We handle your data with the same care as your property.
This Privacy Policy explains how The Island Fixer, a sole trader property management service based in Spain, processes personal data in connection with property care, guest support, supplier coordination and bespoke management services in Mallorca.
Contents
1. Scope of this Privacy Policy
This Privacy Policy applies to the personal data processed by The Island Fixer through this website, email, telephone, messaging channels, client onboarding, property management services, guest support, supplier coordination and related administrative activities.
The policy is intended for property owners, prospective clients, guests, tenants, suppliers, contractors, website users and any other person who contacts us or whose data is processed in connection with our services.
2. Who is the data controller?
Controller: Jaime Bartolomé Oliver Serrano
Spanish tax ID: 53971841-H
Trading name: The Island Fixer
Professional address: C/ Juan Gris, 55, 2ºA
Privacy email: info@theislandfixer.com
Phone: 664460688
Website: theislandfixer.com
Data Protection Officer: not appointed, unless expressly stated otherwise.
The controller determines the purposes and means of processing personal data in the context of the professional property management activity.
3. What personal data do we process?
The categories of data processed depend on your relationship with us and on the service requested.
- Property owners and clients: name, surname, NIF/NIE or passport number where required, address, email, phone number, property details, contractual instructions, billing information, payment records and communications.
- Guests, tenants or occupants: identity and contact data, booking or stay details, check-in and check-out information, communications, incident records and, where applicable, data required by Spanish guest registration rules.
- Suppliers, contractors and maintenance professionals: professional contact details, service records, quotes, invoices, access authorisations, availability, work reports and incident notes.
- People contacting us: name, email, phone number, message content and the data needed to handle the request.
- Website users: IP address, device or browser data, cookie preferences and browsing information where relevant.
We do not intentionally request special categories of data unless strictly necessary for a specific request, legal obligation or justified incident. Please do not send sensitive information unless it is necessary.
4. Why do we process your data?
| Purpose | People concerned | Main data | Legal basis |
|---|---|---|---|
| Responding to enquiries, requests, quotes and communications received through the website, email, phone or messaging channels. | Prospective clients, owners, guests, tenants, suppliers and other contacts. | Identity, contact details, enquiry content and communication records. | Consent when you contact us; legitimate interest in managing professional communications. |
| Providing property management services, including property care, inspections, cleaning coordination, maintenance, key handling, access management, guest support and incident follow-up. | Clients, owners, guests, tenants, authorised contacts, contractors and suppliers. | Identity, contact details, property data, service instructions, communications, incident data and supplier records. | Performance of a contract or pre-contractual measures; legitimate interest in coordinating services and protecting the property. |
| Managing bookings, short-term stays or tourist accommodation support where these services are included. | Guests, travellers, booking holders and accompanying persons. | Identity, contact details, booking details, stay dates, payment references and data required by applicable accommodation rules. | Performance of a contract; compliance with legal obligations where guest registration rules apply. |
| Issuing invoices, managing payments, accounting, tax obligations and administrative records. | Clients, suppliers, guests, tenants and other parties involved in economic transactions. | Identity, tax data, billing address, invoices, payment details and accounting records. | Compliance with tax, accounting and commercial obligations; performance of a contract. |
| Coordinating repairs, maintenance, cleaning, technical visits, supplies, insurance incidents and property access. | Owners, occupants, suppliers, contractors, insurers and authorised contacts. | Contact details, property address, access instructions, availability, photographs or descriptions of incidents, quotes and work reports. | Performance of a contract; legitimate interest in resolving incidents and safeguarding the property. |
| Sending commercial communications about similar services, updates or offers, where permitted. | Clients, business contacts and people who have requested information. | Name, email, phone number, preferences and consent or opt-out records. | Consent or legitimate interest for similar services, respecting the right to object. |
| Handling claims, complaints, data protection rights, legal responsibilities, insurance matters and requests from authorities. | Clients, owners, guests, tenants, suppliers, third parties and authorities. | Identity, contact data, contracts, communications, evidence, incident records and relevant documentation. | Compliance with legal obligations; legitimate interest in the defence of rights and claims. |
| Maintaining website security, preventing misuse, managing technical cookies and producing statistics where analytics tools are configured. | Website users. | IP address, technical identifiers, browser data, cookie preferences and browsing data. | Legitimate interest in website security; consent for non-essential cookies or analytics where required. |
5. Legal bases for processing
Performance of a contract or pre-contractual steps
We process data to prepare quotes, onboard clients, manage properties, coordinate suppliers, provide guest support, handle incidents, issue invoices and deliver the services requested.
Compliance with legal obligations
We process data where necessary to comply with tax, accounting, commercial, administrative, consumer, public security, accommodation, anti-fraud or authority-related obligations.
Consent
We rely on consent for voluntary forms, certain marketing communications, non-essential cookies or any other processing that legally requires it. You may withdraw consent at any time.
Legitimate interest
We may rely on legitimate interest to protect properties, coordinate incidents, secure the website, keep evidence of communications, prevent misuse, manage professional relationships and defend our rights, always balancing this interest against the rights and freedoms of the people concerned.
6. Who may receive your data?
We do not sell personal data. We only share data where it is necessary, legally required or supported by a valid legal basis.
- Public authorities, courts, law enforcement bodies or competent administrations, where required by law or a valid request.
- Tax, accounting, legal or professional advisers, where needed for compliance or defence of rights.
- Banks, payment providers, insurers and billing platforms, where necessary for payments, claims, policies or invoices.
- Maintenance, cleaning, repair, locksmith, technical and supply providers, only with the data required for the specific intervention.
- Technology providers and processors, such as hosting, email, property management software, PMS, CRM, cloud storage, electronic signature, professional messaging, customer support or web analytics tools.
- Booking portals, agencies, tourist channels or intermediaries, where the contracted service requires their involvement.
Where a provider processes personal data on our behalf, we require a data processing agreement and appropriate safeguards. If a provider is located outside the European Economic Area, we will use the safeguards required under data protection law, such as adequacy decisions, standard contractual clauses or other valid mechanisms.
7. How long do we keep the data?
We keep personal data only for as long as necessary for each purpose and, afterwards, for the time required to meet legal, tax, accounting, contractual, administrative or liability-related obligations.
| Data type | Indicative period |
|---|---|
| Enquiries, requests and quotes not accepted | During the management of the enquiry and, generally, up to 12 months unless a later relationship or pending responsibility exists. |
| Contracts, property management services, incidents and client communications | During the contractual relationship and for the period needed to address responsibilities arising from the service. |
| Invoices, books, supporting documents and accounting or commercial records | For the legally required periods. As a general reference, Spanish commercial documentation may need to be kept for six years. |
| Tax-relevant data | During the applicable limitation periods and, where relevant, while audits, inspections or claims remain open. |
| Guest or traveller data subject to accommodation registration and information obligations | For the period required by the specific accommodation and public security rules applicable to the activity. |
| Marketing communications | Until you withdraw consent, unsubscribe or object to the processing. |
| Cookies and browsing data | As described in the Cookie Policy and in the cookie settings panel. |
When data is no longer needed, it will be deleted or blocked for the time during which legal responsibilities may arise.
8. Your data protection rights
You may exercise the following rights where applicable:
- Access: to know what personal data we process about you.
- Rectification: to correct inaccurate or incomplete data.
- Erasure: to request deletion of data when it is no longer necessary.
- Objection: to object to processing based on legitimate interest or to direct marketing.
- Restriction: to request temporary restriction of processing in certain cases.
- Portability: to receive your data in a structured, commonly used format where applicable.
- Withdrawal of consent: to withdraw consent at any time, without affecting the lawfulness of prior processing.
- Not to be subject to automated individual decisions: we do not make decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise your rights, contact us at info@theislandfixer.com, indicating the right you wish to exercise. If we have reasonable doubts about your identity, we may request only the additional information necessary to verify it.
You also have the right to lodge a complaint with the Spanish Data Protection Agency, the Agencia Española de Protección de Datos, if you believe that your personal data has not been processed in accordance with applicable law.
9. Specific note for guest stays and tourist accommodation
If the service includes short-term stays, tourist accommodation support, guest check-in or similar hospitality-related activities, we may process additional data required by Spanish rules on documentary registration and communication of accommodation data.
- We will collect only the data necessary to comply with the applicable legal obligation and manage the stay.
- We should not request or keep a full copy of a DNI, NIE or passport where collecting the legally required data and verifying identity through proportionate means is sufficient.
- We may communicate guest data to competent authorities where the law requires it.
- Guests and travellers must provide accurate and up-to-date information where it is required to comply with these obligations.
10. Security measures
We apply reasonable technical and organisational measures to protect personal data against loss, unauthorised access, alteration, disclosure or improper destruction. These measures are adapted to the data processed, the technology used, the risks involved and the nature of the services.
- Access to personal data is limited according to professional need.
- Devices and accounts are protected with strong passwords and, where possible, multi-factor authentication.
- Backups and continuity measures are used where appropriate.
- Permissions for cloud tools, property management software and professional communication channels are reviewed.
- Data minimisation and secure deletion practices are applied when data is no longer required.
- Security incidents and personal data breaches are managed and documented in accordance with applicable law.
11. Children
Our services are aimed at adults or people with sufficient legal capacity to contract. Where guest stays or communications include data relating to children, such data must be provided by their legal representatives or by the responsible adult and will be processed only where necessary for the relevant service or legal obligation.
12. Cookies and similar technologies
This website may use technical cookies necessary for its operation. If analytics, advertising, embedded maps, videos, pixels or other non-essential third-party technologies are used, consent will be requested where required and detailed information will be provided in a separate Cookie Policy.
13. Changes to this Privacy Policy
We may update this Privacy Policy to reflect legal, technical, organisational or service changes. The current version will always be the one published on this page, with the date of the latest update indicated above.
Need to exercise a right or ask a privacy question?
Please contact us with your name, preferred contact method and the right or privacy matter you wish to address. Do not send sensitive information unless it is necessary.
Email: info@theislandfixer.com
Suggested request text
“I request to exercise my right of [access / rectification / erasure / objection / restriction / portability] regarding the personal data processed by The Island Fixer.”