Privacy Policy
Effective date: 01. January 2025
Who we are
This Privacy Policy explains how GG Rentals / GG Holiday Homes (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website or use our services.
Data Controller: Grand Global Solutions SL
NIF: B21864160
Address: Avenida Escritores 7, 29649, Mijas (Malaga). España
Email (privacy contact): ggcoastrealestate@gmail.com
Website: https://ggholidayhomes.com
If you have questions about this policy or want to exercise your rights under GDPR, please contact us using the details above.
What data we collect
Depending on how you interact with us, we may collect:
Marketing preferences: subscription status and communication preferences (only if you opt in)
Identity details: name, surname(s), date of birth, nationality, gender (where required)
Contact details: email address, telephone number, WhatsApp number
Address details: country, region/province/state, city/municipality, postcode/ZIP
Booking details: stay dates, property, guest count, booking platform, messages and requests
Guest registration details (Spain): document type (passport/ID), document number, and other details required for legal registration (including for children)
Payment-related information: transaction references or partial identifiers (e.g., last digits or partial reference). We do not store full card numbers. Payment processing is handled by payment providers and/or booking platforms.
Technical and usage data: IP address, device type, browser type, pages visited, approximate location (derived from IP), and interaction data (subject to cookie consent where required)
Why we collect your data (purposes and lawful bases)
We process personal data under the GDPR on the following lawful bases:
You can withdraw consent at any time (see “Your rights”)
To provide our services and manage bookings (Contract / Article 6(1)(b))
Responding to enquiries and requests
Managing reservations, guest communication, check-in logistics, and support
Sending booking-related information and service messages
To comply with legal obligations (Legal obligation / Article 6(1)(c))
Collecting and submitting guest registration details required by Spanish law (see “Guest registration in Spain” below)
To operate and improve our website and services (Legitimate interests / Article 6(1)(f))
Site security, fraud prevention, and service quality
Analytics and performance measurement (where permitted; see “Cookies & analytics”)
To send marketing communications (Consent / Article 6(1)(a))
Newsletters and promotions only if you opt in
Guest registration in Spain (Royal Decree 933/2021)
As an accommodation provider in Spain, we may be required to collect and submit certain guest information to the relevant authorities under Royal Decree 933/2021 (or any applicable legal successor/implementation rules).
What we collect for this purpose (typically):
- Guest identity and contact details (including children where required)
- Document type and document number (passport / national ID / DNI)
- Address details (country, region, city, postcode)
- Limited payment reference details (e.g., partial reference) where required for record completeness
Data minimisation:
We collect only the information needed to meet the legal requirements and to complete the required guest registration records.
No passport/ID copies by default:
We do not request or require passport/ID scans or copies as a default method. Where identity verification is needed, we aim to use the minimum necessary approach.
Lawful basis: Legal obligation (Article 6(1)(c)).
How we share your data (processors and recipients)
We share personal data only when necessary and with appropriate safeguards. Recipients may include:
- Booking platforms: e.g., Airbnb, Booking.com (where bookings are made through these services)
- Payment processors: to process payments securely (we do not store full card numbers)
- Email and communication providers: for sending booking communications and customer support
- IT and hosting providers: website hosting, security, maintenance, and data storage
- Authorities: where required by law for guest registration and other legal compliance
- Professional advisers: legal, accounting, or compliance advisers where needed
All service providers (processors) are required to process data only on our instructions and to implement appropriate security measures.
International data transfers
Some of our service providers (e.g., booking platforms, cloud services) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:
other lawful transfer mechanisms recognized under GDPR.
Standard Contractual Clauses (SCCs) approved by the European Commission, and/or
How long we keep your data (retention)
We keep personal data only as long as necessary for the purposes described in this policy, including legal and operational requirements.
Typical retention periods include:
- Enquiries: kept for a reasonable period to respond and maintain business records
- Bookings and guest communications: retained for the duration of the booking and afterwards as needed for support, accounting, and dispute handling
- Guest registration records (Spain): retained as long as legally required under applicable laws
- Marketing data: retained until you unsubscribe or withdraw consent
Retention may be longer where required by law, for legal claims, or for regulatory compliance.
How we protect your data (security)
We apply appropriate technical and organisational measures to protect personal data, including:
- Restricted access (only authorised staff can access personal data)
- Least privilege access controls (access limited to what is necessary)
- Two-factor authentication (2FA) on key accounts where available
- Encryption in transit (e.g., HTTPS for website communications)
- Secure storage in reputable systems (e.g., booking platforms and secure business accounts)
- Operational controls to reduce unnecessary sharing and downloading of sensitive data
No system is 100% secure. However, we work to protect data using measures appropriate to the nature of the information processed.
Your rights under GDPR
Subject to GDPR and applicable law, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data (in certain situations)
- Restrict processing (in certain situations)
- Object to processing based on legitimate interests
- Data portability (where applicable)
- Withdraw consent at any time (for consent-based processing, such as marketing)
To exercise your rights, contact us at: ggcoastrealestate@gmail.com
You also have the right to lodge a complaint with your local data protection authority (supervisory authority) in the EEA.
Important: Some rights (such as erasure) may be limited where we must process or retain personal data to comply with a legal obligation, including mandatory guest registration in Spain under Royal Decree 933/2021. In these cases, we will retain the data for the legally required period and then delete it securely.
Guest registration records (Spain): retained for 3 years after check-out (or longer if legally required in a specific case).
Children’s data
We may process children’s personal data where necessary for booking management and where required by law for guest registration in Spain. Where a booking includes children, the parent/guardian is responsible for providing accurate information.
Marketing communications
We send newsletters or promotional communications only if you opt in. You can unsubscribe at any time using the link in the email or by contacting us at ggcoastrealestate@gmail.com
We do not sell your personal data to third parties.
Contact us (privacy requests)
For privacy questions or GDPR requests, contact:
Grand Global Solutions SL
Avenida Escritores 7, 29649, Mijas (Malaga). España
Email: ggcoastrealestate@gmail.com
Updates to this policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we process personal data. The latest version will always be published on our website with the updated effective date.
