Privacy Policy

1. Data controller

  • Controller: Mario José Santos Peña
  • Address: Galería Comercial Victoria, Av. Santa Cruz 144, Planta 2f, 38611 San Isidro, Granadilla de Abona, Santa Cruz de Tenerife
  • Email for data requests: [email protected]
  • NIF (tax ID): 70647903E

2. Data we collect

This is an informational website: it has no contact forms and creates no user accounts, so we do not collect personal data directly through the site. Specifically:

  • Server logs: IP address (anonymised), browser type, timestamp and requested URL. Kept for 30 days for security and operational reasons.
  • Analytics: if you consent to the Analytics category, aggregate, anonymous usage statistics are collected via Cloudflare Web Analytics. No cookies, no individual tracking.
  • Booking & contact: the website does not process your data for this. When you book online we send you to Cal.com, and when you reach out you do so via WhatsApp, phone, email or social media. Those external services handle your data under their own policies; we only use what you give us to handle your appointment or enquiry.
  • Server logs: legitimate interest (security) under GDPR Art. 6(1)(f).
  • Analytics: explicit consent under GDPR Art. 6(1)(a) and Art. 5(3) of the ePrivacy Directive.
  • Appointments & enquiries: performance of the service you request and our legitimate interest in assisting you, under GDPR Art. 6(1)(b) and (f).

4. Recipients and international transfers

To run the site we use the following providers:

  • Cloudflare, Inc. (US) — hosting, DNS, email forwarding ([email protected]) and cookieless web analytics. Transfer mechanism: EU-US Data Privacy Framework + Standard Contractual Clauses. DPA
  • Cal.com — online appointment booking. Only reached if you choose “Book online”, which takes you off this site to the barbershop’s booking page.
  • If you message us on WhatsApp or follow us on Instagram or Facebook, that data is handled by Meta Platforms, Inc. under its own privacy policy.

We have signed a Data Processing Agreement under GDPR Art. 28 with the processors where applicable.

5. Retention

  • Server logs: 30 days.
  • Consent records: 3 years after expiry (in line with the AEPD’s accountability standard).

6. Your rights

You have the rights set out in Articles 15–22 of the GDPR:

  • Access: request a copy of the data we hold about you.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your data (“right to be forgotten”).
  • Restriction: restrict our processing.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: at any time, via the “Manage cookies” link in the footer.

To exercise any right, email us at [email protected]. We respond within 30 days under GDPR Art. 12(3).

You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD).

7. Cookies

See our Cookie Policy.

8. Changes

When we update this policy, the version number is incremented. Your stored consent will be invalidated and you’ll be asked to renew it on your next visit.

Last updated: 2026-06-09 Policy version: 1.0.0