Privacy policy

Last updated: 19.11.2025

Your privacy is important to us. This Privacy Policy explains how SunnyYumbo Apartments (“we”, “us”, “our”) collect, use, store, and protect your personal information when you stay with us, use our website, or communicate with us.

We are committed to complying with the General Data Protection Regulation (GDPR) and all applicable Spanish and EU data protection laws.


1. Data Controller

The data controller responsible for your personal data is: SunnyYumbo Apartments, Playa del Inglés, Maspalomas, Spain, Contact: info@sunnyumbo.es, phone: +34 611 16 56 84


2. Data We Collect​

We collect the following categories of data:

2.1. Data provided directly by you

  • Full name
  • Address
  • Nationality
  • Passport/ID number
  • Date of birth
  • Email address
  • Phone number
  • Booking details (stay dates, number of guests)

2.2. Automatically collected data

  • Device information (IP address, browser, etc.)
  • Website cookies (for analytics and booking functionality)

2.3. Data from booking platforms

We receive data from platforms such as:

  • Airbnb
  • Booking.com
  • Expedia
  • Smoobu
  • Other PMS/OTA systems

This includes the information you provided to those platforms.

2.4. Legal guest registration (parte de viajeros)

Spanish law requires us to collect identification data and submit it to law enforcement authorities.

This includes:

  • Guest identity document details
  • Arrival date
  • Signature (digital or paper)


3. How We Use Your Data

We use your personal data for:

3.1. Booking and stay management

  • Processing reservations
  • Communicating check-in/out instructions
  • Guest support during your stay

3.2. Legal obligation

  • Mandatory submission of guest details to Guardia Civil (parte de viajeros)
  • Tax compliance for invoicing and administration

3.3. Communication

  • Sending arrival instructions (WhatsApp, email, SMS)
  • Responding to inquiries
  • Notifying you about issues or emergencies related to your stay

3.4. Improvement of services

  • Analytics and performance monitoring
  • Ensuring building security and compliance with house rules


4. Legal Basis for Processing

We process your data based on:

  • Contract performance (Art. 6(1)(b) GDPR) – to manage your booking and stay
  • Legal obligation (Art. 6(1)(c)) – guest registration with authorities, tax obligations
  • Legitimate interest (Art. 6(1)(f)) – ensure smooth communication and property security
  • Consent (Art. 6(1)(a)) – where required (cookies, optional marketing)


5. Data Sharing

We share your data only when necessary and never sell it.

Data may be shared with:

  • Spanish law enforcement (mandatory guest registration)
  • Booking platforms (OTA/PMS) you used to book
  • Service providers who support our operations (e.g., cleaning teams, maintenance technicians)
  • IT providers (hosting, messaging systems such as WhatsApp)
  • Accountants/tax authorities when required by law

All partners who process data on our behalf operate under GDPR-compliant agreements.


6. Data Retention

We retain your data only as long as necessary:

  • Guest registration forms: 3 years (per Spanish law)
  • Invoices and tax documents: 6 years
  • Booking and communication data: up to 2 years
  • Messages (WhatsApp/email): as long as needed to manage the booking

You may request deletion of non-mandatory data at any time.


7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted storage
  • Secure messaging systems
  • Restricted access
  • Compliance with Spanish accommodation regulations


8. Your Rights

Under GDPR, you have the right to:

  • Access your data
  • Correct incorrect information
  • Request deletion (where legally permitted)
  • Restrict processing
  • Object to certain uses
  • Request data portability
  • Withdraw consent (for consent-based processing)

To exercise your rights, contact us at: info@sunnyyumbo.es


9. Cookies & Tracking

Our website may use cookies for:

  • Analytics
  • Essential booking functionality
  • Security and fraud prevention

Visitors will be informed via a cookie banner where applicable.


10. International Transfers

Your data may be processed outside the EU (e.g., WhatsApp servers), but only in accordance with GDPR safeguards, such as:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Certified processors


11. Updates to This Policy

We may revise this Privacy Policy to reflect changes in law or our services. The updated version will always be available upon request or on our website.