Menu Book Now
Menu Book NowBook

Privacy Policy

Booking 2026 award

LEGAL NOTICE, PRIVACY POLICY AND COOKIES POLICY

  1. WEBSITE OWNER

This website, www.townhousemarbella.com (the “Website”), is owned and operated by:

FININVEST USA SL
Tax Identification Number (NIF): B67078568
Registered address: Calle Alderete 7, 29600 Marbella, Málaga, Spain
Telephone: +34 952 90 17 91
Email: info@townhousemarbella.com

Throughout this document, FININVEST USA SL may also be referred to as “The Town House Marbella”, “we”, “us”, or “our”.

Use of this Website implies acceptance of this Legal Notice, Privacy Policy and Cookies Policy. If you do not agree with this document, you should not use the Website.

We reserve the right to modify this document at any time. Any updated version will be published on the Website and will become effective from the date of publication.

  1. PURPOSE OF THE WEBSITE

The purpose of this Website is to provide information about The Town House Marbella, its accommodation services, facilities, contact channels, and booking options, and to allow users to make enquiries or reservations.

The information published on this Website is for general information purposes only. While we make reasonable efforts to keep the information accurate and up to date, we do not guarantee that all content is complete, current, or error-free at all times.

  1. CONDITIONS OF USE

By using this Website, the user agrees to use it lawfully, in good faith, and in accordance with public order, these terms, and any applicable law.

The user agrees:
a) to provide true, accurate, current, and complete information in any form submitted through the Website;
b) not to use the Website for fraudulent, unlawful, harmful, or misleading purposes;
c) not to interfere with the security, operation, or proper functioning of the Website;
d) not to reproduce, copy, distribute, modify, publicly communicate, extract, reuse, or exploit Website content without prior written permission, except where permitted by law.

The user shall be solely responsible for any false or inaccurate information supplied and for any damage caused to FININVEST USA SL or third parties as a result.

If this Website contains links to third-party websites, such links are provided for convenience only. We do not control, endorse, or assume responsibility for the content, privacy policies, services, or practices of third-party websites. Users should review the applicable terms and privacy policies of those websites before using them.

This Website is not directed at children. Where personal data of minors may exceptionally be involved, such processing must comply with applicable law. Under Spanish law, the general digital age of consent is regulated by Organic Law 3/2018.

  1. INTELLECTUAL PROPERTY

All contents of the Website, including without limitation text, photographs, images, graphics, logos, trademarks, trade names, icons, software, design, structure, layout, and audiovisual content, are owned by or licensed to FININVEST USA SL and are protected by applicable intellectual and industrial property laws.

Users may view, print, or download extracts from the Website only for personal, lawful, and non-commercial use. Any other use, including reproduction, distribution, transformation, public communication, making available, scraping, extraction, or commercial exploitation, is prohibited without our prior written consent.

The Town House Marbella name, logo, branding, trade dress, and related distinguishing signs may not be used without express prior written authorisation.

  1. DATA CONTROLLER

For the purposes of applicable data protection law, the data controller of personal data collected through this Website is:

FININVEST USA SL
Calle Alderete 7, 29600 Marbella, Málaga, Spain
info@townhousemarbella.com

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.

  1. PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data, depending on how you interact with us:

  1. a) identification data, such as name, surname, nationality, passport or ID details where required by law;
    b) contact data, such as email address, telephone number, and postal address;
    c) booking and stay data, such as arrival and departure dates, room preferences, number of guests, special requests, and stay history;
    d) payment-related data, billing details, transaction information, and booking guarantee data processed through our payment and booking systems;
    e) communications data, such as messages sent through contact forms, email, or telephone enquiries;
    f) technical and browsing data, such as IP address, browser type, device information, pages visited, and cookie-related data;
    g) legally required guest registration data, where applicable under hotel, security, or police-reporting obligations.

We do not intentionally collect more personal data than is necessary for the relevant purpose.

  1. PURPOSES OF PROCESSING

We may process personal data for the following purposes:

  1. a) to manage bookings, enquiries, and reservations;
    b) to communicate with guests before, during, and after their stay;
    c) to verify identity and comply with legal guest-registration obligations;
    d) to process payments, guarantees, charges, refunds, and fraud-prevention measures;
    e) to provide hospitality services and respond to guest requests;
    f) to manage incidents, complaints, claims, lost property, and customer support;
    g) to maintain Website security, prevent misuse, and ensure technical operation;
    h) to comply with legal, tax, accounting, regulatory, and law-enforcement obligations;
    i) where permitted, to send service-related communications and, where consent is required, marketing communications;
    j) to maintain internal records and defend or exercise legal claims.

Under the GDPR, controllers must identify the purpose and legal basis for each processing activity.

  1. LEGAL BASES FOR PROCESSING

We process personal data on one or more of the following legal bases:

  1. a) performance of a contract or steps taken at the request of the data subject before entering into a contract, for example to manage a booking or reservation enquiry;
    b) compliance with a legal obligation, including guest registration, accounting, tax, and law-enforcement reporting obligations;
    c) legitimate interests of FININVEST USA SL, such as fraud prevention, Website security, operational management, and defence of legal claims, provided such interests are not overridden by the rights and freedoms of the data subject;
    d) consent, where required by law, including for certain categories of cookies or marketing communications.
  2. RECIPIENTS AND DISCLOSURE OF DATA

Personal data may be disclosed where necessary to:

  1. a) technology and booking service providers;
    b) property management and reservation software providers, including Little Hotelier;
    c) payment processors, banks, and fraud-prevention providers;
    d) accountants, auditors, legal advisers, insurers, and IT service providers;
    e) competent public authorities, police, courts, regulators, or administrative bodies, where disclosure is required by law or necessary for the exercise or defence of legal claims.

We do not sell personal data.

Where service providers process data on our behalf, they do so under appropriate contractual safeguards required by data protection law.

  1. INTERNATIONAL TRANSFERS

If any of our service providers process personal data outside the European Economic Area, such transfer will only take place where permitted under applicable law and subject to appropriate safeguards, such as an adequacy decision, standard contractual clauses, or another lawful transfer mechanism under the GDPR. The GDPR restricts international transfers unless appropriate safeguards apply.

  1. DATA RETENTION

We retain personal data only for as long as necessary for the purposes for which it was collected and, thereafter, for the period required by applicable legal, accounting, tax, security, and limitation obligations.

In particular:
a) booking and stay data may be retained for the duration of the contractual relationship and for the period necessary to comply with legal obligations and handle claims;
b) communications may be retained for as long as necessary to manage the enquiry, reservation, relationship, or dispute;
c) technical and cookie data are retained according to the applicable cookie settings and system configuration;
d) legally required guest registration data may be retained for the period required by applicable law.

When data is no longer needed, it will be securely deleted, anonymised, or blocked as appropriate.

  1. DATA SUBJECT RIGHTS

Data subjects may exercise, subject to legal requirements, the following rights:

  1. a) right of access;
    b) right to rectification;
    c) right to erasure;
    d) right to restriction of processing;
    e) right to object;
    f) right to data portability, where applicable;
    g) right to withdraw consent at any time, where processing is based on consent;
    h) right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) if they consider that their rights have been infringed.

Requests may be sent to: info@townhousemarbella.com

We may request proof of identity before processing a rights request.

The rights framework under Spanish law must now be read together with the GDPR and Organic Law 3/2018, not the repealed 1999 law.

  1. DATA SECURITY

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, taking into account the nature of the data and the risks involved.

However, no transmission or storage system can be guaranteed to be completely secure. Users should also take appropriate measures to protect their own devices, networks, and credentials.

The GDPR requires controllers and processors to implement security measures appropriate to the risk.

  1. COMMERCIAL COMMUNICATIONS

We will not send marketing or promotional electronic communications where prior consent is required by law, unless such consent has been obtained or another lawful basis exists under applicable electronic communications rules.

Users may unsubscribe or opt out of marketing communications at any time by following the instructions in the communication or by contacting us at info@townhousemarbella.com.

  1. COOKIES POLICY

15.1 What are cookies?

Cookies are small text files stored on the user’s device when visiting a website. They may allow the website to remember certain information about the visit, recognise the device, improve functionality, analyse traffic, or support security and user preferences.

15.2 Types of cookies we may use

This Website may use the following categories of cookies:

  1. a) strictly necessary cookies: required for the technical operation of the Website and basic functions such as security, session management, and form submission;
    b) preference or functionality cookies: used to remember user choices and improve usability;
    c) analytics cookies: used to measure traffic and analyse how users interact with the Website;
    d) third-party cookies: where content, tools, booking engines, maps, or integrations from external providers are used.

15.3 Legal basis for cookies

Strictly necessary cookies may be used without consent where they are genuinely required for the operation of the Website.

All non-essential cookies, including analytics, advertising, or personalisation cookies, should only be placed after the user has given valid consent through the cookie banner or consent management tool, in accordance with applicable guidance. Spanish cookie guidance distinguishes strictly necessary cookies from those that require prior informed consent.

15.4 Cookie management

Users may accept, reject, or configure cookies through the cookie settings tool made available on the Website, where applicable. Users may also configure their browser to block or delete cookies. Please note that blocking certain cookies may affect the functionality of the Website or prevent some services from operating correctly.

15.5 Third-party cookies

If third-party tools are embedded into the Website, such providers may place cookies or collect information directly according to their own privacy and cookie policies. We recommend reviewing those policies separately.

15.6 Cookie list

The specific cookies used on the Website, their provider, duration, purpose, and category should be detailed in the cookie banner or cookie settings panel used on the Website. This should be kept updated to match the actual tools in use.

  1. SOCIAL MEDIA AND THIRD-PARTY SERVICES

If this Website links to or integrates with social media platforms, booking engines, maps, videos, widgets, or other third-party tools, the use of those services may involve processing of personal data by the respective third party under its own privacy terms.

We are not responsible for the privacy practices of those third parties.

  1. CHANGES TO THIS POLICY

We may update this Legal Notice, Privacy Policy and Cookies Policy from time to time to reflect legal, technical, or operational changes. The latest version will always be the version published on the Website.

  1. APPLICABLE LAW

This Legal Notice, Privacy Policy and Cookies Policy shall be governed by Spanish law, without prejudice to any mandatory consumer or data protection rights that may apply.