Legal information

Privacy Policy

Last updated:

This privacy policy describes how we handle your personal data when you interact with the website mesademadrid.es, in compliance with EU Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

  • Owner: Mihai Anastasoaiei
  • Tax ID (NIF): X6938068A
  • Address:
    Calle Santísimo Cristo de la Misericordia 24, 45230 Numancia de la Sagra, Toledo, Spain
  • Contact: bizgaoana@gmail.com

2. Data we collect

We only process data you voluntarily share with us:

  • Booking form: name, phone, email (optional), date, time, party size and notes. Only if you choose to use it instead of WhatsApp or phone.
  • Contact form: name, email, subject and message.
  • Anonymous analytics via Cloudflare Analytics: pages visited, browser, country, device. No cookies, no personal identification.

3. Purpose of processing

  • Manage and confirm your bookings.
  • Reply to your enquiries or messages.
  • Generate anonymous usage statistics.

We do not use your data to send you advertising, nor share it with third parties for commercial purposes.

4. Legal basis

  • Bookings: performance of a contract (GDPR Art. 6.1.b).
  • Enquiries: explicit consent when sending the message (GDPR Art. 6.1.a).
  • Anonymous analytics: legitimate interest in improving the service (GDPR Art. 6.1.f).

5. Data retention

  • Bookings: up to 1 year after the last booking, unless legally required.
  • Enquiries: up to 6 months after the last communication.
  • Analytics: maximum 6 months (managed by Cloudflare Analytics).

6. Data recipients

We work with the following providers as data processors:

  • Cloudflare Pages (hosting and anonymous analytics) — Cloudflare, Inc. Certified under the EU-US Data Privacy Framework (DPF).
  • Google — if you choose to open our location in Google Maps from the site, that traffic is governed by Google's privacy policy.
  • WhatsApp / Meta Platforms — if you book or contact us via WhatsApp, your message is processed under Meta's terms.

We do not share data with third parties for advertising or commercial purposes.

7. Your rights

As the data subject, you have the following rights (GDPR Arts. 15-22):

  • Access: know what data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten").
  • Restriction of processing.
  • Portability of your data.
  • Objection to processing.

To exercise any of these rights, write to bizgaoana@gmail.com indicating which right and attaching a copy of an ID document.

You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD) if you believe the processing of your data does not comply with applicable regulations.

8. Security

The site is always served over HTTPS with in-transit encryption. Hosting is protected by Cloudflare, including DDoS protection and standard security filters. We do not store payment data, since no payments are processed through the site.

9. Minors

This site is not directed at children under 14. If you are a minor, do not provide personal data without authorisation from a legal guardian. Bookings require a person of legal age or guardian authorisation.

10. Modifications

We may update this policy when our tools, providers or applicable law change. The date of last update appears at the top and bottom of this document. We recommend periodic review.

Last updated: May 2, 2026