Privacy Policy

MARBELLA HEN BOUTIQUE

Fused Events S.L., trading as Marbella Hen Boutique ("we", "us", "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with us — whether through our website, by making an enquiry, or by booking a Programme with us.

We are registered as a data controller in Spain and process personal data in accordance with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and applicable Spanish data protection law. Please read this policy carefully. If you have any questions, contact us at info@marbellahenboutique.com.

This policy should be read alongside our Terms & Conditions, which form the contract between us when you make a booking.

1. Who We Are

1.1 Data Controller

The data controller responsible for your personal data is:

Company: Fused Events S.L. trading as Marbella Hen Boutique
Registered in Spain — registration number: [Insert registration number]
Registered address: [Insert registered address]
Email: info@marbellahenboutique.com

1.2 Contact for Data Queries

If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint about how we handle your data, please contact us at info@marbellahenboutique.com. We will respond within 30 days.

2. What Personal Data We Collect

2.1 Data You Provide Directly

We collect personal data that you provide to us when you submit a quote request, make a booking, contact us by email or phone, or communicate with us in any other way. This includes:

Full name, email address, and phone number of the group organiser (Client);
Names and email addresses of all members of the Booking Party;
Group size and composition;
Travel information including travel dates, arrival and departure times, flight details, and transfer requirements;
Dietary requirements, food preferences, and food allergies, where relevant to your Programme — please note that allergy information may constitute health data (special category data) under GDPR and is processed with particular care (see Section 3);
Payment information (card details and transaction records, processed securely through our payment provider, Stripe);
Health and medical information, where you choose to disclose it in connection with participation in activities;
Date of birth, where relevant to age verification;
Passport or identity document details, where required for accommodation check-in or legal compliance; and
Any other information you choose to share with us in correspondence, including via email, phone, or WhatsApp.

Where you communicate with us by telephone, we may retain a record of the key points discussed as part of our correspondence records. Calls may be recorded for training and quality assurance purposes — you will be informed of this where applicable.

Where you communicate with us via WhatsApp, we use this channel for direct communication with the Client only. We do not create or manage WhatsApp groups on your behalf. Any messages exchanged via WhatsApp form part of our correspondence records and are treated as personal data in accordance with this policy.

2.2 Data Relating to Booking Party Members

Where you are the group organiser (Client), you will provide us with personal data about other members of your Booking Party — including their names and email addresses. By providing this data, you confirm that those individuals are aware that their personal data will be shared with us and used in connection with the Programme, and that you have authority to provide their data on their behalf.

Members of the Booking Party whose data is provided to us by the Client are entitled to the same rights under this Privacy Policy as the Client themselves. If any Booking Party member wishes to exercise their rights, they should contact us directly at info@marbellahenboutique.com.

2.3 Data Collected During the Programme

When you participate in a Programme, additional data may be collected:

Photographs and videos taken by us or our Suppliers during the Programme, which we may use for marketing purposes (see Section 5);
Passport or identity document details collected by accommodation Suppliers at check-in — this data is collected directly by the Supplier and is subject to the Supplier's own privacy policy;
Dietary and allergy information passed to catering Suppliers or venues; and
Any information relevant to health, safety, or participation that arises during the Programme.

2.4 Data Collected Automatically

When you visit our website at marbellahenboutique.com, we and our third-party service providers automatically collect certain data about your device and browsing activity. This includes data collected through cookies and analytics tools (see Section 9).

2.5 Data We Receive from Third Parties

We may receive personal data about you from third parties including:

Social media platforms (such as Meta/Facebook, Instagram, and TikTok) where you interact with our advertising or content;
Our website provider, Wix, which stores enquiry form submissions on our behalf as a data processor; and
Email correspondence — where you contact us by email, your email address, name, and the content of your message constitute personal data that we hold as part of our correspondence records.

3. How We Use Your Personal Data

3.1 Data Processing Table

The table below summarises the types of personal data we process, why we process it, the legal basis we rely on, and how long we keep it:

3.2 Legal Bases Explained

We process your personal data on one or more of the following legal bases under GDPR:

Contract performance: processing is necessary to perform the contract we have with you (your booking) or to take steps at your request before entering into a contract.
Legal obligation: processing is necessary for us to comply with a legal obligation, such as financial record-keeping requirements.
Legitimate interests: processing is necessary for our legitimate business interests (such as following up on enquiries or preventing fraud), provided those interests are not overridden by your rights and interests.
Consent: you have given clear and specific consent to us processing your data for a particular purpose (such as the use of photos for marketing). Where we rely on consent, you have the right to withdraw it at any time.
Vital interests: in limited circumstances, we may process health or allergy data where it is necessary to protect your or another person's physical safety during the Programme.

Where we process special category data (such as health information, or allergy data that may indicate a medical condition or religious belief), we rely on explicit consent and/or vital interests as additional legal bases under GDPR Article 9. We process such data only to the minimum extent necessary for the delivery of your Programme and delete it once the Programme has ended.

4. Enquiry Follow-Up and Marketing Communications

4.1 Follow-Up on Enquiries

If you submit a quote request but do not proceed to a booking, we may contact you by email or phone to follow up on your enquiry. We do this on the basis of legitimate interests — you initiated contact with us and it is reasonable for us to follow up. We will not contact you excessively and will respect any request to stop.

4.2 Marketing Communications

We currently use social media platforms (including Meta/Facebook and Instagram) to run targeted advertising campaigns. These platforms may use data about your interactions with our website or social media content to show you relevant advertising. Please refer to Meta's Privacy Policy and the relevant platform's privacy settings to manage your advertising preferences.

4.3 Opting Out

You can ask us to stop contacting you for follow-up or marketing purposes at any time by emailing info@marbellahenboutique.com or by using the unsubscribe mechanism in any communication we send you. We will action your request promptly.

5. Photographs and Videos

5.1 Use of Images

We and our Suppliers may take photographs and videos during your Programme. By default, we may use these images for marketing, promotional, and social media purposes (including on our website, Instagram, Facebook, and TikTok). This is done on the basis of legitimate interests, as we have a genuine business interest in showcasing our events.

5.2 Opting Out

If you or any member of your Booking Party do not wish to appear in photographs or videos used for marketing purposes, you must inform us in writing before the Programme commences by emailing info@marbellahenboutique.com. We will communicate your preference to our Suppliers where reasonably practicable, though we cannot guarantee that all images taken by third parties will be controlled.

5.3 Images Already Published

If you become aware of an image of yourself published by us that you would like removed, please contact us at info@marbellahenboutique.com and we will remove it promptly where technically possible.

6. Who We Share Your Personal Data With

6.1 Suppliers

We share personal data with third-party Suppliers who deliver elements of your Programme, including accommodation providers, activity operators, transport companies, and other service providers. We only share data that is necessary for them to deliver the relevant service. Suppliers are required to handle your data in accordance with applicable data protection law and their own privacy policies.

6.2 Payment Processors

Payment card data is processed by our secure payment provider. We do not store full card details ourselves. Our payment provider processes data in accordance with PCI DSS standards and their own privacy policy.

6.3 Technology and Platform Providers

We use the following platforms and tools that may process your data on our behalf:

Wix — our website platform, used to host our website and manage enquiry forms. Wix acts as a data processor on our behalf under a Data Processing Agreement provided as part of their platform terms;
Stripe — our payment provider, used to process payments securely. Stripe processes payment card data in accordance with PCI DSS standards and their own privacy policy at stripe.com/privacy;
Google Analytics — used to analyse website traffic and user behaviour;
Google Ads / Google Pixel — used for advertising and retargeting;
Meta (Facebook and Instagram) — used for social media advertising, retargeting, and client communications;
TikTok — used for social media content and advertising. TikTok may process data about users who interact with our content in accordance with their privacy policy at tiktok.com/privacy; and
WhatsApp — used for direct communication with the Client. WhatsApp is operated by Meta and processes data in accordance with Meta's privacy policy. We use WhatsApp for one-to-one communication with the group organiser only.

Each of these providers has their own privacy policy and data processing terms. We recommend reviewing their policies for details of how they handle your data.

6.4 Legal and Regulatory Disclosure

We may disclose your personal data to law enforcement agencies, regulatory authorities, courts, or other third parties where we are legally required to do so, or where it is necessary to protect our legal rights or the rights of others.

6.5 No Sale of Data

We do not sell, rent, or otherwise transfer your personal data to third parties for their own commercial purposes.

7. International Data Transfers

7.1 Transfers Within the EEA

We are based in Spain and process data within the European Economic Area (EEA). Your data is primarily stored and processed within the EEA and is therefore subject to GDPR protections.

7.2 Transfers Outside the EEA

Some of our third-party service providers (such as Meta and Google) may transfer and process your data outside the EEA, including in the United States. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or that the transfer is to a country deemed adequate by the European Commission.

7.3 UK Clients

UK-based clients should be aware that their data may be transferred to and processed within Spain and the EEA. Spain is within the EU and subject to GDPR, which provides equivalent data protection to UK GDPR. We acknowledge UK clients' rights under UK data protection law.

8. Data Security

8.1 Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or disclosure. These measures include password protection, secure email communications, and restricted access to personal data within our business.

8.2 Payment Security

Payment card data is processed through secure, encrypted channels by our payment provider. We do not store full payment card details on our systems.

8.3 Third-Party Security

While we take reasonable steps to ensure that our Suppliers and service providers handle your data securely, we cannot be responsible for the security practices of third parties. We encourage you to review the privacy policies of any third-party platforms you interact with.

8.4 Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are used to make websites function correctly, to remember your preferences, and to gather analytics about how the site is used. When we embed third-party tracking tools on our website, we are responsible for disclosing those cookies to you and obtaining your consent where required — even though the cookies are operated by third parties.

9.2 Cookies We Use

Our website uses the following types of cookies and tracking technologies:

Essential cookies (Wix): set automatically by Wix to make the website function correctly. These include session cookies (svSession, hs) and browser identification cookies (_wix_browser_sess). These cannot be disabled as they are necessary for the site to operate.
Wix Analytics cookies: set by Wix to collect information about how visitors use our website, including pages visited, time spent on the site, and referral sources. This data is used to improve our website.
Google Analytics cookies: set by Google to collect aggregated information about website traffic and user behaviour. Google Analytics uses cookies such as _ga and _gid to distinguish users and track sessions.
Google Ads / Google Tag Manager: we use or may use Google Tag Manager to manage our tracking tags, including Google Ads conversion tracking and remarketing pixels. Google Tag Manager itself sets a cookie (_gcl_au) and acts as a container for other Google tracking tools. Even where we are not currently using all Google Tag Manager features, it may be present on our site for future use.
Meta Pixel (Facebook / Instagram): we use the Meta Pixel to track website visitors and show targeted advertising on Facebook and Instagram. The Meta Pixel sets cookies including _fbp and _fbc to identify visitors and link website activity to Meta advertising campaigns.
Stripe cookies: where you proceed to a payment page, Stripe sets cookies for fraud prevention, security, and session management purposes. These include __stripe_mid and __stripe_sid. These are necessary for payment processing to function securely.
Social media embed cookies: if our website includes embedded content from Instagram, Facebook, or TikTok (such as feeds, posts, or share buttons), those platforms may set their own tracking cookies when the page loads, regardless of whether you interact with the embedded content. These cookies are subject to each platform's own cookie policy.

9.3 Managing Cookies

When you first visit our website, you will be presented with a cookie consent banner. You can choose to accept or decline non-essential cookies at that point. Essential cookies and Stripe payment cookies cannot be disabled. You can also manage your cookie preferences at any time through your browser settings or through the cookie management tool on our website.

Please note that disabling certain cookies may affect the functionality of our website or prevent you from completing a booking.

9.4 Third-Party Cookie Policies

For more detail on how each provider uses cookies and the data collected through them, please refer to their respective policies:

Google: policies.google.com/privacy
Meta (Facebook / Instagram): facebook.com/policy/cookies
TikTok: tiktok.com/privacy
Stripe: stripe.com/privacy
Wix: support.wix.com/en/article/cookies-and-your-wix-site

10. Profiling and Targeted Advertising

10.1 Profiling Through Third-Party Platforms

By using tracking pixels from Meta and Google on our website, we enable those platforms to build profiles of our website visitors based on their online behaviour. This profiling is used to show targeted advertising to people who have visited our site or interacted with our content, and to find new potential customers with similar characteristics (known as lookalike audiences).

This profiling is carried out by Meta and Google acting as independent data controllers for their own advertising purposes. We enable this by placing their tracking code on our website and by using their advertising platforms. We do not carry out profiling ourselves, nor do we make any automated decisions about you based on profiling data.

10.2 Your Rights Regarding Profiling

You have the right to object to your data being used for profiling for direct marketing purposes. You can manage your advertising preferences directly with each platform:

Meta ad preferences: facebook.com/ads/preferences
Google ad settings: adssettings.google.com
TikTok ad settings: within the TikTok app under Settings > Privacy > Ads

You can also opt out of interest-based advertising more broadly through the European Interactive Digital Advertising Alliance at youronlinechoices.eu.

11. Data Collected via Social Media

11.1 Interactions with Our Social Media Accounts

We operate business accounts on Instagram, Facebook, and TikTok. When you interact with our content on these platforms — for example by liking a post, leaving a comment, sending a direct message, or sharing our content — the platform provides us with data about that interaction. This may include your username, profile name, and the content of your message or comment.

We use this data solely to respond to enquiries and engage with our audience. We do not combine social media interaction data with other personal data we hold about you without a clear reason to do so.

11.2 Direct Messages via Social Media

If you contact us via direct message on Instagram, Facebook, or TikTok, the content of that conversation is personal data. We treat it in the same way as email or phone correspondence — it may be retained for up to 2 years from the date of last contact as part of our enquiry records, or longer if it relates to a booking.

11.3 Platform Responsibility

Each social media platform also processes your data independently as a data controller in accordance with their own privacy policies. We are not responsible for how Meta, TikTok, or any other platform processes your data for their own purposes. We encourage you to review each platform's privacy policy for full details.

12. Your Rights

12.1 Rights Under GDPR

Under GDPR (and UK GDPR for UK clients), you have the following rights in relation to your personal data:

Right of access: you have the right to request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification: you have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to erasure: you have the right to ask us to delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected.
Right to restriction: you have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to data portability: you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or contract and is carried out by automated means.
Right to object: you have the right to object to processing based on legitimate interests, including direct marketing. Where you object to direct marketing, we will stop processing your data for that purpose immediately.
Right to withdraw consent: where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Rights related to automated decision-making: you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not carry out such automated decision-making.ç

12.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us at info@marbellahenboutique.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.

12.3 Right to Complain

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority. As we are established in Spain, the Spanish data protection authority (AEPD) is our lead supervisory authority and handles complaints from all individuals whose data we process, regardless of their nationality or country of residence:

In Spain (lead supervisory authority): Agencia Española de Protección de Datos (AEPD) — aepd.es

UK-based clients may also choose to contact the UK supervisory authority, though complaints will generally be referred to the AEPD as our lead authority:

In the UK: Information Commissioner's Office (ICO) — ico.org.uk

We would always appreciate the opportunity to address your concerns directly before you contact a supervisory authority. Please contact us at info@marbellahenboutique.com in the first instance.

13. How Long We Keep Your Data

13.1 Retention Periods

We retain personal data for as long as is necessary for the purposes for which it was collected and to comply with our legal obligations. Our standard retention periods are set out in the data processing table in Section 3. As a general rule:

Booking and financial records are kept for 6 years from the date of the relevant booking or transaction, in accordance with our legal and tax obligations under Spanish law.
Correspondence and enquiry records (including quote requests that did not proceed to a booking) are kept for 2 years from the date of last contact.
Health and medical data is deleted as soon as it is no longer needed for the booking, and in any event once the Programme has ended.
Photographs and videos used for marketing are retained until you withdraw consent, or for up to 3 years if consent is not withdrawn.
Cookie and analytics data is retained in accordance with each provider's retention settings.

13.2 Deletion

When personal data is no longer required, we will delete or anonymise it securely. If deletion is not immediately possible (for example, because data is stored in backup archives), we will isolate the data from further processing and delete it as soon as reasonably practicable.

14. Children's Data

Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. All members of a Booking Party are required to be aged 18 or over as a condition of booking. If you believe we have inadvertently collected data relating to a person under 18, please contact us at info@marbellahenboutique.com and we will delete it promptly.

15. Links to Third-Party Websites

Our website may contain links to third-party websites, social media platforms, and Supplier sites. We are not responsible for the privacy practices of those sites and we encourage you to read their privacy policies before providing any personal data to them.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the version date at the top of this document and, where appropriate, notify you by email or via our website.

We encourage you to review this policy periodically. Continued use of our services after an update constitutes your acceptance of the revised policy.

17. How to Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

By email: info@marbellahenboutique.com

This Privacy Policy was last updated in March 2026. Registered company: Fused Events S.L. trading as Marbella Hen Boutique — [Insert registration number], Spain.