Privacy Policy

Effective date:

This notice explains how Alquileres la Morada, S.L. ("ALMORADA") processes personal data when you browse or book through almorada.es and its subdomains.

Controller: Alquileres la Morada, S.L. ("ALMORADA")
VAT ID (CIF): B54958756
Av. Rosa de los Vientos 21, 8A · 03710 Calpe (Alicante) · Spain
Contact: hi@almorada.es
DPO: Not applicable

1. Purposes and legal bases

a) Site browsing and security

Data: technical metadata automatically shared by your browser (shortened/anonymised IP, user-agent, requested URL, date/time), plus logs and security events.

Purpose: serve the Site, detect abuse and maintain performance.

Legal basis: legitimate interest (GDPR art. 6.1.f) and legal obligation (LSSI).

b) Audience metrics (Umami)

Technology: EU-hosted Umami instance configured without cookies or persistent identifiers.

Data: aggregated metrics (page views, referrers, device/browser type) without identifying the visitor.

Legal basis: legitimate interest. Should we ever enable non-exempt cookies or IDs, we will first request your consent.

c) Preferences (localStorage)

Data: language, text size or other preferences stored locally in your browser.

Legal basis: technical necessity / legitimate interest to deliver the requested experience. We never use these values for profiling or advertising.

d) Availability checks and bookings (Beds24)

Flow: when you enter dates you are redirected to Beds24 to view availability and finalise the reservation.

Data: identification and contact details, stay data, preferences and payment information.

Legal basis: contract performance / pre-contractual steps (GDPR art. 6.1.b) and legal obligations (tax/accounting).

Roles: ALMORADA acts as the controller; Beds24 provides the booking engine as a processor within its own secure environment.

e) Conversational assistant (AI)

Data: content of your questions, technical metadata (timestamp, IP address or other device data if retained) and widget identifiers (cookies/localStorage if the provider relies on them).

Purpose: answer enquiries, improve the assistant, analyse customer interests and prevent abuse.

Legal basis: legitimate interest for support and product improvement; consent for any non-exempt cookie or storage used by the widget.

Automated decisions: we do not take decisions based solely on automated processing that produce legal or similar effects (GDPR art. 22).

Infrastructure: the chat service runs on Hetzner (EU).

2. Retention periods

  • Technical logs: up to 12 months, extended if a security incident requires additional evidence.
  • Aggregated analytics (no cookies): 6–24 months.
  • AI chat: kept indefinitely for traceability and improvement until you request deletion, unless a legal obligation requires longer retention. Email hi@almorada.es with an approximate date/time and browser/device details if you want us to erase a conversation.
  • Bookings: for the duration of the contractual relationship and the statutory limitation periods.

3. Recipients and processors

  • Hosting / site delivery: Vercel.
  • Analytics: Umami (EU hosted).
  • PMS / bookings: Beds24 (its own booking environment).
  • AI chat infrastructure: Hetzner (EU).
  • Advisors / support: other providers engaged under confidentiality and data processing agreements.

4. International transfers

If any provider processes data outside the EEA (e.g. some Vercel infrastructure), we will implement appropriate safeguards such as the EU Standard Contractual Clauses. Ask for details at hi@almorada.es.

5. Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction, portability, the right not to be subject to decisions based solely on automated processing, and the right to withdraw consent (without retroactive effect).

How: email hi@almorada.es indicating the right you wish to exercise. We may ask for additional information to verify your identity and will respond within one month (extendable in complex cases).

Supervisory authority: you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

6. Security

We apply appropriate technical and organisational measures (HTTPS, access controls, event logging, data minimisation and retention policies) aligned with the level of risk.

7. Minors

We do not knowingly collect data from children under 16. If we become aware of unauthorised data from minors we will delete it.

8. Changes to this policy

We may update this Policy to reflect legal or technical changes. The latest version will always be the one published on the Site together with its effective date.

Whatsapp