Legal
Privacy Policy
How we collect, use, and protect your personal data in line with GDPR and Spanish law.
Who We Are
This website is operated by Sun Marbella (sunmarbella.com). Our contact email is hello@sunmarbella.com and our phone number is +34 851 000 158. We are committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Spanish law.
Data We Collect
We collect personal data that you provide directly to us when making a booking enquiry or reservation. This includes: your full name, email address, phone number, country of residence, number of guests (adults and children), travel dates, and any special requests or preferences you share with us. We may also collect technical data such as your IP address, browser type, and pages visited when you use this website, for analytics and security purposes.
How We Use Your Data
We use your personal data to: process and manage your booking reservation; communicate with you about your stay, including arrival information, payment requests, and updates; provide guest support before, during, and after your stay; comply with legal obligations including tax and accounting requirements; send you occasional updates or offers if you have given your consent (you can unsubscribe at any time). We do not use your data for automated decision-making or profiling.
Legal Basis for Processing
We process your personal data on the following legal bases: (1) Contract performance — processing is necessary to fulfil the rental agreement when you make a booking; (2) Legal obligation — we retain certain records as required by Spanish law and tax regulations; (3) Legitimate interests — to improve our services, prevent fraud, and maintain website security; (4) Consent — for marketing communications, where you have opted in.
Data Sharing
We do not sell your personal data to third parties. We may share your data with trusted service providers who assist us in operating the website and managing bookings (such as payment processors and booking platform providers), subject to strict data protection agreements. We may also disclose data if required by law, court order, or regulatory authority.
Cookies and Analytics
This website uses cookies to improve your browsing experience and to collect anonymous analytics data. We use Google Analytics to understand how visitors use our site. You can control cookie preferences through your browser settings. By continuing to use this website, you consent to the use of cookies as described in our cookie notice.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Booking records are retained for a minimum of 5 years to comply with Spanish tax law. Marketing consent records are retained until you withdraw consent. After the applicable retention period, your data will be securely deleted or anonymised.
Your Rights
Under GDPR, you have the following rights regarding your personal data: Right of access — to request a copy of the data we hold about you; Right to rectification — to request correction of inaccurate data; Right to erasure — to request deletion of your data (subject to legal obligations); Right to restriction — to request that we limit how we use your data; Right to data portability — to receive your data in a structured, machine-readable format; Right to object — to object to processing based on legitimate interests or for direct marketing. To exercise any of these rights, please contact us at hello@sunmarbella.com.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. All payment transactions are processed through secure, PCI-compliant payment providers. We do not store full card numbers on our systems.
Contact and Complaints
For any privacy-related questions or to exercise your data rights, please contact us at hello@sunmarbella.com. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.
Exercise your data rights
To access, correct, delete, or port your data, contact us directly. We respond within 30 days as required by GDPR.