Privacy Policy

February 2, 2025 Last edition

Welcome to Varaderoparadise! We take your privacy very seriously and want you to feel secure when using our platform. This privacy policy clearly and simply explains how we collect, use, protect, and handle your personal data. It is important that you read it carefully to understand your rights and our obligations.

1. Who We Are and the Purpose of This Website

Varaderoparadise.com is an online platform dedicated to promoting and offering tourist services in Cuba. Our goal is to showcase the wonders of this destination by facilitating house rentals, translation services, tourist guides, and other tourism-related experiences.

We are a team of professionals passionate about Cuba and its culture, committed to providing you with the best possible experience. You can contact us at [email protected] or via WhatsApp.

This website aims to:

  • Connect travelers with property owners offering rentals in Varadero.
  • Provide complementary tourist services such as translation, tourist guides, information about tours and activities, etc.
  • Offer useful and relevant information about Cuba for interested travelers.
  • Manage bookings and service requests made through the platform.
  • Send informational and commercial communications related to our services and tourism in Cuba, always with your consent.

2. Legal and Regulatory Framework

Varaderoparadise is committed to operating within a framework of legality and transparency, adhering to the most relevant international regulations on data protection and e-commerce, especially considering that our services are aimed at an international audience. Although we operate from Cuba, we strive to comply with the highest global standards of privacy protection.

In this regard, our privacy policy is based on and takes into account the following key regulations:

  • General Data Protection Regulation (GDPR) (EU) 2016/679 (European Union): This is the global reference regulation for data protection, establishing a robust framework for the protection of personal data of individuals within the European Union (EU) and the European Economic Area (EEA). Although we are not directly subject to the GDPR in all our operations from Cuba, we adopt it as a best practice standard and a commitment to the privacy protection of all our users, especially those from the EU. Complying with GDPR principles allows us to offer a level of security and transparency recognized internationally.
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) (Spain): This law adapts Spanish legislation to the GDPR, reinforcing user rights and detailing obligations for organizations handling personal data. We mention it as an example of GDPR implementation at the national level within the EU and as a guide to ensure our practices align with GDPR interpretations and applications in a key EU member state, given the cultural and linguistic connection with our Spanish-speaking and European audience.
  • ePrivacy Directive 2002/58/EC (Directive on Privacy and Electronic Communications) (European Union): This directive, complementary to the GDPR, focuses specifically on privacy protection in the electronic communications sector. It is particularly relevant to our website regarding the use of cookies and similar technologies, as well as the sending of electronic marketing communications. It guides us to ensure that our practices in these areas respect the privacy of your online communications, following European standards. It is currently under review and will be replaced by the ePrivacy Regulation, which we will also consider in future updates to our policy.
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) (United States – California): Although state-level, the CCPA/CPRA has set an important precedent in privacy legislation in the United States and internationally. It grants California consumers significant rights over their personal data, including the right to know, the right to delete, and the right to opt-out of the sale of their personal information. Recognizing the importance of the U.S. market and the influence of the CCPA/CPRA, we take its principles into account to offer transparency and control over personal data to all our users, even those not residing in California.
  • Other National Legislations (Additional Consideration): We recognize that users from different countries may be subject to specific data protection laws in their respective jurisdictions (e.g., PIPEDA in Canada, LGPD in Brazil, etc.). While we cannot list them all explicitly, our commitment to general privacy principles, inspired by the aforementioned regulations, aims to provide a robust level of protection that is relevant and respectful of globally recognized privacy rights. For users from countries with particularly robust data protection laws, we strive to address their rights as much as possible and in accordance with the general principles governing our operations.

Additional Standards and Frameworks:

Beyond laws, we also consider important international frameworks and standards that guide best practices in privacy:

  • OECD Privacy Principles: The OECD Guidelines on Privacy and Transborder Flows of Personal Data are a set of internationally recognized principles that serve as the basis for many data protection laws worldwide. We consider them as a general reference framework for our privacy practices.
  • Council of Europe’s Convention 108+: The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and its Additional Protocol (Convention 108+) are key international treaties on data protection. We consider them as part of the broader international context in which our privacy policy is framed.

Commitment to Adaptation and Updates:

This Legal and Regulatory Framework is dynamic and will adapt to the evolution of the international legal landscape. We are committed to reviewing and updating this section periodically to reflect new laws, regulations, best practices, and guidelines issued by data protection authorities globally. We invite you to consult this section regularly to stay informed about the legal basis supporting our privacy policy and our ongoing commitment to protecting your personal data in an international context.

3. User Status and Acceptance

By accessing and using Varaderoparadise, you assume the status of a user and fully accept this Privacy Policy, as well as our Terms and Conditions of Use.

Express Consent: We will always request your express consent to collect and process your personal data for the specific purposes we inform you of in each case. This consent implies that you have read and understood this Privacy Policy.

Minors:

  • Over 18 years old: You can register and use our services without parental consent.
  • Under 18 years old: We need verifiable consent from your parents or legal guardians to process your personal data. If you are a parent or guardian and are aware that your child has provided us with personal data without your consent, please contact us so we can delete such information.

4. What Personal Data Do We Collect and for What Purpose?

We collect personal data in various ways and for different purposes, depending on how you interact with our platform:

Contact or Inquiry Form:

  • Data: Name, email, message. Optionally, phone number.
  • Purpose: To address your inquiries, comments, questions, or information requests.

House or Service Booking Form:

  • Data: Full name, email, phone number, booking dates, number of guests, accommodation preferences, details of additional services requested (translation, tourist guide, etc.), payment information (managed by secure payment platforms, we do not directly store banking data).
  • Purpose: To manage your booking, confirm availability, process payments, communicate with you about your booking, and coordinate the requested services.

User Registration (Optional):

  • Data: Username, email, password (encrypted), full name (optional), country (optional).
  • Purpose: To allow you to access additional features, manage your bookings, save your preferences, and receive personalized communications if you wish.

Newsletter Subscription (Optional):

  • Data: Email.
  • Purpose: To send you information about offers, promotions, news, travel tips, and relevant content about Varadero and Cuba. You can easily unsubscribe at any time.

Cookies and Similar Technologies:

  • Data: Information about your browsing, IP address, browser type, pages visited, browsing time, clicked links, etc. (See detailed Cookie Policy below).
  • Purpose: To improve website functionality, analyze platform usage, personalize your experience, and show you relevant advertising (if applicable).

Mobile Device Data (if you use the website from a mobile device):

  • Data: Device type, operating system, device identifiers.
  • Purpose: To optimize the website display on mobile devices and improve the mobile user experience.

We do not collect sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data related to health or sexual life.

5. Legal Basis for Data Processing

The processing of your personal data is based on the following legal grounds:

  • Consent: When you have given us explicit consent for a specific purpose (e.g., to send you commercial communications or to use non-essential cookies). You have the right to withdraw your consent at any time.
  • Performance of a contract: When processing is necessary to perform a contract to which you are a party (e.g., to manage your house or tourist service booking).
  • Compliance with a legal obligation: When processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate interests: When processing is necessary for our legitimate interests (or those of third parties), provided that these interests do not override your fundamental rights and freedoms. For example, our legitimate interest in improving the quality of our services and the security of our platform.

6. Access to Data by Third Parties (Service Providers)

To provide you with our services, we need to collaborate with third parties who act as service providers and may have access to your personal data. We carefully select these providers and ensure they comply with high standards of privacy and security.

The categories of service providers with whom we share data are:

  • Hosting Providers: Such as Hostinger to host our website and ensure its operation.
  • Payment Service Providers: Secure payment platforms such as TropiPay to process booking and service payments. Important: We do not directly store banking data.
  • Marketing and Advertising Service Providers: We do not use ads.
  • Web Analytics Service Providers: Such as Google Analytics to analyze website usage and improve it.
  • Communication Service Providers: To send emails, SMS, or communications through other platforms.

Confidentiality Guarantee: We ensure that all our service providers comply with data protection regulations and use your personal data exclusively for the purposes we have indicated and under our instructions. We do not allow them to use your data for their own purposes.

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA) or in countries that do not offer a level of data protection equivalent to the European one. In these cases, we ensure that appropriate safeguards are implemented to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission: Contracts that guarantee that the service provider located outside the EEA complies with European data protection standards.
  • Binding Corporate Rules: Internal policies of the provider company that guarantee an adequate level of data protection across all its subsidiaries worldwide.
  • European Commission Adequacy Decisions: When the European Commission has determined that a country outside the EEA offers an adequate level of data protection.

We will inform you transparently if we make international data transfers and the safeguards we apply to protect your privacy.

8. Security of Your Personal Data

We implement appropriate technical and organizational security measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Data encryption: We use SSL/TLS encryption to protect the transmission of sensitive data through our website.
  • Access controls: We limit access to your personal data to only those employees and service providers who need it to perform their functions.
  • Physical security measures: Protection of our servers and computer systems against unauthorized access.
  • Training and awareness: We train our staff on data protection.
  • Security reviews: We conduct periodic security reviews to detect and correct potential vulnerabilities.

Despite our security measures, you should be aware that internet security is not impenetrable. If you have reason to believe that the security of your personal data has been compromised, please contact us immediately.

9. How Long Do We Keep Your Data?

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected and during the applicable legal limitation periods. The criteria we use to determine the retention period are:

  • Duration of the contractual relationship: We retain your data while you maintain a contractual relationship with us, have an active booking, or continue using our services.
  • Legal obligations: We are required to retain certain data for legal periods.
  • Limitation periods: We retain data during the legal limitation periods to defend ourselves against potential legal claims.
  • Consent: In cases where processing is based on consent, we retain the data until you withdraw your consent.

Once your data is no longer necessary for the purposes for which it was collected, we will securely delete or anonymize it.

10. Your Data Protection Rights

As a user of Varaderoparadise, you have the following rights regarding your personal data:

  • Right of Access: You can request confirmation of whether we are processing your personal data, access it, and obtain information about the processing.
  • Right to Rectification: You can request the rectification of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data under certain circumstances (e.g., if it is no longer necessary for the purposes for which it was collected, if you have withdrawn your consent, etc.).
  • Right to Restriction of Processing: You can request the restriction of processing of your personal data under certain circumstances (e.g., while verifying the accuracy of your data, if you have objected to the processing, etc.).
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
  • Right to Object: You can object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.
  • Right not to be subject to automated individual decision-making, including profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.
  • Right to withdraw consent: If processing is based on your consent, you can withdraw it at any time.
  • Right to lodge a complaint with a supervisory authority: If you believe we have violated data protection regulations, you have the right to lodge a complaint with a competent supervisory authority.

How Can You Exercise Your Rights?

To exercise any of your rights, you can contact us at:

To process your request, we may need to verify your identity. We will respond to your request within a maximum of one month, although this period may be extended for complex requests.

11. Cookie Policy

We use cookies and similar technologies to improve your experience on our website, analyze platform usage, and, if applicable, show you personalized advertising. You can consult our COOKIE POLICY for detailed information on the types of cookies we use, their purposes, and how you can configure or disable them.

12. Changes to the Privacy Policy

We may update this Privacy Policy at any time to adapt it to new regulations, changes in our services, or privacy practices. We will inform you of any significant changes by posting the updated version on our website and, in case of major changes, we will notify you more prominently (e.g., through a notice on the website or by email). We recommend that you review this Privacy Policy periodically to stay informed of any modifications.

13. Contact

If you have any questions, comments, or concerns about this Privacy Policy or the processing of your personal data, please do not hesitate to contact us:

Sign In

Don't have an account yet? Register

Forgot password?

Register

Reset Password

Please enter your username or email address, you will receive a link to create a new password via email.