Privacy Policy

Controller: LEMUSA SERVICIOS, S.L.
Tax ID: B44797769
Address: Calle Santa Isabel, 7A, 35470 La Aldea de San Nicolás, Las Palmas, Spain.
Email: lemusaserviciossl@gmail.com
Phone: +34 618 92 82 53

As the processing does not fall under the cases requiring the mandatory appointment of a Data Protection Officer (DPO) pursuant to Article 37 GDPR and Article 34 LOPDGDD, no specific officer has been designated. For any matter relating to data protection, you may contact us at the email address above.

We only process the personal data that you voluntarily provide to us. In particular, through the contact form we collect:

• Name.
• Email address.
• Phone number (optional field).
• Content of the message (any personal data you choose to include in it).
• Selected area of interest (Grupo, Catering or Stays).
• Browser language and time of submission (technical metadata).

We do not collect special categories of data (those described in Article 9 GDPR) and we kindly ask you not to include information of such nature in the free-text message.

We process your data for the following purposes:

• To attend to your enquiry or request submitted via the contact form and maintain subsequent communication with you. Legal basis: consent of the data subject (Art. 6.1.a GDPR), given when submitting the form and expressly accepting this Privacy Policy.
• To comply with legal obligations incumbent on us in tax, commercial or data protection matters when, as a result of your enquiry, a contractual relationship is formed. Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).
• To ensure the security of the Website and prevent abuse (use of Cloudflare Turnstile as CAPTCHA, IP-based submission rate limit). Legal basis: legitimate interest of the controller (Art. 6.1.f GDPR) in protecting the service against fraudulent uses.

Data submitted through the contact form will be retained for the time strictly necessary to attend to your request and, subsequently, for a maximum of 12 months from the last interaction, unless a contractual relationship arises from the enquiry, in which case data will be retained for the periods legally required (generally, up to 6 years for commercially relevant data and 4 years for tax-relevant data).

After those periods, data will be deleted or irreversibly anonymised.

Your data will not be disclosed to third parties, except where legally required. For the provision of the web service we use the following providers ("data processors" under Art. 28 GDPR), with whom we maintain the data processing agreements required by law:

• Contabo GmbH (Germany, European Economic Area) — provider of the server hosting the Website.
• Raiola Networks, S.L. (Spain) — provider of the email service used to receive contact form messages.
• Cloudflare, Inc. (United States) — provider of the Turnstile (CAPTCHA) service that protects the form against automated submissions. Cloudflare is certified under the EU-US Data Privacy Framework, which constitutes an adequate safeguard for international transfers pursuant to Art. 45 GDPR.

As stated above, the use of Cloudflare Turnstile may involve a transfer of data (essentially, IP address and browser metadata for anti-fraud purposes) to the United States. This transfer is covered by the adequacy decision of the European Commission of 10 July 2023 (EU-US Data Privacy Framework), as Cloudflare is certified under this framework.

You have the following rights in relation to your personal data:

• Access: to know whether we are processing your data and, if so, to obtain a copy of it.
• Rectification: to request the correction of inaccurate or incomplete data.
• Erasure ("right to be forgotten"): to request the deletion of your data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
• Restriction of processing: to request the suspension of processing in certain cases.
• Objection: to object to the processing of your data on grounds relating to your particular situation.
• Portability: to receive your data in a structured, commonly used and machine-readable format.
• Withdraw consent previously given, without this affecting the lawfulness of processing prior to its withdrawal.

You may exercise any of these rights by sending a request to lemusaserviciossl@gmail.com, indicating the right you wish to exercise and attaching, where applicable, a copy of a document proving your identity.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing does not comply with current regulations.

We have adopted the technical and organisational measures appropriate, in accordance with the state of the art, to ensure a level of security appropriate to the risk of processing. In particular, communications with the Website are encrypted via HTTPS (TLS), and form submissions are protected by CAPTCHA and rate limits.

This Privacy Policy may be updated to adapt it to legislative, jurisprudential or business practice developments. Any substantial modification will be notified on the Website with reasonable notice before its entry into force.