PRIVACY POLICY

Governing Law and Privacy Policy

Boho Villas Ibiza
Effective Date: February 4, 2026
Last Updated: February 4, 2026

1. Introduction

Welcome to Boho Villas Ibiza. We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Governing Law and Privacy Policy ("Policy") explains our practices regarding the collection and processing of personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and Spanish data protection legislation.

By using our website (www.bohovillasibiza.com), making a booking, or engaging with our services, you acknowledge that you have read, understood, and agree to the terms outlined in this Policy.

2. Data Controller Information

The data controller responsible for your personal information is:

Boho Villas Ibiza
Contact: Owners Boho (Linda, Elske)
Location: Ibiza, Balearic Islands, Spain
Website: www.bohovillasibiza.com

For any questions, concerns, or requests regarding your personal data, please contact us through the contact information provided on our website.

3. Legal Basis and Purpose of Data Processing

We collect and process your personal data based on the following legal grounds:

3.1 Contract Performance

Processing is necessary for the execution and performance of your villa rental agreement, including:

Reservation management and booking confirmation
Villa allocation and access arrangements
Payment processing and invoicing
Pre-arrival and post-departure communications
Provision of concierge services and personalized assistance

3.2 Legal Obligations

We are legally required to collect and process certain data to comply with:

Royal Decree 933/2021 - Spanish traveller registration requirements mandating collection of guest data for national security purposes
Tax and accounting obligations under Spanish law
Anti-money laundering regulations
Tourism registration and licensing requirements in the Balearic Islands

3.3 Legitimate Interests

We may process data based on our legitimate business interests, including:

Improving our services and guest experience
Marketing and promotional communications (with your consent)
Fraud prevention and security measures
Website analytics and optimization
Customer support and complaint resolution

3.4 Consent

For certain data processing activities, we rely on your explicit consent, which you may withdraw at any time. This includes:

Marketing communications via email or other channels
Collection of non-essential personal data beyond what is required for the booking
Use of cookies and tracking technologies (as detailed in our Cookie Policy)

4. Categories of Personal Data Collected

We collect the following categories of personal information:

4.1 Essential Data (Required by Law)

In accordance with Royal Decree 933/2021 and Spanish tourism regulations, we are required to collect the following information from all guests (adults and minors):

Full name (first name and surname)
Identity document type and number (passport, national ID card, or driver's license)
Date and place of document issuance
Gender
Date of birth
Nationality
Country of residence
Full home address (street, city, postal code, country)
Date of entry and departure
Guest signature (for registration purposes)

4.2 Contact and Communication Data

Email address
Telephone number (mobile and/or landline)
Emergency contact information
Communication preferences

4.3 Financial and Payment Data

Payment method information
Credit/debit card details (processed securely through our payment service providers)
Billing address
Transaction history and invoices

4.4 Booking and Stay Information

Reservation dates and duration of stay
Villa selection and preferences
Number of guests (adults and children)
Special requests or requirements (dietary, accessibility, occasions)
Purpose of travel (optional)

4.5 Additional Data (With Consent)

Preferences for future stays and personalized recommendations
Feedback, reviews, and testimonials
Marketing preferences and interests
Social media profiles (if you choose to connect with us)

4.6 Technical and Usage Data

IP address and device information
Browser type and version
Operating system
Pages visited and time spent on our website
Referral source and clickstream data
Cookie identifiers (as per our Cookie Policy)

5. How We Collect Your Personal Data

We collect personal information through various methods:

Directly from you - When you complete booking forms, contact us via email or phone, register for our services, or provide information during your stay
Automatically - Through cookies and similar technologies when you visit our website
Third parties - From online travel agencies (OTAs), booking platforms (Airbnb, Booking.com, Vrbo), payment processors, and other service providers
Publicly available sources - If necessary for verification or fraud prevention purposes

6. How We Use Your Personal Data

Your personal data is used for the following purposes:

Booking Management - To process and confirm your villa reservations, manage check-in and check-out procedures, and provide access information
Service Delivery - To deliver the vacation rental services you have booked, including concierge support, housekeeping coordination, and maintenance requests
Payment Processing - To process payments, issue invoices, manage refunds, and maintain financial records
Legal Compliance - To fulfill our obligations under Spanish law, including submitting guest data to the SES.HOSPEDAJES platform (Ministry of Interior) within the required timeframe
Communication - To send booking confirmations, pre-arrival information, stay instructions, and post-departure follow-ups
Customer Support - To respond to inquiries, handle complaints, and provide assistance during your stay
Marketing - With your consent, to send promotional materials, special offers, newsletters, and updates about our services
Service Improvement - To analyze usage patterns, gather feedback, and enhance our offerings
Security and Fraud Prevention - To protect our properties, guests, and business from unauthorized access, fraud, and other illegal activities
Legal Claims - To establish, exercise, or defend legal claims if necessary

7. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

7.1 Government Authorities

Spanish Ministry of Interior - All guest data is transmitted to the SES.HOSPEDAJES platform as required by Royal Decree 933/2021 for national security and public order purposes
Tax authorities - For tax compliance and reporting obligations
Tourism authorities - Balearic Islands tourism registration and licensing bodies
Law enforcement - When legally required or to comply with court orders

7.2 Service Providers and Business Partners

We work with trusted third-party service providers who process data on our behalf, including:

Property management platforms - Guesty and similar systems for reservation management
Payment processors - Secure payment gateways for transaction processing
Online travel agencies (OTAs) - Airbnb, Booking.com, Vrbo, and other booking platforms
Communication services - Email marketing platforms and customer relationship management (CRM) systems
Website hosting and analytics - Hosting providers and analytics tools (Google Analytics, etc.)
Concierge and support services - Local service providers for guest experiences and property maintenance

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

7.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transaction, your personal data may be transferred to the relevant parties, subject to the same privacy protections.

7.4 With Your Consent

We may share your data with other third parties when you have given us explicit permission to do so.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including for the purposes of payment processing, cloud storage, and service provision. When we transfer data internationally, we ensure adequate protection through:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs) approved by the European Commission
Other legally recognized transfer mechanisms under GDPR

9. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy:

Guest registration data - Retained for three (3) years from the end of your stay, as required by Royal Decree 933/2021
Financial and tax records - Retained for the period required by Spanish tax law (typically 4-6 years)
Marketing data - Retained until you withdraw consent or request deletion
Website analytics data - Retained according to our Cookie Policy (typically 26 months)
Legal claims data - Retained for the duration of any legal proceedings and applicable statute of limitations

After the retention period expires, we will securely delete or anonymize your personal data unless further retention is required by law.

10. Your Rights Under GDPR and Spanish Law

You have the following rights regarding your personal data (commonly referred to as ARCO rights):

10.1 Right of Access

You have the right to request confirmation of whether we are processing your personal data and to obtain a copy of that data.

10.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data when:

The data is no longer necessary for the purposes for which it was collected
You withdraw consent (where consent was the legal basis)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Deletion is required to comply with a legal obligation

Please note that we may be unable to delete certain data if retention is required by Spanish law (e.g., three-year retention requirement for guest registration data).

10.4 Right to Restriction of Processing

You may request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

10.6 Right to Object

You may object to processing based on legitimate interests, including direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

10.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD)
Website: www.aepd.es
Address: Calle Jorge Juan, 6, 28001 Madrid, Spain

11. How to Exercise Your Rights

To exercise any of your rights, please contact us using the contact information provided on our website. We will respond to your request within one month of receipt, though this period may be extended by two additional months for complex requests.

When submitting a request, please provide:

Your full name and contact details
Proof of identity (copy of passport or ID card)
Clear description of the request and the right you wish to exercise
Any relevant reference numbers (booking confirmation, reservation dates, etc.)

12. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include:

Encryption of data in transit and at rest
Secure socket layer (SSL) technology for website transactions
Access controls and authentication mechanisms
Regular security assessments and updates
Staff training on data protection and privacy
Secure data storage with reputable service providers
Regular backups and disaster recovery procedures

Despite our security measures, no system is completely secure. We cannot guarantee the absolute security of your data, but we continually strive to protect it to the best of our ability.

13. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content. For detailed information about the cookies we use, your choices, and how to manage cookie preferences, please refer to our separate Cookie Policy available on our website.

By using our website, you consent to the use of cookies in accordance with our Cookie Policy.

14. Third-Party Links

Our website may contain links to third-party websites, including booking platforms, social media, and partner services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

15. Children's Privacy

Our services are not directed at children under the age of 13 (or the minimum age for consent to data processing in your jurisdiction). However, as required by Spanish law, we must collect personal data for all guests, including minors traveling with adults. In such cases, the parent or legal guardian is responsible for providing accurate information and consenting to the processing of the minor's data.

We do not knowingly collect personal data from children for marketing purposes. If you believe we have inadvertently collected data from a child without proper authorization, please contact us immediately.

16. Marketing Communications

With your consent, we may send you marketing communications about our villas, special offers, promotions, and news about Boho Villas Ibiza. You may opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email
Contacting us directly with your opt-out request
Updating your communication preferences in your account (if applicable)

Please note that even if you opt out of marketing communications, we will still send you transactional messages related to your bookings and essential service information.

17. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach poses a high risk, we will also notify affected individuals without undue delay.

18. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling activities that produce legal effects or similarly significant effects on you. Any data analysis we perform is for the purpose of improving our services and is subject to human oversight.

19. Governing Law and Jurisdiction

This Policy and any disputes arising from or related to it shall be governed by and construed in accordance with the laws of Spain, specifically:

Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)
Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
Royal Decree 933/2021, of October 26, establishing documentary registration and information obligations for accommodation providers
Law 29/1994, of November 24, on Urban Leases (as amended)
Regional tourism legislation of the Balearic Islands

Any disputes relating to this Policy or the processing of your personal data shall be subject to the exclusive jurisdiction of the courts of Spain. However, you retain the right to bring proceedings in the courts of your habitual residence if you are a consumer protected under EU consumer protection laws.

20. Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or technological developments. The "Last Updated" date at the top of this document indicates when the Policy was last revised.

Material changes will be communicated through:

Prominent notice on our website
Email notification to registered users (where applicable)
Update notification upon your next booking or login

We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

21. Contact Information

If you have any questions, concerns, or requests regarding this Policy or our data processing practices, please contact us:

Boho Villas Ibiza
Team Boho: Linda en Elske
Website: www.bohovillasibiza.com

We are committed to addressing your inquiries promptly and transparently.

22. Acknowledgment and Acceptance

By using our website, making a booking, or engaging with our services, you acknowledge that you have read and understood this Governing Law and Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.

If you do not agree with any part of this Policy, please do not use our services or provide us with your personal data.

Thank you for trusting Boho Villas Ibiza with your vacation experience. We are committed to protecting your privacy while delivering exceptional, carefree service with a personal touch.

This document was last updated on February 4, 2026, and complies with GDPR, Spanish data protection laws, and Royal Decree 933/2021 requirements applicable as of this date.