Privacy Policy

 

BLANC LLORET S.L.U., with registered office at Calle Tenerife Mirasol No. 25, 08195 Sant Cugat del Vallès, Barcelona (Spain), Tax Identification Number (CIF) B22578926 (hereinafter, the “Data Controller” or the “Controller”), is committed to protecting the privacy of natural persons while browsing and using the services of the website https://blanclloret.com (hereinafter, the “Website” or the “Site”).

This document describes all aspects related to the processing of users’ personal data (hereinafter, the “Data Subjects”) carried out through the Website, in accordance with Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).
All processing activities performed by the Controller are based on the principles of lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality.

1. Data Controller

The Data Controller of the personal data processed through the Website is BLANC LLORET S.L.U., and may be contacted using the details provided in the “Contact” section of this Privacy Policy.

2. Categories of Personal Data Processed

Browsing and usage data

Information collected during the user’s visit to the Website, such as IP address, URI addresses, browsing history, interactions with the Website, browser type and language, operating system, approximate location, date and time of access. This data is not collected to directly identify users, but may allow identification through association with data held by third parties.

Data voluntarily provided by the user

Personal data voluntarily provided by users through Website forms, such as contact or booking forms. This may include, among others, name and surname, contact details (email address, phone number), postal address and any other information necessary for the provision of the requested service.

Commercial data

Information necessary to comply with economic and tax obligations related to the provision of services, including payment data, billing information, booking history and transaction records.

Profiling data

Information collected through cookies or other tracking technologies in order to analyse browsing habits, preferences and interests of users in an automated manner.

Location data

Information indicating the approximate geographical location of the user’s device, where authorised by the user, for statistical purposes or service improvement.

3. Purposes of Processing

The personal data collected will be processed for the following purposes:

  • Managing information requests and bookings.
  • Providing services offered through the Website.
  • Managing payments and invoicing.
  • Ensuring Website security and preventing fraud.
  • Performing statistical analysis and improving services.
  • Sending commercial communications, where the user has given consent.
  • Complying with applicable legal obligations.
  • Exercising or defending legal rights.

4. Legal Bases for Processing

The processing of personal data is based on the following legal grounds:

  • Performance of a contract or implementation of pre-contractual measures (Art. 6.1.b GDPR).
  • User consent (Art. 6.1.a GDPR).
  • Compliance with legal obligations (Art. 6.1.c GDPR).
  • Legitimate interest of the Controller (Art. 6.1.f GDPR).

5. Processing Methods

Personal data is processed using manual and automated procedures, applying appropriate technical and organisational measures to ensure data security, integrity and confidentiality, in accordance with Articles 6 and 32 of the GDPR.

6. International Data Transfers

No transfers of personal data outside the European Economic Area (EEA) are planned. Should such transfers become necessary, the Controller will ensure that appropriate safeguards are in place in accordance with the GDPR.

7. Data Retention Periods

Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected and for the periods required by applicable law.

  • Data related to service provision: up to 10 years.
  • Billing and accounting data: up to 10 years.
  • Data processed for marketing purposes: until the user withdraws consent.

8. Data Recipients

Personal data may be disclosed to:

  • Authorised personnel of the Controller.
  • Service providers acting as data processors (hosting, payment services, technical maintenance).
  • Public authorities, where disclosure is required by law.

9. Data Subject Rights

Users may exercise their rights of access, rectification, erasure, objection, restriction of processing and data portability, as well as the right not to be subject to automated decision-making.

Requests may be sent to hola@blanclloret.com. Users also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

10. Contact

For any questions related to this Privacy Policy or the processing of personal data, users may contact the Controller at:
hola@blanclloret.com.