At Finca La Fortaleza we respect your privacy. This policy explains which personal data we process when you use this website or book our services, for what purpose, on what legal basis, for how long and what your rights are.
| Processing | Data | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Contact form | Name, email, phone and the message you send us. | Handle and reply to your enquiry. | Your consent when submitting the form (art. 6.1.a GDPR). | Until the enquiry is resolved and for a reasonable period afterwards. |
| Booking requests | Name, contact details, dates, number of guests and data needed for the booking. | Manage your request and, where applicable, the accommodation contract. | Performance of a contract or pre-contractual measures (art. 6.1.b GDPR). | For the duration of the relationship and applicable tax and legal periods. |
| Traveller registration | Identification data from your ID document (full name, document type and number, nationality, date of birth and other required data). | Comply with the legal obligation to register and report travellers to the authorities. | Legal obligation — Royal Decree 933/2021 and accommodation regulations (art. 6.1.c GDPR). | The legally established period (3 years). |
| Browsing and cookies | Site usage data and advertising measurement cookies (only with your consent). | Measure the performance of our campaigns. See the Cookie Policy. | Your consent (art. 6.1.a GDPR and art. 22.2 LSSI-CE). | As stated in the Cookie Policy. |
We do not sell your data. It may be accessed by providers that deliver services to us (web hosting, Google for advertising and measurement, and WhatsApp/Meta messaging for our internal notifications), always under a data processing agreement. It may also be disclosed to the competent public authorities (e.g. the Ministry of the Interior for traveller registration) where required by law.
Some providers (Google, Meta/WhatsApp) may process data in the United States. Such transfers rely on the EU-US Data Privacy Framework or on the European Commission’s standard contractual clauses.
You may exercise at any time your rights of access, rectification, erasure, objection, restriction of processing and portability, as well as withdraw your consent. Write to the controller’s email stating the right you wish to exercise. If you believe we have not handled your request properly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.
We apply reasonable technical and organisational measures to protect your data against unauthorised access, loss or alteration.
Last updated: 28/05/2026