In compliance with current legislation, Frou Frou (hereinafter also referred to as the Website) undertakes to adopt the necessary technical and organisational measures, appropriate to the level of security required by the risk of the data collected.
Laws incorporated in this Privacy Policy
This Privacy Policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following laws:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
• Organic Law 3/2018, of 5 December (LOPD-GDD)
• Law 34/2002, of 11 July (LSSI-CE)
Identity of the Data Controller
The Data Controller for personal data collected on this Website is Queen Estepona SL, with Tax ID (NIF/CIF): B72911530, registered in the Mercantile Registry, Volume 1, Page 9, Sheet 8888.
Representative: Ms. Alina KotliarAddress: Calle Generalife 9, Aloha Pueblo, Marbella 29660, Málaga
Contact phone: XXXXX
Contact email: gdpr@froufrou-sp.com
Personal Data Registration
In compliance with the GDPR and the LOPD-GDD, users are informed that personal data collected by Frou Frou through its forms will be incorporated into our systems in order to facilitate, streamline, and fulfil the commitments established between Frou Frou and the User, or to maintain the relationship set forth in the forms, or to respond to a request or inquiry.
Additionally, unless the exception in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying the purposes and other circumstances as set out in the GDPR.
Principles applicable to data processing
• Lawfulness, fairness and transparency
• Purpose limitation• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability
Categories of personal data
Only identifying data are processed. No special categories of personal data are processed as defined in Article 9 of the GDPR.
Legal basis for processing
The legal basis for processing personal data is the User’s consent, which may be withdrawn at any time and as easily as it was given. Withdrawing consent does not affect the lawful use of the Website.
Where personal data are requested via forms for inquiries or services, the User will be informed whether the provision of such data is mandatory for the requested action.
Purpose of processing
Personal data are collected and managed by Frou Frou in order to:
• Manage the reservations requested by the User
• Send confirmation or documentation of the reservation
• Send commercial communications via email or similar electronic means about offers and services, when consent has been given
The data may also be used for commercial, operational and statistical purposes, marketing studies, and for improving the content, performance, and browsing experience of the Website.
At the time the personal data are collected, the User will be informed of the specific purposes of the processing.
Retention periods
Personal data will be retained only for as long as necessary for the purposes for which they were collected. Specifically, data will be kept during the commercial relationship or until the User requests their deletion.
The User will be informed of the retention period or, when not possible, the criteria used to determine it.
Data recipients
User data may be shared with the following service providers:
• WebFlow
• j2.net
• SevenRooms
If international data transfers are to be made, the User will be informed of the destination country or international organisation and whether an adequacy decision by the European Commission exists.
Children’s data
Only users over the age of 14 may lawfully give their consent to the processing of personal data by Frou Frou. In the case of users under 14, consent from parents or legal guardians is required.
Confidentiality and data security
Frou Frou commits to adopting appropriate technical and organisational measures to safeguard personal data and prevent their accidental or unlawful destruction, loss, alteration, disclosure, or unauthorised access.
The Website uses an SSL (Secure Socket Layer) certificate to ensure secure and encrypted communication between the User and the server.
However, as internet security cannot be fully guaranteed, Frou Frou undertakes to notify the User without undue delay in the event of a personal data breach that may pose a high risk to their rights and freedoms.
Personal data will be treated as confidential, and this obligation will be contractually or legally enforced with employees, partners and third parties who access the data.
User rights
The User may exercise the following rights under the GDPR and Organic Law 3/2018:
• Right of access: To obtain confirmation as to whether personal data are being processed and access such data
• Right to rectification: To request correction of inaccurate or incomplete data
• Right to erasure (right to be forgotten): To request deletion of personal data when no longer necessary or when consent is withdrawn
• Right to restriction of processing: To limit the processing of personal data under certain conditions
• Right to data portability: To receive personal data in a structured, commonly used, and machine-readable format and transmit them to another controller
• Right to object: To object to the processing of personal data
• Right not to be subject to automated decisions, including profiling
To exercise these rights, the User must send a written request addressed to the Data Controller with the subject “GDPR-https://evaestepona-sp.com/”, including:
• Full name and valid proof of identity
• Specific reason or request
• Contact address for notifications
• Date and signature
• Supporting documents for the request (if applicable)
The request can be sent to:
Postal address: Calle Generalife 9, Aloha Pueblo, Marbella 29660, Málaga
Email: gdpr@froufrou-sp.com
Links to third-party websites
This Website may include links to third-party sites that are not operated by Frou Frou. Each of these sites will have its own privacy policy, and Frou Frou is not responsible for their content or practices.
Complaints to the supervisory authority
If the User believes that their data is being handled in breach of applicable law, they may file a complaint with the relevant supervisory authority. In Spain, this is the Spanish Data Protection Agency (Agencia Española de Protección de Datos).
The User must have read and agree to the terms of this Privacy Policy and consent to the processing of their personal data in the manner and for the purposes described. Use of the Website implies acceptance of this Privacy Policy.
Frou Frou reserves the right to modify this Privacy Policy at its sole discretion or due to legal, jurisprudential or regulatory changes. Changes will not be explicitly notified to Users. It is recommended to consult this page regularly.
This Privacy Policy was updated to comply with Regulation (EU) 2016/679 and Organic Law 3/2018.
In Marbella, on 02/04/2024.
