Hotel & SPA Real Villa Anayet

HOTEL TELEPHONE: (+34) 974 37 31 46 SIGN IN

BOOKING in our hotels  and get a 25% discount!




In accordance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (General Data Protection Regulation, hereinafter, GDPR) and the current Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, EIZASA HOTELES SOCIEDAD LIMITADA, with CIF B50768225 and address site at Avda. César Augusto nº 12, 50004, Zaragoza (hereinafter, EIZASA HOTELES), informs users of the website (hereinafter, “web page” ), about the treatment of personal data, which they have voluntarily provided during the registration process, access and use of the functions offered by the website.

  1. Identification of the Data Controller

In terms of data protection, EIZASA HOTELES must be considered Responsible for the Treatment, in relation to the files/treatments identified in this privacy policy.

  1. Legitimation

The treatment of the user’s data is carried out with the following legal bases that legitimize it, as provided for in articles 6 and 7 of the GDPR: free, specific, informed and unequivocal consent of the user, making this policy available to them. of privacy, which must be accepted by means of a declaration or a clear affirmative action, such as marking a box provided for this purpose, execution of a contract for the purchase of a product from EIZASA HOTELES or a service offered by it.

  1. Consent to the processing of personal data

Obtaining the user’s consent is a prerequisite for the processing of personal data by EIZASA HOTELES. Therefore, the functions included in the website that require access to the user’s personal data may only be used after obtaining the user’s consent.

As provided for in article 7 of the GDPR, the user’s consent must reflect a free, specific, informed, and unequivocal expression of will when accepting the processing of their data by EIZASA HOTELES. For these reasons, when using the aforementioned functions, the User will have to check a box through which they will give their express consent to the processing of their personal data.

  1. Minors

The processing of personal data of a minor user may only be based on their consent when they are over fourteen years of age. In this sense, the treatment of the data of minors under fourteen years of age, based on consent, will only be lawful if the holder of parental authority or guardianship is stated (Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, hereinafter, LOPD).

  1. Purpose of data processing

EIZASA HOTELES will collect the data that is strictly necessary to achieve the purposes of obtaining them, as provided for in the principle of data minimization and purpose limitation established by article 5 of the GDPR. That is why, in the event that the User does not provide said data, some functions and contents of the web page based on said data cannot be offered.

The functions for which the website needs to collect the user’s personal data are the following:

  • respond to the requests and orders made by the User;
  • sending commercial and/or promotional communications by electronic means.
  • To use the functions listed, the User must voluntarily provide personal data (essentially identification and contact information), which will be incorporated into automated media owned by EIZASA HOTELES.
  • The personal data provided by the User may be used to send bulletins (newsletters), as well as commercial communications of promotions and/or publicity of EIZASA HOTELES, only when the User has previously given their express consent to receive these communications via electronics.
  • The collection, storage, modification, structuring and, where appropriate, deletion, of the data provided by users, will constitute processing operations carried out by the Controller, in order to guarantee the proper functioning of the page. website, to maintain the service provision and/or commercial relationship with the User, and for the management, administration, information, provision and improvement of the service.
  1. Categories of personal data collected

The personal data collected by EIZASA HOTELES corresponds to any information that the User has provided when visiting the website, that is, their name, surname, email and in certain cases the text of the message that they have sent to EIZASA HOTELES. Additionally, when the User visits the website, certain information is automatically stored for technical reasons, such as the IP address assigned by your Internet access provider.

  1. Preservation of personal data

The personal data to which you have access will be processed and kept as long as a contractual relationship or the purpose for which they were collected is maintained. After that, EIZASA HOTELES will keep the personal data once their contractual relationship has ended or when they are no longer relevant for the purposes collected, duly blocked, for their making available to the competent Public Administrations, Judges and Courts or the Public Prosecutor’s Office during the limitation period of the actions that could be derived from the relationship maintained with the User and/or the conservation periods established by law. EIZASA HOTELS will proceed to the physical deletion of your data once these periods have elapsed.

In the event that the User has given their consent for the treatment purposes reported in this Privacy Policy, EIZASA HOTELES will keep their information as long as the User does not withdraw the consent first provided, through the previously indicated means.

  1. Safety measures

The security measures adopted by EIZASA HOTELES are those required by the GDPR, in accordance with the provisions of its article 32. In this sense, EIZASA HOTELES, taking into account the state of the art, the application costs and the nature, the scope, context and purposes of the treatment, as well as the risks of variable probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.

Likewise, EIZASA HOTELES has established additional measures in order to reinforce the confidentiality and integrity of the information in its organization. Continuously maintaining the supervision, control and evaluation of the processes to ensure respect for data privacy.

Although the Data Controller makes backup copies of the contents hosted on its servers, however, it is not responsible for the loss or accidental deletion of data by users.

  1. Exercise of User rights

Users who have provided their data through, may contact the owner of the same in order to be able to freely exercise their rights of access to their data, rectification or deletion, limitation and opposition regarding the data included in their files.

The interested party may exercise their rights by means of a written communication addressed to EIZASA HOTELES with the reference “Data Protection”, specifying their data, proving their identity and the reasons for their request at the following address: EIZASA HOTELES SOCIEDAD LIMITADA, Avda. Cesar Augusto No. 12, 50004 – Zaragoza (Spain). You can also exercise your rights by email: Likewise, the User has the right to revoke the consent initially given, and to file rights claims against the Spanish Agency for Data Protection (AEPD).

If you wish to contact our data protection officer, you can send an email to

  1. Recipients

The data will not be communicated to any third party outside EIZASA HOTELES, except legal obligation or, in any case, prior request for the User’s consent. On the other hand, EIZASA HOTELES may give access to or transmit the personal data provided by the User to third-party service providers, with whom it has signed commissioned data processing agreements, and who only access said information to provide a service in favor and on behalf of the Data Controller.

  1. International transfers

Users’ personal data will not be shared with third parties outside the European Economic Area.

  1. Links or external links

As a service to our visitors, our Website may include hyperlinks to other sites that are not operated or controlled by the Website. For this reason, EIZASA HOTELES does not guarantee, nor is it responsible for, the legality, reliability, usefulness, veracity and timeliness of the contents of such websites or their privacy practices.

  1. Social Plugins

This web page may include links and services related to different social networks (for example “Like” on Facebook). If the User is a member of a social network and clicks on the corresponding link, the social network provider may link their profile data with the information of their visit to this web page. Therefore, it is convenient for the User to find out about the functions and policies on the processing of personal data of the respective social network.

  1. Changes to this privacy policy

EIZASA HOTELES reserves the right to modify this policy to adapt it to new legislation or jurisprudence as well as industry practices. In such cases, the changes introduced will be announced on this page with reasonable anticipation of their implementation. If the changes introduced require the express consent of the User, they will be communicated directly to the User through an email through which they will have the possibility of withdrawing their consent to the processing of their data.