In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), AMIDA EVENTS S.L. hereby informs users of the processing of their personal data.
Entity: AMIDA EVENTS S.L.
Tax ID: B57145898
Registered address: Carrer Gremi de Cirurgians i Barbers, 25, A.3.2, 07009 Palma de Mallorca (Illes Balears), España
Email (legal and privacy contact): legal@grupoamida.com
This policy applies to the processing of personal data carried out through the following websites and commercial brands operated by AMIDA EVENTS S.L.:
The restaurant establishments BàrBar, La Bodeguilla, Periplo Portixol, Bar Nicolás, Room Service and Nura are operated by Grupo Amida Restaurantes 2025, S.L. (B75868265), a legally independent entity with its own privacy policy.
Purpose: To ensure the correct technical operation, security and accessibility of the websites.
Data processed: Identifying and technical data (IP address, browser type, device, pages visited, session duration).
Legal basis: Legitimate interest of the Data Controller (Article 6(1)(f) GDPR).
Retention period: The time strictly necessary for the active session, or up to 24 months for aggregated technical analytics data.
Purpose: To manage and respond to requests for information, quotes and event bookings received through web forms.
Data processed: First and last name, email address, phone number, event type (wedding, private event, MICE, catering), estimated guest count, planned event date, venue or space of interest, indicative budget, preferred language and personalised message.
Legal basis: Consent of the Data Subject (Article 6(1)(a) GDPR) and pre-contractual measures at the Data Subject's request (Article 6(1)(b) GDPR).
Retention period: Up to 24 months from the last interaction, unless the Data Subject submits a prior erasure request.
Data flow: Data collected through forms is automatically transferred via Zapier to the Pipedrive CRM, where it is recorded as a contact and commercial opportunity.
Purpose: To manage the complete contractual relationship with the client, including the preparation and execution of proposals and contracts, event coordination, invoicing and fulfilment of obligations arising from the contracted service.
Data processed: Full identifying data (name, surname, national ID/tax ID), contact details, event data (date, venue, number of attendees, event type), financial and payment terms, electronic signature and any other information required for the proper execution of the contract.
Legal basis: Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR); legal obligations under tax and commercial law (Article 6(1)(c) GDPR).
Retention period:
Data flow: Webflow → Zapier → Pipedrive → PandaDoc → Google Drive.
Purpose: To record and manage the dietary restrictions, allergies and food intolerances of event attendees in order to ensure food safety and adapt menus in accordance with the requirements of Regulation (EU) No 1169/2011 on the provision of food information to consumers.
Data processed: Food allergies, intolerances, dietary restrictions and special dietary requirements.
Data category: Health-related data — special category subject to enhanced protection (Article 9 GDPR).
Legal basis: Explicit consent of the Data Subject or their legal representative (Article 9(2)(a) GDPR). In emergency situations affecting the physical integrity of an attendee, protection of vital interests (Article 9(2)(c) GDPR).
Retention period: From the date of collection until 5 years after the event. This period reflects the limitation period for civil liability for personal injury applicable in Spain (Article 1964 of the Spanish Civil Code). Upon expiry, the data will be permanently erased or anonymised.
Storage: Google Drive (Google Workspace), with access restricted exclusively to personnel authorised for event planning and execution.
Note: Providing this data is voluntary but necessary to ensure the food safety of attendees. AMIDA EVENTS S.L. applies enhanced technical and organisational measures to the processing of this data category.
Purpose: To manage commercial follow-up with leads and active clients through communications directly related to the event or quote requested, as well as internal sales process automations.
Data processed: Name, email address, event information, stage in the sales process.
Legal basis: Legitimate interest of the Data Controller within the framework of the pre-contractual or contractual relationship (Article 6(1)(f) GDPR). AMIDA EVENTS S.L. does not send unsolicited commercial communications.
Retention period: 24 months from the last interaction.
Tool: Pipedrive CRM.
Purpose: To measure the performance and effectiveness of active Google Ads campaigns through conversion event tracking (form submissions, contact requests). The data transmitted consists of aggregated conversion events; no directly identifiable personal data is transferred to Google Ads. No retargeting campaigns are currently in operation.
Data processed: Conversion events (website behaviour, without direct personal identification).
Legal basis: User consent through acceptance of advertising/marketing cookies (Article 6(1)(a) GDPR).
Note on Meta Pixel: The website has Meta Pixel installed. No active campaigns are currently running on Meta/Facebook Ads. The Pixel operates exclusively in a technical capacity and is subject to the consent given by the user in the cookie management panel.
Retention period: As per the data retention settings in Google Ads (maximum 24 months).
Purpose: To analyse user behaviour on the website in order to improve the browsing experience, content and technical performance.
Data processed: Pages visited, session duration, traffic source, device type and approximate geographical location.
Legal basis: User consent through acceptance of analytical cookies (Article 6(1)(a) GDPR).
Retention period: 14 months (standard Google Analytics 4 configuration).
Tools: Google Analytics 4, Google Search Console, Google Tag Manager.
Purpose: To manage communications with clients relating to contracted events or those under negotiation, including operational coordination, confirmations and enquiries.
Data processed: Phone number, contact name and content of event-related communications.
Legal basis: Performance of a contract or pre-contractual measures at the Data Subject's request (Article 6(1)(b) GDPR).
Note: WhatsApp Business is operated by Meta Platforms Ireland Limited. Conversations are protected by end-to-end encryption. Usage metadata is processed by Meta in accordance with its own terms of service and privacy policy.
Retention period: Duration of the contractual relationship and up to 24 months following its termination.
Purpose: To ensure the safety of persons, assets and facilities at the physical premises of AMIDA EVENTS S.L.
Data processed: Images of individuals captured in monitored areas.
Premises: AMIDA EVENTS S.L. head offices and logistics facilities.
Legal basis: Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) and Article 22 of Spanish Organic Law 3/2018 (LOPDGDD).
Retention period: A maximum of 30 days from the date of capture (Article 22(3) LOPDGDD), unless the footage must be retained as evidence of unlawful acts, in which case it will be preserved and made available to the competent authorities until resolution of the relevant proceedings.
Additional information: Monitored areas are duly signposted with the informational pictogram required by applicable regulations. Images are not shared with third parties except upon request from law enforcement or other competent authorities.
Note on venues: Video surveillance systems at Son Trobat, Finca Comassema and Jardines de Alfabia are the sole responsibility of their respective owners. AMIDA EVENTS S.L. does not have routine access to such recordings; access would only be possible in the event of a serious incident and with prior authorisation from the owner or pursuant to a judicial or police order.
Purpose: To fulfil the legal obligations applicable to AMIDA EVENTS S.L. in the fields of tax, labour, commercial and accounting law.
Data processed: Identifying and financial data of clients, suppliers and employees.
Legal basis: Compliance with legal obligations (Article 6(1)(c) GDPR).
Retention period: In accordance with the periods prescribed by applicable law in each case.
Purpose: AMIDA EVENTS S.L. uses artificial intelligence tools to assist its employees with operational tasks such as translation of communications, filtering and organising information, preparing internal reports, analysing contractual documentation and other productivity tasks related to event and client management.
Data that may be processed: In carrying out these tasks, employees may process through these tools personal data of clients previously collected (name, contact details, event information, content of contracts or communications). AMIDA EVENTS S.L. trains its employees on the data minimisation principle and the responsible use of these tools, restricting the processing of personal data to what is strictly necessary for each specific task.
Legal basis: Legitimate interest of the Data Controller in the efficient management of its operations (Article 6(1)(f) GDPR), ensuring that processing does not disproportionately prejudice the rights and interests of Data Subjects.
Primary tool: Claude (Anthropic, Inc.), used through Anthropic's enterprise platform under the terms of the corresponding data processing agreement (DPA).
Safeguards: AMIDA EVENTS S.L. operates under an agreement with Anthropic that ensures personal data processed is not used for training artificial intelligence models and that appropriate technical and organisational security measures are applied.
Retention period: Data processed through these tools is not permanently stored by the provider beyond the time required to deliver the service, in accordance with the terms of the signed data processing agreement.
Purpose: In order to ensure proper event coordination and maintain an accurate record of agreements and preferences expressed during the planning phase, AMIDA EVENTS S.L. may record telephone calls and video calls held with clients.
Data processed: Voice, image (in the case of video calls) and content of communications related to event planning.
Consent procedure: Prior to the commencement of each session that may be recorded, the client is clearly and expressly informed of this fact. If the client does not consent, the recording is not made or is immediately deleted. Continuation of the communication after receiving this information implies the Data Subject's consent, without prejudice to their right to object at any point during the call.
Legal basis: Consent of the Data Subject (Article 6(1)(a) GDPR).
Storage: Recordings are stored in Notion (AMIDA EVENTS S.L.'s internal documentation platform).
Retention period: Recordings are retained throughout the planning and execution of the event and for up to 12 months following its conclusion, after which they are permanently deleted. In the event of active litigation or a claim, they may be retained until resolution.
Rights: Data Subjects may at any time request the deletion of recordings in which they appear by contacting legal@grupoamida.com.
Data collected may be processed by the following providers acting as Data Processors, pursuant to Article 28 GDPR, who offer sufficient guarantees regarding the implementation of appropriate technical and organisational measures:
Aisle Planner, Inc. — Wedding and event planning and management platform — USA
Anthropic, Inc. (Claude) — Artificial intelligence tools — operational assistance for employees — USA
Balikan Family 2025, S.L. — Shared intragroup administration and accounting services — Spain (EU)
Google LLC (Google Ads) — Advertising management and conversion tracking — USA
Google LLC (Google Analytics 4) — Web traffic analytics — USA
Google LLC (Google Drive) — Document storage, including allergen data — USA
Google LLC (Google Gemini) — Artificial intelligence tools — image generation and processing — USA
Google LLC (Google Business Profile) — Business listing, reviews, and presence management on search engines and maps — USA
Google LLC (Google Maps) — Geolocation and location display on web — USA
Google LLC (Google Search Console) — Search engine performance monitoring — USA
Google LLC (Google Tag Manager) — Tag and tracking script management — USA
Google LLC (Google Workspace) — Cloud productivity suite, corporate email — USA
IGT MICROELECTRONICS S.L. (Ágora TPV) — Point-of-sale (POS) system for catering and events — Spain (EU)
Meta Platforms Ireland Ltd. (Meta Pixel) — Website behaviour tracking — Ireland (EU)
Meta Platforms Ireland Ltd. (WhatsApp Business) — Client communications — Ireland (EU) / USA
Notion Labs, Inc. — Internal documentation and recording of client meetings — USA
OpenAI, Inc. (ChatGPT) — Artificial intelligence tools — occasional employee assistance — USA
PandaDoc, Inc. — Contract and proposal management, electronic signature and archiving — USA
Parker Work Systems S.L. — ERP and CRM for catering, event and hospitality management — Spain (EU)
Pipedrive OÜ — CRM for lead, contact and commercial opportunity management — Estonia (EU)
Restaurant Booking & Distribution Services S.L. (Cover Manager) — Restaurant reservation management platform — Spain (EU)
Webflow, Inc. — Web development and hosting platform — USA
Wistia, Inc. — Corporate video hosting and playback — USA
Wolters Kluwer España, S.A. (A3) — Accounting and invoicing software — Spain (EU)
Zapier, Inc. — Automation and data transfer between platforms — USA
All Data Processors have entered into the corresponding data processing agreement pursuant to Article 28 GDPR and apply appropriate security measures commensurate with the risk.
Several of the Data Processors identified in the preceding section are established or process data in the United States or other countries located outside the European Economic Area (EEA). AMIDA EVENTS S.L. ensures that such transfers are carried out with the appropriate safeguards required under Article 46 GDPR:
For further information on the safeguards applicable to each transfer, Data Subjects may contact legal@grupoamida.com.
Data Subjects may exercise at any time the following rights recognised under the GDPR and Spanish Organic Law 3/2018 (LOPDGDD):
How to exercise these rights:
Requests should be submitted in writing to:
Requests must include: the Data Subject's full name, a copy of their national ID or equivalent identification document, the specific request and, where applicable, documents evidencing representation. AMIDA EVENTS S.L. will respond within a maximum period of one month from receipt, extendable by a further two months in cases of particular complexity, with prior notice to the Data Subject.
If a Data Subject considers that their rights have been infringed, they may lodge a complaint with the Spanish Data Protection Authority (AEPD) — www.aepd.es.
AMIDA EVENTS S.L. applies appropriate technical and organisational measures to ensure a level of security commensurate with the risk of processing, in accordance with Article 32 GDPR. Such measures include, among others: robust authentication using security hardware for system access, centralised and encrypted credential management, role-based access control and the principle of least privilege, encryption of communications and stored data, and internal procedures for the detection, management and notification of security incidents.
In the event of a security breach that may pose a risk to the rights and freedoms of Data Subjects, AMIDA EVENTS S.L. will notify the incident to the Spanish Data Protection Authority (AEPD) within a maximum of 72 hours of becoming aware of it, in accordance with Article 33 GDPR.
AMIDA EVENTS S.L.'s services are not directed at persons under the age of 14. AMIDA EVENTS S.L. does not knowingly collect personal data from minors without verifiable consent from their legal representative. Should it be discovered that data has been received from a minor without such consent, it will be immediately erased. Legal representatives may exercise the corresponding rights by contacting legal@grupoamida.com.
This website uses technical, analytical, advertising and personalisation cookies. For detailed information on the types of cookies used, their purpose, duration and how to manage your consent preferences, please refer to our [Cookie Policy].
AMIDA EVENTS S.L. reserves the right to amend this policy in order to adapt it to regulatory, case-law or service-related changes. Amendments will be published on this page with the updated date indicated. Periodic review of its content is recommended.
Last updated: June 13, 2026