· For the formalization of a contract between CASTLE BEACH S.L. and you.
· When you give your consent in the processing of your data
· When we need them to comply with a legal or regulatory obligation
· When necessary for our legitimate interest or that of a third party.

The User may revoke the consent given at any time by sending an email to a.recio@fuengiorlabeach.com or by consulting the section on exercise of rights below.

Below we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for its use, as well as knowing what kind of personal data we are going to deal with. We can process some personal data for some additional legal reason, so if you need details about it you can send an email to a.recio@fuengiorlabeach.com

Purpose	Type of data	Legitimacy for your treatment
To request information through the Contact Form	· First name · Surnames · Email	Consent of the interested party
To register you as a client in the Web page	· User ·Password	Contract formalization
To manage our relationship with you	· First name · Surnames · Email · Home · Phone · Company or Autonomous	Contract formalization
To make commercial communications, delivering relevant content and that may be of interest	· First name · Surnames · Email	Consent of the interested party
To manage and protect our business and our website	· Technical data · First name · Surnames · Email	Legitimate interest
To lend you the service or product contract	· First name · Surnames · Address · Email · Phone · Bank data	Contract formalization

Commercial communications: you will only receive communications if

• You requested information or made a contract with us for a product or service.
• If you gave us your information, accepting the box enabled in this respect on our form.
• As long as you have not expressed your willingness to stop receiving such communications.

We obtain your express consent before sending any communication, being able to request at any time that we stop sending you communications in the email a.recio@fuengiorlabeach.com

When you choose to stop receiving our communications, your personal data will remain stored as a result of the contract made by you to comply with legal requirements.

Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably believe that we must use it for another reason, notifying you in advance so that you are informed of the legal reason for processing it and provided the purpose is compatible with the purpose original.

Term of conservation: The period of conservation of the personal data will vary according to the service that the Client contracts, being the minimum necessary, being able to stay:

• 6 years according to article 30 of the Commercial Code (accounting books, invoices ...)
• 5 years according to article 1964 of the Civil Code (personal actions without special term)
• 12 months according to article 5 of Law 25/2007, on the conservation of data related to electronic communications and public communications networks.
• 4 years: Law 5/2002, on Infractions and Sanctions in the Social Order (obligations in terms of affiliation, registration, termination, payment of salaries). Article 66 and following. General Tax Law (accounting books ...)

Subscriber data by e-mail or form: From the moment the user subscribes until they unsubscribe.

Data of the users uploaded by CASTLE BEACH, SL to their Social Networks or pages: Since the user gives his consent until he withdraws it.

5. Your Rights in Data Protection

How to exercise these rights? Users can send a communication to the registered office of CASTLE BEACH S.L. or email address a.recio@fuengiorlabeach.com , including in both cases a photocopy of your ID or other similar identification document, to request the exercise of the following rights:

• Access to your personal data: you can ask CASTLE BEACH S.L. if you are using your personal data.
• To request rectification, if they were not correct, or to exercise the right to be forgotten with respect to them.
• To request the limitation of the treatment, in this case, they will only be kept by CASTLE BEACH S.L. for the exercise or defense of claims.
• To oppose your treatment: CASTLE BEACH S.L. will stop treating the data in the way you indicate, except that for legitimate reasons or for the exercise or defense of possible claims, these should continue to be treated.
• To the portability of the data: in case you want your data to be processed by another firm, CASTLE BEACH S.L. , it will facilitate the portability of your data to the new manager.

You can use the models placed at your disposal by the Spanish Agency for Data Protection, to exercise your previous rights: Here

Claim before the AEPD: if you consider that there is a problem with the way in which CASTLE BEACH S.L. is treating your data, you can direct your claims to the corresponding control authority, being in Spain, competent for this: Spanish Protection Agency of data.

We may have to request specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any of the other rights mentioned above). This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.

All the requests are solved within the legal term indicated 1 month. However, it can take more than a month if your request is particularly complex, or if you have already performed a series of actions previously. In this case, we will notify you and keep you updated.

6. Transfer of personal data

It is possible that, in the performance of our work, we should transfer your data to third parties:

• Service providers that provide systems management and information technology services.
• Professional advisors that include lawyers, auditors and insurers that provide banking, legal, insurance and accounting consulting services.

All these assignments will be previously communicated to you and we declare that we require all those in charge of treatment to whom we transfer your data respect the security of your personal data and treat them according to the RGPD. We only allow such managers to process your data for certain purposes and in accordance with our instructions.

7. Data Security

We have implemented the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner, modified or disclosed. In addition, we limit the access to your personal data to those employees, contractors and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspicion of violation of your personal data and we will notify you and the Control Authority in case it happens, as it is regulated in the RGPD in its articles 33 and 34, a security breach.

8. International transfers

Countries outside the European Economic Area (EEA) do not always offer the same levels of protection for their personal data, which is why European legislation has prohibited the transfer of personal data outside the EEA unless the transfer meets certain requirements.

Some of our external service providers are outside the European Economic Area (EEA), so the processing of your personal data will involve a transfer of data outside the EEA.

- Social Networks: CASTLE BEACH S.L. makes use of the social networks Facebook , Instagram , LinkedIn and Twitter , all in the USA.

- Email: The email service of CASTLE BEACH S.L. is provided using the services of MICROSOFT.

If you need an extension with respect to the specific mechanism used by us when transferring your data outside the EEA, you can contact us through our email administracion@fuengirolabeach.com

Update: May 2018