Privacy Policy

Introduction

This Privacy Policy describes how Corevias S.L. ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller Information

The data controller for your personal information is:

Data We Collect

We may collect and process the following types of personal data about you:

• Contact Information: When you contact us through our website forms, email, or phone, we collect information such as your name, email address, phone number, and any message you send to us.
• Technical Information: We automatically collect certain technical information when you visit our website, including your IP address, browser type, operating system, referring website, pages viewed, and the time and date of your visit.
• Cookies and Tracking: We use cookies and similar technologies to enhance your browsing experience. For detailed information about our use of cookies, please see our Cookie Policy.
• Reservation Information: If you make a reservation with us, we may collect your name, contact details, party size, and any special requirements.

How We Use Your Information

We use your personal data for the following purposes and under the following legal bases:

• To Provide Our Services: We use your information to respond to your enquiries, process reservations, and provide our café and bistro services (Legal basis: Contract performance and legitimate interests).
• Customer Support: To provide customer service and support when you contact us (Legal basis: Legitimate interests).
• Website Improvement: To analyse how our website is used and improve its functionality and user experience (Legal basis: Legitimate interests).
• Legal Compliance: To comply with legal obligations and protect our legal rights (Legal basis: Legal obligation and legitimate interests).
• Marketing Communications: With your consent, we may send you promotional materials about our services (Legal basis: Consent).

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We may share your data with trusted third-party service providers who assist us in operating our website and providing our services, such as hosting providers and payment processors.
• Legal Requirements: We may disclose your information if required by law or in response to valid legal requests from public authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new owners.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Specifically:

• Contact form submissions and enquiries: 2 years from the date of your last contact
• Reservation information: 1 year after the reservation date
• Website analytics data: 26 months from collection
• Marketing consent records: Until consent is withdrawn plus 3 years for legal compliance

After the retention period expires, we will securely delete or anonymise your personal data unless we are required to retain it for longer periods by law.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You can request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You can request that we limit how we use your personal data.
• Right to Data Portability: You can request that we transfer your data to another service provider.
• Right to Object: You can object to our processing of your personal data for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please contact us at:

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos) if you believe we have not handled your personal data in accordance with applicable data protection laws.