Privacy policy

This is the data protection policy of the group of companies integrated by:
  • — Balade SL, Avinguda d'Arenals de Mar, 3, Pals (CP 17256), CIF B58981523
  • — Golf de Pals SAU, Carrer del Golf, 162, Pals (17256) CIF A17012170
  • — Serres de Pals SL, Mas Gelabert, s/n. Poles (CP 17256) CIF B16709899
For the purposes of this document, this group of companies is identified as Golf de Pals. It refers to the data they process in the exercise of their tourism, sports and leisure services activities, complying with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016).  

Who is responsible for the processing of personal data?

The person responsible for the processing of personal data is, in each case, the company of the group with which the customer or supplier relates. Each company is responsible to its customers and suppliers for compliance with data protection regulations and guarantees their rights.  

For what purpose do we process the data?

We process personal data for the following purposes.


Respond to inquiries from people who contact us through contact forms on our web pages. We use them only for this purpose.

Telephone service

Assist by telephone the people who contact us in this way. In order to offer more quality in the service, the conversations can be recorded by warning the person with whom we communicate beforehand.

Staff selection

Reception of CVs addressed to us by people interested in working with us, and management of personal data generated by participation in staff selection processes. The aim is to analyze the suitability of the candidates' profiles depending on the positions that are vacant or newly created. Our criterion is to keep for a maximum period of one year also the data of people who do not end up being hired, in case a new vacancy or a new job occurs in the short term. However, in the latter case, we immediately delete the data if the person concerned asks us to do so.

Customer services

Register new customers and anny additional data that may be generated as a result of the business relationship with customers. In the hiring process, essential data is requested, which must include bank data (current account or credit card number) that will be communicated to banking entities that manage the collection (they can only use them for this purpose). The relationship of the provision of tourist services entails other treatments, such as incorporating the data into accounting, invoicing, or providing information to the tax administration. In the event that our customers participate in golf tournaments or appear in rankings, their data will be communicated to golf federations, event promoters and other players in the tournaments in which they participate and, eventually, to the media.

Services for the students of the Golf School

Enrollment in the School's courses requires the registration of the students and, if applicable, of their parents or legal representatives. The data is used to organize the School's activities, monitor the students and accredit the teaching provided. In the registration process, essential data is requested, which must include bank details (current account number) that will be communicated to banking entities that manage the collection.

Information about our services

While there is a relationship with its customers, Golf de Pals uses their contact information to communicate information specific to this relationship. Information that may include circumstantial references to our tourist services, whether general or referring more specifically to their characteristics and customer needs.

Other information about the services

With the explicit authorization of the clients, once the contractual relationship has ended, the contact details are kept to send advertising related to our services, general or specific information based on the client's characteristics. This information is made available to those who, despite not having been customers, ask us for it or accept it by filling out our forms.

Advertising of the services of companies in our group

Always with the prior and explicit authorization of the people indicated in the previous section, the contact details are used to deliver advertising of the services of the companies in our group, both of a general nature and adapted to the characteristics of the person. Likewise, with the explicit consent of the person concerned, the contact details may be communicated to these companies so that these companies can send direct advertising of their services.

Data management of our suppliers

We record and process the data of the suppliers from whom we obtain services or goods. It can be the data of people who act as freelancers and also the data of representatives of legal entities. We obtain the essential data to maintain the commercial relationship; we use them only for this purpose and for this type of relationship.    

Video surveillance

When entering our facilities, you are informed, when appropriate, of the existence of video surveillance cameras by means of approved signs. The cameras record images only of the points where it is justified to ensure the safety of goods and people, and they are used only for this purpose.

Users of our website

The navigation system and the software that enables the operation of our websites collect the data that is normally generated in the use of Internet protocols. This category of data includes, among others, the IP address or domain name of the computer used by the person connecting to the website. This information is not associated with specific users and is used for the sole purpose of obtaining statistical information about the use of the website. Our website uses cookies that allow the identification of specific natural persons, users of the site. You can read more information about the use of cookies from this link.

Other data collection channels

We also obtain data through face-to-face relationships and other channels, such as receiving emails through our profiles on social networks and during the registration process for Wi-Fi services. In all cases, the data are used only for explicit purposes that justify the collection and treatment.  

What is the legal justification for data processing?

The data treatments we carry out have different legal bases, depending on the nature of each treatment.

In compliance with a pre-contractual relationship

Case of the data of potential customers or suppliers with whom we have relationships prior to the formalization of a contractual relationship, (such as the preparation or study of budgets). This is also the case for the processing of data from people who have sent us their CVs or who participate in selective processes.

In compliance with a contractual relationship

Case of relations with our customers and suppliers and all actions and uses that these relations entail.

In compliance with legal obligations

The communication of data to the tax administration is established by rules governing commercial relations. The case may arise of having to communicate data to judicial bodies or to bodies and security forces also in compliance with legal rules that oblige them to collaborate with these public authorities.  

Based on consent

When we send information from our services, we process the contact details of the recipients with their authorization or explicit consent. The navigation data that we can obtain through cookies is obtained with the consent of the person visiting our website, which consent can be revoked at any time by uninstalling these cookies. It is also with the prior consent of each person that we communicate their data to other companies in our group.

For legitimate interest

The images we obtain from the video surveillance cameras are processed in the legitimate interest of our company to preserve its assets and facilities. Our legitimate interest also justifies the processing of data we obtain from contact forms.  

To whom is the data communicated?

As a general criterion we only communicate data to administrations or public authorities and always in compliance with legal obligations. The identification data of persons staying in our establishments are communicated to the General Directorate of the Police (in compliance with Order IRP/418/2010, of 5 August, on the obligation to register and communicate to the General Directorate of the Police the persons staying in accommodation establishments).

When issuing invoices to customers, the data may be communicated to banks. In the event that consent has been given, the data may be communicated to other companies in our group for the purposes indicated above. No data is transferred outside the European Union (international transfer).

In another sense, for certain tasks we obtain the services of companies or individuals who provide us with their experience and expertise. In some cases, these external companies are required to access personal data for which we are responsible. This is not a transfer of data as such, but rather a processing order. We only contract the services of companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalised and their performance is monitored. This may be the case of data hosting services, IT support services or legal, accounting or tax consultancies.  

How long do we keep the data?

We comply with the legal obligation to limit the data retention period as much as possible. For this reason, data is only kept for as long as is necessary and justified for the purpose for which it was collected. In certain cases, such as data contained in accounting documentation and invoicing, tax regulations require that they be retained until the statute of limitations expires in this area. In the case of data processed on the basis of the consent of the data subject, they are retained until the data subject revokes this consent. Images obtained by video surveillance cameras are kept for a maximum of one month, although in the case of incidents that justify it, they will be kept for the time necessary to facilitate the actions of the security forces or judicial bodies.  

What rights do individuals have in relation to the data we process?

As provided for in the General Data Protection Regulation, individuals from whom we process data have the following rights:

To know whether it is processed

Any individual has, in the first place, the right to know whether we process his or her data, regardless of whether there has been a previous relationship.  

To be informed at the time of collection

When personal data are obtained from the data subject himself/herself, at the time of providing them, he/she must be clearly informed of the purposes for which they will be used, of who will be responsible for the processing and of the other aspects derived from this processing.

Right of access

A very broad right that includes the right to know precisely what personal data are processed, the purpose for which they are processed, the communications that will be made to other persons (if applicable) or the right to obtain a copy or to know the foreseen storage period.

To request its rectification

This is the right to have inaccurate data processed by us rectified. In certain circumstances, there is a right to request the erasure of data when, among other reasons, they are no longer necessary for the purposes for which they were collected and which justified the processing.  

Request the restriction of processing

The right to request the restriction of data processing is also recognised in certain circumstances. In this case, the data will no longer be processed and will only be kept for the exercise or defence of claims, in accordance with the General Data Protection Regulation.

To portability

In the cases provided for in the regulations, the right is recognised to obtain one's personal data in a structured machine-readable format for common use, and to transmit them to another data controller if the data subject so decides.

To object to processing

An individual may invoke grounds relating to his or her particular situation, which will entail that his or her data will no longer be processed to the extent or to the extent that they are likely to cause him or her prejudice, except for legitimate reasons or for the exercise or defence of claims.

To not receive commercial information

We will comply immediately with requests to stop sending commercial information to persons who have previously authorised us to do so.

How can rights be exercised or defended?

The rights listed above may be exercised by sending a written request to Serres de Pals - Golf de Pals de Balade SL, Mas Gelabert s/n, de Pals (CP 17256), or by sending an e-mail to, indicating in all cases "Protection of personal".

If a satisfactory response has not been obtained in the exercise of the rights, it is possible to file a complaint with the Spanish Data Protection Agency, by means of the forms or other channels accessible from its web page