Book a room
Legal Information
Legal Information

Legal Note

Information in accordance with Article 10 of the LSSI
The owner of this website is:
Identity: HOTEL MEDES II, SL
NIF: B17736885
Address: C/ Guillem de Montgrí, 38 17258 L'Estartit
Tel.: 972 750 880
Email: info@hotelmedes.com
Registered in the Mercantile Registry of Girona, Volume 1909, F 37, S 8, Page GI-31743.
Terms of Use
This legal notice governs the use of the website www.hotelmedes.com (hereinafter, the "Website"), owned by HOTEL MEDES II, S.L.
Browsing the Website confers the status of user and implies full and unreserved acceptance of all the conditions included in this Legal Notice, which may be subject to modification.
The user agrees to use the Website correctly in accordance with the law, good faith, public order, traffic practices, and this Legal Notice. The user shall be liable to HOTEL MEDES II, S.L. or third parties for any damages that may arise as a result of breach of this obligation.
Link Policy
The HOTEL MEDES II, S.L. website may be redirected to content on third-party websites. Since HOTEL MEDES II, S.L. cannot always control the content posted by third parties on its websites, it assumes no responsibility for such content.
HOTEL MEDES II, S.L. is not responsible for the information and content stored, including but not limited to, forums, chats, blog generators, comments, social networks, or any other means that allow third parties to publish content independently on the Website. However, and in compliance with the provisions of Articles 11 and 16 of the LSSI-CE, this website is available to all users, authorities, and law enforcement agencies, actively collaborating in the removal or, where appropriate, blocking of all content that may affect or violate national or international legislation, third-party rights, or morality and public order.
Intellectual and Industrial Property
HOTEL MEDES II, S.L. is the owner of all intellectual and industrial property rights to its website, as well as to the elements contained therein (including but not limited to: images, sound, audio, video, software, or text; trademarks or logos, color combinations, structure and design, selection of materials used, computer programs necessary for its operation, access, and use, etc.), owned by HOTEL MEDES II, S.L. or its licensors. The reproduction, distribution, and public communication, including the making available of all or part of the contents of this website, for commercial purposes, on any medium and by any technical means, is expressly prohibited without the authorization of HOTEL MEDES II, S.L.
The user agrees to respect the intellectual and industrial property rights held by HOTEL MEDES II, S.L. Users may view the elements of the website and even print, copy, and store them on their computer's hard drive or any other physical medium, provided that this is solely and exclusively for their personal and private use.


Limitation of Liability
HOTEL MEDES II, S.L. strives to keep the information and services available on its website up-to-date and functioning optimally, implementing appropriate technical measures to ensure a secure experience. However, HOTEL MEDES II, S.L. cannot guarantee the continuous and uninterrupted availability of the website due to occasional technical issues or maintenance tasks necessary to improve the service.
The information contained on this website is for informational purposes only. The characteristics of the rooms, facilities, services, and rates may be subject to changes. The final contract will be the one established at the time of reservation confirmation.
HOTEL MEDES II, S.L. is not responsible for possible typographical errors, inconsistencies, or outdated information published, and undertakes to correct them as soon as possible once detected.
Modifications
HOTEL MEDES II, S.L. HOTEL MEDES II, S.L. reserves the right to make any modifications it deems appropriate to the Website without prior notice, including the right to change, delete, or add content and services provided through the Website, as well as the way in which they are presented or located on the Website.
Applicable Law and Jurisdiction
The relationship between HOTEL MEDES II, S.L. and the user shall be governed by current Spanish legislation.
In the event of a dispute, and when the user is a consumer or user under consumer regulations, the courts and tribunals of the consumer's domicile shall have jurisdiction, or, at the consumer's discretion, those corresponding to the domicile of HOTEL MEDES II, S.L., in accordance with the provisions of Article 52.3 of the Civil Procedure Law and Article 90.2 of Royal Legislative Decree 1/2007, which approves the revised text of the General Law for the Defense of Consumers and Users.
When the user acts as a professional or business, both parties expressly submit to the jurisdiction and competence of the Courts and Tribunals of La Bisbal d'Empordà (Girona), expressly waiving any other jurisdiction that may apply.
Information on alternative dispute resolution
HOTEL MEDES II, S.L. is committed to alternative dispute resolution for consumer matters in accordance with current legislation.
For any dispute related to the contracting of our online services, we inform you that:
You can contact us directly at info@hotelmedes.com to try to reach an amicable solution.
Until July 20, 2025, you can access the European Online Dispute Resolution Platform at: https://ec.europa.eu/consumers/odr/
You can contact the alternative dispute resolution entities for consumer matters established in Catalonia.
As of July 20, 2025, with the full entry into force of Regulation (EU) 2024/3228, you will continue to have access to alternative dispute resolution mechanisms through accredited national entities, but the aforementioned European platform will no longer be operational.
In the case of cross-border disputes, you may turn to alternative dispute resolution entities in your country of residence or those in Spain, as established by the regulations on alternative dispute resolution for consumer matters.



Privacy policy

March 2025


HOTEL MEDES II, SL is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by HOTEL MEDES II, SL implies the user's acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that although there may be links from our website to other websites or social networks, this Privacy Policy does not apply to the websites of other companies or organizations to which the website is redirected. HOTEL MEDES II, SL does not control the content of third-party websites, nor does it accept any responsibility for the content or privacy policies of such websites.


Basic information about data processing (Regulation (EU) 2016/679 and LO 3/2018)


Data controller:



  • HOTEL MEDES II, SL

  • NIF: B17736885

  • C/ Guillem de Montgrí, 38 17258 L'Estartit

  • Email: info@hotelmedes.com


Purpose of data processing: To offer and manage tourist accommodation services, catering, events, and complementary activities.


Legal basis:



  • Consent obtained from the data subject when requesting information.

  • Performance of the service contract when contracting with us.

  • Compliance with legal obligations.


Recipients: Data will not be shared with third parties unless required by law, necessary to fulfill the purpose of the processing, or if the data subject has given explicit consent for communication to partner companies involved in tourism activities.


Data subject rights: Data subjects have the right to exercise their rights of access, rectification, restriction of processing, erasure, data portability, and objection by submitting a request to our address.


Data retention period: While the business relationship is maintained or during the years required to comply with legal obligations.


Complaint: Data subjects may contact the AEPD to lodge a complaint they deem appropriate.


Additional information: You may consult additional and detailed information below under "Privacy Questions."


Privacy Questions


In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (GDPR), and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we offer the following information regarding data processing:


Who is responsible for processing your data?


Identity: HOTEL MEDES II, SL


NIF: B17736885


Address: C/ Guillem de Montgrí, 38 17258 L'Estartit


Phone: 972 750 880


Email: info@hotelmedes.com


For what purpose do we process your personal data?



  • We process the information provided to manage tourist accommodation, restaurant, and complementary activities.

  • Management of reservations and hotel stays.

  • Management of restaurant services and takeaway food.

  • If you contact us through the contact form on our website, we will process your data to handle your inquiry.

  • Management of free access to the hotel's WiFi network.

  • Coordination with partner companies for booking tourist activities when requested by the client.

  • Organization of events and celebrations.

  • Use of your data to inform you about our activities, products, or services if you are already a client or, if not, if you have given us your consent to do so.

  • Upon accessing our facilities, your image may be recorded by video surveillance cameras for security control purposes.

  • If you send us a resume, we will process your data to manage the CV database for staff selection.


How long will we keep your data?


The personal data provided will be retained as long as you are a user of our services or wish to receive information, as you can object to the processing of your data for promotional purposes when you provide them or at any later time by notifying us at info@hotelmedes.com, and then, during the timeframes established to comply with our legal obligations:



  • Billing data will be retained for 6 years according to tax regulations.

  • Traveler registration data will be retained for 3 years as established by citizen security regulations.

  • Images captured by the video surveillance system will be retained for one month.

  • WiFi connection data will be retained for 12 months in compliance with Law 25/2007.

  • CV data will be retained for one year.


What is the legal basis for processing your data?


For the management of the contractual relationship with the data subject, we base data processing on the performance of the contract or within the context of the pre-contractual relationship.


For sending commercial information, we base processing on your consent, although if you are already our client, we may send you information about our products and services, always providing an easy and free way to unsubscribe, in accordance with Article 21.2 of Law 34/2002, of July 11, on information society services and electronic commerce.


Regarding information submitted by individuals under 14 years of age, it is essential that it is provided with the consent of a parent, guardian, or legal representative of the minor so that personal data can be processed. Otherwise, the minor's legal representative must inform us as soon as they become aware of it.


As for the capture of images by the video surveillance system, the legal basis is the legitimate interest in preserving the safety of people and property.


Who will your data be shared with?


Data will not be shared with third parties unless required by law or necessary to fulfill the purpose of processing.


In some cases, to properly provide the service, it will be necessary to share your data with:



  • Tax Administration.

  • Law Enforcement for traveler registration.

  • Financial institutions for payment management.

  • Partner companies for tourist activities (only when the client contracts these services).

  • Competent Public Administrations when required by applicable regulations.


What are your rights when you provide us with your data?



  • Anyone has the right to obtain confirmation about whether we are processing their personal data.

  • Data subjects have the right to access their personal data, request the rectification of inaccurate data, or request their deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

  • In certain circumstances, data subjects may request the restriction of processing, in which case we will only retain them for the exercise or defense of claims.

  • Also, in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In such case, we will stop processing the data unless for compelling legitimate reasons or the exercise or defense of possible claims.

  • Data subjects also have the right to data portability.

  • All data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them in a similar way.

  • Finally, data subjects have the right to file a complaint with the competent Supervisory Authority.


How can you exercise your rights?


By sending a written request with a copy of a document identifying you, to our physical or email address.


How did we obtain your data?


The personal data we process comes from the data subject. The data subject guarantees that the personal data provided is accurate and is responsible for communicating any changes. Data marked with an asterisk is mandatory to be able to provide the requested service.


What data do we process?


The categories of data we may process while providing our services are:



  • Identifying data (name, surname, ID/passport)

  • Postal or electronic addresses

  • Contact data (phone, email)

  • Data necessary for financial transactions

  • Data on accommodation and service preferences

  • Image (video surveillance and, with consent, social media)

  • WiFi connection data


In accordance with Royal Decree 933/2021, of October 26, establishing the obligations of documentary registration and information of individuals or legal entities engaged in lodging activities, we are legally required to collect and communicate certain data of all guests over 14 years of age to law enforcement authorities. Therefore, in addition to the aforementioned data, we will also collect:



  • Stay information: check-in and expected check-out date and time.

  • Payment information: type of payment made (cash, card, transfer). Our clients should know that in the case of card payments, we do not store card details, only a token or secure identifier provided by financial institutions.


For minors under 14 years of age, their data will be provided by the accompanying adult, indicating the relationship when applicable.


The data collected for traveler registration is obtained through procedures that ensure only the strictly necessary data is collected to comply with this legal obligation, without storing additional information or full images of identity documents. The collection and communication of this information constitutes a legal obligation and is essential for the provision of lodging services.


In the case of resumes received for selection processes, in addition to basic identification and contact details, we will process the following information you provide:



  • Personal characteristics

  • Academic and professional background

  • Work experience


The data is limited, as we only process what is necessary for the provision of our services and the management of our activity.


Do we use cookies?


We use cookies during navigation on our website with the user's consent.


Users can configure their browser to be warned about the use of cookies and to prevent their use. Please refer to our cookies policy.


What security measures do we apply?


We apply the security measures established in Article 32 of the GDPR; therefore, we have adopted the necessary measures to ensure a level of security appropriate to the risk of the data processing we carry out, with mechanisms that allow us to ensure the confidentiality, integrity, availability, and resilience of processing systems and services.


Some of these measures include:



  • Informing staff about data processing policies.

  • Periodic backup copies.

  • Access control to data.

  • Regular verification, evaluation, and assessment procedures.