BOOK NOW
Reservations
In compliance with current legislation, EVA ESTEPONA (hereinafter also referred to as the Website) undertakes to adopt the necessary technical and organisational measures according to the level of security appropriate to the risk of the collected data.
Laws incorporated in this Privacy Policy
This Privacy Policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPD-GDD).
- Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the Data Controller
The data controller for personal data collected on EVA ESTEPONA is:
FROU MARBELLA S.L., with Tax ID (NIF/CIF) B72911530, registered in the Mercantile Registry of Frou Marbella S.L. with the following registration details:
- Volume: 1
- Page: 9
-Sheet: 8888
Represented by Ms. Alina Kotliar.Contact details:
- Address: Calle Generalife 9, Aloha Pueblo, Marbella 29660, Málaga, Spain
- Contact phone: N/A
- Contact email: gdpr@evaestepona-sp.com
Registration of Personal DataIn compliance with the GDPR and the LOPD-GDD, you are informed that the personal data collected by FROU MARBELLA S.L. through the forms on its pages will be included and processed in our file in order to facilitate, expedite, and fulfil the commitments established between EVA ESTEPONA and the User, or to maintain the relationship established in the forms the User completes, or to respond to a request or inquiry from the User.
Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and the other circumstances established in the GDPR.
Principles applicable to the processing of personal data
The processing of the User’s personal data will be subject to the following principles set out in Article 5 of the GDPR and in Article 4 and subsequent articles of Organic Law 3/2018, of 5 December:
- Principle of lawfulness, fairness, and transparency: User consent will always be required following full transparency about the purposes for which personal data are collected.
- Principle of purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.
- Principle of data minimisation: Personal data collected will be only those strictly necessary for the purposes for which they are processed.
- Principle of accuracy: Personal data must be accurate and kept up to date at all times.
- Principle of storage limitation: Personal data will be maintained in a form that allows identification of the User only for as long as necessary for the purposes of its processing.
- Principle of integrity and confidentiality: Personal data will be processed in a way that ensures their security and confidentiality.
- Principle of proactive responsibility: The Data Controller will be responsible for ensuring that the above principles are complied with.
Categories of personal data
The categories of data processed on EVA ESTEPONA are solely identifying data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.
Legal basis for processing personal data
The legal basis for processing personal data is consent. EVA ESTEPONA undertakes to obtain the User’s express and verifiable consent for processing their personal data for one or more specific purposes.
The User has the right to withdraw consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, withdrawal of consent will not condition the use of the Website.
Whenever the User is required or able to provide data via forms to make inquiries, request information, or for reasons related to the content of the Website, they will be informed if the completion of any of these forms is mandatory because such data are essential for the proper conduct of the requested operation.
Purposes of the processing of personal data
Personal data are collected and managed by EVA ESTEPONA in order to facilitate, expedite, and fulfil the commitments established between the Website and the User or to maintain the relationship established in the forms the User completes, or to respond to a request or inquiry.
Specifically, the data will be used to:
- Manage the reservations requested by the User.
- Send confirmation or documentation of the reservation made.
- Send commercial communications by email or equivalent electronic means regarding offers and related services when the User has given consent.
The data may also be used for commercial purposes of customisation, operational and statistical purposes, and activities related to the corporate purpose of EVA ESTEPONA, as well as for data extraction, storage, and marketing studies to tailor the content offered to the User and improve the quality, operation, and browsing of the Website.
At the time personal data are obtained, the User will be informed about the specific purpose(s) for which the personal data will be processed; that is, the use(s) to which the information collected will be put.
Data retention periods
Personal data will be retained only for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: for as long as the commercial relationship lasts, or until the User requests its deletion.
At the time personal data are obtained, the User will be informed about the period during which the personal data will be retained, or, when this is not possible, the criteria used to determine this period.
Recipients of personal data
The User’s personal data will be shared with the following recipients or categories of recipients:
- WebFlow
- j2.net
- SevenRooms
If the Data Controller intends to transfer personal data to a third country or international organisation, the User will be informed at the time the personal data are obtained about the third country or international organisation to which the data are intended to be transferred, as well as the existence or absence of an adequacy decision by the Commission.
Personal data of minors
In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only those over 14 years of age may lawfully give their consent to the processing of their personal data by EVA ESTEPONA. If the person is under 14 years of age, the consent of parents or guardians will be required for the processing, and this will only be lawful to the extent that they have authorised it.
Confidentiality and security of personal data
EVA ESTEPONA undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the collected data, to ensure the security of personal data and prevent their accidental or unlawful destruction, loss, or alteration, or unauthorised communication or access.
The Website has an SSL (Secure Socket Layer) certificate, ensuring that personal data are transmitted securely and confidentially, as the transmission of data between the server and the User, and in feedback, is fully encrypted.
However, since EVA ESTEPONA cannot guarantee the absolute impregnability of the internet or the total absence of hackers or others who may fraudulently access personal data, the Data Controller undertakes to inform the User without undue delay when a personal data breach occurs that is likely to result in a high risk to the rights and freedoms of natural persons.
In accordance with Article 4 of the GDPR, a “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the Data Controller, who undertakes to inform and ensure, through a legal or contractual obligation, that such confidentiality is respected by its employees, associates, and anyone to whom it makes the information accessible.
