This Privacy Policy applies to your Personal Data when you visit https://coastventure.com (the Website) or use our services through this Website and does not apply to online websites or services that we do not own or control. The Website may include links to other websites for which shall apply their own privacy and cookie policies.
If you have any questions or requests, please contact us at: COASTVENTURE S.L., CIF B56309883, email info@coastventure.com
Data protection contact: info@coastventure.com
WHO WE ARE
The Company, providing you services through this Website is COASTVENTURE S.L., CIF B56309883, represented by Christo Palasov, in the capacity as CEO.
PERSONAL DATA WE COLLECT AND HOW WE USE IT
Personal data is data that describes and is linkable to someone as a person.
We collect personal data in order to provide the services to our visitors. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our services as explicitly described below.
We processes the following personal data provided by you:
1. Personal data received from the Contact Sections in the Website - When you contact us through our contact forms, by phone or via email, we will process the personal data you provide us with: your name, email address, phone number (optional) and any information you have included in your inquiry/request as well as information you have provided through our channels in Facebook, Instagram and LinkedIn - in order to provide the assistance you need.
The term for storing your data if you have contacted us through our contact form is 6 months in order to facilitate the communication and assist you in all matters.
2. Personal data received in relation to renting a property - in order to provide you our services, we will process the personal data you provide us with, including, but not limited to:
- In order to make a reservation - your first and last name, email address, phone number as a person making the reservation. This information is necessary to identify you as a client making the reservation and to provide you with the requested reservation service;
- Guest information - first and last name, email address, phone number, nationality, passport/ID card number, date of birth. This information is being collected based on the requirements of Spanish legislation;
- Billing information - name of cardholder, address of cardholder and card data. This information is required by the payment service provider in order to utilise the payment service. The data is entered directly into the payment service provider’s platform. For payments we use the services of Stripe and Stripe privacy policy and cookie policy may apply. You can find their Privacy policy at https://stripe.com/en-es/privacy;
- Check-in information - in order to make your stay as comfortable as possible and help us improve our services, we ask you to provide some additional information about your stay, including check-in and check-out dates, number of adults/children/infants travelling with you, methods of transportation, reasons for visit. This information is optional and you may choose not to provide it.
The term for storing your data is regulated by the applicable Spanish legislation and shall be aligned with the limitation periods.
3. Personal data received from the “Newsletter” Section in the Website - When you visit our Website, you might be asked if you are willing to receive our Newsletter containing content that we believe may match your interests, including news, special offers, promotions, or to otherwise contact you about products or information we think may interest you, including information about third party products and services.
You can unsubscribe from this service at any time. If you opt out of receiving our Newsletter, we may still send you communication on any services you have requested or received from us.
For the purposes of sending you our Newsletter we will process your name and email address. Please, keep in mind that we use your personal data for the purposes mentioned above only with your prior consent.
We shall process such data until the moment you unsubscribe from our Newsletter.
Each Newsletter that you receive shall include an Unsubscribe button, which shall enable you to easily unsubscribe from our Newsletter at any time.
We shall not use your personal data for any other purpose, except for these described above. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
METHOD OF COLLECTION
Each visitor provides personally the personal data, entered or uploaded to the Website.
Visitors are not allowed to enter third party personal data without due authorisation by such third party. We do not monitor or control the content, entered or uploaded by the visitor. It is the visitor’s sole responsibility to provide and guarantee that the processing of personal data activities performed within our Website are compliant with the requirements of the GDPR and other applicable personal data protection legislation.
SECURITY MEASURES
We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
PROCESSORS
For providing quality services we may engage third party service providers - processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. We provide personal data to our processors to process it for us, only based on our instructions and only in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. We do not sell or disperse your personal data otherwise.
We might transfer data we collect from you to persons/legal entities (‘Recipients’) outside the EU and the European Economic Area (‘EEA’). When we do such transfers to third countries, we do so in accordance with the terms of this Privacy Policy, the EU data protection rules, in particular with the GDPR. This may include (i) the transfer of data to Recipients located in countries, territories or part of specified sectors within such countries that are recognized as ensuring an adequate level of protection of the natural persons concerned; (ii) transfers pursuant to data transfer agreements that incorporate the Standard Contractual Clauses approved by the EU Commission/Commissioner; or (iii) derogations for specific situations provided for in the EU data protection law, etc.
You confirm that you have been informed and aware that there may be certain possible risks of transfers of personal data to third countries outside the EU/EEA, including the USA, such as: the third country may not ensure an adequate level of data protection pursuant to Article 45 of the GDPR.
Personal data may be transferred to the providers of IT and software services, email and hosting services etc.
INFORMATION WE SHARE
We do not share personal information with companies, organisations and individuals unless one of the following circumstances applies:
- With your consent - we will share personal information with companies or organisations, when we have your explicit consent to do so;
- For making some services possible – to third party processors, as described above;
- For legal reasons - we will share personal information with companies, organisations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of ours, our visitors or the public as required or permitted by law.
We share your names with the property owners/managers in order to organize your stay at the property selected by you.
We share your information, excluding your billing information, with Guesty whose platform makes our services available. You can find Guesty privacy policy and cookie policy at https://privacy.guesty.com/.
We may share your name with Stripe in relation to the payment service that they provide to you. You can find their Privacy policy at https://stripe.com/en-es/privacy.
When you book through a booking platform such as Booking.com, Airbnb.com, TripAdvisor etc., you enter your personal data into that platform and it is being transferred to us for the purpose of providing you our services. In all cases the privacy policy and the cookie policy of the respective platform shall apply as well as this privacy policy and the cookie policy applicable to our Website.
MINORS
We allow our Website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Website.
If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data.
Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.
YOUR RIGHTS
You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. You also have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a personal data subject:
- you have the right to request confirmation if personal data relating to you is being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.
- you have the right to request your personal data to be deleted if there are any of the following grounds: personal data is no longer necessary for the purposes for which they have been collected; where you have objected against the processing when the processing is unlawful; where data is processed on your consent and you withdraw that consent; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller. You may be denied deletion of your personal data for the following reasons: exercising of the right of freedom of expression and the right to information; to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us; for reasons of public interest in the field of public health; for the establishment, exercising or protection of legal claims.
- you have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.
- you have the right to request the restriction of the processing of your personal data if applicable and there is a reason to do so, for example: you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data; the processing is illegal, but you do not want personal data to be deleted but only to be limited; we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims; you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.
- you have the right to request to receive personal data which concerns you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.
- you have the right to make an objection against the processing of your personal data before the Data Protection contact person if there are reasons to do so.
You can address all requests to the Data Protection contact person. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in the exercise of your rights, we may ask for additional information to establish your identity.
Please keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:
- charge a fee, taking into account the administrative costs of providing information or communication or undertaking the requested activities, or
- refuse to take actions on the request.
We will make reasonable efforts to respect your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.
If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.
SUPERVISORY AUTHORITY
If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Spain, which is the Agencia Española de Protección de Datos (AEPD). More information can be found at https://www.aepd.es
You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).