Privacy Policy

Effective date: May 27, 2026

This Privacy Policy explains how OSCO HOUSE S.L. ("OSCO", "we", "us") collects, uses, shares and protects personal data when you visit oscohouse.com, when you contact us, and when you book or stay in an OSCO House property. We are committed to the principles of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and to Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights ("LOPDGDD").

1. Who we are

The data controller is:

OSCO HOUSE S.L. (ESB12345678)
Registered office: Barcelona, Spain
Email for privacy matters: privacy@oscohouse.com
Email for general enquiries: ops@oscohouse.com

We have not appointed a formal Data Protection Officer because we are not required to under Article 37 GDPR; the privacy@oscohouse.com mailbox is monitored by the operations lead and is the single point of contact for any data-protection question.

2. What personal data we collect

The categories of personal data we may collect depend on how you interact with us. They include:

3. Why we collect it

4. Legal basis for processing

Each processing activity rests on at least one of the legal bases set out in Article 6 GDPR:

5. Who we share your data with

We do not sell personal data. We share it only with the following categories of recipients, and only to the extent strictly necessary:

Each processor is bound by a written data-processing agreement under Article 28 GDPR.

6. How long we keep your data

When a retention period ends, the data is securely deleted or fully anonymised.

7. Your rights under the GDPR

Subject to the conditions set out in the GDPR, you have the right to:

To exercise any of these rights, write to privacy@oscohouse.com from the email address associated with your booking, or attach proof of identity. We will respond within thirty (30) days; we may extend by up to two further months for complex requests, in which case we will explain the reason.

8. International transfers

OSCO stores personal data in the European Union (Vercel and Resend EU regions). Where a processor (such as Stripe) processes data in or accesses it from outside the EU, the transfer is covered by Standard Contractual Clauses approved by the European Commission and, where appropriate, by supplementary safeguards (technical encryption, access controls). You may request a copy of the safeguards in place by writing to privacy@oscohouse.com.

9. Cookies and similar technologies

We use a small number of cookies and similar technologies:

We do not use advertising or cross-site-tracking cookies.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in the law, or in the technology we use. The "Effective date" at the top tells you when the current version took effect. Material changes will be highlighted on the website and, where the change affects you and we have your email, notified by email at least fifteen (15) days before they take effect.

11. Contact and complaints

For any question or to exercise your rights, contact us at privacy@oscohouse.com.

You also have the right to lodge a complaint with the Spanish Data Protection Authority:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid, Spain
aepd.es

We would, however, appreciate the chance to address your concern first — please write to us before escalating.