Mallorca Property Management

We provide reliable and personal care for your holiday home, as if it were our own.

Example image

Privacy Notice

Last updated: 14 October 2025

1) Who we are

This Privacy Notice explains how [Mallorca Agency legal name, e.g., “Mallorca Agency S.L.”] (“we”, “us”, “our”) collects and processes personal data when you visit mallorca.agency (the “Site”), make an enquiry, subscribe to updates, work with us, or otherwise interact with us.

  • Registered address: [Street, City, Postcode/ZIP, Country]
  • Company number / Tax ID (CIF/NIF): [●]
  • Email: privacy@mallorca.agency / hello@mallorca.agency
  • Phone: [●]
  • Controller: We act as the data controller for personal data described in this Notice.
  • EU/UK scope: We process data in line with the EU GDPR and, where applicable, the UK GDPR and Spanish/UK frameworks.
  • EU Representative: [Name, address, email] (if appointed)
  • UK Representative: [Name, address, email] (if appointed)

2) What this Notice covers

This Notice applies to:

  • Visitors to our Site (including cookie/analytics data)
  • People who contact us via forms, email, or phone
  • Newsletter or marketing subscribers
  • Clients, suppliers, and partners
  • Job applicants and freelancers

This Notice does not cover third-party websites we link to. Check their privacy notices.

3) The data we collect

a) Data you give us

  • Enquiry/contact forms: name, email, phone, company, message, project details, budget, preferences
  • Newsletter sign-up: email address and marketing preferences
  • Client onboarding: billing details, contract info, points of contact, project artifacts
  • Recruitment: CV/resume, cover letter, portfolio links, work history, references, right-to-work info
  • Events/webinars: registration details and attendance

b) Data we collect automatically (cookies & similar)

  • Device and browser info, pages viewed, referrers, time on page, interactions (clicks)
  • IP address (may be truncated/anonymized)
  • Consent choices recorded via cookie banner

c) Data from third parties

  • Analytics/ad platforms: e.g., Google Analytics 4, Meta Pixel, LinkedIn Insight Tag
  • CRM & email tools: e.g., HubSpot, Pipedrive, Mailchimp
  • Payment/invoicing: e.g., Stripe, GoCardless, Xero
  • Anti-spam/security: e.g., Cloudflare, hCaptcha/reCAPTCHA
  • Recruitment: e.g., LinkedIn, job boards, recruitment agencies

4) Why we use your data (purposes) and legal bases

We only process personal data when a legal basis applies:

Purpose Examples Legal basis
Responding to enquiries Contact form, email, phone Legitimate interests (Art. 6(1)(f)); Contract (Art. 6(1)(b))
Providing services Project delivery, invoicing, client support Contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
Marketing Newsletters, event invites, case studies Consent (Art. 6(1)(a)); Legitimate interests (B2B soft opt-in)
Analytics & UX Measuring traffic, improving content Consent via cookie banner
Security & abuse prevention Fraud, spam filtering, DDoS protection Legitimate interests
Recruitment Evaluating candidates Legitimate interests / Contract
Compliance Tax, audits, regulatory requests Legal obligation

Where we rely on consent, you can withdraw it at any time (see Section 10).

5) Cookies and similar technologies

We use cookies to operate the Site, understand usage, and (if you agree) personalize content/ads. Your cookie banner lets you accept, reject, or manage categories.

  • Strictly necessary cookies: run the Site (cannot be switched off)
  • Analytics/performance: measure traffic (requires consent)
  • Marketing/advertising: personalize ads/retargeting (requires consent)
  • Functionality: remember choices and improve features

Manage cookies anytime via the cookie banner link: Cookie Settings. See our Cookie Policy for details.

6) Who we share data with (processors & recipients)

  • Hosting & infrastructure: e.g., Cloudflare, Vercel, Netlify, AWS, Azure, Google Cloud
  • Website/CMS & forms: e.g., WordPress, Webflow, custom CMS
  • Analytics & A/B testing: e.g., Google Analytics 4, Matomo, Hotjar
  • Marketing & CRM: e.g., Mailchimp, HubSpot, Pipedrive, Salesforce
  • Communications: e.g., Microsoft 365/Outlook, Google Workspace
  • Payments & invoicing: e.g., Stripe, GoCardless, Xero, QuickBooks
  • Security & anti-spam: e.g., Cloudflare, hCaptcha/reCAPTCHA
  • Recruitment: e.g., LinkedIn, Workable, agency partners
  • Professional advisors: accountants, lawyers, auditors

We may also share data if required by law, to protect rights/safety, or in connection with a merger/acquisition.

7) International transfers

Some providers process data outside the EEA/UK. We rely on:

  • EU Standard Contractual Clauses (SCCs) / UK IDTA
  • Adequacy decisions
  • Other lawful transfer mechanisms under GDPR

You may request copies of the safeguards via the contact details below.

8) Data retention

  • Enquiries (non-client): up to 24 months
  • Client records & contracts: duration of engagement + 7 years
  • Marketing subscribers: until unsubscribe or inactivity
  • Analytics data: per provider defaults (14–26 months)
  • Recruitment: up to 12 months unless consented longer
  • Security logs: typically 12 months

We may retain data longer if required by law or to defend legal claims.

9) How we protect your data

We use technical and organizational measures including encryption, access controls, logging, secure development, employee confidentiality, and vendor due diligence. No method is 100% secure, but we strive to protect your information.

10) Your rights

  • Access and obtain a copy
  • Rectify inaccurate data
  • Erase data (right to be forgotten)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Complain to a data protection authority

To exercise rights: Email privacy@mallorca.agency with “Data Request” in the subject line. Verification may be required. Responses within one month (extendable by two months for complex requests).

Supervisory authorities:

11) Children’s privacy

Our Site/services are not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

12) Automated decision-making

We do not perform automated decision-making with legal or similarly significant effects. If this changes, we will inform you.

13) Changes to this Notice

We may update this Notice periodically. Changes will be posted with a new “Last updated” date. Material changes may be notified via email or banner.

14) Contact us

Optional Annex: Summary of processing activities

  • Enquiries → respond to your request; Legal basis: legitimate interests/contract
  • Client delivery → provide services, billing; Legal basis: contract/legal obligation
  • Marketing → send updates; Legal basis: consent/legitimate interests
  • Analytics → improve content; Legal basis: consent
  • Security → protect the Site; Legal basis: legitimate interests
  • Recruitment → assess applications; Legal basis: legitimate interests/contract

Agencia Española de Protección de Datos | AEPD