Privacy Policy

At LA SIESTA RETREATS, we take your personal data protection seriously. This privacy policy explains how we collect, use, and protect the data you provide through our website, in accordance with Regulation (EU) 2016/679 (GDPR) of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Who is responsible for your data?

• Name: Inés Sáez Marcos (LA SIESTA RETREATS)

• Tax ID (CIF): 71179158T

• Email: contact@lasiestaretreats.com

• Phone: +34 644 763 164

• Website: www.lasiestaretreats.com

Inés Sáez Marcos is the Controller of the personal data of the Data Subject and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679, of 27 April 2016 (GDPR), therefore the following information regarding the processing is provided:

How We Use Your Data

We process the personal data you provide for the following purposes:

• To comply with the duty to inform and obtain the consents required by the new European data protection regulation.

• To manage the tourism and/or accommodation services you have contracted.

• To send you commercial communications about our products or services, unless you explicitly express your opposition by any means. In any case, authorizing the processing of your data for this purpose is voluntary, and refusing it would only result in you not receiving commercial offers related to our products or services.

In which case, could include:

Identification and Contact Data

• What it includes:
  Name, surname, email address, telephone number, postal address.

• Purpose of collection:
  To manage your travel bookings, respond to your inquiries, send you booking confirmations, and communicate with you regarding your trips.

• Legal basis:
  The execution of a contract or pre-contract (for bookings) and the data subject's consent or legitimate interest (for inquiries).

Reservation and Travel Data

• What it includes:
  Travel dates, destinations, accommodation preferences, flight information, names of passengers, passport or national ID information (when required for the booking).

• Purpose of collection:
  To process and confirm your bookings, manage the contracted tourism services (flights, hotels, transfers, insurance), and comply with the legal and regulatory obligations of the tourism sector.

• Legal basis:
  The execution of a contract.

Payment Data

• What it includes:
  Credit or debit card information (number, expiration date, security code).

• Purpose of collection:
  To process payments for your bookings. Please note that we do not directly store the full details of your credit/debit card on our servers. We use secure payment gateways that comply with industry security standards (PCI DSS).

• Legal basis:
  The execution of a contract.

Preference Data

• What it includes:
  Dietary preferences, special needs, travel interests (if you provide them to us).

• Purpose of collection:
  To personalize your travel experience and offer services more tailored to your needs.

• Legal basis:
  The data subject’s consent.

Communication Data

• What it includes:
  Records of emails, telephone calls, and chats via our website.

• Purpose of collection:
  To improve the quality of our customer service, resolve incidents, and maintain a record of your interactions with us.

• Legal basis:
  Legitimate interest and the data subject’s consent.

Browsing Data (Cookies and Similar Technologies)

• What it includes:
  IP address, browser type, operating system, pages visited, time spent on the website.

• Purpose of collection:
  To analyze the use of our website in order to improve it, provide personalized content, and carry out marketing campaigns. For more information, please refer to our Cookie Policy.

• Legal basis:
  The data subject’s consent (for non-essential cookies) and legitimate interest (for technical and functional cookies that are necessary for the operation of the website).

Commercial Communication (Newsletter, Offers)

• What it includes:
  Email address.

• Purpose of collection:
  To send information about offers, promotions, and news from our agency.

• Legal basis:
  The data subject’s consent.

Social Media Data Processing

We use social media to share information about our activities and to engage with our followers. By becoming a follower of our account, you consent to the processing of personal data that is available on your profile, exclusively for that purpose and only within the environment of each social network and in accordance with its terms of use and privacy policies.

Your personal data will be used to manage the list of people who like our page and thereby allow you to receive information directly related to the services we provide, events, activities, and promotions from our organization—always through the social network used—and to interact with us.

Why do we process your data?

Our top priority is customer data security, and, as such, we may process only minimal user data, only as much as it is absolutely necessary to maintain the website. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website usage. This statistical information is not otherwise aggregated in such a way that it would identify any particular user of the system.

You can visit the website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the website’s features, or you wish to receive our newsletter or provide other details by filling a form, you may provide personal data to us, such as your email, first name, last name, city of residence, organization, telephone number. You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website’s features. For example, you won’t be able to receive our Newsletter or contact us directly from the website. Users who are uncertain about what information is mandatory are welcome to contact us via Contact@LaSiestaRetreats.com.

Personal information we collect:

When you visit the La Siesta Retreats, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.” Moreover, we might collect the personal data you provide to us (including but not limited to Name, Surname, Address, payment information, etc.) during registration to be able to fulfill the agreement.

Links to other websites:

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

Information security:

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

How long do we keep your data?

Your personal data will be kept only as long as is strictly necessary to fulfill the purpose for which it was collected. Specifically:

• The data processed to manage your bookings and provide services will be retained for the duration of the contractual relationship and subsequently for the legally required time periods to address any liabilities arising from said relationship. This includes, by way of example, tax and commercial timeframes (generally 4 to 6 years) and legal statute of limitation periods for possible actions (up to 5 years for personal actions).

• Data processed based on your consent (e.g., for sending commercial communications or the use of non-essential cookies) will be kept as long as such consent is not withdrawn, or until the data ceases to be relevant for the purpose for which it was collected.

• Data collected through contact or inquiry forms will be kept for the time necessary to process and respond to your request.

Once the applicable retention periods have expired, your data will be securely deleted or anonymized, making it impossible to identify you.

What are your rights when you provide us with your personal data?

Please note that we access the personal data that appears on your profile solely as a result of mutual following on our social media accounts. Therefore, the exercise of your rights regarding your personal data must be made directly to the social network itself. We will respond to your requests within the framework and limitations set by each social network’s rules.

Your rights are as follows:

• Right of access: You have the right to obtain confirmation of whether or not personal data concerning you is being processed.

• Right of rectification: You have the right to request the correction of inaccurate or incomplete personal data concerning you.

• Right of erasure: You have the right to request the deletion of personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.

• Right to restriction: You may request the restriction of processing, in which case your data will only be stored for the exercise or defense of legal claims.

• Right to data portability: You may request that your automated personal data be transferred to another organization you designate, in a structured, commonly used, and machine-readable format.

• Right to withdraw consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

• Right to object: You have the right to object to the processing of your data.

When the processing of your data is based on consent or is necessary for the execution of a contract or pre-contract and is carried out by automated means, you have the right to data portability—that is, to receive your data in a structured, commonly used, and machine-readable format, including the right to have it transferred to a new controller.

Who can exercise these rights?

These rights are highly personal and, therefore, must be exercised by the data subject directly, who must verify their identity (we will request a copy of their national ID or equivalent).

They may also be exercised through a legal representative, in which case, in addition to the data subject’s ID or equivalent, we will require a valid ID and documented proof of representation of the third party.

Additionally, if you are a European resident, we note that we are processing your information in order to fulfill contracts we might have with you (for example, if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information might be transferred outside of Europe, including Canada and the United States.

What is our obligation when you exercise your rights?

The data controller is required to respond to all requests submitted, regardless of whether or not the processing includes personal data of the requester.

If the request does not meet the specified requirements, the controller must request that the request be corrected.

The controller will respond to requests within one month of receipt. This period may be extended by an additional two months if necessary, considering the complexity and number of requests. The controller will inform the data subject of any such extensions within one month of receiving the request, stating the reasons for the delay.

How can you exercise these rights?

To exercise any of these rights, you may send us an email at:
📧 contact@lasiestaretrets.com

If you believe we have not processed your personal data in accordance with the law or have not fulfilled your rights, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD):
📍 C/ Jorge Juan, 6. 28001 – Madrid
🌐 www.agpd.es

Modifications to this Data Protection Information

LA SIESTA reserves the right to modify its Data Protection Policy in accordance with applicable legislation at any time. Any modifications to this policy will be published on the website.

Personal Data Protection

If the user voluntarily fills out any of the online data collection forms available on the Website to access any services or content, they agree to provide accurate and truthful data and to inform us of any changes to such data. Unless expressly stated otherwise, the data requested in our forms is required to process your request.

In all cases, the relevant online data collection form will include a link to the corresponding privacy notice, which will apply to the processing of the personal data provided. The user's explicit acceptance of that privacy notice is required for the form to be considered completed and the process to be finalized.

The content of that privacy policy may be modified to adapt to any legislative changes, as well as guidance issued by competent Data Protection Authorities.

If a user provides personal data about other individuals, they are required to comply with all applicable data protection obligations, particularly the duty to inform and obtain the data subject’s consent.

Minors under the age of 16 are not permitted to submit their personal data via the Website without prior express authorization from their parents or guardians. In any case, this Website is not intended for minors.

Security Measures Implemented

We have implemented appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (SSL/TLS) to secure communication between your browser and our website.

• Access control to systems and personal data.

• Regular backups to ensure data availability.

• Staff training on data protection.

• Periodic vulnerability assessments and security audits.

Changes to Our Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect legal or jurisprudential developments, or industry best practices. We will notify you of any substantial changes by publishing the updated version on our website. We recommend reviewing this policy periodically to stay informed about how we protect your information.

Contact

If you have any questions or concerns regarding our Privacy Policy or the processing of your personal data, please feel free to contact us via:

📧 Email: contact@lasiestaretreats.com
📞 Phone: +34 644 763 164

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.