top of page

PRIVACY POLICY

  • If you interact with Nômade Temple Ibiza, please note that the data controller responsible for processing your personal data is:

  • Depending on your relationship with us, we may process the following categories of personal data: identification and contact details, such as name, surname, email address, telephone number and country of residence; booking and stay details, such as dates, room type, preferences and special requests; billing and payment details, such as card details, transaction history and billing address; technical browsing data, such as IP address, device identifiers and operating system; images captured by the video surveillance systems installed at our establishments; and the content of any communications you send to us.

    If you provide us with personal data relating to third parties, for example guests included in a booking, you must have previously informed them of this Privacy Policy. We do not request personal data from minors through the website. Data relating to minors staying at the hotel is processed only within the context of the booking provided by their parents or legal guardians.

  • We process your personal data for the following purposes, each with its corresponding legal basis under Article 6 of the GDPR:

    • Management of bookings and stays, including requests, confirmations, modifications, cancellations, check-in and billing: performance of a contract, Article 6.1(b).

    • Handling enquiries and contact forms: performance of pre-contractual measures at the request of the data subject, Article 6.1(b), or our legitimate interest in responding to your request, Article 6.1(f).

    • Compliance with legal obligations, including tax, accounting and guest registration obligations in accordance with applicable regulations: Article 6.1(c).

    • Sending commercial communications and newsletters: your consent, Article 6.1(a), collected through a specific, unticked opt-in box. If you are already a customer, we may send you communications about services similar to those you have contracted, in accordance with Article 21.2 of the Spanish Information Society Services Act, and you may object both when your data is collected and in each communication sent to you.

    • Personalisation of offers and analysis of preferences: your consent, Article 6.1(a). No automated decisions with legal effects concerning you will be made.

    • Video surveillance at our establishments: our legitimate interest in ensuring the security of people, property and facilities, Article 6.1(f) GDPR and Article 22 of the Spanish Data Protection and Digital Rights Act, with informative signage displayed at access points.

    • Website security and fraud prevention: legitimate interest, Article 6.1(f).

    • Filing, exercising or defending legal claims: legitimate interest, Article 6.1(f).

    Where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before its withdrawal. Where processing is based on legitimate interest, you may request information about the balancing assessment carried out through the channels indicated in section 8.

    • Booking, stay and billing data: for the duration of the contractual relationship and, once it has ended, for the limitation periods applicable to any legal obligations. As a general rule, this may be up to 6 years for commercial purposes, in accordance with Article 30 of the Spanish Commercial Code, as well as the corresponding tax retention periods.

    • Guest registration data: for the period required by the regulations applicable to documentary registration obligations for accommodation establishments.

    • Marketing data: until you withdraw your consent or object to the processing.

    • Video surveillance images: for a maximum of one (1) month from the date of capture, unless they must be retained to provide evidence of incidents, in accordance with Article 22.3 of the Spanish Data Protection and Digital Rights Act.

    • Browsing data and web form data: for the time necessary to respond to your request and, thereafter, for the limitation periods applicable to any potential claims that may arise.

  • Your personal data may be disclosed to: (i) service providers acting as data processors, such as booking engines, technology platforms, email marketing services and security providers, under contracts entered into in accordance with Article 28 GDPR; (ii) other entities within the Nomade group, only where necessary to manage your booking or request; and (iii) public authorities, judges and courts, and law enforcement authorities where there is a legal obligation to do so.

    Your data will not be disclosed to any other third parties unless required by law.

  • We apply appropriate technical and organisational measures in accordance with Article 32 GDPR to protect your personal data against unauthorised access, alteration, loss or disclosure. We recommend that you do not send sensitive information, such as full card details, by email.

  • You may exercise your rights of access, rectification, erasure, objection, restriction of processing and data portability, as well as withdraw your consent, by contacting the relevant data controller by email at dataprivacy.ibiza@nomadetemple.com or in person at the Reception of the establishment. Where necessary, we may ask you to provide documentation to verify your identity.

    You may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es), particularly if you believe that your rights have not been properly addressed.

    To stop receiving commercial communications, you may use the unsubscribe link included in each email or contact us through the channels mentioned above.

  • We may update this Privacy Policy to reflect regulatory or operational changes. The current version, including its date, will always be available on the website. If any changes affect processing activities based on your consent, we will request your consent again where necessary.

bottom of page