Privacy policy

Privacy Policy
Effective Date: February 2, 2025
1. Who Processes Your Data? (Data Controller)
The data controller is the natural or legal person who determines the purposes and means of data processing. It is the entity that collects and manages your personal data, taking responsibility for it by law.
The Data Controller for Siddha.es is: Siddha.es
Email: info@siddha.es
Address: Fuente del Rodeo 24, puerto Banus, Marbella.
2. What Data Do We Process?
We collect and process the following types of data:
• Browsing Data: IP address, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful,
error, etc.), and other parameters related to the user’s operating system and computer environment.
• Data Voluntarily Provided by the User: First name, last name, email address, phone number, professional
information (“Contact Data”).
3. Legal Basis and Purpose for Processing
We process your personal data under the following legal bases:
• Consent: When you explicitly agree to receive marketing communications.
• Execution of a Contract: When processing is necessary to fulfill a contract or provide requested services.
• Legal Obligation: When processing is required by a legal or regulatory provision.
• Legitimate Interest: When processing is necessary to fulfill our legitimate business interests without overriding your rights and interests.
Purposes of Data Processing:
A) Responding to inquiries and communications related to Siddha.es activities
Legal basis: Contract (Art. 6.1(b) GDPR)
B) Sending newsletters and marketing communications
Legal Basis: Consent (Art. 6.1(a) GDPR)
C) Analyzing and improving website performance and user experience
Legal basis: Legitimate interest (Art. 6.1(f) GDPR)
D) Preventing fraudulent activities and protecting our legal rights
Legal basis: Legitimate interest (Art. 6.1(f) GDPR)
E) Sending relevant information regarding our services (soft spam)
Legal basis: Legitimate interest (Art. 6.1(f) GDPR)
4. How We Process Your Data
Data processing is carried out using automated and/or manual computer and telematic tools, ensuring appropriate
security measures to prevent unauthorized access, disclosure, loss, misuse, or unlawful processing of data.
5. Where We Process Your Data
Your personal data is processed at the Controller’s premises and on secure servers within the European Union. If we need to transfer data outside the European Economic Area (EEA), we ensure adequate protection through legal mechanisms such as Standard Contractual Clauses (SCCs) or other GDPR-compliant safeguards.
6. Data Retention
We retain your data only for as long as necessary to fulfill the purposes for which it was collected:
• Inquiry-related data: Up to 12 months from the last communication.
• Marketing and newsletter communications: Until consent is withdrawn, and in any case no longer than 7 years.
Once the retention period expires, your data will be deleted or anonymized.
7. Who We Share Your Data With
Your data may be shared with the following entities to fulfill the purposes outlined above:
• Service Providers: Entities providing organizational, technical, and administrative support.
• Legal Authorities: If required by law or in response to legal requests.
All entities processing personal data on behalf of Siddha.es are formally appointed under Article 28 GDPR.
8. Your GDPR Rights
Under GDPR, you have the following rights:
• Right to Access: Obtain access to your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data under certain conditions.
• Right to Restriction of Processing: Request the limitation of data processing.
• Right to Data Portability: Receive your data in a structured format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time for marketing communications.
• Right to Lodge a Complaint: File a complaint with the Spanish Data Protection Authority (AEPD) if you
believe your data protection rights have been violated.
9. Contact Information
For any inquiries regarding this Privacy Policy or to exercise your GDPR rights, please contact us at:
Email: info@siddha.es
10. Policy Updates
We may update this Privacy Policy from time to time. Any changes will be  communicated through this page with an updated effective date. We encourage you to review this page periodically to stay informed about our data practices.