Privacy policy

PRIVACY POLICY

Personal Data Protection - GDPR/LOPDGDD

Sendalpina (hereinafter, the "Data Controller") informs users of this website about its personal data protection policy, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD).

1. Data Controller

Identity: José Antonio Martínez

Tax ID (NIF): 74852528V

Postal address: Cno. Viejo de Vélez, 65 5º Bj. B, 29790 Torre de Benagalbón, Málaga (Spain)

Email: info@sendalpina.com

Phone: +34 653 854 600

Note: No Data Protection Officer (DPO) has been appointed as it is not mandatory under Article 37 of the GDPR for this type of activity. For any data protection inquiries, please contact us directly through the channels provided.

2. Personal Data We Process

At Sendalpina, we only process personal data that is strictly necessary for managing our mountain guiding activities and commercial communications. The data collected is:

Activity	Data collected	Purpose
Activity booking	Name, phone, email	Booking management, confirmations, route coordination and safety during the activity
Newsletter	Name, email	Sending commercial information, new routes, offers and content of interest (only with prior consent)

Important: We do not collect special category data (health, racial origin, religious beliefs, etc.) or data from minors under 14 without express parental consent. Minors must be accompanied by a legal guardian to participate in our activities.

3. Purpose of Processing

Personal data provided will be processed for the following purposes:

3.1. Booking and activity management

Process and manage route and mountain activity booking requests
Contact the participant for logistical coordination (meeting point, schedules, equipment)
Manage payment for contracted services
Issue documentation related to the activity (invoices, receipts)
Emergency contact during the performance of activities (phone use)

3.2. Commercial communications (Newsletter)

Periodic sending of newsletters with information about new routes, activity calendars, mountain tips and special offers
Information about changes to activity conditions

Legal basis: Express consent of the data subject through an opt-in system (unchecked checkbox).

3.3. Compliance with legal obligations

Compliance with tax and accounting obligations
Management of liabilities arising from service provision

4. Legal Basis for Processing

Processing of your data is based on the following legal grounds:

Contract performance: Art. 6.1.b) GDPR - For booking management and provision of contracted mountain guiding services

Consent: Art. 6.1.a) GDPR - For sending commercial communications and newsletters via MailerLite

Legal obligation: Art. 6.1.c) GDPR - For compliance with tax obligations and accounting records

Legitimate interest: Art. 6.1.f) GDPR - For protection and safety during mountain activities (emergency contact)

5. Recipients and Transfers

Your personal data will not be sold, transferred or shared with third parties, except in the following cases:

5.1. Data Processors

For sending commercial communications, we use the services of:

Provider: MailerLite (UAB "MailerLite", J. Jasinskio g. 16B, Vilnius, Lithuania)

Service: Email marketing platform and subscription management

Data transferred: Name and email of newsletter subscribers

Guarantees: MailerLite complies with GDPR and offers Standard Contractual Clauses (SCC) approved by the European Commission

5.2. International transfers

MailerLite operates from Lithuania (European Union), so your data remains within the European Economic Area (EEA) and the same GDPR guarantees apply. We do not carry out international transfers outside the EEA.

5.3. Other disclosures

We will only disclose data when there is an express legal obligation (Tax Administration, Law Enforcement Agencies by court order).

6. Retention Periods

We will retain your personal data for the necessary time according to the purpose:

Data category	Retention period	Criterion
Booking data (name, phone, email)	5 years from the date of the activity	Compliance with legal obligations (civil liability limitation period and tax obligations)
Billing data	6 years	Legal obligation under the Spanish Commercial Code (art. 30)
Newsletter data (MailerLite)	Until you unsubscribe or after 2 years of inactivity	Maintenance of consent until revocation

Once these periods have ended, data will be securely deleted or anonymized.

7. Data Subject Rights

As the data subject, you can exercise the following rights:

📝 Right of Access

Know what data of yours we process and obtain a copy.

✏️ Right to Rectification

Modify inaccurate or incomplete data.

🗑️ Right to Erasure ("Right to be Forgotten")

Request deletion of your data when they are no longer necessary.

🛑 Right to Object

Object to processing based on legitimate interest or stop receiving commercial communications.

⏸️ Right to Restriction

Request the suspension of processing in certain circumstances.

📤 Right to Data Portability

Receive your data in a structured format and transfer it to another controller.

How to exercise your rights?

You can exercise these rights by sending an email to info@sendalpina.com or by postal mail to the address indicated, attaching a copy of your ID card or equivalent identification document.

We will respond within a maximum period of 30 days from receipt of your request.

Right to complain to the AEPD: If you consider that the processing of your data violates regulations, you have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Security Measures

We implement appropriate technical and organizational measures to ensure the security of your data:

Confidentiality: Restricted access to data only for authorized personnel (controller).
Integrity: Periodic verification of data accuracy.
Availability: Backups on secure systems.
Encryption: Communications using SSL/TLS protocol (https).
MailerLite: Uses secure authentication systems and storage on protected EU servers.

9. Use of Cookies

Currently, this website does not use tracking or analytics cookies. Only essential technical cookies are used for the operation of the site (if any), which do not require prior consent under current regulations.

If we implement analytics or advertising cookies in the future, we will update this policy and request your express consent.

10. Changes to the Privacy Policy

We reserve the right to modify this policy to adapt it to legislative developments or changes in our processing procedures.

Any modification will be published on this page with the date of the last update. We recommend that you periodically review this policy.

Last updated: April 12, 2026

11. Contact

For any questions regarding this Privacy Policy or the exercise of your rights, you can contact us: