Privacy Policy & Data Protection Statement

This privacy policy sets out how the resort handles personal data for both our members and visitors to our public website. We are committed to ensuring that your privacy is protected.

Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement and the General Data Protection Regulation (GDPR).

1. Membership Data Management

The resort acts as the data custodian for information originally provided to the resort’s management framework. This data is held securely and managed by a dedicated, appointed team at the resort.

Data Security & Access Control

We take data security seriously. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we hold.

Restricted Access: Only specific personnel who have undergone formal GDPR training are granted access to member data.

Compliance Framework: All data processing activities are conducted strictly in respect of GDPR regulations, ensuring lawful, fair, and transparent handling of your information.

International Scope

While the resort is located in Spain, the vast majority of our membership community resides within the United Kingdom and the Netherlands.

UK Members: Data is managed in full alignment with the UK GDPR and the Data Protection Act 2018.

Dutch Members: Data processing complies with the European GDPR and the Dutch implementation law, the Algemene verordening gegevensbescherming (AVG).

2. Website Privacy & Data Capture

While our website contains a separate cookie policy to manage automated scripts and tracking preferences, this privacy policy specifically governs the active collection of personal data.
The website operates on a minimal data collection principle. The only point of active data capture occurs on our Contact Us page.

How We Use Contact Form Data

Inquiry Response: If you submit your details via our online contact form, the resort will use that information solely to contact you regarding your specific inquiry.

No Unsolicited Marketing: Your contact form data will not be used for generic marketing campaigns or passed to third parties without your explicit, separate consent.

Encryption & Technical Security

The resort website follows best principles of digital encryption. All data transmitted through our website forms is secured using industry- standard Cryptographic Protocols (such as HTTPS/TLS encryption) to ensure your information remains private as it travels from your device to our secure servers.

3. Your Rights Under GDPR

Regardless of whether you are a resort member or a website visitor, you hold specific rights under data protection law:

The right to access: You can request a copy of the personal data we hold about you.
The right to rectification: You can ask us to correct any information you believe is inaccurate.

The right to erasure: Under certain conditions, you can request that we delete your personal data (the right to be forgotten).

The right to data portability: You can request that we transfer the data we have collected to another organisation, or directly to you. If you wish to exercise any of these rights, or if you have any questions regarding how the resort manages your data, please contact the appointed compliance team via the resort’s primary contact channels.