Privacy Policy

Last updated: 07 August 2025

At Pitaya Coliving, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with our website, book a stay, or communicate with us.

1. Who we are

Pitaya Coliving
Calle Jacinto Borges Díaz 57, piso 4, 35500, Arrecife, Las Palmas
hello@pitayacoliving.com

Data Controller: Pitaya Coliving ("we", "us").
Data Protection Officer (DPO): Not appointed.
For any questions about this Policy or how we handle your data, contact us at the email and address above.

2. What personal data we collect

We collect and process the following types of personal data:

Booking details: name, email address, phone number, nationality, payment information, booking dates, room type.

Identity data required by Spanish hospitality rules (traveller register): full name, type and number of identity document, issuing country, date and place of issue (where shown), address, nationality, date of arrival and departure, and accommodation identifier. This data is collected to comply with Spanish public‑security regulations and is separate from booking information.

Communication: emails, messages via contact forms, WhatsApp, or third‑party booking platforms.

Guest preferences (optional): If you choose to share preferences that may reveal health or religious beliefs (e.g., dietary needs, wellness/yoga needs), we treat this as special‑category data and only process it with your explicit consent. Providing this information is not required to book or stay.

Marketing consent: newsletter opt‑ins.

Technical data: IP address, browser type, device, and pages visited (via cookies and analytics).

Sources of data: We receive personal data directly from you and, where relevant, from booking platforms you use to reserve a stay (e.g., Coliving.com, Coworksurf).

Children: Our services are intended for adults. Where consent is required for online services, Spain’s digital consent age is 14. We do not knowingly collect personal data from children under 14 without appropriate authorization.

3. How we use your data

We use your personal data to:

  • manage your reservation and check‑in/check‑out process;

  • communicate with you before, during, and after your stay;

  • send important updates related to your stay (service messages, not marketing);

  • personalize your experience (e.g., dietary needs, room setup) — processed only with your explicit consent where this reveals health or religion;

  • send newsletters (only if you’ve opted in);

  • improve our website through analytics; and

  • comply with legal obligations applicable to hospitality in Spain (e.g., traveller registration and reporting to authorities).

4. Legal basis for processing

  • Contract: to fulfil our agreement with you when you make a booking.

  • Consent: for marketing communications and any non‑essential cookies/trackers; for special‑category data (e.g., dietary needs) we rely on your explicit consent.

  • Legitimate interests: to run and improve our business (e.g., ensuring a safe, smooth check‑in) and to send non‑marketing service communications related to your stay.

  • Legal obligation: for invoicing and tax compliance and for traveller registration/reporting to Spanish authorities.

5. How long we keep your data

  • Booking and billing data: 6 years (Spanish Commercial Code record‑keeping).

  • Communication & preferences: 12 months after checkout, unless you request earlier deletion (subject to legal holds).

  • Newsletter subscription: until you unsubscribe or after 24 months of inactivity, whichever comes first.

  • Traveller register / police data: 3 years to comply with Spanish hospitality public‑security rules.

6. Who we share your data with

We share your data only when necessary:

  • payment processors (e.g., Stripe, PayPal);

  • booking platforms (e.g., Coliving.com, Coworksurf);

  • website hosting/forms/site platform: Squarespace (website, forms, analytics features);

  • email marketing: Squarespace Email Campaigns (only if subscribed);

  • analytics: Squarespace Analytics (only with consent for non‑essential cookies);

  • messaging: WhatsApp (Meta) for guest communications where you contact us via WhatsApp; and

  • public authorities where we are legally required to do so.

We never sell or rent your data.

International transfers. Some providers may be located outside the European Economic Area (EEA), including the United States. Where a provider participates in the EU–U.S. Data Privacy Framework, we rely on that adequacy decision; otherwise, we use the European Commission’s Standard Contractual Clauses and implement appropriate safeguards.

7. Your rights (EU residents)

Under the GDPR, you have the right to:

  • access your personal data;

  • correct inaccurate data;

  • request deletion of your data;

  • withdraw your consent at any time (where processing is based on consent);

  • object to processing based on our legitimate interests and to direct marketing;

  • restrict processing in certain circumstances; and

  • data portability (receive your data in a structured, commonly used, machine‑readable format).

To exercise your rights, contact us at hello@pitayacoliving.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

8. Cookies & tracking

We use cookies to enhance your browsing experience. On your first visit, you’ll see a banner that lets you Accept or Reject non‑essential cookies on the first layer, with a link to granular settings. Non‑essential cookies (e.g., analytics) run only if you consent. You can change your preferences anytime via the banner or your browser settings.

See our Cookie Policy for full details.

9. Data security

We take appropriate measures to protect your data against unauthorized access, loss, or misuse, including encrypted transmission, secure servers, and access controls. Access is limited to staff on a need‑to‑know basis; we use multi‑factor authentication where available and implement regular deletion/retention reviews.

10. Traveller registration (Spain)

Spanish public‑security regulations require accommodation providers to collect and, where applicable, transmit certain guest identity and stay details to the authorities (via SES.Hospedajes). We process this data under our legal obligation. We retain the traveller register for 3 years in accordance with these rules.

11. WhatsApp communications

If you contact us via WhatsApp, your phone number and message content will be processed by WhatsApp (Meta) as an independent service provider. We use WhatsApp solely to respond to your inquiries and manage your stay (service communications). For privacy details, please refer to WhatsApp’s privacy information.

12. Automated decision‑making

We do not use automated decision‑making or profiling that produces legal or similarly significant effects.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date at the top. If changes are material, we will notify you via the website or by email where appropriate.