Privacy Policy & Data Protection

Last revision: 26 August 2025

Responsible Party

Identity: Roderick Hunt, trading as Wanderlust Canarias

NIF: X2909225R

Address: Calle Capuchino 4B, 2º Izq., 38010, Santa Cruz de Tenerife, España

Email: info@wanderlustcanarias.com

Purpose of Data Processing

The personal data provided by clients and guests is processed for the following purposes:

  • Management of reservations and accommodation services.
  • Compliance with legal obligations, including Real Decreto 933/2021 on guest registration.
  • Issuance of invoices and accounting records.
  • Communication regarding bookings, check-in, and guest services.
  • Marketing communications related to services of Wanderlust Canarias (only with consent).

Legal Basis

The processing is based on:

  • Execution of a contract for accommodation and related services.
  • Legal obligations applicable to tourist accommodations in Spain.
  • Legitimate interest in improving services and ensuring security.
  • Consent of the data subject, when required (e.g. for marketing).

Data Retention

Data will be retained for the duration of the contractual relationship and the time necessary to comply with legal obligations (e.g. tax, police registration).

Data Sharing

Data may be shared with:

  • Competent authorities (e.g. law enforcement, tax agency) when legally required.
  • Service providers strictly necessary for the execution of the reservation (e.g. cleaning staff, property managers).
  • No data will be transferred outside the EU without adequate safeguards.

Rights of Data Subjects

Data subjects have the right to:

  • Access, rectify or erase their data.
  • Restrict or object to its processing.
  • Data portability.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with the Spanish Data Protection Agency (AEPD) if they believe their rights have been infringed.

Requests may be submitted by email to info@wanderlustcanarias.com

Security Measures

Appropriate technical and organisational measures are applied to protect personal data against unauthorised access, alteration, disclosure or destruction.