Skip to content

Privacy Policy

Effective date:

This notice explains how Alquileres la Morada, S.L. ("ALMORADA") processes personal data when you browse, contact us or book accommodation services through almorada.es and its subdomains.

Controller: Alquileres la Morada, S.L. ("ALMORADA")
VAT ID (CIF): B54958756
Av. Rosa de los Vientos 21, 8A · 03710 Calpe (Alicante) · Spain
Contact: hi@almorada.es
DPO: Not applicable

1. Purposes and legal bases

a) Site browsing and security

Data: technical metadata automatically shared by your browser (shortened/anonymised IP, user-agent, requested URL, date/time), plus logs and security events.

Purpose: serve the Site, detect abuse and maintain performance.

Legal basis: legitimate interest (GDPR art. 6.1.f) and legal obligation (LSSI).

b) Audience metrics and behaviour analytics (Umami + Contentsquare)

Technology: EU-hosted Umami instance configured without cookies or persistent identifiers, plus the Contentsquare tag loaded only after consent.

Data: Umami provides aggregated metrics (page views, referrers, device/browser type) without identifying the visitor. If you opt in, Contentsquare may process interaction events, session-level behaviour signals, feedback activity and technical identifiers associated with the visit.

Legal basis: legitimate interest for Umami; consent for Contentsquare and any non-exempt cookie or identifier used for behaviour analytics or feedback.

c) Preferences (localStorage)

Data: language, text size or other preferences stored locally in your browser.

Legal basis: technical necessity / legitimate interest to deliver the requested experience. We never use these values for profiling or advertising.

d) Direct enquiries (email, phone or WhatsApp)

Data: name or alias, contact details, the content of your enquiry, the business or service you are interested in and the metadata inherent to the chosen channel.

Purpose: answer your request, manage follow-up and, where applicable, prepare a quotation, visit or pre-contractual steps related to any ALMORADA business line shown on the Site.

Legal basis: pre-contractual steps at your request (GDPR art. 6.1.b) and/or legitimate interest in customer service (GDPR art. 6.1.f).

Channels: if you choose third-party channels such as WhatsApp, email or telephony providers, those providers will also process your data under their own terms and privacy policies.

e) Accommodation availability checks and bookings (Beds24)

Flow: for accommodation services with direct online booking, when you choose dates the Site may open or embed a booking environment powered by Beds24 so you can view availability and finalise the reservation.

Data: identification and contact details, stay data, preferences and payment information.

Legal basis: contract performance / pre-contractual steps (GDPR art. 6.1.b) and legal obligations (tax/accounting).

Roles: ALMORADA acts as the controller; Beds24 provides the booking engine as a processor within its own booking environment.

Scope: this subsection applies only to accommodation services bookable online from the Site. Other business lines may be shown only for information or redirect to separate channels/domains where the applicable controller and terms will be identified in the corresponding flow.

f) Conversational assistant (AI)

Data: content of your questions, technical metadata (timestamp, IP address or other device data if retained) and widget identifiers (cookies/localStorage if the provider relies on them).

Purpose: answer enquiries, improve the assistant, analyse customer interests and prevent abuse.

Legal basis: legitimate interest for support and product improvement; consent for any non-exempt cookie or storage used by the widget.

Automated decisions: we do not take decisions based solely on automated processing that produce legal or similar effects (GDPR art. 22).

Infrastructure: the chat service runs on Hetzner (EU).

2. Retention periods

  • Technical logs: up to 12 months, extended if a security incident requires additional evidence.
  • Aggregated analytics (Umami, no cookies): 6–24 months.
  • Consent-based behaviour analytics / feedback (Contentsquare): retained for the period configured in the tool at the time of collection and no longer than necessary for UX analysis and support.
  • Direct enquiries: for the time needed to handle the request and any related follow-up, plus the applicable statutory limitation periods.
  • AI chat: kept indefinitely for traceability and improvement until you request deletion, unless a legal obligation requires longer retention. Email hi@almorada.es with an approximate date/time and browser/device details if you want us to erase a conversation.
  • Accommodation bookings: for the duration of the contractual relationship and the statutory limitation periods.

3. Recipients and processors

  • Hosting / site delivery: Vercel.
  • Analytics: Umami (EU hosted) and Contentsquare / Hotjar (script served from t.contentsquare.net, loaded only after consent).
  • Communications: email, telephony or messaging providers involved in the channel you choose.
  • PMS / accommodation bookings: Beds24 (its own booking environment).
  • AI chat infrastructure: Hetzner (EU).
  • Advisors / support: other providers engaged under confidentiality and data processing agreements.

4. International transfers

If any provider processes data outside the EEA (e.g. some Vercel infrastructure), we will implement appropriate safeguards such as the EU Standard Contractual Clauses. Ask for details at hi@almorada.es.

5. Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction, portability, the right not to be subject to decisions based solely on automated processing, and the right to withdraw consent (without retroactive effect).

How: email hi@almorada.es indicating the right you wish to exercise. We may ask for additional information to verify your identity and will respond within one month (extendable in complex cases).

Supervisory authority: you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

6. Security

We apply appropriate technical and organisational measures (HTTPS, access controls, event logging, data minimisation and retention policies) aligned with the level of risk.

7. Minors

We do not knowingly collect data from children under 16. If we become aware of unauthorised data from minors we will delete it.

8. Changes to this policy

We may update this Policy to reflect legal or technical changes. The latest version will always be the one published on the Site together with its effective date.