Privacy Policy

In accordance with the provisions of the General Data Protection Regulation GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights, you are provided with the following information on the processing of your personal data.

Who controls the processing of your personal data?

Data Controller and Data Protection Officer

The Data Controller responsible for the processing of your personal data is NAUTIMA, S.A., with registered address at Carretera Coves de s' Ermita Km 8, 07589, Cayamel (Capdepera). You can contact the data protection officer at the following email address: adm@canyamelgolf.com.

What data do we process?

At NAUTIMA, S.A. we process the personal data that you provide by filling in the forms provided for this purpose on this website, as well as any personal data resulting from the provision or contracting of our services or products and/or any personal data resulting from the commercial relationship that you have with us. In addition, we process the personal data generated by your activity on our website, which includes your browsing data obtained through the website.

It is important for us to keep the record of your personal data up to date. You are obliged to keep us informed of any changes or errors in your personal data as soon as possible by contacting us by email: adm@canyamelgolf.com.

How long will we keep your personal data?

We keep your personal data in our systems and files for as long as is needed to carry out the purposes of the processing, and to comply with applicable legislation. Your personal data will be kept for as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to the deletion and/or restriction of processing of your data. The length of time for which personal data is kept will vary depending on the purposes of the processing, and in general terms: Your personal data will be kept for as long as it is useful for the purposes indicated and, in any case, for legally mandated periods and for length of time necessary to address any possible liabilities arising from the processing of said

Data security We have appropriate technical and organisational security measures in place to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, and to ensure the integrity and confidentiality of your personal data. The technical and organisational security measures implemented make it possible to: guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services; restore the availability of and access to personal data promptly in the event of a physical or technical incident; and regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.

These technical and organisational security measures have been designed taking into account our IT infrastructure, the state of the art in accordance with current standards and practices, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity of the processing to your personal data.

What is the legitimacy for the processing of your data?


Legitimacy: The legitimacy to process your personal data is based on:

-Executing and maintaining a contractual and commercial relationship with you, such as contracting the organisation’s products and services, and managing and processing requests for quotes for the organisation’s products and/or services, all in accordance with the provisions of Article 6.1.B of GDPR (EU) 679/2016 and Organic Law 3/2018, of 5 December (LOPDPGDD).
-Your express consent for one or more purposes, such as sending you our own or third-party advertising communications or newsletters, managing how curricula vitae are sent, and taking part in activities or competitions, all in accordance with the provisions of article 6.1.A of GDPR (EU) 679/2016 and Organic Law 3 /2018, of 5 December (LOPDPGDD ).
-Compliance with various legal obligations, all in accordance with the provisions of Article 6.1.C of GDPR ( EU ) 679/2016 and Organic Law 3/2018, of 5 December (LOPDPGDD ).
-Meeting the legitimate interests pursued by the data controller or by a third party, e.g. for security reasons, to improve our services and/or to manage requests or queries.


During the data collection process, and in each place on the website where personal data is requested, the user will be informed by means of a hyperlink or by the inclusion of appropriate mentions on the form itself of the mandatory nature or otherwise of the collection of their personal data. The personal data requested in the forms on the website are, in general, mandatory (unless otherwise specified in the required field) in order to comply with the established purposes. Therefore, if the personal data requested is not provided, or is not provided correctly, the request cannot be fulfilled.

There is an obligation to provide your personal data when contracting a service or product, and/or when requesting a quote or offer.

The sending of advertising communications, newsletters or bulletins about our products and services is based on the consent that you are asked for, and under no circumstances does the withdrawal of this consent affect the contractual or commercial relationship that you have with us.

If you have authorised us to send advertising for our services and products, your personal data may be used to manage the sending of advertising offers and newsletters by electronic means. In these cases, the provisions of articles 20 and 21 of Law 34/2002, of 11 July 2002, on information society services and electronic commerce, apply to the use and processing of your personal data for the purpose of sending advertising by electronic means.

If you have ticked the option to receive advertising, or if you have subscribed to our newsletter, you can cancel this option at any time.

With which recipients will your data be shared?

Recipients: In general, your personal data will not be shared with any third party outside the organisation, unless there is a legal obligation to do so. However, you are informed that third-party providers may have access to your personal information as data processors in the context of providing a service for the data controller organisation. You are informed that you can request a complete list of the recipients that may receive your personal data as processors or as third-party recipients transfer by emailing: adm@canyamelgolf.com. In addition to the above, the organisation may transfer or communicate personal data in order to fulfil its obligations to the Public Administrations in cases where this is required, in accordance with the legislation in force.

What rights do you have in the processing of your personal data?


Your rights: You have the right to obtain access to your personal data, as well as to request that any inaccurate data be rectified or, where appropriate, to request the removal of said data when, among other reasons, the information is no longer necessary for the purposes for which it was obtained. In certain circumstances, you may request that the processing of your data be limited, in which case we will only retain it for the purpose of filings or defending complaints. Additionally, and for purposes related to your particular situation, you may oppose the processing of your data, in which case your personal information will no longer be processed for those purposes to which you have stated you opposition. Where technically possible, you may request the portability of your data to another data controller. To exercise these rights, in accordance with current legislation, you can send a letter by post, enclosing a copy of a document proving your identity (DNI), to NAUTIMA, S.A. at Carretera Coves de s' Ermita Km 8 , CP: 07589, Cayamel (Capdepera) or send an email to adm@canyamelgolf.com. You have the right to lodge a complaint with the supervisory authority: Spanish Data Protection Agency (www.agpd.es). Origin of personal data: the data subject. You expressly accept the inclusion of the personal data collected while browsing the website and/or provided by filling in any forms, as well as any data resulting from a possible commercial relationship, in the organisation’s automated personal data files. The organisation guarantees the confidentiality of users’ personal data. However, when required to do so, the organisation will disclose personal data to the relevant public authorities, along with any other information in its possession or which is accessible through its systems, in accordance with the legal and regulatory provisions applicable to each case. Personal data may be kept in the files owned by NAUTIMA, S.A. even after the commercial relations formalised through the organisation’s website have ended, solely for the purposes indicated above and, in any case, for the legally established periods, at the disposal of administrative or judicial authorities.

Use of social media

When you interact with our website through various social media platforms, such as when you connect to or follow us or share our content on social media platforms (Facebook, Twitter, LinkedIn, Instagram or others), we may receive information from these platforms, including information about your profile, user ID associated with your social media account, and any other public information that you allow to be shared with third parties on said platforms. The organisation uses social media as a way to provide information about the services it offers, as well as any other activity or event that it carries out and wishes to publicise, but at no time will it obtain personal data from users interacting on said social media platforms, unless there is express authorisation to do so. This data is only used within the social media platform itself and is not incorporated into any processing system. Social media platforms have their own terms of use and privacy policies that you are obliged to take into account and observe if you use them. In cases of registration and/or access through a social media account, the organisation may collect and access certain information from your user profile on said platform, solely for the purposes indicated above.