Privacy Policy

Bellavista block

We protect your privacy

Privacy Policy

Bellavista block

We protect your privacy

Privacy Policy and General Conditions

Prior recommendation.

Welcome to Cuadra Bellavista’s website, please read our Privacy Policy.

In this privacy statement we explain what personal data we collect from users and how it is used. We encourage you to read these terms carefully before providing personal information on this website. Users over the age of thirteen may register with cuadrabellavista.com as users without the prior consent of their parents or guardians.

In the case of children under thirteen years of age, parental or guardian consent is required for the processing of their personal data.

Our website is protected by a SSL security certificate, your data is not visible through the internet.

In no case shall data relating to the professional or economic situation or to the privacy of other family members be collected from the minor without their consent.

If you are under thirteen years of age and have accessed this website without notifying your parents, you should not register as a user.

This website respects and takes care of the personal data of its users. As a user you should know that your rights are guaranteed.

Principles regarding your privacy:

  • We never ask for personal information unless it is really necessary to provide you with the services you require.
  • We never share personal information about my users with anyone, except to comply with the law or with your express permission.
  • I never use your personal data for any purpose other than that expressed in this privacy policy.
  • It should be noted that this Privacy Policy may vary depending on legislative or self-regulatory requirements, so users are advised to visit it periodically.
  • It will be applicable in the event that users decide to fill out any form of any of its contact forms where personal data is collected.

cuadrabellavista.com SL. (cuadrabellavista.com) has adapted this website to the requirements of the Organic Law 15/1999, of December 13, 1999, on the Protection of Personal Data (LOPD), and the Royal Decree 1720/2007, of December 21, known as the Regulation of development of the LOPD. It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (RGPD), as well as with Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE or LSSI).

Responsible for the processing of your personal data.

Identity of the Responsible Party: Cuadra Bellavista
Commercial Name: MYD ONLINE SL
NIF/CIF: B86555703
Address: Ojalvo s/n 28300 Aranjuez
E-mail: antonio.sonseca@cuadrabellavista.com
Activity: Marketing Services

For the purposes of the provisions of the aforementioned General Data Protection Regulation, the personal data sent through the web forms will be treated as “web users and subscribers” data.

Principles that apply to personal information.

In processing your personal data, we will apply the following principles that comply with the requirements of the new European data protection regulation:

  • Principle of legality, loyalty and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency.
  • Data minimization principle: We will only request data that is strictly necessary in relation to the purposes for which it is required. As little as possible.
  • Principle of limitation of the storage period: the data will be kept for no longer than necessary for the purposes of processing, depending on the purpose, we will inform you of the corresponding storage period.
  • Principle of integrity and confidentiality: your data will be treated in such a way as to ensure adequate security of personal data and guarantee confidentiality.

How is your data obtained?

The personal data that I treat in cuadrabellavista.com comes from:

  • Contact form.
  • Service request form.
  • Newsletter registration form.

What are your rights when you provide your data?

Any person has the right to obtain confirmation as to whether or not cuadrabellavista.com is processing their personal data.

Interested persons have the right to:

  • Request access to personal data relating to the data subject.
  • Request its rectification or suppression.
  • Request the limitation of your treatment.
  • Opposing treatment.
  • Request data portability.

Interested parties may access their personal data, as well as request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data.

cuadrabellavista.com SL. will stop processing the data, except for legitimate reasons when:

  • Treatment is based on consent.
  • The data have been provided by the person concerned.
  • The processing is carried out by automated means.

When exercising your right to data portability, you have the right to have personal data transmitted directly from data controller to data controller where technically feasible.

For what purposes do we process your personal data?

When a user connects to this website, he or she is providing personal information for which cuadrabellavista.com is responsible. This information may include personal information such as your IP address, name, physical address, email address, telephone number, and other information. By providing this information, you consent to the collection, use, management and storage of your information by www.cuadrabellavista.com only as described in the Legal Notice and this Privacy Policy.

In cuadrabellavista.com there are different systems for capturing personal information based on forms:

Contact form: I request the following personal data: Name, Email, phone number to respond to the requirements of the users of https://www.cuadrabellavista.com.

Newsletter subscription form: In this case, we request the following personal data: Name, Email, to manage the subscription list, send newsletters, promotions and special offers, provided by the user when subscribing. The data will be located on MailChimp servers outside the EU in the USA. MailChimp is covered by the EU-US Privacy Shield agreement, information about which is available here, approved by the European Data Protection Committee.

Service request form: We request the following personal data: Name, Email, telephone to request any of the services that www.cuadrabellavista.com.com makes available to its users. The information collected will allow to request the corresponding service for a possible processing of the same offline. Requests will be answered by email.

Other purposes of personal data processing:

To ensure compliance with the terms of use and applicable law. This may include the development of tools and algorithms that help this website ensure the confidentiality of the personal data it collects.

To support and improve the services offered by this website.

We also collect other non-identifying data that are obtained through some cookies that are downloaded to the user’s computer when browsing this website that I detail in the cookies policy.
To manage social networks. cuadrabellavista.com may have a presence in social networks.

The treatment of the data that is carried out of the people who become followers in the social networks of the official pages of cuadrabellavista.com, will be governed by this section. As well as by those conditions of use, privacy policies and access regulations that belong to the social network that applies in each case and previously accepted by the user of Cuadra Bellavista.

It will treat your data for the purposes of properly managing its presence in the social network, reporting activities, products or services cuadrabellavista.com. As well as for any other purpose that the regulations of social networks allow.

Under no circumstances will I use the profiles of followers in social networks to send advertising on an individual basis.

In accordance with the provisions of the European General Data Protection Regulation (GDPR) 2016/679, Cuadra Bellavista (cuadrabellavista.com) will be responsible for the processing of data corresponding to Users of the website and subscribers.

cuadrabellavista.com does not sell, rent or transfer personal data that can identify the user, nor will it do so in the future, to third parties without prior consent. However, in some cases collaborations with other professionals can be made, in those cases, consent will be required to inform users about the identity of the collaborator and the purpose of the collaboration. This will always be done with the strictest security standards.

Legitimation for the processing of your data.

The legal basis for the processing of your data is: consent.

To contact or make comments on this website, consent to this privacy policy is required.

The prospective or commercial offer of products and services is based on the consent requested, without in any case the withdrawal of this consent conditioning the execution of the subscription contract.

Category of data collected.

The categories of data processed are identification data.

In no case are specially protected or sensitive categories of data processed.

How long do we keep your data?

The personal data provided is retained until the purpose for which it is processed ends or for as long as there is a legal obligation to retain it.

To which recipients will your data be communicated?

To provide services strictly necessary for the development of the activity, www.cuadrabellavista.com, shares data with the following providers under their corresponding privacy conditions:

Google Analytics: a web analytics service provided by Google, Inc. a Delaware company with headquarters at 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help www.cuadrabellavista.com analyze how users use the website. The information generated by the cookie about your use of www.cuadrabellavista.com (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Hosting: Strato, domiciled in Germany, treats the data with the purpose of performing its hosting services and backups where the files of our applications and hard disks of Cuadra Bellavista are stored.

The security protocols applied are as follows:

Appendix 2 of the Data Processing Agreement: technical and organizational security measures according to Art. 32 GDPR
version 1.0

Confidentiality (Article 32 (1) (b) GDPR)
1.1 Entry control
Unauthorized persons must be denied access to rooms containing data processing equipment.
Definition of security areas.
– Implementation of effective access protection.
– Access logging.
– Determination of persons with access authorization.
– Management of personal access authorizations.
– Accompaniment of external personnel.
– Room monitoring.

1.2 Login control
The use of data processing systems by unauthorized persons must be prevented.
– Determination of the protection requirement.
– Logon protection
– Implementation of secure logon procedures, strong authentication
– Implementation of simple username password authentication
– Logon logging
– Monitoring of critical IT systems.
– Secure (encrypted) transmission of authentication secrets
– Blocking in case of failed attempts / inactivity and process for resetting blocked login IDs
– Prohibit memory function for passwords and / or form entry (server / clients)
– Determination of authorized persons.
– Management and documentation of personal authentication means and login permissions.
– Automatic login locking and manual login locking

1.3 Access control
Only data for which access is authorized can be accessed. Data may not be read, copied, altered or deleted without authorization during processing, use and after storage.
– Creating an authorization concept
– Implementing access restrictions.
– Assigning minimum authorizations.
– Managing and documenting personal access rights.
– Avoiding role concentration.

1.4 Usage control
It must be ensured that data collected for different purposes can be processed separately.
– Data economy in handling personal data.
– Separate processing of different data sets.
– Verification and elimination of the purpose of regular use
– Separation of the test and development environment.

1.5 Privacy-friendly presets
– If no data is required to achieve the intended purpose, the default technical settings will be set in such a way that data will only be collected, processed, transmitted or published by an action of the data subject.

Integrity (Article 32 (1) (b) GDPR)
2.1 Transfer control
The purpose of transfer control is to ensure that personal data cannot be read, copied, altered or deleted during electronic transmission or during transport or storage on data carriers, and that it is possible to verify and determine where personal data is provided. by means of data transmission.
– Determination of instances / recipients / transferees
– Examination of the legality of the transfer abroad.
– Registration of transmissions according to the concept of registration.
– Secure data transfer between server and client.
– Backup of the transmission in the backend
– Secure transmission to external systems.
– Minimization of risks through network separation.
– Implementation of security gateways at network transfer points.
– Hardening of backend systems.
– Description of the interfaces.
– Implementation of machine-to-machine authentication
– Secure data storage, including backups.
– Secure storage on mobile data carriers.
– Introduction of a disk management process.
– Collection and disposal process.
– Privacy-compliant disposal and destruction procedures.
– Management of elimination records.

2.2 Entry control
The purpose of the entry control is to ensure that it can be checked and subsequently verified whether personal data have been entered, modified or deleted in the data processing systems.
– Logging of entries.
– Documentation of entry permissions.

3. Availability, resilience, disaster recovery.
3.1 Availability and resilience (Article 32 (1) (b) GDPR)
– fire protection
– Primary technology redundancy.
– Power supply redundancy.
– Redundancy of communication connections.
– Monitoring
– Resource planning and deployment.
– Defense against systemic abuse.
– Data backup concepts and implementation
– Periodic monitoring of emergency facilities.

3.2 Disaster recovery: rapid post-incident recovery (Article 32 (1) (c) GDPR)
– Emergency plan
– Concepts and implementation of data back-up

4. Data protection organization.
– Definition of responsibilities.
– Implementation and control of appropriate processes.
– Notification and approval process.
– Implementation of training measures.
– Confidentiality commitment.
– Regulations for internal distribution of tasks.
– Consideration of role separation and assignment
– Introduction of a suitable representative scheme.

5. Order control
The purpose of order control is to ensure that personal data processed as part of the order can only be processed in accordance with the customer’s instructions.
– Selection of other processors for appropriate safeguards.
– Conclusion of a data processing agreement with other processors.
– Conclusion of a data processing agreement with STRATO

6. Procedure for periodic review, assessment and evaluation (Article 32 (1) (d) of the GDPR, Article 25 (1) of the GDPR)
– Information security management according to ISO 27001.
– Process for evaluating technical and organizational measures.
– Process for managing security incidents.
– Conducting technical reviews.

MailChimp / email marketing: MailChimp, domiciled in the USA. More information at: https://mailchimp.com/ treats the data in order to perform its email marketing services to Cuadra Bellavista.

Navigation.

When browsing www.cuadrabellavista.com non-identifiable data may be collected, which may include IP addresses, geographic location (approximately), a record of how services and sites are used, and other data that cannot be used to identify the user. Non-identifiable data also includes data related to your browsing habits through third-party services. This website uses the following third-party analysis services:

Google analytics.

We use this information to analyze trends, administer the site, track users’ movements around the site and to gather demographic information about my user base as a whole.

Data secrecy and security.

www.cuadrabellavista.com is committed to the use and processing of personal data of users, respecting their confidentiality and to use them in accordance with the purpose of the same, as well as to comply with its obligation to save them and adapt all measures to prevent alteration, loss, treatment or unauthorized access, in accordance with the provisions of current legislation on data protection.

This website includes an SSL certificate. This is a security protocol that makes your data travel in an integral and secure way, that is, the transmission of data between a server and web user, and in feedback, is fully encrypted or encrypted.

www.cuadrabellavista.com cannot guarantee the absolute impregnability of the Internet network and therefore the violation of data through fraudulent access to them by third parties.

With respect to confidentiality of processing, Cuadra Bellavista will ensure that any person who is authorized by cuadrabellavista.com to process customer data (including its staff, collaborators and service providers), will be under the appropriate obligation of confidentiality and compliance with GDPR (whether a contractual or legal duty).

When a security incident occurs that puts the rights of customers at risk, upon becoming aware of it, cuadrabellavista.com shall notify the Client and the AEPD within 72 hours without undue delay and shall provide timely information related to the Security Incident as soon as it becomes known or when reasonably requested by the Client.

Risk Analysis Report for data processing.

This risk report is updated every time we have to process our customers’ data, establishing the appropriate corrective measures:

  • Our data processing does not include profiling.
  • Our automated data processing does not entail any risk of loss of rights, legal consequences or discrimination of the user.
  • We do not monitor those who provide us with their data.
  • We do not process particularly sensitive data or data of vulnerable persons.
  • We do not apply any type of technology to the data that entails the risk of loss of rights or prevents access to a contracted service.

Identified risks and control measures we have taken

  • Unintentional modification or alteration of personal data: There is no access to data by third parties locally, the equipment where the data is stored is protected by an antivirus system and Firewall to prevent unwanted attacks.
  • Loss or unintentional deletion of personal data: A backup copy of the data is stored at Strato AG, our hosting company.
  • Unauthorized access to personal data: No one in the company has access to personal data except the data processor who is the administrator of the company.
  • Absence of procedures for the exercise of rights: We publish in our online media the way in which the user can exercise his rights with respect to the data.
  • Absence of legitimacy for the processing of personal data: We include the informative clauses of the purpose and ask for express consent.

 

Accuracy and veracity of the data.

As a user, you are solely responsible for the veracity and correctness of the data you submit to https://www.cuadrabellavista.com exonerating Cuadra Bellavista (cuadrabellavista.com), of any responsibility in this regard.

Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the contact or subscription form.

Acceptance and consent.

The user declares to have been informed of the conditions on protection of personal data, accepting and consenting to the processing thereof by Cuadra Bellavista (cuadrabellavista.com) in the manner and for the purposes stated in this privacy policy.

Revocability.

The consent given, both for the treatment and for the transfer of the data of the interested parties, is revocable at any time by communicating it to Cuadra Bellavista (cuadrabellavista.com) in the terms established in this Policy for the exercise of the rights. This revocation will in no case be retroactive.

Changes in the privacy policy.

Cuadra Bellavista reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, Cuadra Bellavista will announce on this page the changes introduced with reasonable notice prior to their implementation.

E-mails

In accordance with the LSSICE, https://www.cuadrabellavista.com does not engage in SPAM practices, so it does not send commercial e-mails by electronic means that have not been previously requested or authorized by the user. Consequently, in each of the forms on the website, the user has the possibility to give express consent to receive the newsletter, regardless of the commercial information requested.

The email servers used by cuadrabellavista.com SL. use SSL security protocols and their contents always travel encrypted over the network.

In accordance with the provisions of Law 34/2002 of Services of the Information Society and electronic commerce, www.cuadrabellavista.com undertakes not to send commercial communications without properly identifying them.

Document revised on 30-10-2024

routes

Finca Cuadra Bella Vista, located in La Vega de Aranjuez, is an unbeatable place for horseback riding, without previous experience, for families, couples or individuals.

Dressage and Riding

At Bella Vista Stables in Aranjuez, you can also have a horse tamed, if you have the knowledge to do so, or have your horse ridden and tamed by our expert riders. We are professionals dedicated to horse training in Madrid for generations.

Pupilage

The facilities of our equestrian center in Aranjuez offer the care and maintenance of your horse, with unbeatable indoor and outdoor facilities, spacious boxes, tack room, shower area, rest meadows, veterinary clinic, as well as a natural feeding supervised by veterinarians.

Horseback Riding Lessons

Bella Vista Stables offers riding lessons in Aranjuez for horse riding enthusiasts, for children and adults of all levels. Our facilities have outdoor arenas and a covered riding arena, so you can attend classes regardless of inclement weather.

School visits

We organize guided school visits to our horse stables with horse related activities for schools, children and students of all ages, in our facilities at Bella Vista Stables and in our surroundings, surrounded by animals: turkeys, donkeys, rabbits, chickens and geese.

Spaces photography and video

Cuadra Bella Vista is located in the beautiful area of Real Cortijo de San Isidro in Aranjuez, declared Cultural Landscape of Humanity by UNESCO. It is in this beautiful environment where we develop our activities in our spacious and modern facilities of unique beauty, used on numerous occasions for photographic reports and film and video production.