Last updated: 3 May 2026
The legally binding version of this policy is the Spanish one (política de privacidad). This English translation is provided for guidance only.
At Catering & Experience we look after your personal data with the same care we take with our guests. This policy explains what information we collect, for what purpose and which rights you can exercise at any time, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPD-GDD).
1. Data controller
2. Data we process
We only collect the data strictly necessary to provide the requested service. Specifically:
- Identifying data: first and last name.
- Contact data: phone number and email address.
- Reservation data: date, time, party size, allergies and remarks.
- Communication data: content of messages sent to us by email, form or WhatsApp.
- Browsing data: IP address, device type and anonymised activity logs.
3. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Manage reservations and group enquiries. | Performance of a contract or pre-contractual measures. |
| Reply to enquiries submitted via form, email or phone. | Consent of the data subject. |
| Comply with tax and commercial legal obligations. | Compliance with a legal obligation. |
| Improve the website experience through anonymised statistics. | Legitimate interest of the controller. |
4. Retention period
We retain personal data for the time necessary to fulfil the purpose for which it was collected and to determine any liabilities arising from that purpose and the data processing. In particular:
- Reservation data: kept for the time needed to manage it and then for the periods legally required.
- Enquiries and communications: kept for the time needed to respond to the request and a maximum of twelve additional months.
- Accounting and tax data: for the periods set out in current tax regulations.
5. Recipients
We do not share your data with third parties unless legally required. We work with service providers that act as data processors and that meet the guarantees required by the General Data Protection Regulation.
These providers include:
- Online booking platform: Covermanager.
- Website hosting and delivery: Netlify.
- Email sending and receiving service.
- Instant messaging: WhatsApp Business.
6. International transfers
Some of the providers listed may process data outside the European Economic Area. In those cases, transfers are made with the appropriate safeguards provided for by the regulation, such as the standard contractual clauses approved by the European Commission.
7. Your rights
As a data subject you can exercise the following rights over your personal data at any time:
- Right of access to the personal data we process.
- Right of rectification of inaccurate or incomplete data.
- Right of erasure when the data is no longer necessary.
- Right to restriction of processing in certain cases.
- Right to object to processing on grounds relating to your particular situation.
- Right to data portability.
- Right not to be subject to automated decisions.
To exercise these rights you can write to reservas@papagenarestaurante.es stating the right you wish to exercise and attaching a copy of your identity document.
If you consider that the processing of your data does not comply with the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
8. Security
We apply the technical and organisational measures necessary to ensure the security of personal data and prevent its alteration, loss, unauthorised processing or access.
9. Changes to this policy
This policy may be updated to reflect legal changes or changes to our services. We recommend consulting it periodically. The date of the last update appears at the beginning of this document.