Privacy Policy

PRIVACY POLICY

§ 1. General Provisions

  1. The controller of personal data collected via the website www.iimrentals.com (hereinafter: the “Website”) is the Spanish limited liability company “INTERNATIONAL INVESTMENT MARBELLA RL, S.L.U.”, N.I.F B70759014, with its registered office at Avenida José Banús, Edificio Málaga 2, apartamento 2D, Nueva Andalucía, Marbella (Málaga); registered with the Commercial Register of Málaga, volume 6.473, sheet 157, page MA-180.336, e-mail address: info@iimrentals.com (hereinafter referred to as the “Controller” and at the same time the “Service Provider”). Personal data collected by the Controller via the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.

§ 2. Type of Processed Personal Data, Purpose and Scope of Data Collection

  1. Purpose of processing and legal basis. The Controller processes the personal data of natural persons, legal persons, or organisational units without legal personality that are granted legal capacity by law, using the electronic services provided by the Controller via the Website (hereinafter: “Users”). The Controller processes Users’ personal data in the event of: conclusion and performance of a rental agreement via the Website, on the basis of Article 6(1)(b) GDPR.

  2. Type of processed personal data. In the event of concluding a rental agreement via the Website, the User provides: first and last name, address, e-mail address, telephone number.

  3. During the use of the Website, additional information may be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and type of operating system.

  4. With separate consent, on the basis of Article 6(1)(a) GDPR, data may also be processed for the purpose of personalising notifications, sending commercial information by electronic means, or making telephone calls for direct marketing purposes, including profiling-based marketing, if the User has given consent.

  5. Navigation data may also be collected from Users, including information about links and references they choose to click or other activities undertaken on the Website. The legal basis for such processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of facilitating the use of electronic services and improving their functionality.

  6. In addition, the Controller will process the User’s personal data in order to fulfil the Controller’s legal obligations (e.g. in tax matters) (Article 6(1)(c) GDPR).

  7. Providing personal data by the User is voluntary, but some data is necessary to conclude a rental agreement via the Website (e.g. name and surname), to issue appropriate tax documents (e.g. VAT number), and failure to provide such data will make these actions impossible.

  8. The Controller takes particular care to protect the interests of data subjects and ensures that the collected data:
    8.1. is processed lawfully;
    8.2. is collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes;
    8.3. is factually correct, adequate, and relevant in relation to the purposes for which it is processed, and kept in a form that permits identification of the data subjects for no longer than is necessary to achieve the purpose of processing.

  9. Data retention periods. Users’ personal data is stored by the Controller:
    9.1. where the basis for processing is contract performance – for as long as it is necessary for the performance of the contract, and thereafter for the period corresponding to the statute of limitations of claims;
    9.2. where the basis for processing is consent – until the consent is withdrawn, and after withdrawal, for the period corresponding to the statute of limitations of claims that the Controller may assert or that may be asserted against the Controller;
    9.3. where the basis for processing is the legitimate interest of the Controller – for the time necessary to provide a response, generally no longer than 30 days, but the Controller may extend this period by the limitation period of claims if necessary for the establishment or defence of claims, including the duration of related judicial, arbitration or administrative proceedings;
    9.4. where the basis for processing is compliance with legal obligations – for the period required by law;
    9.5. where an objection is lodged by the data subject at any time for reasons related to their particular situation – against processing based on the legitimate interests of the Controller (Article 6(1)(f) GDPR), the Controller shall cease to process such data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or grounds for the establishment, exercise, or defence of claims.

§ 3. Disclosure of Personal Data

  1. Users’ personal data may be transferred to service providers used by the Controller in connection with the operation of the Website, in particular to:
    1.1. payment system providers;
    1.2. entities providing accounting, legal, advisory, or audit services;
    1.3. hosting providers;
    1.4. software providers enabling business operations;
    1.5. providers of mailing systems;
    1.6. providers of e-commerce software;
    1.7. operators of booking platforms (e.g. www.booking.com);
    1.8. marketing agencies acting on behalf of the Controller.

  2. The service providers referred to in point 1, to whom personal data is transferred, depending on contractual arrangements, either act on behalf of and under the instructions of the Controller (processors) or determine independently the purposes and means of their processing (controllers).

  3. Users’ personal data is stored exclusively within the European Economic Area (EEA).

§ 4. Right of Control, Access to Data, and Rectification

  1. The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  2. Legal grounds for Users’ requests:
    2.1. access to data – Article 15 GDPR;
    2.2. rectification of data – Article 16 GDPR;
    2.3. erasure of data (“right to be forgotten”) – Article 17 GDPR;
    2.4. restriction of processing – Article 18 GDPR;
    2.5. data portability – Article 20 GDPR;
    2.6. objection – Article 21 GDPR;
    2.7. withdrawal of consent – Article 7(3) GDPR.

  3. To exercise the rights referred to in point 2, an e-mail should be sent to: info@iimrentals.com

  4. In the event of a User exercising the rights referred to above, the Controller shall comply with or refuse to comply with the request without undue delay, but no later than one month from receipt. If, due to the complexity of the request or the number of requests, the Controller cannot meet this deadline, it may extend it by a further two months, informing the User within one month of receipt of the request of the extension and reasons.

  5. If the processing of personal data is found to violate GDPR, the data subject has the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

§ 5. “Cookies”

  1. The Website uses “cookies”.

  2. The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain information essential for the correct functioning of the Website, and they also allow the development of general statistics regarding Website visits.

  3. The Website uses two types of cookies: “session” and “persistent”:
    3.1. “session cookies” are temporary files stored on the User’s device until logging out (leaving the Website);
    3.2. “persistent cookies” are stored on the User’s device for the period defined in the parameters of the cookies or until they are deleted by the User.

  4. The Controller uses its own cookies to better understand how Users interact with Website content. Cookies collect information on the manner of use of the Website by the User, the type of page from which the User was redirected, the number of visits, and the duration of the User’s visit. This information does not record specific personal data but is used to compile Website usage statistics.

  5. The Controller may use third-party cookies to collect general and anonymous statistical data through analytical tools.

  6. Cookies may also be used by advertising networks, in particular Google, to display ads tailored to the manner in which the User uses the Website. To this end, they may retain information about the User’s navigation path or time spent on a given page.

  7. The User has the right to decide on cookies’ access to their device by selecting them in advance in their browser window. Detailed information on the possibilities and methods of handling cookies is available in browser settings.

§ 6. Links to Social Media or Other Websites

  1. The Website may contain links to external social media platforms (e.g. Facebook, Instagram) and other websites, including other websites of the Controller. The functions assigned to these links, in particular the transfer of information and personal data, are activated only after clicking on the link. At that point, the relevant plugin of the given social media or website is activated, and the User’s browser establishes a direct connection to the servers of the social media or websites, redirecting the User. The provider of such portal or website will receive information that the User visited the Website before entering the portal or website (even if the User is not registered or logged in). This information (including the IP address) will be transmitted directly from the User’s browser to the servers of the social media provider (usually located in the USA) or the website and stored there. If the User is logged into the given portal, the portal will immediately link the visit to the User’s account.

  2. If the User does not want their personal data to be transferred to providers of social media platforms or other websites, they should not click on such links. If the User does not want the provider to associate their visit with their profile, they should log out of the portal beforehand.

  3. More information on the processing of personal data by individual portals can be found on their websites.

§ 7. Final Provisions

  1. The Controller applies technical and organisational measures ensuring the protection of processed personal data appropriate to the risks and category of data, in particular protecting the data against unauthorised disclosure, access, collection, processing contrary to the law, as well as alteration, loss, damage, or destruction.

  2. The Controller provides appropriate technical measures preventing unauthorised persons from obtaining and modifying personal data transmitted electronically.

  3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other applicable Spanish laws shall apply.

  4. This Privacy Policy may be subject to changes and updates. To stay informed about how your data is processed, please visit this page from time to time.

  5. The provisions of this Privacy Policy are not intended to exclude or limit any rights of data subjects.

  6. In the event of inconsistency of any part of this Privacy Policy with applicable law, the relevant provisions of law shall apply instead.

Close
Close