Privacy Policy

In compliance with Article 10 of Law 34/2002, of July 11, 2002, on Information Society Services (Ley 34/2002, de 11 de julio, de servicios de la Sociedad de la Sociedad de la Infomación), we are required to provide the following information to our customers

The following are the company’s identification data.

Privacy Policy for service reservation management

Below, we explain how we treat your personal data when you request to book a service. You may obtain more information by consulting our Global Privacy Policy.

Who we are

The person responsible for processing the personal data you provide is Zambra los Amayas S.L., with N.I.F. B93584043, with address at Carretera de Murcia s/n. Mirador de San Cristobal (Albaicin), 18010 GRANADA. Contact phone number 636575125 and e-mail

Purpose of the collection and processing of personal data

We collect and process your personal data to manage your requests and service reservations. Your data will be used for:

– Register your user account with which you will be able to access the platform.
– Streamline the process of reservation and payment of services.
– Perform the collection and billing of contracted services, if necessary.
– Send you communications regarding your requests and reservations.
– Maintain your reservation, payment and incident history.
– To send you a satisfaction survey about a booked service, if you authorize it at the time of booking.

Legal basis. Legitimation

This privacy policy complies with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (RGPD) and Article 5 of Organic Law 15/99 of 13 December 1999 on the Protection of Personal Data (LOPD).

The processing of your data is legitimized by the execution of the contract that is established when you request a service through our platform.

Consequences of not providing data

When we request your data, we mark with an asterisk those that are strictly necessary. You are not obliged to provide the requested data, but if you do not provide them, you will not be able to request or book the services offered on our platform.

Origin of personal data

If you provide us with data of other persons, you must ensure that you have the consent of such persons to provide their data if they are over 14 years of age. You can only provide data of children under 14 years of age if you are their parent or guardian; or if you have their consent.

To manage your requests and reservations it is necessary to create a user account on our platform. You can use an email address and password for this purpose. You can also log in using your Google+ or Facebook account. In this case, these companies act as “identification providers”. If you use this option, the chosen supplier will inform you of the data that MiReservaOnline needs and you will have to authorize this access. The personal data we obtain through these providers are:

– A unique identifier of your account with the provider. That is, a series of letters and numbers that identify you to the supplier.
– Your first and last name.
– Your email.

The data obtained from these suppliers will be copied to your MyReservaOnline user account. You may at any time revoke MiReservaOnline’s access to your personal data at these identification providers. In this case, you will not be able to access MiReservaOnline using your account with that provider. Revoking MiReservaOnline’s access to your data through an authentication provider does not delete your MiReservaOnline user account or previously obtained data.

Data retention period

Your data will be kept for the duration of the contractual and commercial relationship established and, subsequently, during the legally established periods for the resolution of possible liabilities arising therefrom.

The data related to payments and invoicing will be kept for the periods established in the corresponding economic, accounting and tax regulations.

Recipients of your personal data

When you contract a service, we communicate some of your personal information to the company providing the service. We only communicate those data that the company needs to provide the service and to contact you in relation to the contracted service.

All companies offering services on our platform are subject to European legislation and are governed by the same data protection rules as MiReservaOnline. Therefore, they undertake to use your personal data only for the purpose for which you have provided them.

To find out which company offers a specific service, you can consult the “About Us” section under “More Information” on the service page of You will also be informed about the company offering a service, once contracted, on your booking confirmation voucher.

Your data will also be communicated when necessary for the fulfillment of the established contractual relationship and in the cases provided by law. In some cases, your information may be provided to law enforcement when legally required. The data referring to invoicing must be communicated, by legal imperative, to the Tax Administration.

If you pay for a service using any of the payment methods offered by the platform and then cancel that payment in contravention of the service cancellation policy, which you accepted when booking, MiReservaOnline will claim the amount indicated in the service cancellation policy from the entity with which the payment was made. In this process, it is possible that the financial entity may ask us, and we may provide information about your identity and other information that proves the service contracted, its payment and enjoyment.

No international data transfers are foreseen. If any, they would always be made for the purposes indicated above and with the guarantees required by European Union regulations. In this sense, data will only be transferred to entities located in the European Union, entities adhered to the EU-US Privacy Shield agreement or equivalent agreements that guarantee the processing of personal data in a manner equivalent to how it is established in the European Union.

Rights and complaints to the supervisory authority

You can exercise your rights of access, rectification, suppression, limitation and opposition by sending an email to with the subject “Data Protection”. You can also do so by sending a letter to: Area25 IT. El Purche Street 6, 2º A. 18008 Granada, Spain.
In both cases you must send a copy of a document proving your identity.

You have the right to the portability of your data, i.e. to have it delivered to you in a structured, commonly used and machine-readable format, including the right to forward it to a new data controller, if you so wish.

In addition, you can file a complaint with the competent Data Protection Supervisory Authority, especially if you have not obtained satisfaction in the exercise of your rights. To do so, you should contact the Spanish Data Protection Agency: Calle Jorge Juan 6, 28001 Madrid. You can also do so by accessing its electronic headquarters through the web site