PRIVACY POLICY

1. Data Processing

BEST HOUSE BEST PLACE S.L. is the Data Controller. The data processing related to the web services of this Website is carried out solely by authorized personnel. No data acquired through the web service is disclosed.
Personal data provided by users who submit requests and/or communications via form, email, or telephone are used solely to carry out the requested service or performance.
The above is subject to a specific privacy notice provided by the Data Controller pursuant to Article 13 of the Privacy Code.

​

2. Subject of the Processing

The data subject to processing includes:

• Connection IP address

• Information related to the device used

• Location information

• Pages visited

• Common data provided when signing up for services

• Cookies

​​

3. Purposes and Legal Basis of the Processing

a) With the prior consent of the Data Subject, personal data will be processed for the following purposes: to manage any requests for information, bookings, and participation in the retreat.
The legal basis for the processing referred to in letter (a) is Article 6, letter (b) of the GDPR: the performance of a contract to which the data subject is a party, or the execution of pre-contractual measures taken at the data subject's request.
Providing the data is not mandatory, but it is necessary in order to perform the requested services. Failure to provide the data will therefore make it impossible to fulfil such requests.

​

b) Personal data will also be processed in order to comply with a legal obligation to which the Data Controller is subject (pursuant to Article 6, letter (c) of the GDPR).

​

c) Data may also be processed for the legitimate interests pursued by the Data Controller, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, taking into account the reasonable expectations of the data subject based on their relationship with the Data Controller—particularly for the prevention of fraud or, to the extent strictly necessary and proportionate, to ensure network and information security.
The legal basis for the processing referred to in letter (c) is Article 6, letter (f) of the GDPR.

​

d) The legal basis for the processing referred to in letter (d) is Article 6, letter (a) of the GDPR: the Data Subject has given consent to the processing of their personal data for one or more specific purposes.
Providing the data is optional, but it is necessary to achieve the stated purposes.

User data will also be used in aggregated and anonymized form to perform statistical analyses.

​

4. Data Retention

Personal data collected for the purposes described in point 3 will be processed and retained for the time necessary to achieve the purposes for which they were collected, and in any case within the statute of limitations periods established by law.

In particular, the data will be processed for the purpose of creating the contract for participation in the retreat and the customer record.

User location data is not stored by the Data Controller.
Once the retention period has expired, the data will be deleted.

​

5. Data Recipients

Project collaborators in their capacity as persons authorized to process data.

Additionally, the User’s data may be disclosed to third parties (Public Authorities, Police Forces, or other public and private entities) solely for the purpose of complying with contractual, legal, and/or EU regulatory obligations.

In any case, data will not be disseminated, nor will data be disclosed when prohibited by law.

​

6. Data transfer

No transfers of data outside the EU or to international organizations are planned.
In the event that such transfers become necessary for the operation of the Website or the App, the Data Controller will adopt all appropriate safeguards provided for under Articles 44 et seq. of the GDPR, including adequacy decisions and standard contractual clauses approved by the European Commission.

​

7. Data Subject's Rights

In accordance with Articles 15 to 21 of the GDPR, the User, as the Data Subject, may exercise the rights set forth therein, in particular:

• Right of access (Article 15, GDPR): To obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to receive information about the processing, in particular the purposes of the processing, the categories of personal data processed, the retention period, and the recipients to whom the data may be disclosed.

• Right to rectification (Article 16, GDPR): To obtain, without undue delay, the rectification of inaccurate personal data and the completion of incomplete personal data.

• Right to erasure (Article 17, GDPR): To obtain, without undue delay, the deletion of personal data in cases provided for by the GDPR.

• Right to restriction of processing (Article 18, GDPR): To obtain from the Data Controller the restriction of processing in the cases provided for by the GDPR.

• Right to data portability (Article 20, GDPR): To receive the personal data provided to the Data Controller in a structured, commonly used, and machine-readable format, and to have those data transmitted to another controller without hindrance, in cases provided for by the GDPR.

• Right to object (Article 21, GDPR): To object to the processing of personal data concerning them, unless there are legitimate grounds for the controller to continue processing.

​​

These rights and the withdrawal of any consent given may be exercised by simply submitting a request.
The User also has the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the GDPR.