Legal information

Privacy Policy

Last updated: 12 May 2026

At SMILE FIT IBIZA we respect your privacy and are committed to processing your personal data transparently and in compliance with EU Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection.

1. Data controller

Owner: María Amenós Gómez
Spanish tax ID: 47990064N
Address: Carrer de Torrent de les Flors 148, baixos, 08024 Barcelona (España)
Email: [email protected]
Phone: +34 664 623 817

2. Data we collect

We collect only the data you provide voluntarily through the booking form or contact channels:

Full name.
Email and phone (including international dialing code).
Number of attendees, date and time slot requested.
Details about the villa, end client, concierge and preferred payment method.
Optional group profile: fitness level, injuries, allergies, age range.
Free-form message you decide to share.
Browsing language.

3. Purposes and legal basis

Handling your booking request and contacting you by email or WhatsApp to confirm availability, pricing and session details. Basis: pre-contractual measures at your request (Art. 6(1)(b) GDPR).
Complying with legal obligations (invoicing, accounting). Basis: legal obligation (Art. 6(1)(c) GDPR).
Improving the service and sending you marketing communications only with your express consent. Basis: consent (Art. 6(1)(a) GDPR), revocable at any time.

4. Data retention

We keep your data for as long as needed to handle your request and provide the service, and afterwards for the applicable legal retention periods (in particular the six-year accounting retention required by the Spanish Commercial Code). If you only contacted us without booking, we will delete your data within 12 months of the last contact.

5. Recipients and processors

We do not share your data with third parties except where legally required. To provide the service we rely on the following processors, all bound by a data processing agreement under Art. 28 GDPR:

Supabase Inc. (USA) — database and backend. Data is stored on EU-based infrastructure. Any international transfer is covered by the Standard Contractual Clauses approved by the European Commission.
Cloudflare, Inc. (USA) — hosting and CDN, with EU local presence.
Payment provider (when applicable), transactional email provider and WhatsApp Business (Meta Platforms Ireland Ltd.) to reply to enquiries received on that channel.

6. Your rights

You can exercise the following rights at any time by emailing [email protected], stating which right you are exercising and attaching a copy of your ID:

Access to your personal data.
Rectification of inaccurate data.
Erasure when no longer necessary.
Objection and restriction of processing.
Data portability.
Withdraw your consent at any time.

If you believe your rights have not been addressed properly, you may file a complaint with the Spanish Data Protection Agency (AEPD).

7. Security

We apply appropriate technical and organisational measures to safeguard the confidentiality and integrity of the information: encryption in transit (HTTPS), access control, strong passwords and backups.

8. Minors

Our services are intended for adults. We do not knowingly collect data from minors under 14. If you believe data belonging to a minor has been provided without authorisation, please contact us to delete it.

9. Changes to this policy

We may update this policy to reflect legal or service changes. The current version is always available at this URL and the date at the top is updated accordingly.