top of page

Privacy policy

Version 0.1

 

This page was last updated on 31 October, 2025.

 

Marbella Adventures (operated by Watpro S.L., with registered address at C. Sp 28 de Febrero, 14, 29670 San Pedro Alcántara, Málaga), acting as the data controller ("we", "us", or "our"), is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Spanish Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD), and the Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (marbella-adventures.com) or use our services (collectively, the "Site" or "Services"). It applies only to our Services and not to third-party websites linked from ours. By using our Site or Services, you consent to the practices described herein. If you do not agree, please do not use our Site or Services.

 

Personal Data We Collect

We collect the following categories of personal data:

  • Identity and Contact Data: Name, email address, phone number, billing/shipping address (provided during booking or inquiry).

  • Financial Data: Payment details (e.g., card type, number, expiry; processed securely via third-party providers— we do not store full card details).

  • Technical Data: IP address, browser type, device info, pages visited (via cookies and analytics).

  • Usage Data: Interaction with the Site, such as items added to cart or abandoned during checkout.

  • Communication Data: Messages, feedback, or survey responses you send us.

We do not collect sensitive data (e.g., health, racial origin) unless voluntarily provided and relevant to a service (e.g., accessibility needs for adventures).

How We Collect Your Data

  • Directly from You: When you book services, sign up for newsletters, contact us, or complete forms/surveys.

  • Automatically: Via cookies, server logs, or analytics tools during Site use (e.g., Google Analytics).

  • From Third Parties: Rarely, e.g., payment processors confirming transactions or social media if you connect accounts (with your permission).

During checkout, you provide your email voluntarily to complete a booking. We do not collect data from children under 14 without parental consent.

How We Use Your Data and Legal Basis

We process your data only for specified, legitimate purposes under GDPR Article 6. Key uses include:

  • Provide and Manage Services: Process bookings, manage accounts, fulfill orders, send confirmations. Legal Basis: Contract (GDPR Art. 6(1)(b)).

  • Communications: Respond to inquiries, provide support, send transactional emails (e.g., booking updates). Legal Basis: Contract or Legitimate Interest (GDPR Art. 6(1)(b)/(f)).

  • Abandoned Checkout Reminders: Automated reminder emails (e.g., within 24-48 hours) if you leave items in your cart without completing checkout, to help recover your intended booking. These are low-intrusion and based on your prior engagement. Legal Basis: Legitimate Interest (GDPR Art. 6(1)(f); see LSSI-CE for soft opt-in during sales process).

  • Marketing: Send newsletters or offers about our adventures (only with consent; you can opt out anytime). Legal Basis: Consent (GDPR Art. 6(1)(a)).

  • Analytics and Improvement: Analyze Site usage (anonymized) to enhance experience via Google Analytics. Legal Basis: Legitimate Interest (GDPR Art. 6(1)(f)).

  • Legal/Compliance: Prevent fraud, comply with laws, respond to claims. Legal Basis: Legal Obligation (GDPR Art. 6(1)(c)) or Legitimate Interest (GDPR Art. 6(1)(f)).

For legitimate interest (e.g., cart reminders), we conduct a balancing test: the purpose (recovering initiated transactions) is necessary, proportional (limited emails, easy opt-out), and does not override your rights. You can object at any time (see Rights below). We do not use data for automated decision-making with significant effects.

Data Storage and Retention

Data is stored securely on EU-based servers (or equivalent secure third-party providers) with encryption, access controls, and regular audits. Retention periods:

  • Booking data: 5 years post-transaction (for accounting/tax under Spanish law).

  • Inquiry/communication data: 1 year after resolution.

  • Marketing data: Until opt-out or 2 years inactivity.

  • Cart reminder data: Deleted after 7 days if no response.

  • Analytics data: Anonymized after 26 months.

After retention, data is securely deleted or anonymized.

Sharing Your Data

We do not sell or share data for marketing without consent. Disclosures are limited to:

  • Service Providers: Processors (e.g., payment gateways like Stripe/PayPal, email tools like Mailchimp, hosting/analytics providers) bound by GDPR contracts. They process only as instructed.

  • Internal: Within Watpro S.L. (confidentiality required).

  • Legal: To authorities if required (e.g., fraud investigations).

  • Business Transfers: In mergers/acquisitions (with notice).

All processors are EU-based or GDPR-compliant (e.g., Standard Contractual Clauses). Full list available on request.

Cookies and Tracking Technologies

Our Site uses cookies—small files stored on your device—to enhance functionality. You can manage them via browser settings (e.g., reject non-essential). Disabling may affect Site performance.

  • Strictly Necessary Cookies: Essential for Site operation (e.g., session management). Examples: Session cookies. Duration: Session ends.

  • Functional Cookies: Remember preferences (e.g., language). Examples: User preference cookies. Duration: Up to 1 year.

  • Analytical Cookies: Analyze usage (anonymized; Google Analytics). Examples: _ga, _gid. Duration: Up to 26 months.

  • Advertising Cookies: Personalized ads on third-party sites (with consent). Examples: Google Ads cookies. Duration: Up to 1 year.

We use Google Analytics (privacy-protected; IP anonymized). For details, see our Cookie Policy [link if separate]. Opt-out via tools like Google Analytics Opt-out Browser Add-on.

Your Data Protection Rights (GDPR Chapter III)

Under GDPR, you have:

  • Access: Request confirmation/copies of your data.

  • Rectification: Correct inaccurate/incomplete data.

  • Erasure ("Right to be Forgotten"): Delete data (except where legally required).

  • Restriction: Limit processing (e.g., during disputes).

  • Portability: Receive data in structured format.

  • Object: Oppose processing (e.g., marketing or legitimate interest; we assess promptly).

  • Withdraw Consent: Anytime (no effect on prior processing).

Requests are free, responded to within 1 month (extendable). Submit via email to info@marbella-adventures.com with proof of identity. For newsletters/marketing: Unsubscribe links in every email.

International Transfers

Data is primarily processed in the EEA. Any non-EEA transfers (rare) use adequacy decisions or safeguards like SCCs.

Security

We implement appropriate technical/organizational measures (e.g., SSL encryption, firewalls) to protect against unauthorized access/loss. No system is 100% secure; notify us of breaches at once.

Children's Privacy

Our Services are not for children under 14. If we discover unintended collection, we delete it promptly. Parents: Contact us to review/delete child's data.

Changes to This Policy

We review annually or as needed. Check regularly.

Questions and feedback

We regularly review our compliance with this privacy policy. If you have any questions about this privacy policy, please contact us using the information below:

Marbella Adventures – part of Watpro S.L.

E:   info@marbella-adventures.com

T:  +34 623 361 714

bottom of page