1. Data Controller
The Data Controller of personal data is:
New CP 2019 SL
Carrer de la Ruda 7
Sant Josep de sa Talaia
Ibiza, Balearic Islands – Spain
Email: info@imibiza.com
2. Types of Data Processed
2.1. Data voluntarily provided by the user
By browsing or using the services of the website, you may provide:
- First and last name
- Email address
- Phone number
- Data requested in contact or information request forms
- Data contained in any messages freely sent by the user
2.2. Automatically collected data (Usage Data)
The website may automatically collect:
- IP address
- Browser and device type
- Operating system
- Pages visited
- Time and duration of navigation
- Interactions with the website
- System logs
2.3. Cookies and tracking tools
The website uses technical cookies and, with consent, analytical and/or marketing cookies.
For more information, please see the Cookie Policy.
Users are responsible for any personal data of third parties communicated through the website.
3. Purposes of Processing and Legal Basis
| Purpose | Legal Basis |
| Provide and manage the website and its services | Execution of pre-contractual measures and legitimate interest |
| Respond to requests via forms | User consent |
| Operational management and website security | Legitimate interest |
| Statistical analysis and website improvement | Consent (analytics cookies) |
| Direct marketing or remarketing (if advertising tools are active) | Consent |
| Legal obligations | Legal obligation |
The Data Controller will always indicate whether providing data is mandatory or optional.
4. Methods of Processing
Data is processed using IT and/or electronic tools, implementing adequate security measures to prevent unauthorized access, loss, or alteration.
In addition to the Data Controller, the following parties may have access to the data:
- Technical providers (hosting, maintenance, IT services)
- Marketing agencies or consultants
- Third-party services integrated into the website (e.g., email providers, analytics, advertising)
All external parties act as Data Processors, if duly appointed.
5. Data Storage Location and Transfers Outside the EU
Data is processed at the Data Controller’s premises and where the involved service providers operate.
If some services require data transfers outside the European Union, the Data Controller ensures:
- Standard Contractual Clauses (SCC)
- Additional security measures
- Transfers only to countries deemed adequate by the European Commission
6. Data Retention
Data is retained only for the time necessary for the purposes for which it was collected:
- Contact data: until the request is processed + up to 24 months for administrative purposes
- Browsing data: typically a few days/weeks
- Marketing data: until consent is revoked
- Legal obligations: according to the periods required by applicable laws (e.g., tax regulations)
At the end of the retention periods, data will be deleted or anonymized.
7. User Rights (Articles 15–22 GDPR)
Users have the right to:
- Request access to their data
- Obtain correction or deletion
- Request restriction of processing
- Object to processing based on legitimate interest
- Withdraw consent at any time
- Request data portability
- File a complaint with the competent Data Protection Authority
Requests should be sent to:
The Data Controller will respond within 30 days.
8. Additional Information
8.1. System Logs
For maintenance, security, and website operation purposes, technical logs containing IP addresses and other data may be collected.
8.2. Legal Actions
Personal data may be used in legal proceedings to protect the rights of the Data Controller.
9. Changes to this Privacy Policy
The Privacy Policy may be updated at any time.
The latest version will always be available on this page.