Privacy Policy
This legal text gives you details of how we collect and process your personal data through the use of our website including any information you may provide us through the site when you make a reservation, sign up for our newsletter or provide your contact information through the form enabled for this purpose.
By providing us with the data, we inform you that our services are not possible for those people who are prevented by regulations from giving consent, so when you send us the forms, you guarantee that you have sufficient capacity to grant consent.
Below we inform you about the data protection policy of: Castle Beach, SL
1. Responsible for the treatment.
Contact details of the person in charge:
Castle Beach, SL, with CIF: B92076595 and address at: Avda. de la Encarnación, no. 2 29640 Fuengirola Málaga and telephone: 951062700. Email:
Castle Beach, SL, is responsible for your data. (hereinafter we or our).
2. What data do we collect?
The General Data Protection Regulation defines personal data as all information about an identified or identifiable natural person, that is, any information capable of identifying a person. This would not include anonymous or percentage data.
The personal data that could be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding treatment activities, owned by Castle Beach, SL
We may process certain types of personal data on our Website, which may include:
Identity data: name, surnames and NIF/NIE/Passport.
Personal characteristics data: date of birth.
Contact information: email and telephone.
We do not collect any data related to special categories of personal data (those that reveal your ethnic or racial origin, political opinions, religious or philosophical convictions, trade union membership and information about your health, genetic or biometric data).
In the event that you are required to collect personal data by law or under the terms of the contract between us and you refuse to provide it to us, we may not be able to perform said contract or provide the service, and you must notify us in advance.
3. How do we collect your personal data?
The means we use to collect personal data are:
Through the form on our website, through our contact emails, by phone or post, when:
either Request information about our products or services
either Contract the provision of our services or products
either Request quotes
either You subscribe to any of our services or publications
either Send your comments
To ensure the quality of our portal, we reserve the right to reject any registration request or to suspend or cancel a previously accepted registration if we understand that it does not meet these requirements or any other law or regulation. If this occurs, we will try to explain the reasons for our decision, but we cannot commit to doing so in all cases.
Through technology or automated interactions: On our site we may automatically collect technical data about your equipment, browsing actions and usage patterns. This data is collected through cookies or similar technologies. If you want more information, you can consult our cookies policy
Through third parties:
either Google: analytical data or search data. Outside the European Union.
4. Purpose and legitimacy for the use of your data.
The most common uses of your personal data are:
- For the formalization of a contract between Castle Beach, SL and you.
- When you give your consent to the processing of your data.
- When we need them to comply with a legal or regulatory obligation.
- When it is necessary for our legitimate interest or that of a third party.
The User may revoke the consent given at any time by sending an email to or by consulting the section on the exercise of rights below.
Below we attach a table in which you can consult the ways in which we are going to use your personal data and the legitimacy for its use, in addition to knowing what type of personal data we are going to treat. We may process some personal data for any additional legal reason, so if you need details about it you can send an email to
Type of data
Legitimacy for your treatment
To request information through the contact form
- Name
- Surnames
- Email
- Telephone
Consent of the interested party
To sign up for our newsletter
- Email
Consent of the interested party
To make a reservation
- Name
- Surnames
- NIF/NIE/Passport/
- Email
- Telephone
- Date of Birth
Consent of the interested party
Fulfillment of a contractual obligation
legitimate interest
To access my reservations
- Email
Consent of the interested party
Fulfillment of a contractual obligation
legitimate interest
Commercial communications: you will only receive communications if
- You requested information from us or made a contract with us for a product or service.
- If you provided us with your data, accepting the box enabled in this regard on our form.
- As long as you have not expressed your wish to stop receiving such communications.
We obtain your express consent before sending you any communication, and you may request at any time that we stop sending you communications at the email
When you choose to stop receiving our communications, your personal data will continue to be stored as a result of the contract made by you to comply with legal requirements.
Purpose: we will only use your data for the purposes for which we collected it, unless we reasonably consider that we should use it for another reason, notifying you in advance so that you are informed of the legal reason for its processing and as long as the purpose is compatible with the purpose original.
5. How long will we keep your data?
They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data. The provisions of the different regulations regarding the conservation period will apply, in what is applicable to this treatment.
Subscriber data by e-mail or form: From the time the user signs up until they unsubscribe.
6. Minors.
Castle Beach, SL does not authorize minors under 14 years of age to provide their personal data through the means enabled on this website (completion of web forms for requesting services, contact or by sending emails ). Therefore, the persons who provide personal data using said means formally state that they are over 14 years of age, leaving Castle Beach, SL exempt from any responsibility for the breach of this requirement.
If your child under the established age limit has provided personal information to Castle Beach, SL , please contact us to request the exercise of your applicable rights.
In those cases in which the services offered by Castle Beach, SL are intended for children under 14 years of age, the means will be enabled to obtain the authorization of the parents or legal guardians of the minor.
7. Exercise of Data Protection Rights:
How to exercise these rights? Users may send a communication to the registered office of Castle Beach, SL or email address, including in both cases a photocopy of their ID or other similar identification document, to request the exercise of the following rights:
- Access to your personal data: you can ask Castle Beach, SL if it is using your personal data.
- To request their rectification, if they were not correct, or to exercise the right to be forgotten with respect to them.
- To request the limitation of the treatment, in this case, they will only be kept by Castle Beach, SL for the exercise or defense of claims.
- To oppose their treatment: Castle Beach, SL will allow the data to be processed in the manner that you indicate, unless for legitimate reasons or for the exercise or defense of possible claims, they must continue to be processed.
- To the portability of the data: in case you want your data to be processed by another firm, Castle Beach, SL , will facilitate the portability of your data to the new person in charge.
You can use the models made available to you by the Spanish Data Protection Agency, to exercise your previous rights: Spanish Data Protection Agency.
We will request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of the other rights listed above). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.
All requests will be resolved within the indicated legal period of one month. However, it may take us longer than a month if your request is particularly complex. In this case, we will notify you and keep you updated.
8. Data communication: provision of services.
It is possible that, in the performance of our work, we need the help of third parties, who will only process the data to provide the contracted service, and with whom we have the corresponding measures to guarantee your rights:
- Service providers that provide information technology and systems administration services.
- Professional advisers including lawyers, auditors and insurers who provide banking, legal, insurance and accounting consulting services
All data processors to whom we transfer your data will respect the security of your personal data and will treat it in accordance with the GDPR.
We only allow such processors to process your data for specified purposes and in accordance with our instructions. However, in compliance with transparency, you can request a list of these companies that provide us services, you can do so by email:
9. Data Security.
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, modified or disclosed. In addition, we limit access to your personal data to those employees, contracting agents and other third parties who have a business need to know such data. They will only process your personal data on our instructions and will be subject to a duty of confidentiality.
We have implemented procedures to deal with any suspicion of violation of your personal data and we will notify you and the Control Authority in the event that a security breach occurs, as regulated in the RGPD in its articles 33 and 34.