Privacy Notice - SpainAura

Controller: MEDITERRAN AURA SOLUTIONS, SL Registered office: CL. MOLINA DE SEGURA, 55 Pta.A - 30007 Murcia (Murcia), Spain Tax ID (NIF): B26753095 Contact: hola@spainaura.es | +34 646 802 799

SpainAura may process, as applicable: • identification and contact details • billing and payment details • booking and travel-arrangement data • legally required traveler records • special category data (e.g., health data) only where explicit consent is provided

Purposes: • pre-contractual and contractual management • client communications and service support • invoicing, accounting and legal compliance • marketing communications subject to consent

Legal bases: • GDPR Art. 6(1)(b) (contract) • GDPR Art. 6(1)(c) (legal obligation) • GDPR Art. 6(1)(a) (consent) • GDPR Art. 9(2)(a) for special category data where applicable

Data is retained only as long as necessary for each purpose and applicable legal obligations: • contractual records: up to 5 years after performance • accounting documentation: 8 years • marketing records: until consent withdrawal

SpainAura may engage vetted processors, including: • payment providers (e.g., Stripe) • hosting and IT providers • invoicing and accounting providers • operational partners necessary for service delivery • Microsoft Clarity (anonymized analysis of user behavior) Any disclosure is purpose-limited and legally grounded.

Under applicable Spanish legislation, including Real Decreto 933/2021 where relevant, SpainAura may be required to communicate certain traveler data to competent public authorities.

Data subjects may exercise rights of access, rectification, erasure, restriction, objection, and data portability. Requests may be submitted to hola@spainaura.es. SpainAura responds within statutory deadlines.

Data subjects may lodge complaints with the competent supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD).

SpainAura applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or unlawful disclosure.

Photo and video material may be captured during programs for marketing communication. Data subjects may object and/or withdraw consent at any time in accordance with applicable law.

The website uses cookies for essential operation, analytics, and - where consent is granted - marketing purposes. Further details are set out in the Cookie Policy. SpainAura is committed to lawful, fair and transparent processing of personal data.