Privacy Policy | Sabinillas Beach

Politique de confidentialité

Last updated: February 2026

1. Introduction

Sabinillas Beach ("we", "our", "us") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website sabinillasbeach.com and our booking services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

2. Data Controller

The data controller responsible for your personal data is:

Name: Sabinillas Beach
Address: Calle Duquesa de Arcos 2, 29692 San Luis de Sabinillas, Malaga, Spain
Email: hello@sabinillasbeach.com

3. What Data We Collect

We collect the following personal data:

Booking data: Name, email, phone number, country of residence, number of guests
Payment data: Processed securely by Stripe. We do not store your card details.
Communication data: Messages you send via our contact form or email
Newsletter data: Email address and optional first name
Analytics data: Usage data (pages viewed, clicks, scrolling, session recordings) collected via Microsoft Clarity — only if you accept analytics cookies

4. How We Use Your Data

To process and manage your booking
To send booking confirmations and check-in information
To provide the guest guide and smart lock access
To send pre-arrival and post-stay communications
To respond to your enquiries
To send our newsletter (only with your explicit consent)
To comply with legal obligations (e.g., Spanish guest registration)

5. Legal Basis for Processing

Contract: Processing necessary for the performance of the booking contract
Consent: Newsletter subscription, marketing communications
Legal obligation: Guest registration with Spanish authorities
Legitimate interest: Improving our services, preventing fraud

6. Data Sharing

We share your data only with the following third-party services, all of which are GDPR-compliant:

Stripe -- payment processing
Resend -- transactional email delivery
Vercel -- website hosting
Neon -- database hosting

We do not sell your personal data to any third party.

7. Your Rights

Under the GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Request deletion of your data
Restrict processing of your data
Data portability
Object to processing
Withdraw consent at any time

To exercise any of these rights, contact us at hello@sabinillasbeach.com.

8. Cookies

We use essential cookies required for the functionality of the site (e.g., your locale preference), which are always active.

With your consent, we also use analytics cookies from Microsoft Clarity to understand how visitors use the site (including aggregated heatmaps and session recordings) so we can improve it. These are only set after you select “Accept” on our cookie banner — if you decline, no analytics cookies are set and no analytics data is collected. You can change your choice at any time by clearing your browser’s site data.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Booking data is retained for the duration required by Spanish tax and tourism regulations (minimum 5 years). Newsletter data is retained until you unsubscribe.

10. Contact

For any privacy-related questions or requests, please contact us at hello@sabinillasbeach.com.