Skip to main content
Book direct & save the commissionSee offers
Sabinillas Beach

Privacy Policy

Last updated: July 2026

1. Introduction

Sabinillas Beach ("we", "our", "us") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website sabinillasbeach.com and our booking services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

2. Data Controller

The data controller responsible for your personal data is:

  • Name: Sabinillas Beach
  • Address: Calle Duquesa de Arcos 2, 29692 San Luis de Sabinillas, Malaga, Spain
  • Email: hello@sabinillasbeach.com

3. What Data We Collect

We collect the following personal data:

  • Booking data: Name, email, phone number, country of residence, number of guests
  • Payment data: Processed securely by Stripe. We do not store your card details.
  • Communication data: Messages you send via our contact form or email
  • Newsletter data: Email address and optional first name
  • Analytics data: Usage data (pages viewed, clicks, scrolling, and — via Microsoft Clarity — aggregated heatmaps and session recordings) collected through Google Analytics 4 and Microsoft Clarity — only if you accept analytics cookies

4. How We Use Your Data

  • To process and manage your booking
  • To send booking confirmations and check-in information
  • To provide the guest guide and smart lock access
  • To send pre-arrival and post-stay communications
  • To respond to your enquiries
  • To send our newsletter (only with your explicit consent)
  • To comply with legal obligations (e.g., Spanish guest registration)
  • Contract: Processing necessary for the performance of the booking contract
  • Consent: Newsletter subscription, marketing communications
  • Legal obligation: Guest registration with Spanish authorities
  • Legitimate interest: Improving our services, preventing fraud

6. Data Sharing

We share your data only with the following third-party services, all of which are GDPR-compliant:

  • Stripe -- payment processing
  • Resend -- transactional email delivery
  • Vercel -- website hosting
  • Neon -- database hosting
  • Google -- website analytics (Google Analytics 4) and embedded maps
  • Microsoft Clarity -- website analytics (heatmaps, session recordings)
  • Cloudflare -- DNS, email routing, and encrypted off-site backups
  • Sentry -- application error monitoring (technical diagnostics)

We do not sell your personal data to any third party.

7. International Data Transfers

Some of the providers listed above (Stripe, Google, Microsoft, Vercel, Cloudflare, Sentry, Resend) are US companies or may process data outside the European Economic Area. Where personal data is transferred outside the EEA, the transfer is protected by an EU adequacy decision — such as the EU–US Data Privacy Framework, where the provider is certified under it — and otherwise by the European Commission's Standard Contractual Clauses.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@sabinillasbeach.com. You also have the right to lodge a complaint with the Spanish supervisory authority, the Agencia Española de Protección de Datos (AEPD, www.aepd.es), if you believe your data has been handled unlawfully.

9. Cookies & Similar Technologies

Essential (always active). A small number of first-party cookies and browser-storage entries are required for the site to function: your language preference, your cookie-consent choice itself, and — if you open your personal guest area — a session cookie that keeps you signed in to your guest guide.

First-party attribution. We set one first-party cookie (sb_attr, 90 days) that remembers how you first found our site (for example a search engine or a link in one of our articles), so that if you later book we know which of our pages brought you here. It contains no identity data, is not used to track you across other websites, and is never shared with third parties.

Analytics (optional, off by default). With your consent we use Google Analytics 4 (visitor statistics) and Microsoft Clarity (aggregated heatmaps and session recordings) to understand how the site is used. When the cookie banner appears you can accept everything or choose "Adjust" to enable each category individually — analytics and heatmaps can be switched on and off separately, and both stay off until you opt in.

Changing your mind. You can reopen the preferences dialog at any time via the "Cookie settings" link in the footer and change or withdraw your consent.

Google Maps. The embedded map loads automatically only if you have accepted all cookies; otherwise it is replaced by a "Load map" button, and no data is sent to Google until you choose to load it.

10. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Booking data is retained for the duration required by Spanish tax and tourism regulations (minimum 5 years). Newsletter data is retained until you unsubscribe. Contact-form messages are retained for up to two years after your enquiry is resolved. Consent-based analytics data is retained for up to 14 months (Google Analytics 4) and up to 13 months (Microsoft Clarity; session recordings for around 30 days).

11. Live Beach Webcam

Our website features a live webcam showing a general, panoramic view of the public beach at San Luis de Sabinillas and the sea beyond. It is provided solely to display current conditions — weather, sea state, and the general atmosphere of the area — for tourism-promotion purposes.

The camera is positioned and configured so that people who may appear in the wide-angle view are not identifiable. The image is a general panorama in which any individuals appear only as small, incidental and non-distinguishable elements of the scene. The public feed is limited in output resolution and frame rate specifically so that no natural person can be identified — by us or by anyone viewing it. The same applies to any time-lapse clips generated from the camera, which are likewise general panoramas in which individuals are not identifiable.

Because the feed does not allow the identification of any individual, it does not contain "personal data" within the meaning of Article 4 and Recital 26 of the GDPR, and the data-protection rules therefore do not apply to it (Article 2.1 GDPR; AEPD GuĂ­a de Videovigilancia, "promociĂłn turĂ­stica" use case). To the extent a person is momentarily visible, they appear merely incidentally during an event in a public place, within the meaning of Article 8.2.c of Spanish Organic Law 1/1982 on the protection of honour, personal and family privacy, and one's own image.

We do not use the webcam to monitor, record or identify individuals, and it is not used for security or surveillance purposes.

12. Contact

For any privacy-related questions or requests, please contact us at hello@sabinillasbeach.com.