Legal Notice
Legal Notice and Website Privacy Policy
This Privacy Policy describes how SHOPA S.A., with registered address in Spain (hereinafter
“we”, “our”, or “the Company”), collects, uses, and protects personal information in accordance
with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Spanish
Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of
Digital Rights (LOPDGDD).
This Privacy Policy applies to the website operated by SHOPA S.A. under the domain
https://cosmopolita-hotel.com/
1. Data Controller
SHOPA S.A.
We are responsible for ensuring that your personal data is processed lawfully, fairly, and
transparently.
2. Personal Data We Collect
We may collect the following categories of personal data:
- Identification and contact information (name, email, phone, address).
- Booking and accommodation details (check-in/out dates, preferences, payment data)
- Communications with us (emails, forms, chat messages).
- Website usage data (cookies, IP address, browser, device data).
We do not collect special category data unless strictly necessary and always with your explicit
consent.
3. Purpose of Data Processing
Your personal data may be processed for the following purposes:
- Managing reservations, check-ins, check-outs, and guest services.
- Communicating with guests before, during, and after their stay.
- Complying with legal, tax, and regulatory obligations.
- Improving our services and the user experience.
- Sending promotional or informational communications (only with your prior consent).
4. Legal Basis for Processing
The processing of your personal data is based on one or more of the following legal grounds:
- Performance of a contract (hotel booking or accommodation services).
- Legal obligations (tax, police guest registry, and compliance).
- Legitimate interest (service improvement, fraud prevention).
- Consent (for marketing and optional communications).
5. Data Retention
Your data will be stored only as long as necessary to fulfil the purposes stated above and to
comply with applicable laws.
After that, the data will be securely deleted or anonymised.
6. Data Sharing and Transfers
Your data may be shared only with:
- Service providers assisting us with bookings, IT management, or payments.
- Public authorities when required by law (e.g., guest registry with police).
All third-party processors act under contractual obligations compliant with GDPR and
LOPDGDD.
We do not transfer data outside the European Economic Area (EEA) unless adequate safeguards
are in place.
7. Your Rights
Under the GDPR and the LOPDGDD, you have the following rights:
- Access, rectify, or delete your personal data.
- Restrict or object to processing.
- Request data portability.
- Withdraw consent at any time.
To exercise these rights, please contact us at info@cosmopolita-hotel.com
You may also file a complaint with the Spanish Data Protection Agency (AEPD):
www.aepd.es
8. Children’s Data
In accordance with Spanish law, minors under 14 years of age cannot provide personal data
without the consent of their parents or legal guardians.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data from
loss, misuse, unauthorised access, alteration, or disclosure.
10. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available
at https://cosmopolita-hotel.com/
SHOPA S.A.
Committed to privacy, transparency, and responsible data management.