Privacy Policy

1. Data controller

Restaurant Brasas de Baelo will act as the data controller for personal data collected through this website. Reference address: Playa de Bolonia 2, Tarifa, Cadiz. Known contact phone number: +34 625 025 945. Privacy email address: no specific privacy email address has yet been provided. In the meantime, interested persons may use the restaurant's contact telephone number.

The person or entity operating the business must keep the identifying, tax, and contact information required by applicable regulations updated at all times, including a valid email address for handling data protection rights.

2. Data processed and source

The website may process identifying and contact data when a user interacts with forms, booking requests, WhatsApp communications, access to the internal dashboard, or any enquiries sent through digital channels integrated into the site.

Minimum technical data may also be processed, such as IP address, browser, date and time of access, selected language, or internal dashboard activity logs, when required for the operation, security, or traceability of actions performed on the menu.

3. Purposes of processing

Data will be processed to handle bookings and enquiries, manage the relationship with customers and prospective customers, enable bilingual browsing, administer menu content, ensure the security of the private dashboard, and preserve evidence of internal changes to the food offering.

If electronic marketing communications are enabled in the future, they will only be sent where there is an adequate legal basis, especially prior consent or a prior contractual relationship in accordance with applicable regulations.

4. Legal basis

The main legal basis will be the performance of pre-contractual or contractual measures when a user requests a booking, availability information, commercial assistance, or any management linked to the restaurant service. Legitimate interest may also support security measures, fraud prevention, internal administration, and traceability of menu changes.

Where non-essential cookies must be installed or external content subject to consent must be loaded, the legal basis will be the user's express consent, which may be withdrawn at any time.

5. Data retention

Data will be kept for as long as necessary to fulfil the purpose for which it was collected and, afterwards, for the applicable statutory limitation periods. Dashboard audit records may be retained for as long as necessary to evidence changes, incidents, internal responsibilities, or organisational compliance.

6. Recipients and processors

No data disclosures to third parties are envisaged except where required by law, where technological services are provided, or where there is an operational need linked to the functioning of the website, email, hosting, or messaging services such as WhatsApp. In those cases, adequate contractual safeguards and, where applicable, valid mechanisms for international transfers will be required.

7. Rights of data subjects

Data subjects may request access, rectification, erasure, objection, restriction of processing, and portability where applicable, as well as withdraw previously given consent. They may also lodge a complaint with the Spanish Data Protection Agency if they believe their rights have been infringed.

Where no specific privacy email address exists, requests may be channelled through the restaurant's contact phone number, without prejudice to the responsible party enabling additional channels for attention and response.

8. Security

Reasonable technical and organisational measures will be adopted to protect personal data against destruction, loss, alteration, unauthorised access, or unlawful processing. These measures will include access controls, change traceability, secure credential management, permission reviews, and internal procedures aimed at preserving the confidentiality, integrity, and availability of information.