1) Data Controller

• Company: Casablanca Real Estate SL
• Company ID (CIF): B82572900
• Registered address: C/ Velázquez nº 64, 4th floor, left door, 28001, Madrid, Madrid, Spain
• Privacy contact email: contact@elrinconmarbella.com

2) Applicable law

This policy is intended to comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), Spain’s Organic Law 3/2018 (LOPDGDD), and Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE).

3) Personal data we process

Depending on how you use the website, we may process:

• Identity and contact details: name, surname, email, phone number, country/language.
• Booking/request details: dates, number of guests, purpose of stay, preferences, and any information you include in your message.
• Contractual and billing details (if applicable): tax/billing information, address, and other data required to invoice and manage the service.
• Technical and usage data: IP address, identifiers, device/browser information, server logs, pages visited, and metrics (from cookies and server records).
• Communications: emails, contact forms, phone calls, and messaging if integrated.

We do not request special category data. If you voluntarily provide such data, we will use it only to handle your request.

4) Purposes of processing

• To respond to enquiries and requests.
• To manage availability requests, quotes and bookings (pre-contractual steps).
• To deliver contracted services and related administration (confirmations, coordination, invoicing where applicable).
• To maintain website security and prevent fraud/abuse.
• To perform analytics and improve the website (only if you accept analytics cookies).
• To send service-related marketing communications (only where a valid legal basis applies).

5) Legal bases

• Consent: contact forms, subscriptions, and non-essential cookies.
• Pre-contractual measures / contract performance: handling booking requests and reservations.
• Legal obligation: accounting/tax compliance and handling data subject rights.
• Legitimate interests: website security and abuse prevention (subject to balancing test and safeguards).

6) Recipients and processors

Your data may be processed by service providers acting as data processors, such as hosting, email, CRM, form tools, analytics, security/anti-spam services, and payment providers (if applicable).
We may disclose data to public authorities when legally required.

We do not sell personal data or share it for unrelated purposes without a legal basis.

7) International transfers

If we use providers located outside the EEA, transfers will be made with appropriate safeguards (e.g., Standard Contractual Clauses and supplementary measures where required).

8) Data retention

• Enquiries/requests: for the time needed to handle them and then up to 24 months for traceability.
• Contractual relationship: for the duration of the contract and applicable statutory periods (e.g., up to 6 years for accounting/tax purposes where relevant).
• Marketing: until you withdraw consent or object, as applicable.
• Security logs: only as long as necessary under internal/provider policies.

9) Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction, portability, and withdraw consent where processing is based on consent.
To exercise your rights, email contact@elrinconmarbella.com and include the right you wish to exercise and sufficient identification.

10) Complaints

You may lodge a complaint with the Spanish Data Protection Authority (AEPD).