Privacy policy

Version 1.0 effective from August 8, 2025

DETAILED INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA IN COMPLIANCE WITH:

  • REGULATION (EU) 2016/679
  • LAW 34/2002, OF JULY 11, ON INFORMATION SOCIETY SERVICES AND E-COMMERCE
  • ORGANIC LAW 3/2018, OF DECEMBER 5, ON PERSONAL DATA PROTECTION AND GUARANTEE OF DIGITAL RIGHTS
 

And all accessory regulations related to the above, such as; Law 11/2022, of June 28, on General Telecommunications.

DATA CONTROLLER: WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

  • Company Name: GOLF CORP., S.L.
  • Registered Office: Calle Zurbarán 16, 28010, Madrid
  • N.I.F. B55496269
  • Mercantile Registry of Madrid: Madrid (volume 1, sheet 1, section 8, page 826997)
  • Contact Email: info@the19.co
 

Data Protection Officer (DPO) Details: Audat Services S.L.U.

PURPOSE: For what purpose do we process your personal data? 

The data controller will use your data for several purposes. The most prominent are:

  • Managing bookings, payments, and contracted services, including access to the service provided.
  • Sending marketing communications, newsletters, and promotions to users who are interested in receiving them. Users can unsubscribe from any communication at any time.
  • Providing users with information on golf practice to improve their experience.
  • Security of the premises and its contents (video surveillance), in the case of access to the facilities.
  • Compliance with legal and regulatory obligations (tax, etc.).
  • To stay in touch with you and provide you with the best possible service.


SOURCES: HOW DO WE OBTAIN YOUR DATA?

Detailed information on the origin of the data, including if they come from publicly accessible sources.

To achieve the Purposes described above, we collect or receive personal data:

  • Directly from the Data Subjects. For example: when registering on the website or at our premises.
  • Provided by authorized third parties.


CATEGORIES OF DATA SUBJECT TO PROCESSING: What data do we process about you?

  • Contact data: name, phone number, email, social media (for inquiries, bookings, and customer service).
  • Browse data: IP address, cookies, logs, image captured by the security camera (for security, statistics, and marketing).
  • Registered user or member data: DNI, address, photo, number of hours booked, etc.
  • Financial data: In the case of members, this data may be processed for service billing.
  • Other data necessary for the purpose of processing: booking history, attendance at events or classes, participation in tournaments or competitions, use of simulators, and participation in promotions and discounts.


LEGAL BASIS: What is the legal basis for the processing of your data?

COLLECTIVE

PURPOSE

ART. RGPD

PROCESSING

MEMBERS, USERS AND VISITORS

All of the above 

The above-described

6.1.a)

By registering for the service as a data subject, you grant your consent.

6.1.b)

By accepting the terms of use for the service provided by the Company, you enter into a binding agreement between both parties.

6.1.c)

The list of data subjects is available by law for any inspection or administrative action by a competent authority.

6.1.e)

Processing is carried out in the public interest for the security of property or data subjects, in the case of image recording.

6.1.f)

Processing is necessary for the satisfaction of legitimate interests, such as sending commercial communications. In each communication, you can easily and freely object to receiving further emails.


DATA RETENTION: HOW LONG WILL WE RETAIN YOUR DATA?

We will only retain and process your data for as long as it is necessary for the purposes outlined in the “Purpose” section and for the period established by the relevant regulations. We have a data limitation and retention policy.

Once the data retention period ends, your data will be anonymized and/or blocked in accordance with the requirements set forth in the applicable regulations. Afterwards, it will be deleted.


RECIPIENTS: TO WHOM IS YOUR DATA COMMUNICATED?

Furthermore, if it is necessary or useful to achieve the Purposes described above, we reserve the right to disclose or grant access to personal data to the following recipients, provided that it is authorized or constitutes a legal requirement:

  • Public/governmental administrations, courts, competent authorities.
  • IT providers: E.g., hosting service, software development, email marketing, CRM.
  • Other marketing and event providers.
  • Payment platforms.
  • External instructors or technical staff (only for scheduled classes).
  • Others necessary to carry out the described purposes.


We undertake not to transfer personal data to third parties other than those mentioned above, unless data subjects are informed or if required by applicable laws and regulations.


ARE THERE INTERNATIONAL TRANSFERS OF YOUR DATA?

No international data transfer is foreseen.

RIGHTS: WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?

The rights recognized by the GDPR are:

  • Right to request access to the personal data concerning the data subject,
  • Right to request its rectification or erasure,
  • Right to request the restriction of its processing, and
  • Right to object to the processing,
  • Right to data portability;

You can consult the full scope and details of these rights on the website of the Spanish Data Protection Agency (AEPD).

https://www.aepd.es/reglamento/derechos/index.html

How to Exercise Your Rights to Access, Rectification, Erasure, and Data Portability, and the Restriction or Objection to Their Processing

To exercise your rights, simply send an email to the address indicated above, stating your request and attaching a copy of your DNI (National Identity Document) for identification.

Optionally, the data subject can be redirected to the Spanish Supervisory Authority for additional information about their rights.

What Are Your Rights When You Provide Us with Your Data?

Any person has the right to obtain confirmation as to whether the Company is processing personal data concerning them.

Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Under certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain it for the establishment, exercise, or defense of legal claims. Under certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The Company will cease to process the data, unless there are compelling legitimate grounds, or for the establishment, exercise, or defense of potential claims.

The Company’s privacy policy ensures, in any case, that the data subject can exercise their rights by writing to the Company at the address previously indicated and in the manner legally provided for.

GDPR RIGHTS: WHAT DO YOUR RIGHTS CONSIST OF?

1) ACCESS

You have the right to be informed of the following:

  • The purposes of the processing, the categories of personal data that are processed, and any potential data communications and their recipients.
  • If possible, the period of data retention. If not possible, the criteria for determining this period.
  • The right to request the rectification or erasure of data, the restriction of processing, or to object to it.
  • The right to file a complaint with the Supervisory Authority.
  • If an international data transfer occurs, to receive information on the adequate safeguards.
  • The existence of automated decisions (including profiling), the logic applied, and the consequences of this Processing. In our case, we do not perform this.


2) RECTIFICATION

In addition to rectifying inaccurate data, you have the right to have incomplete personal data completed, including by means of a supplementary statement.


3) ERASURE (THE ‘RIGHT TO BE FORGOTTEN’)

With this right you can request:

  • The erasure of personal data without undue delay when one of the contemplated circumstances occurs. For example, unlawful data processing, or when the purpose that motivated the processing or collection has ceased.
  • However, a series of exceptions are regulated where this right will not apply. For example, when the right to freedom of expression and information must prevail.


4) RESTRICTION OF PROCESSING

This right allows you to:

  • Request the controller to suspend the processing of data when: The accuracy of the data is contested, while its accuracy is verified by the controller. The data subject has exercised their right to object to the processing of data, while it is being verified whether the legitimate grounds of the controller override those of the data subject.
  • Request the controller to retain your personal data when: The data processing is unlawful and the data subject objects to the erasure of their data and requests instead the limitation of its use. The controller no longer needs the data for the purposes of the processing, but the data subject needs them for the formulation, exercise, or defense of claims.


5) DATA PORTABILITY

You can receive your personal data in a structured, commonly used and machine-readable format, and you can transmit it to another controller, as long as it is technically feasible.

Furthermore, the data subject expressly authorizes that, in the case of a portability request, their personal data be transferred for data communication, for the purpose of carrying out such operations.


6) OBJECTION

Through the right of objection, you can object to the processing of your personal data:

  • When for reasons related to your personal situation, the processing of your data should cease unless there is a compelling legitimate interest, or it is necessary for the exercise or defense of claims.
  • When the processing is for the purpose of direct marketing.


7) RIGHT NOT TO BE SUBJECT TO INDIVIDUALIZED DECISION-MAKING

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

The above is excepted when: It is necessary for the conclusion or performance of a contract. It is permitted by EU or Member State law, with adequate measures to safeguard the rights and freedoms of the data subject. There is explicit consent from the data subject.


https://sedeaepd.gob.es/sede-electronica-web/vistas/infoSede/tramitesOrdinariosCiudadano.jsf

The user is informed of their right to object to the adoption of automated individual decisions in accordance with Art. 22 GDPR.

MINORS

Our services are not directed at minors under 14 years of age. In the event that data of this type is collected, it will always have parental consent.

SECURITY MEASURES: HOW DO WE PROTECT DATA?

The Company has adopted the necessary technical and organizational measures to guarantee the security and integrity of the data, as well as to prevent its alteration, loss, processing, or unauthorized access.

The Company guarantees the security, secrecy, and confidentiality of your data, communications, and personal information by adopting the most demanding and robust security measures and technical means to prevent their loss, misuse, or access without your authorization.

Furthermore, we commit to acting quickly and responsibly in the event that the security of your data may be in jeopardy, and to inform you if it were relevant.

INTELLECTUAL PROPERTY

All content accessible on the Company’s website is subject to intellectual property rights.

OTHER

  • The processing does not include profiling or automated decisions. Therefore, automated data processing will not be carried out for the purpose of profiling.
  • We reserve the right to modify this privacy policy to adapt it to legislative or technical changes.
  • Dirección:
  • Planta 0, Local 15. Centro Comercial ABC Serrano
  • Calle Serrano, 61 // Paseo de Castellana, 34 Madrid, España

© 2025 The 19th

Facebook Instagram Tiktok