GDPR Compliance Policy

Introduction

This GDPR Compliance Policy is an integral part of the legal framework of Renovation Group SCA (hereinafter, “the Company”), with its registered office at Calle de la cruz 38, 29620, and CIF F09867276, governing the website marbellahosto.com (hereinafter, “the Website”). This policy is established in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter, “GDPR”) and the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD).

Scope and Purpose

The purpose of this policy is to inform Users of the Website about the collection, processing, and protection of personal data that are provided or collected through the Website in the course of using the services offered by the Company for the management of vacation properties.

Data Collection and Processing

1. Lawfulness of Processing: In compliance with Article 6 of the GDPR, personal data shall only be processed lawfully, fairly, and in a transparent manner in relation to the data subject. The processing is only lawful if and to the extent that at least one of the following applies: the data subject has given consent to the processing of their personal data for one or more specific purposes; processing is necessary for the performance of a contract to which the data subject is party; processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary in order to protect the vital interests of the data subject or of another natural person; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

2. Data Subject Rights: In accordance with Articles 15-22 of the GDPR, data subjects have the right to access their personal data, to request the rectification of inaccurate data, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected, under certain circumstances, to request the limitation of their processing, to have the right to object to the processing of their data for reasons related to their particular situation, to request data portability in a structured, commonly used and machine-readable format, and to not be subject of automated individual decision-making.

3. Data Security: Pursuant to Article 32 of the GDPR, the Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the data processing, including, inter alia, as appropriate: the pseudonymization and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Data Transfer

The Company does not transfer personal data to third countries outside of the European Economic Area (EEA) without ensuring adequate levels of data protection as required by the GDPR.

Amendments to the Policy

This GDPR Compliance Policy may be updated periodically to reflect changes in our practices concerning the processing of personal data or changes in the applicable legislation. We will indicate at the top of the policy when it was most recently updated.

Contact

For any questions or requests regarding the processing of personal data, Users can contact in properties@marbellahost.com.