Privacy Policy

This page explains what personal data we collect, what we use it for, who we share it with, and what rights you have over it. If anything is unclear, write to us at info@kosta-blanca.com and we’ll explain it in plain English.

1. Data controller

• Legal name: Profintis Group, S.L.U.
• Spanish tax ID (NIF): B54738364
• Address: Ca Puig Mayor 4, Alicante, Spain
• Email: info@kosta-blanca.com
• Phone: +34 679 120 466

For any privacy enquiry or to exercise your rights, the contact is the same email address.

2. What data we collect

• Booking data: name, email, phone, optional notes (for example check-in preferences), stay dates, number of guests, and the language you selected.
• Payment data: card numbers and related details are processed directly by Stripe. They never reach our servers — we only store a transaction identifier.
• Technical data: IP address, browser, and pages visited, logged by Vercel (our hosting provider) in access logs kept for 30 days for security and performance reasons.

We do not collect special-category data (health, religion, political views, etc.) and we do not collect data from children.

3. What we use it for

• To manage your booking: confirm it, send check-in instructions, reminders, and communicate with you during your stay.
• To meet legal and tax obligations: guest registration, invoicing, and bookkeeping.
• To prevent payment fraud, through Stripe.
• To keep the site technically secure.

We do not use your data for marketing, and we do not share it with third parties for advertising. No newsletters, no profiling, no data sales.

4. Legal basis

• Performance of a contract (Art. 6.1.b GDPR): to process your booking, communicate with you during the stay, and issue an invoice.
• Legal obligation (Art. 6.1.c GDPR): to keep invoices and guest records for the periods required by Spanish law (5 years for tax records, under the General Tax Act and the Commercial Code).
• Legitimate interest (Art. 6.1.f GDPR): technical security of the site (logs) and payment fraud prevention.

5. Who we share your data with

We work with a small set of suppliers that act as data processors, in the following categories:

• Payment processor — all card information and payments are handled directly by Stripe, never reaching our own servers.
• Website hosting and database — cloud infrastructure providers, primarily with servers in the European Union.
• Transactional email delivery — a specialised provider for booking confirmations, reminders and check-in instructions.
• Corporate email — the provider of the info@kosta-blanca.com mailbox. If you email us at that address, your message is processed on their servers.

We do not sell your data. We do not pass it on to third parties for marketing. If you need to know the specific names of our current providers, email us at info@kosta-blanca.com and we’ll share them.

6. International transfers

Some of our providers process data outside the European Economic Area. In those cases we operate under the Standard Contractual Clauses (SCC) approved by the European Commission, which offer adequate safeguards under the GDPR, or we use EU-hosted services where possible.

If you’d rather not send personal data by email, you can reach us via WhatsApp or by phone on +34 679 120 466.

7. How long we keep your data

• Booking data (including contact details): 5 years from check-out, in line with the Spanish Commercial Code (art. 30) and the General Tax Act (art. 66).
• Vercel access logs: 30 days.
• Transactional emails on Resend: kept according to their policy, normally 30 days for deliverability and then deleted.

Once these periods are over, the data is deleted or anonymised.

8. Your rights

You have the right to:

• Access your data.
• Rectify it if it is inaccurate.
• Erase it (“right to be forgotten”), unless we are required to keep it for tax reasons.
• Restrict its processing.
• Object to processing based on legitimate interest.
• Portability: receive your data in a structured format.

To exercise any of these rights, write to info@kosta-blanca.com clearly stating what you want, and attach a copy of your ID document or passport so we can verify your identity. We will reply within a maximum of one month.

9. Complaints

If you believe we have not handled your data correctly, you can lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

10. Changes to this policy

We may update this policy to reflect changes in legislation or in our services. The date of the last update is shown at the bottom of the page. If the changes are substantial, we will email people with an active booking.

Last updated: 11 May 2026