Legal

Privacy Policy

Last updated: April 21, 2026

1. Introduction

Benidorm Holiday Pass ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at benidormpass.com and use our services.

We comply with the European General Data Protection Regulation (GDPR) and applicable Spanish data protection laws. Our registered address is Calle Xeraco 10, Piso 10, 03509 Finestrat (Alicante), Spain.

2. Data We Collect

We collect the following types of personal data:

Account Information

Full name, email address, and encrypted password when you create an account or purchase a Pass.

Payment Information

Payment details are processed and stored securely by our payment processor, Stripe. We do not store your full credit card number, expiration date, or CVV on our servers. We receive only a payment confirmation and transaction ID.

Usage Data

Information about how you use our website and Pass, including pages visited, deals viewed, QR code scans, and redemption history.

Technical Data

IP address, browser type, device type, operating system, and referral source. This data is collected through cookies and similar technologies.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and deliver your digital Pass
  • To process your payment and send purchase confirmations
  • To verify your Pass at participating venues via QR code scans
  • To send you important service-related communications (e.g., password resets, account updates)
  • To improve our website, services, and user experience
  • To detect and prevent fraud or unauthorized access
  • To comply with legal obligations

4. Legal Basis for Processing

We process your personal data on the following legal grounds under the GDPR:

  • Contract performance: To provide our services and fulfill your Pass purchase
  • Legitimate interest: To improve our services, prevent fraud, and ensure platform security
  • Legal obligation: To comply with applicable laws and regulations
  • Consent: For optional marketing communications, which you can opt out of at any time

5. Data Sharing

We do not sell your personal data to third parties. We may share your data with:

  • Stripe: Our payment processor, to securely handle payments
  • Supabase: Our infrastructure provider for secure data storage and authentication
  • Partner venues: Only your Pass validity status during QR code verification (no personal details are shared)
  • Legal authorities: When required by law or to protect our legal rights

6. Cookies and Tracking

Our website uses cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Analyze website traffic and usage patterns
  • Measure advertising campaign effectiveness (e.g., Meta/Facebook Pixel)

You can manage your cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of our website.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. After your Pass expires and your account is inactive, we retain your data for up to 3 years to comply with legal and accounting obligations. After this period, your data is securely deleted or anonymized.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restriction

Request limitation of how we process your data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interest or marketing.

To exercise any of these rights, contact us at hello@benidormpass.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your personal data, including encrypted data transmission (SSL/TLS), encrypted password storage, secure cloud infrastructure, and regular security audits. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed by third-party service providers located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on adequacy decisions.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

13. Contact & Complaints

For any privacy-related questions or to exercise your rights, please contact us:

Benidorm Holiday Pass - Data Protection

Calle Xeraco 10, Piso 10

03509 Finestrat (Alicante), Spain

Email: hello@benidormpass.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos - AEPD) at www.aepd.es.