Privacy Policy
Last updated: May 2026
VIP Valencia (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website vipvalencia.com or use our concierge services, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).
Data Controller
Valencia, España
Data Protection Officer (DPO): We have not appointed a Data Protection Officer as we are not required to do so under Article 37 of the GDPR. For any data protection matters, please contact us at [email protected].
What Information We Collect
Information you provide voluntarily
- Contact details: name, email address, phone number — collected when you contact us, fill in a form, or subscribe to our newsletter.
- Service requests: details about events, experiences, or services you inquire about, including dates, preferences, and group size.
- Payment information: we do not process or store payment data directly. All transactions are handled by our partner providers through their own secure payment platforms. We never have access to your credit card or bank details.
Information collected automatically
- Cookies: we use strictly necessary cookies for site functionality and privacy-respecting analytics. We do not use tracking cookies from third-party advertisers. See the Cookies section below for details, and manage your preferences via our cookie banner on first visit.
- Log data: server logs may include IP addresses, browser type, referring pages, and pages visited — stored temporarily for security and performance, and automatically deleted after 30 days.
Data we do NOT collect
- We do not collect data from individuals under 16 years of age. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
Legal Basis for Processing (Article 6 GDPR)
We process your personal data only when we have a lawful basis:
| Legal Basis | When We Rely on It | Example |
|---|---|---|
| Consent (Art. 6.1.a) | When you subscribe to our newsletter or accept non-essential cookies | Newsletter subscription |
| Contract (Art. 6.1.b) | When you request our services and we need to process your inquiry | Arranging a concierge experience |
| Legitimate Interest (Art. 6.1.f) | To improve our services, respond to inquiries, and ensure website security | Analytics, customer communication |
| Legal Obligation (Art. 6.1.c) | When required by law | Tax or regulatory requirements |
You have the right to object to processing based on legitimate interest at any time.
How We Use Your Information
- To respond to your inquiries and arrange concierge services.
- To send you our newsletter — only if you have explicitly subscribed. You can unsubscribe at any time via the link in each email.
- To improve our website and services.
- To comply with legal obligations.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Your Rights (Articles 15–22 GDPR)
You have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16): correct any inaccurate or incomplete information.
- Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”).
- Right to restriction (Art. 18): limit how we process your data in certain circumstances.
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7.3): withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
How to exercise your rights: Send an email to [email protected]. We will respond within 30 days (or 60 days for complex requests, as permitted by Art. 12.3). We may ask for identification to verify your identity.
Right to lodge a complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Agencia Espanola de Proteccion de Datos (AEPD) — www.aepd.es.
Data Retention
We keep your personal data only for as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Newsletter subscriptions | Until you unsubscribe | Consent-based |
| Service inquiries | Up to 2 years after last interaction | Legitimate interest |
| Contact form submissions | Up to 1 year after resolution | Contract/Legitimate interest |
| Server log data | 30 days | Security |
| Analytics data | Anonymized after 14 months | Legitimate interest |
Data Sharing and Processors
We may share your data with:
- Service providers (encargados de tratamiento): hotels, restaurants, transport companies, and event organizers — only to fulfill your service request, under data processing agreements that ensure GDPR compliance.
- Email service provider (Formspree): to send and manage inquiry and contact form submissions — subject to Formspree’s data processing agreement.
- Legal authorities: if required by law.
We do not sell your data or share it for third-party marketing.
Cookies
Our website uses a cookie consent banner on first visit. You can change your preferences at any time by contacting us.
| Cookie Type | Purpose | Duration | Legal Basis |
|---|---|---|---|
| Strictly necessary | Site functionality | Session | Art. 6.1.b (contract) |
| Analytics | Understand site usage (requires consent) | 14 months | Consent (Art. 6.1.a) |
We do not use marketing or tracking cookies. Disabling cookies may affect site functionality.
International Data Transfers
Your data is processed within the European Union. Some tools we use may involve transfers outside the EU/EEA:
- Cloudflare (website CDN and security): data processed under the EU-US Data Privacy Framework (adequacy decision July 2023) — see cloudflare.com/privacy.
- Google Fonts (web font delivery): fonts are loaded from Google’s servers in the United States. When you visit our site, your browser connects directly to Google Fonts and may transfer your IP address and user agent information. This processing is covered by Google’s Privacy Policy and, where applicable, the EU-US Data Privacy Framework.
- Formspree (contact forms): data processed in the United States under Standard Contractual Clauses (Art. 46 GDPR) as an equivalent safeguard.
We do not transfer personal data outside these frameworks without appropriate legal safeguards.
Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data in transit (HTTPS)
- Cloudflare CDN with DDoS protection and firewall
- Access controls limiting data access to authorized personnel
- Regular security reviews of our systems
While we strive to protect your data, no method of transmission over the Internet is 100% secure.
Children’s Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with data, contact us and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via our website with an updated “Last updated” date. Continued use of our services after any change constitutes acceptance of the updated policy.
Contact
For questions about this Privacy Policy, your personal data, or to exercise your rights:
VIP Valencia Email: [email protected]
Supervisory Authority: Agencia Espanola de Proteccion de Datos (AEPD) Website: www.aepd.es