The purpose of this Addendum is to regulate the terms of the data communication process by CHECK-IN SCANto the SUPPLIER within the framework of the provision of services by CHECK-IN SCAN to the CLIENT, under the terms established in the General Contract Conditions.

The CLIENT is considered the Data Controller, being the one who determines the purposes of the processing and use of Personal Data by CHECK-IN SCAN in the context of the provision of services between the parties.

For its part, CHECK-IN SCAN processes the Personal Data of guests in accordance with the CLIENT's instructions and only to the extent that such processing is necessary for the proper provision of services or to comply with applicable legislation, all in the capacity of Data Processor for the CLIENT.

Within the framework of the provision of services between the parties, the CLIENT requires CHECK-IN SCAN to provide the CLIENT'S SUPPLIER with the data necessary to coordinate the PMS integration process.

  1. CUSTOMER OBLIGATIONS

In the context of data communication by CHECK-IN SCAN to the PROVIDER, the CLIENT agrees to:

  1. Ensure that the SUPPLIER's access to guests' personal data occurs exclusively within the framework of providing services entrusted by the CLIENT, solely and exclusively for that purpose and only to the extent that such access is strictly necessary for the provision of the contracted services.
  2. Ensure that the SUPPLIER takes reasonably appropriate measures, as prescribed by applicable data protection legislation, to maintain the integrity and security of the Personal Data to which they have access as a result of the data communication made by CHECK-IN SCAN.
  3. To indemnify and hold harmless CHECK-IN SCAN from any liability arising from the communication of data by CHECK-IN SCAN to the SUPPLIER, provided that such communication occurs within the framework of the instructions provided to CHECK-IN SCAN or based on the Integration Instructions provided by the CLIENT or, failing that, by the SUPPLIER, on behalf of and for the account of the CLIENT.
  4. To regulate with the SUPPLIER the obligations that it must assume as the data processor of the CLIENT's data.

 

  1. CHECK-IN SCAN OBLIGATIONS

For its part, in the process of communicating data to the PROVIDER, CHECK-IN SCAN undertakes to:

  1. Follow the instructions set out in the Integration Instructions, and do not provide excessive or unnecessary information, based on the specifications indicated in that document. However, Check-in Scan will not be obligated to provide data whose collection and processing is not expressly provided for in the General Terms and Conditions of Contract that govern the relationship between Check-in Scan and the CLIENT .
  2. Maintain the duty of secrecy regarding the personal data to which you have access under this assignment, even after its purpose has ended.
  3. Ensure that CHECK-IN SCAN personnel with access to CUSTOMER data are committed to respecting confidentiality and complying with the measures indicated in this document.
  4. Notify the CLIENT in writing, without undue delay and in any event no later than 48 hours, of any personal data breaches under its responsibility of which it becomes aware, together with all relevant information for documenting and reporting the incident. Notification will not be required when it is unlikely that the breach poses a risk to the rights and freedoms of natural persons. If available, the following information will be provided as a minimum:
    1. Description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.
    2. The name and contact details of the data protection officer or other contact point where further information can be obtained.
    3. Description of the possible consequences of a personal data security breach.
    4. Description of the measures taken or proposed to remedy the personal data breach, including, where appropriate, measures taken to mitigate possible adverse effects.

 

If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay. It is the CLIENT's responsibility to report data security breaches to the supervisory authority and, where applicable, to the data subjects, as soon as possible when the breach is likely to pose a high risk to them. However, the parties may agree otherwise in cases where the breach affects Check-in Scan's internal operations beyond the scope of the engagement.

 

  1. SECURITY MEASURES

The process of data communication by CHECK-IN SCAN to the PROVIDER will be carried out based on the provisions of the Integration Instructions, in order to allow data communication without compromising the security and confidentiality of the information processed.

Check-in Scan will adopt the technical and organizational measures to guarantee the security of the information, based on the criteria established by the applicable Data Protection legislation, in order to protect the personal data provided and prevent its improper disclosure or alteration or unauthorized access to it, taking into account the state of technology, the nature of the data stored and the risks to which it is exposed, whether they come from human action or from the physical or natural environment.

However, Check-in Scan cannot guarantee that the PROVIDER's environment or systems enabled for data communication comply with appropriate security measures, taking into account the state of the art, the costs of implementation, as well as the nature, scope, context and purposes of the processing.

 

  1. DISCLAIMER

Check-in Scan will not be liable under any circumstances:

  • Regarding the SUPPLIER's compliance with its obligations as the processor of personal data belonging to the CLIENT.
  • The PROVIDER shall implement appropriate technical and organizational measures to ensure the security, confidentiality, availability and resilience of the information provided by Check-in Scan.
  • From the loss, alteration or inaccuracy of information as a result of the provision of services by the SUPPLIER to the CLIENT.

The CLIENT expressly acknowledges that CHECK-IN SCAN has no legal relationship with the SUPPLIER and releases CHECK-IN SCAN from any liability that the SUPPLIER may demand within the framework of its legal relationship with the CLIENT.

 

  1. APPLICABLE LAW AND COMPETENT COURTS

In matters not covered by this contract, as well as in the interpretation and resolution of any disputes that may arise between the parties as a result thereof, Spanish law shall apply. For the resolution of any controversy that may arise from this contract, both parties submit to the jurisdiction of the courts of Málaga, expressly waiving any other jurisdiction that may correspond to them.

And to attest to this, and as proof of agreement by both parties, this document is signed in duplicate at the place and date indicated in the heading.

 

Last modified: 02/04/2025

 

 

 

Check in scan logo
app store spain

FAQs Blog Support About Us Contact How it Works Check-in Scan

SES.HOSPEDAJES Travelers Section Integrations Events Press Work with us
Referral program

Hotel, Hostel, Tourist Accommodation , Camping, Rural Accommodation Bed & Breakfast Hostels and Lodges

Self Check-in Automated Check-in Online Check-in In-Person Check -in Web Check-in Legal Control Panel Traveler Registration
Check in scan logo
+34 951 82 98 60 info@checkinscan.com
app store spain
Help
FAQs Blog Support About Us Contact Pricing How it Works Check-in Scan
Links of Interest
Part of the SES.HOSPEDAJES Guide Integrations Events Press Work with us Referral program
Newsletter
I accept the privacy policy*
© 2026 Check-in Scan.
Legal Notice.
Privacy Policy.
Cookies Policy.
Sitemap.
Made in Mijas, Malaga with