Privacy Policy

Introduction

La Serra Sport & Wellness, hereinafter referred to as the DATA CONTROLLER, is responsible for the processing of personal data of users collected while browsing the website: https://www.laserrasportwellness.com/. Your data will be processed in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and the free movement of such data. The following information explains how we process your data.

This website also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). Using this website implies acceptance of this Privacy Policy, as well as the conditions included in the Legal Notice.

This Privacy Policy describes how we collect your personal data, why we collect it, how we use it, with whom we share it, how we protect it, and your options regarding its processing.

This Policy applies to the processing of personal data collected by the company for the provision of its services. By accepting this Policy, you consent to the processing of your personal data as described herein.

Data Controller Identity

Principles applied in data processing

We are committed to providing our services at the highest level of quality, which includes processing your data securely and transparently. Our principles are:

  • Lawfulness: We only collect your personal data for specific, explicit, and legitimate purposes.
  • Data minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it is collected.
  • Purpose limitation: We only collect your personal data for the declared purposes and according to your wishes.
  • Accuracy: We maintain your personal data accurate and up-to-date.
  • Data security: We apply technical and organizational measures proportionate to the risks to ensure your data is not damaged, disclosed, accessed without authorization, accidentally or unlawfully destroyed, lost, altered, or subjected to any other unlawful processing.
  • Access and correction: We provide means for you to access or correct your data at any time.
  • Retention: We keep your personal data lawfully and appropriately, only as long as necessary for the purposes for which it was collected.
  • International transfers: If your data needs to be transferred outside the EU/EEA, it will be properly protected.
  • Third parties: Access and transfer of personal data to third parties is carried out in accordance with applicable laws and regulations and under appropriate contractual guarantees.
  • Direct marketing and cookies: We comply with applicable advertising and cookies legislation.

Collection of personal data

It is not necessary to provide personal data to browse the website. Personal data may be collected in the following cases:

  • When contacting us through the contact form or by email
  • When making a direct reservation with La Serra Sport & Wellness
  • When subscribing to the newsletter

Data retention criteria: Data will be kept while there is a mutual interest in maintaining the purpose of processing. When it is no longer necessary, data will be deleted with appropriate security measures to ensure pseudonymization or total destruction.

Data communication: Data will not be shared with third parties, except for legal obligations.

Purpose of personal data processing

Collected personal data is used for the following purposes:

  • Reservation and stay management: respond to requests, confirm reservations, process payments, and comply with legal obligations related to traveler registration.
  • Communication with clients: respond to inquiries and provide practical information about the stay.
  • Collaborators and external services: if external services are contracted (e.g., dinners prepared by Hostal de Sant Maurici or other sports activities), the minimum necessary data may be shared with the collaborator for proper service management.
  • Sending commercial communications: via email, fax, SMS, MMS, social media, or any other present or future medium that allows commercial communication. These communications will be carried out by the DATA CONTROLLER, always with the user’s express consent, and related to its products and services or those of its collaborators or providers with whom a promotional agreement exists. Third parties will never have access to personal data.
  • Website improvement: analysis of navigation using cookies, if accepted (see Cookies Policy).
  • Statistical studies.

Rights of the user

Regarding the collection and processing of your personal data, you may contact us at any time to:

  • Access your personal data and any other information indicated in Article 15.1 of the GDPR
  • Rectify your personal data if inaccurate or incomplete, according to Article 16 of the GDPR
  • Delete your personal data according to Article 17 of the GDPR
  • Restrict processing of your personal data according to Article 18 of the GDPR
  • Request portability of your data according to Article 20 of the GDPR
  • Object to the processing of your personal data according to Article 21 of the GDPR

If you have given your consent for a specific purpose, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

You can exercise these rights by sending a justified and accredited request to: info@laserrasportwellness.com

You also have the right to file a complaint with the competent supervisory authority (www.aepd.es) if you consider that processing does not comply with current regulations.

Recipients of data

  • Local collaborators: only if linked services to the stay are contracted (e.g., dinners, transport services, guides, or other activities). Only the data necessary for proper service provision will be shared.
  • Analytics and cookies services: if used (e.g., Google Analytics), always as informed in the Cookies Policy. Data will never be transferred to third parties without prior consent, except for legal obligations.

Personal data security

In accordance with current personal data protection regulations, the DATA CONTROLLER complies with all GDPR provisions for processing personal data under its responsibility, especially the principles in Article 5 of the GDPR, ensuring data is processed lawfully, fairly, and transparently in relation to the user, and adequately, relevantly, and limited to what is necessary for the purposes for which it is processed.

The DATA CONTROLLER guarantees that appropriate technical and organizational policies have been implemented to apply GDPR security measures to protect users’ rights and freedoms and has provided adequate information so users can exercise them.

Accuracy and truthfulness of data

The user commits to providing correct, complete, and updated data. The DATA CONTROLLER is exempt from any responsibility if the provided data is false, incomplete, or outdated.

Acceptance and consent

The user declares to have been informed of the conditions regarding the processing of personal data and accepts and consents to such processing as described and for the purposes indicated in this Privacy Policy.

Legal information

The requirements of this Policy complement, and do not replace, any other existing requirement under applicable data protection law, which will prevail in any case.

This Policy is subject to periodic review and may be modified by the company at any time.





Serra de Degollats, 08517
Santa Maria de Merlès, Barcelona

+34 628 712 638
info@laserrasportwellness.com
@laserrasportwellness