MENU

COOKIE POLICY

https://emexperience.es/

I. PRIVACY & DATA PROTECTION POLICY

Respecting current laws, Eme Experience (hereinafter also “the Website”) commits to implementing the necessary technical and organizational safeguards, based on risk, to protect the personal data collected.

Applicable laws

This Privacy Policy complies with Spanish and European law on Internet data protection, specifically:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)

  • Organic Law 3/2018 of December 5, on Personal Data Protection and guarantee of digital rights (LOPD‑GDD)

  • Royal Decree 1720/2007, approving the regulation developing the Organic Law 15/1999 (RDLOPD)

  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI‑CE)

Data Controller

The data controller for personal data collected via Eme Experience is:
 Melisa López Rosales, NIF: 79035791V
 Contact information:

  • Address: Málaga, Spain

  • Phone: +34 651 69 37 06

  • Email: booking.emexperience@gmail.com

Record of Personal Data

In accordance with GDPR and LOPD‑GDD, data collected via forms on this site become part of our records, used to facilitate, expedite, and fulfill commitments between Eme Experience and the User, or to respond to User inquiries or requests. Unless exempt under Article 30.5 of the GDPR, a record of processing activities is maintained, detailing purposes, processing actions, and other required elements.

Principles for Data Processing

User data will be processed according to these GDPR principles:

  1. Lawfulness, fairness & transparency – We request the user’s consent with clear, transparent information about purposes.

  2. Purpose limitation – Data are collected only for specified, explicit, and legitimate purposes.

  3. Data minimization – Only the data strictly necessary for intended purposes are gathered.

  4. Accuracy – Data must be accurate and kept up to date.

  5. Storage limitation – Data will be kept only as long as necessary for its intended purpose.

  6. Integrity & confidentiality – Data must be handled securely, ensuring protection against unauthorized access or alteration.

  7. Accountability – The data controller is responsible for and must be able to demonstrate compliance with these principles.

Categories of Personal Data

We process identifying data (e.g. name, email). We do not process “special categories” of personal data (as defined in Article 9 of the GDPR), unless explicit consent is obtained for specific purposes.

Legal Basis for Processing

The legal basis for processing user data is consent. Eme Experience obtains explicit, verifiable consent for each specific purpose. Users may withdraw consent at any time, with the same ease as giving it. Withdrawal of consent will not generally affect the use of the Website itself.

Where data are requested through forms (e.g. for inquiries, information requests), the user will be informed if completion is mandatory for proper processing of the request.

Purposes of Data Processing

User data are processed to:

  • Facilitate, expedite, and fulfill commitments between the Website and the User

  • Maintain and manage relationships initiated via forms

  • Respond to user requests or inquiries

  • Use for operational, customization, statistical or marketing purposes (improving content, functionality, user experience)

The User will always be informed, when data are collected, of the specific purpose(s) for which they are used.

Data Retention Periods

Personal data will be retained for the minimum time necessary. In any event, data will be kept for up to 24 months, or until the user requests deletion. Users will be informed at data collection time about retention period or criteria for setting it.

Recipients of Personal Data

User data will not be shared with third parties, except:

  • Google Analytics, as described to the user when data are collected

  • In case of data transfer to non‑EU countries or international organizations, users will be informed about such transfers and adequacy decisions (if any)

Data of Minors

In compliance with Article 8 of GDPR and Article 7 of LOPD‑GDD, only users aged 14 or older may lawfully give consent. For younger minors, parental or guardian consent is required.

Confidentiality & Data Security

Eme Experience commits to adopting appropriate technical and organizational measures to protect user data against unauthorized access, loss, alteration, or disclosure. The Website uses SSL encryption to secure transmission of data between server and user. Still, complete invulnerability cannot be guaranteed, so in the event of a data breach likely to pose high risk to rights and freedoms, the controller will notify the user without undue delay.

All personal data will be treated confidentially, with contractual or legal obligations extending to employees, associates, or third parties that have access.

Rights Related to Data Processing

Users may exercise against the data controller the following GDPR / LOPD‑GDD rights:

  • Access – Confirm whether their personal data are processed and obtain a copy and details of processing

  • Rectification – Correct inaccurate or incomplete data

  • Erasure (“Right to be forgotten”) – Delete data when no longer needed, if consent is withdrawn, or if processing is unlawful

  • Restriction of processing – Limit processing under certain conditions (e.g. objection, contesting accuracy)

  • Data portability – Receive data in structured, machine-readable format and transmit them to another controller (if technically feasible)

  • Objection – Object to processing of personal data, including for direct marketing

  • Not to be subject to automated decision‑making / profiling – Unless permitted by law

To exercise rights, the user must send written request to the controller (reference “GDPR‑https://emexperience.es/”), including:

  • Name, surname, copy of ID (or other valid identity proof)

  • Reason for request

  • Contact address for notifications

  • Date & signature

  • Any supporting documents

Send to:

  • Postal address: Málaga, Spain

  • Email: booking.emexperience@gmail.com

Third‑Party Links

The Website may include hyperlinks to external sites. Those sites have their own privacy policies. Eme Experience is not responsible for them.

Complaints with Data Protection Authority

If a user believes their rights are violated in data handling, they have the right to judicial protection and to file a complaint with the relevant authority, e.g. the Spanish Agency for Data Protection (AEPD).

II. ACCEPTANCE & CHANGES TO THIS POLICY

Use of the Website implies that the user has read, understood, and agreed to this Privacy Policy and the processing of their personal data.

Eme Experience reserves the right to modify this policy at its discretion or due to legal changes. Updates will not necessarily be notified individually to each user, so we recommend periodically reviewing this page for changes.

This version of the Privacy Policy was adapted to comply with Regulation (EU) 2016/679 and Organic Law 3/2018.

Accessibility Toolbar