1. Data controller
- Identity: [Nombre del responsable no configurado]
- NIF/CIF: [NIF no configurado]
- Address: [Dirección no configurada]
- Contact email: hello@homecorintobeachmalaga.com
2. Processing purpose
The personal data you provide will be processed for the following purposes:
- Booking management: Process and manage your accommodation booking, including related communications.
- Legal compliance: Comply with the obligations established in Royal Decree 933/2021 regarding traveler registration with the competent Spanish authorities.
- Payment processing: Manage booking payments through Stripe, our payment processor.
- Communications: Send you booking confirmations, check-in information and necessary communications for your stay.
3. Legal basis for processing
The processing of your data is based on:
- Contract execution (Art. 6.1.b GDPR): Processing is necessary for the execution of the accommodation contract.
- Legal obligation (Art. 6.1.c GDPR): Royal Decree 933/2021 establishes the obligation to collect and communicate guest data to the authorities.
- Consent (Art. 6.1.a GDPR): For sending commercial communications, if any.
4. Data we collect
4.1. Booking data
- First and last name
- Phone (optional)
- Stay dates
- Number of guests
- Special requests
4.2. Legal data (Royal Decree 933/2021)
In accordance with Spanish accommodation establishment regulations, we must collect:
- Full name
- Identity document number (DNI/NIE/Passport)
- Document issue date
- Date of birth
- Nationality
- Gender
This data is collected for all guests over 14 years of age and is legally required.
4.3. Payment data
Payment data (credit/debit card) is processed directly by Stripe and is not stored on our servers.
5. Data recipients
Your data may be communicated to:
- Spanish authorities: Traveler registration data is communicated to the State Security Forces and Corps as established in Royal Decree 933/2021, through the SES.HOSPEDAJES platform.
- Stripe, Inc.: Payment processor based in the USA, adhering to the Privacy Shield framework and complying with the GDPR.
- Service providers: Only those necessary for the provision of the service (hosting, transactional email).
6. International transfers
Stripe may transfer data to the United States. These transfers are made under the appropriate guarantees established in the GDPR (Standard Contractual Clauses and supplementary measures).
7. Retention periods
- Booking data: Will be kept for the time necessary for booking management and subsequently for the legal limitation periods (5 years).
- Traveler registration data: 3 years from communication to authorities, as established by regulations.
- Tax data: 4 years according to Spanish tax regulations.
8. Data subject rights
You can exercise your rights of access, rectification, erasure, portability, restriction and objection by contacting: hello@homecorintobeachmalaga.com
To exercise these rights, you must prove your identity by providing a copy of your ID/Passport.
If you consider that the processing of your data does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).
9. Security measures
We apply appropriate technical and organizational measures to protect your data, including:
- Data encryption in transit (HTTPS/TLS)
- Restricted access to personal data
- Regular backups
- Secure payment processing through Stripe (PCI DSS certified)
10. Cookies
This website uses cookies. For more information, please see our Cookie Policy.
11. Modifications
We reserve the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments. Changes will be published on this page.
12. Contact
For any queries about this Privacy Policy or the processing of your personal data, you can contact us at: hello@homecorintobeachmalaga.com