Privacy Policy

Cortijo El Sarmiento’s privacy policy

Here at the B&B Cortijo El Sarmiento we take your privacy very serious and only use your personal information to provide the products and services you have requested from us. We will only process your personal data as defined in this privacy policy according to the GDPR (General Data Protection Regulation), which will come into force on May, 25th 2018. Hereafter you will find all information about how we collect, process and store your personal data.

As soon as you make use of our services we might process the following personal data: First Name, Surname, gender, date of birth, address details, phone numbers, Email addresses, passport details.

We do not collect sensitive personal data (such as racial or ethnic origin, nationality, political opinions, religious beliefs, etc.)

With this privacy statement, we would like to inform you about the types of data we store and how we use them.

Collection and processing of personal data

As a matter of course, you can visit our website without informing us who you are. Our web servers might automatically store general information, including the type of web browser, the operating system used, the domain name of your Internet service provider, the website directing you to us, our web pages that you visit, and the date and duration of your visit. This information does not enable us to make any kind of conclusion about your identity. This data is intended for anonymous evaluations and statistical purposes only.

Furthermore we may collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. Your IP address is a number that your Internet Service Provider automatically assigns to the computer that you are using to access the website. This number is identified and logged automatically in our server log files whenever users visit the website, along with the time of each visit and the page(s) that were visited. Collecting IP addresses is standard practice on the Internet and is done automatically by many websites. We use IP addresses for purposes such as calculating website usage levels, helping diagnose server problems, validation of a legitimate user session via Google® captcha and administering the website. Please note that we treat IP addresses, server log files, and related information as Non-Personal Information, except when we are required to do otherwise under applicable law.

Use of cookies

Our website uses “cookies” which are harmless small text files that are placed on your machine to help the website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser. Please note, if cookies are disabled, the online browsing experience may be limited.
We don’t use cookies to track individuals or store sensitive information such as your name, address or credit card details.
For more information about cookies, please visit the About Cookies webpage.

Contact forms

When visitors send informations via a contact form on the site we collect the data requested in that form, and also the visitor’s IP address and browser user agent string to help spam detection.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Use of Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you call up a page of our website, your browser might make a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at and in Google’s privacy policy:

Use of Google Maps

This website uses Google Maps to display maps and create directions for driving. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the collection, processing and use of data that is collected automatically, or which you enter yourself, by Google, its representatives or third-party service providers.

Please visit the terms of service webpage for more information or check the Google Privacy & Terms webpage (don’t forget to change the language to your favourite).


Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under

Social Media

Our website includes social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features/widgets are hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing it.

Google Analytics and Google Remarketing

This website uses Google Analytics and eventually Google Remarketing. These are services provided by Google, Inc. (“Google”). Google uses “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to a Google server in the USA and stored there. For more information check Googles Privacy & Terms webpage (don’t forget to change the language to your favourite one).

Purpose of collecting, processing or using data

The purpose of collecting your data are diverse, but all collected datas will only be used to provide the service requested by you. This might be:

  • On our websites, when you visit or make or manage a reservation; when you use our contact forms for an enquiry; email sign up, event enquiry
  • In our Reception/Reservation/Sales departments from your correspondence
  • If you contact us (by phone, email, text or otherwise), we may keep a record of our correspondence with you for record or training purposes, to improve the quality of our offering and to prevent and detect fraud
  • When you enter our competitions
  • When you register at Reception on arrival
  • We are also working closely with third parties (including for example, Online Travel Agents) and may receive information about you from them.
  • To administer a booking, event or reservation
  • Send you emails or call you in relation to your stay
  • To contact you on departure to complete a questionnaire
  • To send you marketing & promotional emails should you opt in to this service.
  • To provide you with dietary specific meals when you book a meal / dine with us by collecting information regarding your dietary requirements
  • Other communications for example responding to requests or general customer service
  • Video surveillance is used at the hotels public areas solely for the collection of evidence in the event of vandalism, burglary, assault or other criminal offenses and only where permitted by law.

Use and forwarding of collected data

We use the personal data that you provide exclusively for the communicated or agreed purposes and thus as a rule to process the contract concluded with you or to provide you with the information you have requested.

If you use our services, only the data required for provision of the services in question is normally collected. If we ask you for additional data, provision of this data is voluntary. The processing of personal data is only performed in order to provide the requested service.

Is personal data forwarded to third parties?

The processing and use of your personal data for consultation, advertising or market research purposes requires your express permission. Your data will not be sold, leased or in any other way be made available to third parties. Personal data is only transferred to government institutions and authorities (e.g. Guardia Civil) to the extent required by national legislation.

We work with carefully selected Online Travel Agents (OTAs). When you enquire about or book with these third parties, the relevant third-party product provider will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. They will be acting as a data controller of your information and therefore we advise you to read their Privacy Policy. These third-party product providers will share required information about you with us (e.g. room type purchased and dates of stay), which we will use in accordance with this Privacy Policy. If you provide information on and use third-party sites, the privacy policy and terms of service on those sites are applicable. We encourage you to read the privacy policies of websites that you visit before submitting personal information.

Categories of recipients to whom the data may be communicated

Hotels, guest houses and other accommodation establishments are permitted to collect and automatically store personal data relating to its guests if so required within the framework of the accommodation contract. This normally also includes billing data relating to food and drink and/or other hotel-specific services. Hotels and other accommodation establishments are required by federal registration regulations to request information about the place of residence, date of birth and nationality of the guests as well as other passport details.
Furthermore, data can be communicated to the following recipients:

  • We may share your data with agencies such as law enforcement or governmental organisations (e.g. Guardia Civil), where we are required to make such disclosures by any applicable law.
  • We may share your data with banks and payment providers, to authorise and complete payments
  • We may pass your information to our third-party service providers, agents, sub-contractors and other associated organisations for the purposes of completing tasks and providing services to you on our or your behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

Software to collect, process and store personal data

  • beds24 Software by MPK Systems LTD / beds24 for your bookings, confirmations, credit cards details and invoicing. For more information check the beds24 Privacy Policy webpage.
  • GetResponse for Emails associated to your reservation and newsletters. For your security we have always and will always work with a double-opt-in procedure to make your subscription as secure as possible. For more information check the GetResponse privacy policy.
  • Apple Mail for any communication by Email. For more information check the Apple privacy policy.

Description of the group of persons concerned and the data/data categories associated with them

The collection, processing and use of personal data will primarily be performed for the following groups of people:

  • Guest data (in particular address data, reservation data, data relating to guest wishes, billing data)
  • Customer data (in particular address data, contract data, billing and performance data)
  • Data relating to potential customers (in particular accommodation-specific interests, interest in renting rooms/halls, address data)
  • Employee data, applicant data, data relating to bodies responsible for pensions (in particular personnel and payroll data)
  • Business partners, external service companies (in particular address, billing and performance data)
  • Supplier data (in particular address, billing, performance and functional data)

Credit Card Details

We use a secure website through our Oscar Hotel Software by Redforts to obtain your credit/debit card information in order to process any purchases/bookings made on our site. Credit/debit card information may also be requested over the phone when a booking is being made. We will never ask you to send us this information electronically. All such information is stored on a secure system and will only be accessed when necessary to take payments as outlined in our Terms & Conditions. This data will be kept for as long as is necessary to fulfil your contract with us (unless a longer retention period is required or permitted by applicable law) before being disposed securely.

Statutory deadlines for the deletion of data

The legislature has imposed a number of obligations and deadlines regarding data storage. When these deadlines have expired, the relevant data and data sets will be routinely deleted when it no longer serves the purpose of fulfilling contractual obligations (guest, rental and service contracts). Thus, the commercial or financial data of the past fiscal year is, by law, deleted after ten more years unless longer storage of the data is stipulated or necessary for legitimate reasons.
Registration forms will be stored at B&B Cortijo El Sarmiento in accordance for the minimum duration prescribed by law, whereafter they will be disposed of, taking special precautions, in a manner compliant with data protection law.

Check, Change and delete personal data

It is your right to check, change or remove your personal data at any moment. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In case you want to do so please contact us at [email protected]. We will get back to you and resolve the matter within 5 working days. Alternatively you can check your data by following this link to our Data Access Request.

In relation to Marketing & Promotional e-mails we provide a link at the end of the e-mail to unsubscribe from that service.
Please note that it is not possible to ‘opt-out’ of receiving communication from us, which relates to your bookings or reservations.

Name and address of the data protection officer

B&B Cortijo El Sarmiento
Marega Projects S.L.
Yvonne Schnoor
Camino de Gatar 2
04638 Mojácar (Almería) – Spain
VAT No. ESB54744016

phone: +34 616 86 20 83
E-Mail: [email protected]

Platform for online dispute resolution by the European Commission:

Additional information

Ensuring security when processing data

B&B Cortijo El Sarmiento implements technical and organizational security measures to safeguard the data that it manages against inadvertent or deliberate manipulation, loss or destruction and against access by unauthorized persons. The security measures used are continuously being improved to ensure that they remain the state of the art. This means that B&B Cortijo El Sarmiento only stores information relevant to data protection on secured systems. Furthermore this site uses, for security reasons and to protect the transmission of confidential content, an SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.

In case of any security breach we will immediately inform the party in question, eg. Redforts Hotel Software and will temporarily disconnect until the problem has been solved and we can ensure the security of your data.


Should you apply for a position within our company, your details will be held on file until such a time as the position is filled. If you are unsuccessful in your application, your details will be disposed of securely and in a timely manner unless you request otherwise.

This policy was updated on November, 17th. 2020