BOOK

This document describes the ways in which your personal data is processed when you visit the website of Atocha 19 Apartament Madridaccessible via the web address associated with the official site's domain: www.atocha19apartmentsmadrid.es

1. Data Controller

The data controller is: Atocha 19 Apartments Madrid Calle Atocha 19, Madrid info@apartamentosmadrid.com

2. Types of data collected

Through the website you can collect:

  • Navigation data (e.g. IP address, browser type, access time).
  • Data provided voluntarily by the user (e.g., completing the contact form, email).
  • Reservations datacollected via an external booking web app (third party).

3. Purpose of processing

The data is processed for:

  • Respond to requests sent via forms or email.
  • Provide information about our services.
  • Manage bookings through an external platform.
  • Ensure website security.
  • To comply with legal obligations.

4. Legal basis for processing

Treatment is based on:

  • The the data subject's consent (for example, via the form).
  • The execution of pre-contractual or contractual measures (bookings)
  • The compliance with legal obligations.
  • The legitimate interest of the controller (for security and fraud prevention).

5. Data Recipients

The data may be communicated to external parties such as:

  • IT service and hosting providers.
  • Booking platform providers.
  • Consultants or professionals appointed by the responsible person.
  • Judicial or administrative authorities in cases provided for by law.

6. Transfer of data outside the EU

Any transfer of data outside the European Union, where necessary (e.g. booking service), will be carried out in accordance with the safeguards provided by the GDPR.

7. Data Conservation

The data will be retained:

  • For the time strictly necessary for the stated purposes.
  • For potential legal or fiscal obligations.

8. User Rights

The user has the right to:

  • Access your data.
  • Request rectification or erasure.
  • Opposing or limiting treatment.
  • Withdraw consent at any time.
  • Make a complaint to the competent supervisory authority (in Spain, the AEPD – www.aepd.es).

Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.

10. Modifications to this policy

This policy may be subject to change. Updated versions will be published on this page with the revision date.