Privacy Policy

1. Introduction

At Meridional Events, we are committed to ensuring the privacy and security of our clients’ and users’ personal data. This Privacy Policy explains how we collect, use, store, and safeguard personal data when you interact with our website www.meridionalevents.com (hereinafter, the “Site”) and with the services we provide, including event management and organisation, bookings, commercial communications, and other related offerings.

This policy complies with the applicable legislation, in particular the General Data Protection Regulation (GDPR) (EU 2016/679) and the Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

By using our Site or contracting our services, you accept the collection and use of your personal data in accordance with this policy. If you do not agree with any of the terms set forth herein, we kindly request that you refrain from using our services or providing us with personal data.

In the event of any discrepancy between this current version of the Privacy Policy (in Spanish) and any translation into another language, the Spanish version shall prevail.

2. Data Controller

In accordance with the GDPR, the personal data we collect on our Site or through our commercial relationships is processed by:

• Controller: Meridional Events SL
• Tax ID (NIF): B75679035
• Address: Calle Pelayo, Malaga
• Contact Email:

If you have any questions about this policy or how we process your personal data,
you can reach us at the email address provided above.

3. Definitions Used

To make this Privacy Policy clearer, below are some key definitions, taken both from current legislation and from the previous version of our policy:

• Personal data: Any information relating to an identified or identifiable natural person (e.g., name, postal address, email address, telephone number, etc.).
• The data subject: The natural person whose personal data is being processed.
• Minor: For the purposes of this policy, any individual under 14 years of age (whereas our previous policy referred to 16; however, to align with Spanish legislation, we adopt the 14-year threshold).
• We / the Company: Meridional Events, its employees and/or designated service providers or processors.
• GDPR: General Data Protection Regulation (EU) 2016/679.
• LOPDGDD: Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.
• Processing: Any operation or set of operations performed on personal data or on sets of personal data, such as the collection, recording, organisation, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• Website, Site or “the Site”: The primary Meridional Events website: www.meridionalevents.com.

4. Personal Data We Collect

We collect and process personal data that you provide to us directly, as well as data obtained through our commercial relationship or your browsing of our Site. This includes:

• Identifying data: Name, surname(s), email address, telephone number, and/or any other similar information you voluntarily provide.
• Billing data: Postal address, banking or payment details when contracting services or making bookings. Such data are collected to issue invoices, formalise contracts, and comply with legal and accounting obligations.
• Communication data: Information provided in contact forms or in emails sent by users (e.g., requests for information, support, or quotes).
• Automatically collected data (if applicable): As mentioned in the previous policy, we may automatically store certain information derived from your interaction with the Site (such as IP address, device and browser type, pages visited, date and time of visit, etc.) only if necessary to enhance user experience or for analytics, and only if we have your prior consent or a legitimate basis for doing so. Nevertheless, in this new policy, we clarify that we do not automatically collect personal data via cookies without your explicit consent (please see Section 12. Cookies and Other Tracking Technologies).
• Third-party or publicly available information: As stated in the previous policy, we may occasionally receive information from our trusted partners or gather data published in publicly accessible sources, provided that there are legitimate grounds for its processing.

In any case, we undertake to collect only the information that is strictly necessary for the purpose stated at any given time, and to process it lawfully and transparently.

5. Purpose of Data Processing

We use the personal data collected for the following purposes:

• Managing information requests: Responding to enquiries, quote requests, or any other communication you send us via Site contact forms or email.
• Service provision: Formalising and managing bookings, organising events, and other contracted services, including administrative, invoicing, and collection processes.
• Sending commercial communications: Providing information about our services, events, or promotions, always with the user’s prior consent. You may withdraw your consent at any time, as explained later.
• Compliance with legal obligations: Administrative, tax, and accounting management in compliance with applicable regulations, as well as any other obligations required by the competent authorities.
• Improving our services and user experience: Where applicable and with a legitimate interest or consent (e.g., via analytics cookies), we may collect browsing data to improve the quality and performance of the Site and protect the Site and its users against malicious activities.

We do not process your data for automated decision-making that produces legal effects or similarly significantly affects you. Likewise, we do not create profiles based on the information collected unless we have your explicit consent or have another legitimate basis as set out by applicable regulations.

6. Legal Basis for Data Processing

The legal basis for processing your personal data varies depending on the purpose of the processing:

• Performance of a contract: Where the data is necessary for us to provide our services (e.g., processing event bookings, responding to requests, etc.).
• Compliance with a legal obligation: Where we process data to comply with tax, administrative, or data protection regulations (e.g., issuing invoices).
• User consent: For sending commercial communications or information about our services, as well as the use of non-essential cookies. You may withdraw your consent at any time without affecting the legality of prior processing.
• Legitimate interest: For improving our services, safeguarding Site security, or enabling us to conduct user satisfaction surveys, provided that these interests do not override your rights and freedoms.

When data processing is based solely on consent, you may withdraw such consent at any time by contacting us at the email address provided in Section 17. Contact Information and Supervisory Authority.

7. Recipients of Personal Data

Your personal data will not be sold or transferred to third parties, except in the following circumstances:

• Service providers: Companies that provide us with technological, accounting, payment, marketing, newsletter distribution, or similar services. They act as data processors under confidentiality agreements and must comply with appropriate security measures to protect your data.
• Public authorities: When there is a legal obligation to disclose data to courts, tribunals, public administrations, or other regulatory bodies.
• International transfers: If data is transferred outside the European Economic Area (EEA), we shall ensure that appropriate measures are in place to protect your information in accordance with the GDPR (e.g., by signing Standard Contractual Clauses or transferring data only to countries with an adequacy decision).
• Trusted partners (if applicable): As stated in the previous policy, we may share your data with other partners or third parties whenever there is a legal basis (consent, legitimate interest, legal obligation, or contract performance) and such parties meet equivalent security and confidentiality requirements.

Apart from these cases, any disclosure or sharing of data with third parties shall require your express consent or a legitimate basis that authorises it.

8. User Rights

As the data subject, you have the right to:

• Access: Know which personal data we process about you and obtain a copy of it.
• Rectification: Correct inaccurate or incomplete data. We may request supporting documentation if needed to verify accuracy.
• Erasure (“right to be forgotten”): Request the deletion of your data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent and there is no other legal basis for the processing, or when the processing is unlawful, among other grounds.
• Objection: Object to the processing of your data in certain situations, for instance where the processing is based on our legitimate interest and there are no overriding compelling grounds that prevail over your rights and freedoms.
• Restriction of processing: Request that the use of your data be limited under specific circumstances, such as when you contest the accuracy of your data while we verify its correctness.
• Data portability: Request the transfer of your data to another data controller in a structured, commonly used, and machine-readable format, when processing is based on consent or on a contract.

To exercise these rights, you can email us at the address indicated in Section 17. Contact Information and Supervisory Authority, stating the right you wish to exercise and attaching a copy of your ID to verify your identity. We will respond to your request within a maximum period of one month, which may be extended by up to two additional months if necessary due to complexity or the number of requests.

If you believe we have not processed your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), available at www.aepd.es.

9. Retention Period of Personal Data

Personal data will only be retained for as long as necessary to fulfil the purposes set out in this policy. Generally:

• Contact and communication data: Until you request its erasure or withdraw your consent.
• Contractual and invoicing data: For the time periods required by tax and accounting regulations (e.g., at least 4 years in Spain for invoices and accounting documents, in accordance with the General Tax Law) or up to 10 years for anti-money laundering prevention, if applicable.
• Data related to commercial communications: Until you withdraw your consent or request the erasure of your information.

Once these periods have elapsed, we will securely delete your data unless there is a legal obligation to retain them or they are needed for establishing, exercising, or defending legal claims.

10. Data Security

We have implemented appropriate technical and organisational measures to ensure the security of personal data and to prevent its loss, alteration, unauthorised access, or disclosure. These measures may include:

• Secure protocols: Using HTTPS on the Site to encrypt communications.
• Access controls: Physical and logical access restrictions to our facilities and systems.
• Secure storage: Use of strong passwords, encryption of sensitive data, and security measures on our servers.
• Monitoring and audits: Ongoing review of our infrastructure and software to detect potential vulnerabilities.

However, no system is completely secure, and we cannot fully guarantee the invulnerability of the information. In the event of a security breach that affects your personal data, we will notify you as soon as possible, as required by applicable legislation.

11. Protection of Minors

We do not collect data from minors under 14 years of age without the explicit consent of their parents or legal guardians. If we discover we have received data from a minor without the required authorisation, we will immediately delete such data.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us so that we can address the matter as quickly as possible.

12. Cookies and Other Tracking Technologies

As indicated in the former policy, Meridional Events may employ cookies and similar technologies to analyse user behaviour, manage the Site, track user movements, and collect user information for the purpose of personalising and improving user experience. However, in this new version, we clarify that we do not automatically collect personal data via cookies or other tracking technologies without your explicit consent, except for those cookies strictly necessary for the basic functioning of the Site.

Cookie definition: A cookie is a small text file stored on your computer or similar device. Cookies store information that helps websites function properly. Only we can access cookies created by our Site, and under no circumstances are cookies used to personally identify you without your consent.

We may categorise the use of cookies as follows:

• Necessary cookies: Essential for certain core functions on our Site, such as managing sessions or accessing secure areas. They do not collect any personal information for marketing purposes.
• Functionality cookies: Provide features that make the user experience smoother, for instance, remembering your name and email address in comment forms or similar fields.
• Analytics cookies: Enable tracking the use and performance of our Site and services to improve quality and relevance.

Controlling cookies: You can delete cookies stored on your device through your browser settings. You may also configure your browser to decline cookies or alert you before accepting them. Please note that blocking or disabling certain cookies may affect the Site’s functionality.

For more information, see our Cookie Policy, which describes the types of cookies used, their purpose, and how to accept, configure, or reject them.

13. Information on Third-Party Services (Google, Microsoft, etc.)

As described in the previous policy, we may use third party services to manage and improve our relationships with customers, as well as for site analysis and sending communications.

• Google: Meridional Events uses Google services, such as Google Workspace and Google Analytics, preferably requesting servers located in Europe to work in accordance with the GDPR. Google Analytics allows us to measure traffic on our website. Google has its own privacy policy, which you can consult at this link. If you wish to prevent Google Analytics tracking, you can use the official Google opt-out add-on or configure your browser to block related cookies.
• Microsoft: Our computers use the Windows operating system, and part of our server infrastructure is hosted on Microsoft platforms, complementing our services on Google Workspace. Microsoft provides solutions such as Microsoft 365 and Azure, which may involve the processing of personal data under their own privacy policy and in compliance with the GDPR when processing EU user data. More information can be found in Microsoft's privacy policy.

Each of these service providers has its own privacy policies and complies with the GDPR to the extent that they deal with data of users from the European Union. In all cases, we ensure that we enter into Data Processing Agreements and implement appropriate security measures.

14. Email Communications

Emails we send you, as well as any attachments, may contain confidential information intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, the disclosure, copying, use, or distribution of the information contained in the email is prohibited. We kindly request that, in such a case, you notify us of the error by replying to our email, and then delete the message and its attachments from your system.

If you no longer wish to receive commercial or newsletter communications at any time, you may use the unsubscribe links included in such emails, or exercise your right to object by emailing us at the address provided in Section 17. Contact Information and Supervisory Authority.

15. International Data Transfers

Should we need to transfer your personal data to third countries outside the European Economic Area (EEA), we will ensure that appropriate measures are adopted to protect your information, in accordance with applicable regulations (e.g., signing European Commission-approved Standard Contractual Clauses or transferring data solely to countries with an adequacy decision).

If you would like more information on the specific safeguards we apply to international data transfers, you may request it by contacting us via the email address listed in Section 17. Contact Information and Supervisory Authority.

16. Modifications to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect legislative developments or changes in our data processing procedures. In the event of significant modifications, we will inform you clearly through our Site or by email, so that you can learn about the introduced changes and, if appropriate, exercise your rights or cease using our services.

The last modification was made on the date indicated at the beginning of this document. We recommend that you periodically review this Privacy Policy to remain informed about how we protect your information.

17. Contact Information and Supervisory Authority

If you have any questions or wish to exercise your rights in relation to this policy, you may contact us at the following email address:

📩

If you believe your rights have not been duly addressed, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD):

• Head Office: C/ Jorge Juan, 6, 28001 Madrid (Spain)
• Telephone: +34 91 399 62 00
• Email: internacional@agpd.es
• Website: www.aepd.es

18. Annex: Supplementary Information (GDPR in Spain)

As set out in the previous policy, and for the sake of maximum transparency and adherence to the principle of proactive accountability, we provide the following considerations:

• General information: This document is primarily designed for low-risk personal data processing. Should Meridional Events carry out high-risk processing at any point (for instance, involving sensitive data such as ethnic origin, sexual orientation, health data, etc.), additional security measures will be implemented, and, where appropriate, Data Protection Impact Assessments (DPIAs) will be undertaken.
• Appropriate security guarantees: Article 5.1(f) of the GDPR requires appropriate security safeguards against unauthorised or unlawful processing and against the accidental loss or destruction of personal data. At Meridional Events, we implement technical and organisational measures to ensure the integrity and confidentiality of personal data. We also maintain internal logs and evidence of the actions we carry out (proactive accountability).
• Internal procedures: We have clear internal procedures in place for effectively handling requests to exercise data subjects’ rights, with accessible and straightforward mechanisms (e.g., electronic means, specific contact references). We are committed to responding without undue delay and within the maximum timeframe established by law (one month, extendable by up to two months in cases of complexity).
• Right of access, rectification, erasure, objection, portability, and restriction: As described in the previous policy, these rights may be exercised at no cost at any time, subject to identity verification. Should we be unable to comply with a request for any reason, we will inform the individual concerned of the grounds, as well as of their right to file a complaint with the AEPD.

In doing so, we ensure consistency with the previous privacy policy, while establishing this expanded version as the official and governing policy of Meridional Events from the date indicated at the start of this document.