Sa Tanca de Pòrtol – Privacy Policy (Holiday Villa in Mallorca)
Last updated on: December 20, 2025

1. IDENTITY OF THE DATA CONTROLLER

Pursuant to Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), we inform you that:

• Data Controller: Antoni Orell Pol

• Property Owner: Catalina Cañellas Rigo

• Business: Holiday Villa Rental Sa Tanca Pòrtol

• Address: Pòrtol, Mallorca, Spain

• Phone: +34 684 75 72 42

• Email: info@satancaportol.com

• Website: satancaportol.com

2. CONTACT DETAILS OF THE CONTROLLER

For any questions regarding the processing of your personal data, you may contact us:

• By email: info@satancaportol.com

• By phone: +34 684 75 72 42

3. INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

3.1 What data do we collect?

Within the context of our holiday villa rental business, we collect the following personal data:

Reservation and request data:

• First and last name

• Passport or identity document number (ID/passport)

• Email address

• Phone number

• Nationality

• Residential address

• Number of guests

• Approximate arrival time

• Special requests (allergies, needs, preferences)

Accommodation data (as required by the Lodging Law):
In accordance with Spanish legislation on tourist accommodation establishments (Royal Decree 933/2010 and regional regulations), we collect:

• Full identification details of each guest

• Check‑in and check‑out dates

• Origin of the trip

• Emergency contact details (if provided)

Communication data:

• Correspondence via email and telephone

• Communications related to the reservation and stay

3.2 Legal basis for processing

The processing of your data is based on:

• Performance of the contract (Art. 6.1.b GDPR): Data necessary to formalize and execute the reservation and stay.

• Legal obligation (Art. 6.1.c GDPR): Data required by the Spanish Lodging Law and public‑security regulations.

• Legitimate interest (Art. 6.1.f GDPR): Communications regarding changes to bookings, service improvements, and customer support.

3.3 Purpose of processing

Your personal data will be used for:

Reservation management:

• Confirming availability and formalizing the reservation

• Processing booking requests

• Communicating confirmation of check‑in/check‑out

Provision of accommodation services:

• Performing check‑in and check‑out

• Providing personalized assistance during the stay

• Addressing any incidents or special requests

Compliance with legal obligations:

• Mandatory guest registration with the authorities (Lodging Law)

• Security and protection of persons

• Obligatory communications to the authorities, if required

Service improvement:

• Analyzing guest satisfaction

• Implementing improvements based on feedback

• Communicating service updates (if you have given consent)

3.4 Data retention period

• Reservation data: We will retain them for 1 year from the check‑out date, in compliance with accounting and legal requirements.

• Accommodation data: We will retain them as required by applicable law (minimum 3 years under lodging regulations).

• Marketing data: We will delete them when you withdraw your consent.

After these periods your data will be securely erased, except where there is a legal obligation to keep them longer.

4. RECIPIENTS AND DATA SHARING

4.1 With whom do we share your data?

Your data will not be disclosed to third parties except in the following cases:

Competent authorities (Lodging Law):

• Mandatory registration with the National Police/Local Police, in accordance with Law 10/1985 on Citizen Security.

• Shared data: Full identification details, dates of stay, and origin of the trip.

Service providers (data processors):

• FormSubmit (form processing): https://formsubmit.co

• Hostinger (hosting): https://www.hostinger.com

• Google Analytics: Website traffic analysis (with your consent)

These providers are bound by confidentiality clauses.

Emergency situations:

• Health or emergency authorities, if necessary.

International transfers:

• Your data may be processed on servers located within the EU. Hostinger operates under GDPR.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Technical cookies (essential)

We use strictly necessary technical cookies to:

• Maintain the session of the availability calendar.

• Save navigation preferences.

• Ensure the security of the booking form.

These cookies do not require consent (Art. 82.1 LSSI‑CE).

5.2 Analytics cookies (consent required)

When using Google Analytics:

• We collect anonymized usage data (pages viewed, time spent, device information).

• We require your explicit consent.

• You can decline them without any issues.

• Google Analytics is GDPR‑compliant.

5.3 How to manage cookies

You can:

• Accept all in the banner.

• Reject all analytics cookies.

• Configure individual preferences.

• Change your preferences at any time.

To delete cookies in your browser:

• Chrome: Settings → Privacy → Clear browsing data.

• Firefox: Preferences → Privacy → Cookies and site data.

• Safari: Preferences → Privacy.

6. DATA SUBJECT RIGHTS

Under the GDPR and LOPDGDD, you have the following rights:

6.1 Right of access (Art. 15 GDPR)

You may request access to all your personal data that we hold.

6.2 Right of rectification (Art. 16 GDPR)

You may correct inaccurate or incomplete data.

6.3 Right to erasure (Art. 17 GDPR)

You may request deletion of your data, except where there is a legal obligation to keep them.

6.4 Right to restrict processing (Art. 18 GDPR)

You may request that we limit the use of your data in certain circumstances.

6.5 Right to data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, common, and machine‑readable format.

6.6 Right to object (Art. 21 GDPR)

You may object:

• To processing based on legitimate interest.

• To receiving marketing communications.

6.7 Right not to be subject to automated decision‑making (Art. 22 GDPR)

We do not use profiling or automated decisions to reject bookings.

How to exercise your rights:

To exercise any of these rights, send an email to info@satancaportol.com including:

• Your full name

• A copy of your identity document

• A clear description of the right you are exercising

• Your signature

We will respond within a maximum of 30 days, as required by law.

7. SECURITY MEASURES

We implement the following technical and organizational measures to protect your data:

• HTTPS/SSL: Encryption of data in transit.

• Secure passwords: Protected administration panel.

• Restricted access: Only authorized personnel access data.

• Regular backups: Secure backups on protected servers.

• Confidentiality policy: Mandatory for staff.

• Security audits: Periodic checks.

Note: The internet is not 100% secure. We use reasonable measures but cannot guarantee absolute protection.

8. CHANGES TO THIS POLICY

We reserve the right to update this policy at any time. Any significant changes will be communicated by:

• Email (if we have your address).

• Website notice.

• New consent banners.

The updated version will become effective immediately upon publication.

9. CONTACT INFORMATION AND COMPLAINTS

For data‑protection enquiries:

• Email: info@satancaportol.com

• Phone: +34 684 75 72 42

To file a complaint:

If you believe your rights have been violated, you may file a complaint with:

Spanish supervisory authority:

• Spanish Data Protection Agency (AEPD)

• Website: www.aepd.es

• Email: sedeelectronica@aepd.es

• Phone: +34 901 100 099

• Address: Jorge Juan Street, 6, 28001 Madrid, Spain

10. ADDITIONAL INFORMATION

10.1 Legitimacy of transfers to authorities

Law 10/1985 on Citizen Security (amended in 2022) requires that all lodging establishments register their guests. This is a legal obligation, not a privacy breach.

10.2 Protection of minors

We do not accept bookings from guests under 18 years of age without the consent of their parents or legal guardians. Data of minors will be treated with maximum confidentiality.

10.3 Cross‑border GDPR compliance

Although we operate in Mallorca, some guests will be from outside Spain. We fully comply with the GDPR for EU citizens and with equivalent regulations in other jurisdictions.

11. VERSION AND DATE

• Version: 2.0

• Last updated: December 20, 2025

• Validity: Indefinite until the next update

By making a reservation at Sa Tanca Pòrtol, you confirm that you have read and accepted this Privacy Policy.

This document has been drafted in accordance with:

• Regulation (EU) 2016/679 (GDPR)

• Organic Law 3/2018 on Data Protection (LOPDGDD)

• Law 34/1988 on Advertising

• Law 10/1985 on Citizen Security

• Royal Decree 933/2010 on lodging establishments

• LSSI‑CE (Law on Information Society Services and Electronic Commerce)

PRIVACY POLICY AND DATA PROTECTION