Privacy policy

At Halma Coliving we respect your privacy and process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

  • Controller: [COMPLETAR: razón social]
  • Tax ID: [COMPLETAR: NIF/CIF]
  • Address: [COMPLETAR: domicilio social]
  • Email: [COMPLETAR: correo de contacto]
  • Phone: [COMPLETAR: teléfono]
  • Data Protection Officer (if applicable): [COMPLETAR: delegado de protección de datos, si procede]

2. Data we process

Depending on how you use the website and, in particular, the booking form, we may process:

  • Identification data: name, surname, identity document.
  • Contact data: email, phone, postal address, country and postcode.
  • Stay-related data: check-in and check-out dates, selected room, additional services, reason for the temporary contract.
  • Technical data: IP address, device identifiers, browsing data and cookies (see Cookie Policy).

Please do not provide special categories of data (health, beliefs, etc.) unless strictly necessary and with your explicit consent.

3. Purposes and legal basis

We process your data for the following purposes, with the corresponding legal basis:

  • Manage your booking request and any pre-contractual or contractual relationship (performance of pre-contractual measures or contract).
  • Respond to enquiries via contact channels (consent or legitimate interest in replying).
  • Comply with legal obligations (tax, accounting, accommodation regulations).
  • Ensure website security and prevent fraud or misuse (legitimate interest).
  • Send commercial communications about similar services where there is a prior relationship and you have not objected (legitimate interest / e-commerce rules).

4. Booking form

Data submitted through the booking form on halmacolivingappweb.davinchi.es is sent securely to Halma Coliving's management systems to check availability, calculate prices and register your request. Completing the form and ticking «I have read and accept the privacy policy» and «I have read and accept the legal notice» constitutes clear consent and prior information under the GDPR.

Required fields are necessary to process the booking. If you do not provide them, we cannot handle your request.

5. Retention

We retain data for the duration of the booking or request relationship and thereafter for periods required by applicable law (e.g. tax and accounting). After those periods, data will be deleted or anonymised.

6. Recipients and processors

Data may be disclosed to public authorities where legally required. We may use processors (hosting, email, management software, etc.) acting on instructions from [COMPLETAR: razón social] under contracts ensuring confidentiality and security. Data will not be sold to third parties for commercial purposes without your consent.

7. International transfers

We do not generally transfer data outside the European Economic Area. If future providers require this, GDPR safeguards will apply (standard contractual clauses, adequacy decisions, etc.).

8. Your rights

You may exercise the following rights at any time, proving your identity:

  • Access: know what data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where applicable.
  • Objection: object to certain processing based on legitimate interest.
  • Restriction: in legally provided cases.
  • Portability: receive your data in a structured format where applicable.
  • Withdraw consent at any time without affecting prior lawful processing.

To exercise your rights, email [COMPLETAR: correo de contacto] stating which right you wish to exercise and attach a copy of your ID. We will respond within one month.

You may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you believe processing does not comply with the law.

9. Security measures

[COMPLETAR: razón social] applies appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration, including encrypted communications (HTTPS) and access controls on management systems.

10. Minors

Booking services are intended for adults. We do not knowingly collect data from minors without parental consent.

11. Changes to this policy

We may update this policy to reflect legal or service changes. The current version will always be published on this page with the last updated date.

Last updated: 24/06/2026. Contact: [COMPLETAR: correo de contacto].