PRIVACY POLICY

Last modified: March 22, 2025
At www.sesadmin.net , we are committed to protecting the privacy of our customers and the travellers whose data we manage. This policy clearly and transparently describes how we collect, process, store, and protect your personal information, in compliance with current Spanish regulations on the obligation to register travellers in tourist accommodations (Royal Decree 933/2021). In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and Organic Law 3/2018, you are hereby informed of the following:

1. IDENTITY OF THE DATA CONTROLLER

Name of the Company: SESAdmin.net

Owner: Alexander Peter Simmons

NIF: Y5478355E

Address: Plaza Villa de Castelldefels 4. Picasso Business Center, Oficina AFZ, 29006 Málaga, Spain.

Email: [email protected]

Website: www.sesadmin.net

 

SESAdmin.net is the data controller for the personal data of its clients (property owners and managers). SESAdmin.net also acts as a data processor for travellers´ data on behalf of those clients, in compliance with Royal Decree 933/2021.

2. PERSONAL DATA WE COLLECT

2.1 Our clients’ data

This data allows us to identify the owners or managers of tourist accommodations that use our services to register and report travellers’ data to the authorities in accordance Royal Decree 933/2021.

Types of data collected:
  • Contact information: Name, surname, telephone number, email address, credentials, property information, etc.
  • Billing and subscription information: Information required to manage the contracted service
  • Activity data: Information about managed accommodations and service usage.

2.2 Travellers´ data

Travellers are individuals staying at the establishments and whose data must be sent to the corresponding police authority.

Types of data collected:
  • Identity data: Name, surname, type and number of documents (DNI, passport, NIE, etc.), date of birth, country of origin.
  • Contact information: Email, phone number, address.
  • Booking details: Dates of stay, accommodations, relationship with other guests (in the case of minors).
  • Digital signature and document scanning: Processed solely for compliance with Royal Decree 933/2021.
Minors’ data:

The data of minors traveling with their parent(s), legal guardian(s), or other responsible adults is collected and processed exclusively for the purpose of legal identification and registration as required by Royal Decree 933/2021. This includes their full name, date of birth, and identification document, where applicable.

In accordance with Article 6 of the LOPDGDD and Article 8 of the GDPR, the processing of personal data of minors under 14 years of age will only be carried out with the authorization of the person who holds parental authority or legal guardianship, except where the data is necessary for legal compliance, such as police reporting obligations under national security laws.

Under no circumstances is minors’ data used for commercial purposes or transferred beyond the legally mandated recipients (i.e., the competent police authorities).

3. PURPOSES OF THE PROCESSING

3.1 Our clients´ data (property owners/managers)
  • Regulatory compliance: In compliance with Royal Decree 933/2021, SESAdmin transmits the identification data of property owners or legal entities managing the tourist accommodations to the Ministry of the Interior of Spain, through the SES.HOSPEDAJES platform.
  • Administrative and customer management: Billing, technical assistance, support, and contact.
  • Security and auditing: System monitoring to ensure proper functioning and security.
  • Informative communications: Updates, service improvements, and, in some cases, commercial communications (with prior consent).
3.2 Travellers´ data

SESAdmin.net processes guest data on behalf of the data controller, our clients, for the exclusive purpose of:

  • Regulatory compliance: Mandatory registration and communication of travellers’ data to the Ministry of Interior’s SES.HOSPEDAJES platform (Royal Decree 933/2021).
  • Service provision: Automated management of travellers´ entry forms for tourist accommodations.

4. LEGAL BASIS FOR PROCESSING

  • Compliance with a legal obligation: The processing of personal data is carried out on the legal basis established in Article 6.1(c) of the General Data Protection Regulation (GDPR), as it is necessary for compliance with a legal obligation imposed by Royal Decree 933/2021, which requires the identification and reporting of both property owners and travellers to the Spanish Ministry of the Interior.
  • Contract execution: The processing of personal data belonging to property owners or managers is carried out under Article 6.1(b) of the GDPR, as it is necessary for the performance of the service agreement, they have entered into with SESAdmin.net.
  • Legitimate interest: In addition to processing based on contractual necessity or legal obligations, SESAdmin.net also processes certain personal data under its legitimate interests, in accordance with Article 6.1(f) of the General Data Protection Regulation (GDPR). These legitimate interests include:
  • Ensuring the security and stability of our platform and systems
  • Detecting and preventing fraudulent or unauthorized activity
  • Improving the performance, usability, and quality of our services
  • Keeping internal logs for accountability and technical troubleshooting
  • Communicating important non-commercial system or service updates to users

Legitimate Interest Assessment (LIA) has been conducted to ensure that these processing activities are necessary, proportionate, and do not override the rights and freedoms of the data subjects.

Data subjects have the right to object to processing based on legitimate interests at any time by contacting us at: [email protected].

5. DATA RETENTION AND SECURITY MEASURES

Data retention is determined by the type of data and the legal or operational purpose for which it is collected:

  • Travellers´ data is retained for a period of three (3) years in compliance with Royal Decree 933/2021, after which it is securely deleted or anonymized.
  • Property owner and manager data is retained for the duration of the contractual relationship and, where applicable, for additional periods necessary to comply with legal obligations (e.g., tax or regulatory requirements).
  • Platform usage logs and technical records may be retained for a reasonable period to ensure platform security, detect misuse, or resolve operational issues.

Once the applicable retention period has expired, the data is either securely deleted or, where possible, pseudonymized or anonymized for analytical purposes.

6. TRANSFERS AND ACCESS TO DATA BY THIRD PARTIES

SESAdmin.net does not sell or share personal data with third parties for commercial purposes. However, access to and communication of data may occur in the following contexts, always under strict legal and contractual safeguards:

Legal obligations and public authorities

Personal data of both travellers and accommodation providers will be communicated to the Spanish Ministry of the Interior and competent law enforcement authorities through the SES.HOSPEDAJES platform, in strict compliance with Royal Decree 933/2021. This includes identity and booking information that must be registered and reported by law.

Service Providers (Data Processors)

To ensure the proper operation, security, and delivery of our services, SESAdmin.net may engage trusted third-party providers who act as Data Processors on our behalf. These may include:

  • Cloud infrastructure and hosting providers
  • Electronic signature and identity verification platforms
  • IT maintenance, cybersecurity, and communication tools
  • Analytics and internal support systems

All processors are bound by written agreements pursuant to Article 28 of the GDPR, and process data solely under our instructions and with appropriate security measures.

International data transfers

As a rule, SESAdmin does not carry out international transfers of personal data. If any processing involves data transfers outside the European Economic Area (EEA), such transfers will be conducted only with adequate safeguards, including:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms as provided by the GDPR

7. USER RIGHTS

In accordance with Articles 12 to 23 of the General Data Protection Regulation (GDPR), all individuals whose personal data is processed by [Company Name] — including property owners, managers, and guests — have the following rights:

Right of Access

You have the right to obtain confirmation as to whether or not your personal data is being processed, and, where applicable, access to such data and information regarding its use.

Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure

You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if the processing is unlawful.

However, this right is limited in cases where we are required to retain data by law. In particular, Royal Decree 933/2021 obliges the storage of certain personal data (e.g. traveller and accommodation provider identification data) for a period of three (3) years, for public security purposes.

During this retention period, the data will be securely stored, access will be restricted, and it will not be processed for any purpose other than compliance with the applicable legal obligation.

Once the mandatory retention period expires, the data will be permanently erased or anonymized.

Right to Restriction of Processing

You may request that we restrict the processing of your data in certain cases, such as during the verification of accuracy or legality of the data processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where technically feasible.

Right to Object

You may object at any time to processing based on legitimate interest (Article 6.1(f)), unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of the processing carried out before the withdrawal.

Right to Lodge a Complaint

You have the right to file a complaint with a supervisory authority, particularly in the EU Member State of your residence, place of work, or where the alleged infringement occurred. In Spain, this is the Agencia Española de Protección de Datos (AEPD)www.aepd.es

To exercise any of these rights, you may contact us at:
[email protected]

We may need to verify your identity before processing your request, in order to protect your privacy and the rights of others.

8. COOKIE POLICY

We use cookies to improve user experience. See our Cookie Policy for more details.

9. MODIFICATIONS TO THIS POLICY

SESAdmin.net reserves the right to update or modify this Privacy Policy at any time, in order to reflect changes in our services, legal obligations, or data protection practices.

Any changes will be published on this page with an updated “Last modified” date at the top of the document. If the changes are significant or materially affect your rights, we will provide a more prominent notice or directly notify you, when required by applicable law.

We encourage you to review this policy periodically to stay informed about how we process and protect your personal data.

10. CONTACT

Phone: +34711030222
Address: Plaza Villa de Castelldefels 4. Picasso Business Center, Oficina AFZ, Mlaga ciudad, 29006 Málaga, Spain.

© All rights reserved.