In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), it is hereby informed that the personal data provided through the website sandrarooms.com will be processed by:
Controller: Hosuraco, S.L.
Tax ID: B03966843
Address: Avenida Albufereta 96, 03016 Alicante, Spain
Email: sandra.rooms.alc@gmail.com
Phone: +34 607 649 193
Tourism Registration Number: HA1566
The Controller processes only the data necessary to provide the contracted services or respond to user requests:
Identification data: name, surname, identification document.
Contact details: email address, phone number.
Payment details: card information (tokenised by the payment provider), bank account details where applicable.
Booking-related data: stay dates, number of guests, nationality, preferences.
Browsing data (cookies): IP address, identifiers, pages visited (see Cookies Policy).
The Controller does not request or process special categories of data (health, ideology, etc.).
Personal data are processed for the following purposes:
Managing reservations made via the website, email or phone.
Registering guests in compliance with Spanish public security regulations.
Administrative, accounting and tax management related to accommodation services.
Customer service and communication before, during and after the stay.
Sending informational communications related to the reservation.
Compliance with legal obligations.
Improving the website, user experience and security (via cookies).
No automated decisions with legal effects will be carried out (no automated profiling to determine prices, access or similar).
The lawful bases allowing the processing are:
Performance of a contract (reservation management and service provision).
Consent of the data subject (contact forms, non-essential cookies).
Compliance with legal obligations (guest registration, invoicing, tourism regulations).
Legitimate interest of the Controller (service improvement, website security).
Personal data will be retained for the following periods:
Booking and invoicing data: 5 years to comply with accounting and tax obligations.
Guest registration records: for the legally mandated retention period.
Communications and forms: up to [12 months], unless they result in a reservation.
Browsing data (cookies): as indicated in the Cookies Policy.
Once legal retention periods have expired, the data will be deleted or anonymised.
Your data may be disclosed to:
Competent public authorities (Tourism, Tax authorities, Law Enforcement).
Financial entities for payment processing.
Essential technological providers required for the operation of the website.
All of them act under data processing agreements and comply with GDPR.
No international data transfers outside the EU will be carried out unless covered by adequate legal safeguards (Standard Contractual Clauses or certified providers under applicable frameworks).
Users may exercise the following rights:
Right of access
Right to rectification
Right to erasure
Right to object
Right to restriction of processing
Right to data portability
Right to withdraw consent
To exercise these rights:
In case of disagreement, users may lodge a complaint with the Spanish Data Protection Agency (AEPD).
The Controller applies technical and organisational measures to ensure data security, including:
SSL encryption on the Website
Access control and secure passwords
Storage on secure servers
Data minimisation and deletion protocols
The Controller may update this policy to adapt it to legal changes or service improvements. The current version will always be available on the Website.
