OUR VENUE

+34 603 531 399

CORPORATE RETREATS

ORGANIZE RETREAT

HOW TO BOOK

EN

Flamingo Retreat — Privacy Policy

Effective date: August 1, 2025
Controller: IMAGURU TECH HUB S.L.
Trading as: Flamingo Retreat
Registered address: Paseo de la Florida 17-BB, MADRID, 28008
Tax / Company ID: CIF- B87389516
Contact (data protection): flamingoretreatco@gmail.com,

This Privacy Policy explains how Flamingo Retreat (“we”, “us”, “our”) collects, uses, stores and shares personal data when you visit https://flamingoretreat.co/ (the “Website”), make a booking, request a quote, purchase services, subscribe to our newsletters, or otherwise interact with our services. It also explains your rights under the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law.

1. Personal data we collect
We collect only the personal data necessary for the provision of our services and for legitimate business purposes. Examples include:

Booking & sales data
  • Contact details: name, organisation, job title, email address, phone number
  • Booking information: requested dates, number of participants, program choice, special requests
  • Billing details: invoicing address, VAT/CIF, payment confirmations (we do not store card numbers)
Website & marketing
  • Newsletter subscription: name, email
  • Contact form and quote form entries: free-text messages and uploaded documents
  • Marketing preferences and consent records
Technical & analytics
  • IP address, device and browser information, pages visited, referral URL, cookies and similar tracking data
  • Logs required for diagnostics and security
Third-party data
  • Data you provide or publish on social media that you connect to our services
  • Data shared by our authorised partners (payment processors, booking platforms)

2. Legal bases for processing
We process personal data on the following lawful bases:

  • Contractual necessity — to perform the booking contract and to provide venue hire, facilitation and related services.
  • Consent — where you explicitly opt in (e.g., newsletter subscription, marketing communications, some cookies). You may withdraw consent at any time.
  • Legitimate interests — for business administration, fraud prevention, to improve our services and to send relevant service-related communications where we have a legitimate reason to do so. We balance these interests against your rights.
  • Legal obligation — to comply with tax, accounting and public authority obligations.

3. Purposes of processing
We use personal data for purpose-driven, limited objectives:

  • To confirm, administer and fulfil bookings and venue hires.
  • To communicate with you about your booking, payments, amendments and arrivals.
  • To provide customer service, on-site logistics and bilingual support.
  • To send newsletters, promotional offers and resources when you opt in.
  • To operate and improve the Website, perform analytics and measure campaign performance.
  • To meet regulatory, accounting and tax requirements.
  • To respond to legal requests or protect our rights.

4. Data sharing and processors
We do not sell your personal data. We share personal data only as needed with trusted third parties who act as processors under contract and appropriate technical and organisational safeguards, for example:
  • Payment processors (e.g., Stripe, PayPal) for processing payments.
  • Email & marketing providers (e.g., Mailchimp, or similar) for newsletters and campaigns.
  • Booking and calendar tools (e.g., Calendly) for scheduling.
  • Analytics & advertising providers (e.g., Google Analytics, Meta / Facebook Pixel) for insights and campaign measurement.
  • Professional advisors (accountants, legal advisors) when required by law or to perform services.
  • Local vendors (caterers, activity providers, transport) only with your consent or where necessary to deliver the booked services.
Before we share data with any supplier, we ensure they provide at least the protections required by GDPR (data processing agreement, appropriate safeguards).

5. International transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as:
  • Transfers to countries with an adequacy decision by the European Commission; or
  • Standard Contractual Clauses (SCCs) approved by the European Commission; or
  • Other lawful transfer mechanisms.
If you require details of specific safeguards for a particular transfer or processor, contact flamingoretreatco@gmail.com

6. Cookies and tracking
We use cookies and similar technologies to operate the Website and improve the user experience. Types of cookies we use include:
  • Essential cookies — required for site functionality (session cookies, load balancing).
  • Performance & analytics cookies — to measure site usage (e.g., Google Analytics; IP anonymisation enabled where supported).
  • Functional cookies — to remember preferences (language, form state).
  • Advertising/marketing cookies — used for retargeting and campaign measurement (e.g., Meta Pixel, Google Ads).
On first visit, you will be asked to accept our cookie settings. You may change your preferences at any time using the cookie banner or via your browser settings. Disabling certain cookies may affect site functionality.

7. Data retention
We retain personal data only as long as necessary for the purpose it was collected and to comply with legal obligations. Typical retention periods:
  • Booking & accounting records: retained in accordance with applicable law (generally up to six years for tax and accounting purposes).
  • Marketing consents and unsubscribed lists: retained until you withdraw consent, plus a short administration period.
  • Website analytics: aggregated or anonymised where possible; raw logs retained for a limited period (typically up to 24 months).
  • Enquiry and quote records: retained for the period needed to respond and for a reasonable sales follow-up period (typically up to 2 years), unless otherwise required by law.
If you want a record removed earlier, see “Your rights” below.

8. Your rights
Under the GDPR you have rights in relation to your personal data. To exercise these rights, contact flamingoretreatco@gmail.com (we may require identity verification):
  • Access — request a copy of personal data we hold about you.
  • Rectification — correct inaccurate or incomplete information.
  • Erasure (“right to be forgotten”) — request deletion where legal grounds allow.
  • Restriction of processing — request temporary limitation of processing.
  • Data portability — obtain a machine-readable copy of data you provided and transfer it to another provider where technically feasible.
  • Objection — object to direct marketing or processing based on legitimate interests.
  • Withdraw consent — where processing is based on your consent, withdraw it at any time (this will not affect processing prior to withdrawal).
If you believe we have processed your data unlawfully, you also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD).

9. Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include TLS/HTTPS for data in transit, access controls, system monitoring and data minimisation practices. While we work to protect your data, no system is completely impervious — if a personal data breach occurs that creates a high risk for your rights, we will notify you and the supervisory authority where required by law.

10. Marketing communications
We will only send direct marketing by email where you have given consent or where we have a legitimate interest (e.g., existing customer relationship) and no objection. Every marketing email contains an unsubscribe link. To stop all marketing communications, follow the unsubscribe link or contact flamingoretreatco@gmail.com.

11. Children
Our services are intended for adult professionals. We do not knowingly collect personal data from children. If you are under the age required by applicable law to provide consent (where it applies), please do not provide personal data to us. If we become aware that we have collected data from a minor unlawfully, we will take steps to delete it.

12. Links to other sites
Our Website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party site before providing personal data.

13. Changes to this policy
We may update this Privacy Policy to reflect changes in law, practice or our services. When we make material changes, we will publish the updated policy on the Website with a new “Effective date” and, where appropriate, notify subscribers by email.

14. Contact & supervisory authority
Data controller contact: flamingoretreatco@gmail.com

For any questions about this policy or to exercise your rights, contact us at the email above.
If you remain unsatisfied after contacting us, you have the right to file a complaint with the Spanish Data Protection Authority: Agencia Española de Protección de Datos (AEPD) — https://www.aepd.es

15. Legal notice / disclaimer
This Privacy Policy describes our current practices. It is not legal advice. We recommend that you review this policy with your legal counsel and update any processor names, retention periods, contractual safeguards or contact details to reflect your precise operations.