Privacy policy

Privacy Policy

This legal text gives you details of how we collect and process your personal data through the use of our website, including any information you can provide us through the site when you perform the contracting of a service, is registered to our newsletter or provide your contact information through the form enabled for this purpose.

By providing us with the information, we inform you that our services are only directed to adults, so it guarantees that you are over 18 years of age when you send us the form.

1. Responsible for the treatment.

Responsible contact details:


CIF: B93176089

Registered Office: C / Los nidos, 7 29620 Torremolinos Spain

Phone: 952387299


CRISTELLA PLAZA HOTEL S.L., is responsible for your data. (Hereinafter us or ours).


2. What data do we collect?

The General Regulation of Data Protection, tells us that personal data is all information about an identified or identifiable natural person, that is, all the information capable of identifying a person. This would not include anonymous or percentage data.

In our Web we can process certain types of personal data, which may include:

Identity data: name, surname and username.

Contact information: email or billing address.

Financial data: bank details and other details of purchases made

Technical data: login data, Internet protocol addresses, browser type and version, configuration and location of the time zone, operating system, types and versions of browser plug-in, and any other technology in the devices that use to access our website.

Profile data: username and password, purchases made, comments and responses to surveys.

Usage data: information about how you use our website, products and services.

Marketing and communications data: preferences to receive marketing communications by our part and preferred means of communication.

We do not collect any data related to special categories of personal data (those that reveal their ethnic or racial origin, political opinions, religious or philosophical convictions, union affiliation and information about their health, genetic or biometric data).

In case you are requested to collect personal data by law or according to the terms of contract between us and you refuse to provide them, we may not be able to make such a contract or provide the service, and must notify us in advance.


3. How do we collect your personal data?

The means we use to collect personal data are:

Through the form on our website, through our contact emails, by phone or postal mail, when:

Request information about our products or services

Contract the provision of our services or products

Request quotes

Subscribe to any of our services or publications

Send your comments

To ensure the quality of our website, we reserve the right to refuse any registration request or to suspend or cancel a previously accepted registration if we understand that it does not meet these requirements or any other law or regulation. If this happens, we will try to explain the reasons for our decision, but we can not commit to doing so in all cases.

Through technology or automated interactions: on our site we can automatically collect technical data about your equipment, navigation actions and usage patterns. This data is collected through cookies or similar technologies. If you want to expand the information, you can consult our cookies policy here (link)

Through third parties:

Google: analytical data or search data. Outside the European Union.

Social Networks: (Facebook, Instagram, Twitter, Linkedin ...) outside the European Union.


4. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

For the formalization of a contract between CRISTELLA PLAZA HOTEL S.L. and you.

When you give your consent in the processing of your data

When we need them to comply with a legal or regulatory obligation

When necessary for our legitimate interest or that of a third party.

The User may revoke the consent given at any time by sending an email to or by consulting the exercise section of rights below.

Below we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for its use, as well as knowing what kind of personal data we are going to deal with. We can process some personal data for some additional legal reason, so if you need details about it you can send an email to


Type of data

Legitimacy for your treatment


To request information through the contact form

- First name

- Surnames

- Email

Consent of the interested party


To make commercial communications, delivering relevant content that may be of interest to you

- First name

- Surnames

- Email

Consent of the interested party


To manage and protect our business and our website

- Technical data

- First name

- Surnames

- Email


Legitimate interest

Commercial communications: you will only receive communications if

You requested information or made a contract with us for a product or service.

If you gave us your information, accepting the box enabled in this respect on our form.

As long as you have not expressed your willingness to stop receiving such communications.

We obtain your express consent before sending you any communication, being able to request at any time that we stop sending you communications in the email


When you choose to stop receiving our communications, your personal data will remain stored as a result of the contract made by you to comply with legal requirements.


Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably believe that we must use it for another reason, notifying you in advance so that you are informed of the legal reason for processing it and provided the purpose is compatible with the purpose original.


Conservation period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and the treatment of the data. The provisions of the files and documentation regulations will apply.


Subscriber data by e-mail or form: From the moment the user subscribes until they unsubscribe.


User data uploaded by CRISTELLA PLAZA HOTEL S.L. to your Social Networks or pages: Since the user gives his consent until he withdraws it.


5. Your Rights in Data Protection

How to exercise these rights? Users can send a communication to the registered office of CRISTELLA PLAZA HOTEL S.L. or email address, including in both cases photocopy of your D.N.I or other similar identification document, to request the exercise of the following rights:


Access to your personal data: you can ask CRISTELLA PLAZA HOTEL S.L. if you are using your personal data.

To request their rectification, if they were not correct, or to exercise the right to oblivion with respect to them.

To request the limitation of the treatment, in this case, they will only be conserved by CRISTELLA PLAZA HOTEL S.L. for the exercise or defense of claims

To oppose your treatment: CRISTELLA PLAZA HOTEL S.L. will stop treating the data in the way you indicate, except that for legitimate reasons or for the exercise or defense of possible claims, these should continue to be treated.

To the portability of the data: in case you want your data to be processed by another firm, CRISTELLA PLAZA HOTEL S.L. will facilitate the portability of your data to the new manager.

You can use the models placed at your disposal by the Spanish Agency for Data Protection, to exercise your previous rights: Here


Claim before the AEPD: if you consider that there is a problem with the way in which CRISTELLA PLAZA HOTEL S.L. is processing your data, you can direct your claims to the corresponding control authority, being in Spain, the competent for it: Spanish Agency for Data Protection.


We may have to request specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any of the other rights mentioned above). This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.


All the requests are solved within the legal term indicated 1 month. However, it can take more than a month if your request is particularly complex, or if you have already performed a series of actions previously. In this case, we will notify you and keep you updated.


6. Transfer of personal data

It is possible that, in the performance of our work, we need the help of third parties, who will only process the data to provide the contracted service, and with whom we have the corresponding measures to guarantee their rights:


Service providers that provide systems management and information technology services.

Professional advisors that include lawyers, auditors and insurers that provide banking, legal, insurance and accounting consulting services


All those in charge of treatment to whom we transfer your data will respect the security of your personal data and will treat them according to the RGPD.


We only allow such managers to process your data for certain purposes and in accordance with our instructions. However you can ask us, in compliance with the transparency, a list of who are these companies that provide us services, you can do it by email:


7. Data Security

We have implemented the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner, modified or disclosed. In addition, we limit the access to your personal data to those employees, contractors and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.


We have implemented procedures to deal with any suspicion of violation of your personal data and will notify you and the Control Authority in case it occurs, as regulated in the RGPD in its articles 33 and 34, a security breach.


8. International transfers

Countries outside the European Economic Area (EEA) do not always offer the same levels of protection for their personal data, which is why European legislation has prohibited the transfer of personal data outside the EEA unless the transfer meets certain requirements.


Some of our external service providers are outside the European Economic Area (EEA), so the processing of your personal data will involve a transfer of data outside the EEA.


Social Networks: CRISTELLA PLAZA HOTEL S.L. makes use of social networks Facebook, Instagram, LinkedIn and Twitter, all in the US.

If you need an extension with respect to the specific mechanism used by us when transferring your data outside the EEA, you can contact us through our email