Privacy Policy

This legal text provides you with details on how we collect and process your personal data through the use of our website, including any information you may provide us through the site when you submit your data via the designated form.

By providing us with your data, we inform you that our services are not available to individuals who are legally unable to give consent. Therefore, when you submit the forms, you guarantee that you have the sufficient capacity to grant consent.

Next, we inform you about the data protection policy of: Mundo Gracium 10, S.L.

  1. Data Controller.

Contact details of the data controller:

Mundo Gracium 10, S.L, with VAT number: B47788443 and address at: Carril Hijuela de la Mirla nº 86 11140 Conil De La Frontera Cádiz and phone number: 622664922. Email:

Registro Mercantil de Valladolid, el día 17 de Enero de 2019, al Tomo 1551, Folio 14, Sección 8, Hoja VA 30332, I/A 2. 

Mundo Gracium 10, S.L, is the data controller (hereinafter referred to as “we” or “our”).


  1. What data do we collect?

The General Data Protection Regulation defines personal data as any information relating to an identified or identifiable natural person, in other words, any information capable of identifying a person. This does not include anonymous or percentage data.

The personal data that may be collected directly from the data subject will be treated confidentially and incorporated into the corresponding processing activities, owned by Mundo Gracium 10, S.L.

On our website, we may process certain types of personal data, which may include:

  • Identity data: last name.

We do not collect any data related to special categories of personal data (those revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, or information about health, genetic or biometric data).

If you are required by law or contractual terms between us to provide personal data and you refuse to do so, we may not be able to fulfill the contract or provide the service, and you should notify us in advance.


  1. How do we collect your personal data?

The methods we use to collect personal data are:

  • Through the form on our website, through our contact email, by phone, or by postal mail when:
    • You request information about our services
    • You contract the provision of our services
    • Through technology or automated interactions: on our site, we may automatically collect technical data about your equipment, browsing actions, and usage patterns. This data is collected through cookies or similar technologies. If you want more information, you can refer to our cookie policy.
  • Through third parties:
  • Google: analytical data or search data. Outside the European Union.


  1. Purpose and Legitimacy for the Use of Your Data

The most common purposes for the use of your personal data are:

  • For the formalization of a contract between Mundo Gracium 10, S.L and you.
  • When you give your consent for the processing of your data.
  • When we need them to comply with a legal or regulatory obligation.
  • When it is necessary for our legitimate interest or the legitimate interest of a third party.

The User may revoke the consent given at any time by sending an email to or by referring to the section on the exercise of rights mentioned below.

Below is a table in which you can see the ways in which we will use your personal data, the legitimacy for its use, and the type of personal data we will process. We may process certain personal data for additional legal reasons, so if you need more details in this regard, you can send an email to



Type of data

Legitimacy for processing


The purpose is reservation management

  • Name
  • Surname
  • Phone number
  • Email
  • ID card/ Residence permit/ Passport
  • Address
  • Credit card information

Consent of the data subject (art. 6.1.a RGPD)


Treatment necessary for the execution of a contract in which the data subject is a party or for the implementation, at the request of the data subject, of pre-contractual measures (art. 6.1.b RGPD)

Processing is necessary for the legitimate interests pursued by the data controller (art. 6.1f RGPD)

Purpose We will only use your data for the purposes for which it was collected, unless we reasonably consider that we should use it for another reason, notifying you in advance so that you are informed of the legal basis for its processing, and provided that the new purpose is compatible with the original purpose.


  1. How long will we keep your data?

We will keep your data for as long as necessary to fulfill the purpose for which it was collected and to determine any potential liabilities that may arise from that purpose and the processing of the data. The different regulations regarding data retention periods will apply, as applicable to this specific processing.


  1. Minors

Mundo Gracium 10, S.L does not authorize individuals under the age of 14 to provide their personal data through the means enabled on this website (such as filling out web forms for service requests, contact forms, or sending emails). Therefore, individuals who provide personal data using these means formally declare that they are over 14 years old, and Mundo Gracium 10, S.L is exempt from any liability for non-compliance with this requirement.

If your child under the age limit has provided personal information to Mundo Gracium 10, S.L, please contact us to request the exercise of applicable rights.

In cases where the services offered by Mundo Gracium 10, S.L are intended for children under 14 years old, means will be provided to obtain authorization from the parents or legal guardians of the child.


  1. Exercise of Data Protection Rights:

How to exercise these rights? Users may send a communication to the registered office of Mundo Gracium 10, S.L or the email address, including a photocopy of their ID card or other similar identification document, to request the exercise of the following rights:

  • Access to their personal data: Users may inquire whether Mundo Gracium 10, S.L is using their personal data.
  • Request for rectification if the data is incorrect or exercise the right to be forgotten in relation to the data.
  • Request for the limitation of processing, in which case Mundo Gracium 10, S.L will only retain the data for the exercise or defense of legal claims.
  • Opposition to processing: Mundo Gracium 10, S.L will cease processing the data as instructed, unless there are legitimate grounds or for the exercise or defense of possible legal claims that require further processing.
  • Data portability: If the user wishes to have their data processed by another entity, Mundo Gracium 10, S.L will facilitate the portability of the data to the new data controller.

Users may use the forms made available by the Spanish Data Protection Agency to exercise these rights: Here

Lodging a complaint with the AEPD: If users believe that Mundo Gracium 10, S.L is processing their data in an improper manner, they may submit their complaints to the corresponding supervisory authority, which in Spain is the Spanish Data Protection Agency.

We may request specific information to help us confirm your identity and ensure your right to access your personal data (or exercise any of the aforementioned rights). This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it.

We will respond to all requests within the legal timeframe of one month. However, if a request is particularly complex, it may take us longer than one month. In such cases, we will notify you and keep you updated.


  1. Data Communication: Service Provision

In the performance of our work, we may need the assistance of third parties who will only process the data to provide the contracted service, and with whom we have implemented corresponding measures to guarantee your rights:

  • Service providers that provide system administration and information technology services.
  • Professional advisors, including lawyers, auditors, and insurers, who provide banking, legal, insurance, and accounting consulting services.

All data processors to whom we transfer your data will respect the security of your personal data and process it in accordance with the GDPR.

We only allow these processors to process your data for specific purposes and in accordance with our instructions. However, you can request a list of these service providers, in compliance with transparency, by emailing:


  1. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed unlawfully, altered, or disclosed. In addition, we limit access to your personal data to employees, contracted agents, and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to handle any suspicion of a violation of your personal data, and we will notify you and the supervisory authority in the event of a security breach, as regulated in Articles 33 and 34 of the GDPR.