Privacy Policy

Last updated: 27/Oct 2025

Privacy Policy

This Privacy Policy explains how Villa Santa Rosa SL (CIF/VAT: B01926245) (“we”, “us”, “our”) collects, uses and protects your personal data when you interact with us — including through our website villasantarosa.com (the “Website”) and when you make enquiries, bookings or payments.

We act as the data controller in accordance with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

If you have any questions about this notice or your data, contact us at info@villasantarosa.com.

Table of Contents

  1. What Information We Collect
  2. How We Use Your Information
  3. Legal Bases for Processing
  4. Who We Share Data With
  5. Data Retention
  6. Cookies & Analytics
  7. Data Security
  8. Your Rights
  9. Contact Details

1. What Information We Collect

We collect only the data necessary to manage enquiries, bookings, payments and related communications. This may include:

  • Identification and contact details (name, email, phone number)
  • Booking details (dates, number of guests, services requested)
  • Billing and payment information (amounts, payment method, transaction metadata)
  • Messages or correspondence you send us (email, WhatsApp, contact forms)
  • Technical information such as IP address or browser type (collected via cookies — see section 5)

We do not collect or store your full card details — all card data is processed securely by Stripe. For bank transfers (IBAN), only payment reference and confirmation details are recorded.

2. How We Use Your Information

We use your personal data to:

  • respond to enquiries and manage bookings or event participation;
  • process payments and issue invoices or receipts;
  • comply with accounting, legal and tax obligations;
  • ensure Website functionality, security and fraud prevention;
  • send administrative and transactional communications (e.g. booking confirmations);
  • send optional promotional information only with your explicit consent. Marketing emails are sent no more than occasionally and always include an unsubscribe link.

3. Legal Bases for Processing

We process your data under one or more of the following legal grounds:

  • Contract performance: to provide services you request (bookings, payments, communication).
  • Legal obligation: to comply with accounting, invoicing or tax laws.
  • Legitimate interest: to maintain network security and improve services.
  • Consent: for optional marketing or analytics where required.

4. Who We Share Data With

We may share limited personal data with trusted partners strictly for operational purposes:

  • Stripe – payment processing (card transactions).
  • Hosting and email providers – for secure operation of our Website and communications.
  • Professional advisers (accountants, legal, IT) – where necessary and bound by confidentiality.
  • Authorities or regulators – when required by law.

We do not sell or rent your personal information to third parties.

Data may be stored or processed within the European Union. If a transfer outside the EEA occurs, it will follow GDPR-compliant safeguards (e.g., EU Standard Contractual Clauses).

5. Data Retention

Personal data is kept only for as long as necessary for the purposes described, and to meet legal obligations (e.g. tax and accounting retention). Typical retention periods:

  • Booking and invoicing data: up to 6 years after the end of the fiscal year.
  • Enquiry correspondence: up to 12 months after last contact.
  • Marketing data: until you withdraw consent.

6. Cookies & Analytics

Our Website uses necessary cookies and, if you consent, functional and analytics cookies to improve performance and usability. You can manage or withdraw consent at any time through our Cookie Policy.

7. Data Security

We implement appropriate technical and organisational measures (HTTPS, encryption, access controls) to protect your data. However, no online service is completely secure, and we cannot guarantee absolute protection against all risks. In the event of a data breach likely to affect your rights, we will notify you and the competent authorities as required by law.

8. Your Rights

Under the GDPR, you may exercise the following rights:

  • Access your personal data and obtain a copy.
  • Request rectification of inaccurate data.
  • Request erasure (“right to be forgotten”) where legally applicable.
  • Request restriction or objection to processing.
  • Request portability of data to another controller.
  • Withdraw consent at any time (without affecting prior lawful processing).

To exercise your rights, contact us at info@villasantarosa.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

You can opt out of marketing emails at any time by using the unsubscribe link in our messages or by emailing us.

9. Contact Details

Villa Santa Rosa SL
CIF/VAT: B01926245
Avinguda Marcos Redondo 7, 17406 Viladrau, Girona, Spain
Email: info@villasantarosa.com
Phone: (+34) 622 321 324

Close
Villa Santa Rosa
Guest House in Viladrau

Avinguda Marcos Redondo, 7
17406 Viladrau, Girona, Spain

Get Directions
Contact Info
Close

Choose your language