This legal text gives details of how we collect and process your personal data through your use of our website, including any information you may provide to us through the site when you sign up for a service, register for our newsletter or provide your contact details through the form provided for this purpose.

When you provide us with your data, we inform you that our services are not possible for those persons who are not able to give consent, so when you send us the forms, you guarantee that you have sufficient capacity to give consent.

Below we inform you of the data protection policy of: Grisoma Hotelera, S.L.

  1. Data controller.

Contact details of the person responsible: GRISOMA HOTELERA, S.L., C/ Edgar Neville, s/n. Marbella. C.P. 29660. Málaga, C.I.F: B57116923 and email

Registro Mercantil de Málaga T 1881 , F 68, S 8, H PM 40058, I/A 2 (13.08.10)

GRISOMA HOTELERA, S.L., is responsible for your data. (Hereinafter "we" or "us" or "our").

  1. What data do we collect?

The General Data Protection Regulation tells us that personal data is any information about an identified or identifiable natural person, i.e. any information capable of identifying a person. This would not include anonymised data, or percentage data.

The personal data that may be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding processing activities, owned by Grisoma Hotelera, S.L.

We may process certain types of personal data on our website, which may include:

  • Identity data: name and surname
  • Personal characteristics data: date of birth, nationality, etc
  • Contact data: email and telephone
  • Marketing and communications data: preferences to receive marketing communications from us and preferred means of communication

We do not collect any data relating to special categories of personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and information about your health, genetic or biometric data).

If you are required to collect personal data by law or under the terms of a contract between us and you refuse to provide it to us, we may not be able to perform the contract or provide the service and you must notify us in advance.

  1. How do we collect your personal data?

The means we use to collect personal data are:

  • Through the form on our website, through our contact emails, by telephone or post, when:
    • You request information about our products or services
    • You contract the provision of our services or products
    • You request a quote
    • You subscribe to any of our services or publications.

To ensure the quality of our site, we reserve the right to refuse any registration request or to suspend or cancel a previously accepted registration if we believe that it does not meet these requirements or any other law or regulation. If this happens, we will try to give reasons for our decision, but we cannot undertake to do so in all cases.

  • Through technology or automated interactions: On our site we may automatically collect technical data about your computer, browsing actions and usage patterns. This data is collected through cookies or similar technologies. If you would like more information, you can view our cookie policy here.
  • Through third parties:
    • Google: analytical data or search data. Outside the European Union.
      Purpose and legitimacy for the use of your data.
  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • For the formalisation of a contract between GRISOMA HOTELERA, S.L. and you.
  • When you consent to the processing of your data.
  • When we need them to comply with a legal or regulatory obligation.
  • When it is necessary for our legitimate interest or that of a third party.

The User may revoke the consent given at any time by sending an email to or by consulting the section on exercising rights below.

Below is a table showing the ways in which we will use your personal data and the legitimacy for its use, as well as the type of personal data we will process. We may process some personal data for additional legal reasons, so if you need details please send an email to

Form Purpose Type of data Legitimacy for processing
Contact The purpose is the management of contacts and requests for information received via web Name
Consent of the data subject (art. 6.1.a RGPD)
Pre-contractual measures (art. 6.1.b RGPD)
Processing is necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1f GDPR)
Newsletter The purpose is to manage the data provided to send information about our services and promotions E-mail Consent of the data subject (art. 6.1.a RGPD)
Pre-contractual measures (art. 6.1.b RGPD)
Processing is necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1f GDPR)
Airport transfer Management of the contact data provided to request a transfer Name
Consent of the data subject (art. 6.1.a RGPD)
Pre-contractual measures (art. 6.1.b RGPD)
Processing is necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1f GDPR)
Rent a car Management of contact details provided to rent a vehicle Name
Birth date
Consent of the data subject (art. 6.1.a RGPD)
Pre-contractual measures (art. 6.1.b RGPD)
Processing is necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1f GDPR)
Rent a yatch Management of contact details provided to rent a yacht Name
Consent of the data subject (art. 6.1.a RGPD)
Pre-contractual measures (art. 6.1.b RGPD)
Processing is necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1f GDPR)
Bookings and reservations The purpose is to manage reservations for Villa el Martinete, restaurant reservations and/or golf package reservations Name
Consent of the data subject (art. 6.1.a RGPD)
Processing necessary for compliance with a legal obligation applicable to the controller (art. 6.1.c RGPD)
Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the data subject's request of pre-contractual measures (art. 6.1.b RGPD)
Processing necessary for the fulfilment of legitimate interests pursued by the controller (art. 6.1.f RGPD)

Commercial communications:
you will only receive communications if

  • You have requested information from us or have contracted a product or service from us.
  • If you provided us with your details, accepting the box provided for this purpose on our form.
  • Provided that you have not expressed your wish to stop receiving such communications.

We obtain your express consent before sending you any communication, and you may request at any time that we stop sending you communications by email to

When you opt out of receiving communications from us, your personal data will continue to be stored as a result of your contracting with us in order to comply with legal requirements.

Purpose: We will only use your data for the purposes for which we collect it, unless we reasonably consider that we should use it for another purpose, notifying you in advance so that you are aware of the lawful reason for processing and provided that the purpose is compatible with the original purpose.

  1. How long will we keep your data?

They will be kept for the time necessary to fulfil the purpose for which they were collected and to determine any possible liabilities that may arise from this purpose and from the processing of the data. The provisions of the different regulations regarding the retention period shall apply, insofar as they are applicable to the present processing. Data of subscribers by e-mail or form: From the time the user subscribes until he/she unsubscribes.

  1. Minors

Grisoma Hotelera, S.L. does not authorise minors under 14 years of age to provide their personal data through the means provided on this website (filling in the web forms for requesting services, contact or by sending e-mails). Therefore, persons who provide personal data using these means formally state that they are over 14 years of age and Grisoma Hotelera, S.L. shall be exempt from any liability for failure to comply with this requirement.

If your child under the established age limit has provided personal information to Grisoma Hotelera, S.L., please contact Grisoma Hotelera, S.L. in order to request the exercise of your applicable rights.

In those cases in which the services offered by Grisoma Hotelera, S.L. are intended for minors under 14 years of age, the means will be provided to obtain the authorisation of the minor's parents or legal guardians.

  1. Exercise of Data Protection Rights:

How to exercise these rights? Users may send a communication to the registered office of Grisoma Hotelera, S.L. or to the e-mail address, incluyendo en ambos casos fotocopia de su D.N.I u otro documento de identificación similar, para solicitar el ejercicio de los siguientes derechos:

- Access to your personal data: you may ask Grisoma Hotelera, S.L. whether it is using your personal data.
- To request their rectification, if they are not correct, or to exercise the right to be forgotten with respect to them.
- To request the limitation of the treatment, in this case, they will only be kept by Grisoma Hotelera, S.L for the exercise or defence of claims.
- To oppose their processing: Grisoma Hotelera, S.L. will stop processing the data in the way you indicate, unless for legitimate reasons or for the exercise or defence of possible claims, they must continue to be processed.
- To data portability: if you want your data to be processed by another company, Grisoma Hotelera, S.L. will facilitate the portability of your data to the new data controller.

You may use the forms made available to you by the Spanish Data Protection Agency to exercise your aforementioned rights: Here
Claim before the AEPD: if you consider that there is a problem with the way in which Grisoma Hotelera, S.L. is treating your data, you can address your claims to the corresponding control authority, being in Spain, the competent for this: Agencia Española de Protección de Datos.
We will ask you for specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any other of the aforementioned rights). This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it.
All requests will be dealt with by us within the specified legal deadline of one month. However, it may take longer than one month if your request is particularly complex. In this case, we will notify you and keep you updated.

  1. Disclosure of data: provision of services.

In the course of our work, we may need the assistance of third parties, who will only process the data for the purpose of providing the contracted service, and with whom we have appropriate measures in place to safeguard your rights:

- Service providers who provide system administration and information technology services.
- Professional advisers including lawyers, auditors and insurers who provide banking, legal, insurance and accounting consultancy services.

All processors to whom we transfer your data will respect the security of your personal data and process it in accordance with the GDPR.

We only allow such processors to process your data for specified purposes and in accordance with our instructions. However, in order to comply with transparency requirements, you may request a list of the companies that provide services to us by sending an email to:

  1. Data Security.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, modified or disclosed. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who have a business need to know that data. They will only process your personal data in accordance with our instructions and are bound by a duty of confidentiality.
We have implemented procedures to deal with any suspected breach of your personal data and will notify you and the Supervisory Authority in the event of a breach of security as regulated in Articles 33 and 34 of the GDPR.