In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, "GDPR"), Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights ("LOPDGDD"), and Law 34/2002 on Information Society Services and Electronic Commerce ("LSSI-CE"), 3R Padel Camp guarantees the protection and confidentiality of any personal data provided by visitors to this website.
Data Controller — Who we are
The party responsible for processing personal data collected through this website is:
Personal data provided to 3R Padel Camp through this website is processed under the responsibility of the controller identified above. We do not build profiles of website visitors or potential clients.
What data we collect, and how
Our website is a single informational page. The only personal data we actively collect is data you choose to send us through our contact form.
Data submitted via the contact form
- Full name — so we know who is contacting us.
- Email address — so we can reply to your enquiry.
- Message (optional) — any text you choose to write describing your enquiry.
How the form works
When you fill in our contact form and click "Send Enquiry", your browser composes an email through your default email application. You then choose whether to send that email to 3rpadelclub@gmail.com. The data is therefore transmitted by you, through your own email provider, and received by us in our Gmail inbox. The website itself does not store form submissions on a server.
Data collected automatically
Like most websites, ours may automatically collect limited technical information when you visit, such as your IP address, browser type, operating system, and pages visited. This data is processed by our hosting and security providers (see Section 5) for the technical operation and protection of the site. See our Cookie Policy for details.
Why we may process your data — Legal basis
We process personal data under the following legal bases established by Article 6 of the GDPR:
- Your consent (Art. 6.1.a GDPR) — when you submit our contact form, you authorise us to use the personal data you provided in order to respond to your enquiry. You may withdraw this consent at any time by contacting us at the email address above.
- Legitimate interest (Art. 6.1.f GDPR) — to manage and respond to your enquiries and to keep records of those communications for the purposes of answering follow-up questions, defending against potential claims, and operating our business. This legitimate interest does not override your fundamental rights.
- Pre-contractual measures and contractual relationship (Art. 6.1.b GDPR) — if your enquiry leads to a booking or contract for our services, the processing of your data becomes necessary to take steps prior to entering into that contract and to perform it.
- Legal obligation (Art. 6.1.c GDPR) — where we are required by law to retain or disclose certain data (for example, accounting and tax records under Spanish law).
Who we share your data with
We do not sell, rent, or share your personal data with third parties for marketing purposes. Your data is only disclosed to the following categories of recipients, and only to the extent necessary:
- Service providers acting as our processors — including our email provider (Google LLC, for our Gmail inbox), our website host, and our security/CDN provider (see Section 5). These providers process data on our behalf and under contract.
- Public authorities — when we are required by law to disclose data, for example to the Spanish Tax Agency, courts, or law enforcement.
Outside of these cases, we will not disclose your personal data without your express prior consent.
International data transfers
Some of the service providers that process data on our behalf are based outside the European Economic Area (EEA), in particular in the United States. Specifically:
- Google LLC (Gmail) — your enquiry email is stored in our Gmail inbox, hosted on Google's infrastructure.
- GitHub, Inc. (a Microsoft subsidiary) — used to host the static files that make up this website via GitHub Pages.
- Cloudflare, Inc. — used for content delivery and security in front of the website.
These transfers are protected through one or more of the following safeguards required by Articles 44–49 of the GDPR: (i) the EU–U.S. Data Privacy Framework, where the recipient is certified; (ii) the European Commission's Standard Contractual Clauses; and (iii) supplementary technical and organisational measures where appropriate. You can request a copy of the safeguards in place by contacting us.
How long we keep your data
We only retain personal data for as long as is necessary to fulfil the purposes for which it was collected, taking into account our legal, contractual, and accounting obligations.
- Contact-form enquiries that do not result in a booking — kept for a maximum of 24 months after the last contact, then deleted, unless you ask us to delete it sooner.
- Enquiries that lead to a booking or commercial relationship — kept for the duration of that relationship, plus the legal retention periods that apply to commercial, accounting, and tax records under Spanish law (typically up to 6 years after the end of the relationship).
Once these periods expire, your personal data is properly blocked or deleted, in accordance with the limitation periods for any potential claims.
How we protect your data
We apply reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure, taking into account the state of the art, the nature of the data, and the risks posed by the processing. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
Your rights
Under the GDPR and the LOPDGDD, you have the following rights with respect to your personal data:
- Right of access — to know what personal data we are processing and the operations carried out with it.
- Right to rectification — to have inaccurate or incomplete personal data corrected.
- Right to erasure ("right to be forgotten") — to have your personal data deleted, where this is legally possible.
- Right to restriction of processing — to limit how we use your data in certain circumstances.
- Right to object — to object to the processing of your personal data when the legal basis is our legitimate interest. We will stop processing unless we have an overriding legitimate ground.
- Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller, where the processing is based on consent or contract.
- Right to withdraw consent — to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Right not to be subject to automated decisions — we do not carry out automated decision-making or profiling.
To exercise any of these rights, please contact us free of charge by email at 3rpadelclub@gmail.com or by post to the address provided in Section 1, attaching a copy of an official identity document.
Right to lodge a complaint
If you believe that your data protection rights have not been respected, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), which is the supervisory authority in Spain:
- Online: www.aepd.es
- Postal address: C/ Jorge Juan, 6 — 28001 Madrid, Spain
- Telephone: +34 901 100 099 / +34 912 663 517
Filing a complaint with the AEPD is free of charge and does not require legal representation.
Changes to this Privacy Policy
3R Padel Camp reserves the right to modify this Privacy Policy at any time, in order to adapt it to legislative, jurisprudential, or operational changes. The most current version will always be published on this page, with the "Last updated" date at the top reflecting the most recent revision. We encourage you to review this policy periodically.