In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), Grupo Amida Restaurantes 2025, S.L. hereby informs users of the processing of their personal data.
Registered name: Grupo Amida Restaurantes 2025, S.L.
Tax ID: B75868265
Registered address: Carrer Gremi de Cirurgians i Barbers, 25, A.3.2, 07009 Palma de Mallorca (Illes Balears), España
Companies Register: Registered in the Companies Register of the Balearic Islands (Palma de Mallorca) — registration details pending update
Email: legal@grupoamida.com
This policy applies to the processing of personal data carried out through the websites and digital channels of the establishments operated by Grupo Amida Restaurantes 2025, S.L.:
BàrBar (barbarmallorca.com) — C/ de la Concepció, 3, 07012 Palma
La Bodeguilla (la-bodeguilla.com) — Carrer de Sant Jaume, 3, 07012 Palma
Periplo Portixol (periploportixol.com) — Palma de Mallorca
Bar Nicolás (barnicolas.com) — Palma de Mallorca
Room Service (room.grupoamida.com) — Palma de Mallorca
Nura (nuramallorca.com) — Palma de Mallorca
Catering, wedding planning and venue management services are provided by AMIDA EVENTS S.L. (B57145898), a legally independent entity with its own privacy policy available at grupoamida.com/es/terms/politica-de-privacidad
Purpose: To ensure the correct technical operation, security and accessibility of the websites.
Data processed: Identifying and technical data (IP address, browser type, device, pages visited).
Legal basis: Legitimate interest of the Data Controller (Article 6(1)(f) GDPR).
Retention period: The time strictly necessary for the active session, or up to 24 months for aggregated technical analytics data.
Purpose: To manage table reservations received through web forms and the booking platform integrated into the websites.
Data processed: First and last name, email address, phone number, desired date and time, number of diners, selected restaurant and any observations or special requests.
Legal basis: Pre-contractual measures at the Data Subject's request (Article 6(1)(b) GDPR).
Retention period: Up to 24 months from the reservation date, unless a prior erasure request is submitted.
Tool: Cover Manager — restaurant reservation management platform.
Purpose: To record and manage dietary restrictions, allergies and food intolerances communicated by diners in order to ensure food safety during service, in accordance with Regulation (EU) No 1169/2011 on food information.
Data processed: Food allergies, intolerances and dietary restrictions.
Data category: Health-related data — special category subject to enhanced protection (Article 9 GDPR).
Legal basis: Explicit consent of the Data Subject (Article 9(2)(a) GDPR). In emergency situations affecting the physical integrity of a diner, protection of vital interests (Article 9(2)(c) GDPR).
Retention period: Duration of the service and up to 12 months after the visit date for food liability purposes. Upon expiry, the data will be deleted.
Tool: Cover Manager and direct communication with the restaurant team.
Note: Providing this data is voluntary but necessary to ensure the food safety of diners. Grupo Amida Restaurantes 2025, S.L. applies enhanced technical and organisational measures to the processing of this data category.
Purpose: To manage communications relating to active reservations, confirmations, modifications and any incidents arising during service delivery.
Data processed: Name, email address, phone number, reservation details.
Legal basis: Performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).
Retention period: Duration of the service relationship and up to 24 months from the last interaction.
Purpose: To analyse user behaviour on the websites in order to improve the browsing experience and measure the performance of advertising campaigns through conversion event tracking.
Data processed: Web behaviour data, traffic source, device type, approximate geographical location and conversion events (without direct personal identification for advertising purposes).
Legal basis: User consent through acceptance of analytical or marketing cookies in the consent management panel (Article 6(1)(a) GDPR).
Retention period: Up to 14 months for analytics data (Google Analytics); up to 24 months for advertising data (Google Ads).
Tools: Google Analytics 4, Google Ads, Meta Pixel, Google Tag Manager (individual containers per establishment).
Purpose: To ensure the safety of persons, assets and facilities at the establishments of Grupo Amida Restaurantes 2025, S.L.
Data processed: Images of individuals captured in monitored areas.
Premises: All restaurant establishments operated by Grupo Amida Restaurantes 2025, S.L.
Legal basis: Legitimate interest of the Data Controller (Article 6(1)(f) GDPR) and Article 22 of Spanish Organic Law 3/2018 (LOPDGDD).
Retention period: A maximum of 30 days from the date of capture (Article 22(3) LOPDGDD), unless the footage is required as evidence of unlawful acts, in which case it will be retained until resolution of the relevant proceedings.
Additional information: Monitored areas are signposted with the informational pictogram required by law. Images are not shared with third parties except upon request from the competent authorities.
Purpose: To manage the administrative, accounting and invoicing functions of the group, provided internally by Balikan Family 2025, S.L. (B75868257), the group's parent company, acting as intragroup Data Processor pursuant to Article 28 GDPR.
Data processed: Identifying data of clients and suppliers, transaction data, accounting and tax data.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR); legal obligations under tax and commercial law (Article 6(1)(c) GDPR).
Retention period: Tax and accounting documentation: 10 years (Article 30 of the Spanish Commercial Code; Article 70 of the Spanish General Tax Law).
Purpose: To fulfil applicable legal obligations in the fields of tax, labour, commercial and health law.
Data processed: Identifying and financial data required for regulatory compliance.
Legal basis: Compliance with legal obligations (Article 6(1)(c) GDPR).
Retention period: In accordance with the periods prescribed by applicable law in each case.
Data collected may be processed by the following providers acting as Data Processors, pursuant to Article 28 GDPR:
Webflow, Inc. — Web development and hosting platform — USA
Cloudflare, Inc. — Content delivery network and perimeter security — USA
Cover Manager — Restaurant reservation management — Spain (EU)
Agora TPV — Restaurant management and point-of-sale system — Spain (EU)
Google LLC (Google Workspace) — Cloud productivity suite and corporate email — USA
Google LLC (Google Analytics 4) — Web traffic analytics — USA
Google LLC (Google Business Profile) — Business listing, reviews, and presence management on search engines and maps — USA
Google LLC (Google Maps) — Geolocation and location display on web — USA
Google LLC (Google Tag Manager) — Tag and tracking script management — USA
Google LLC (Google Ads) — Advertising management and conversion tracking — USA
Meta Platforms Ireland Ltd. — Meta Pixel — website behaviour tracking — Ireland (EU)
Balikan Family 2025, S.L. — Shared intragroup administration and accounting services — Spain (EU)
All Data Processors have entered into the corresponding data processing agreement pursuant to Article 28 GDPR and apply appropriate security measures commensurate with the risk.
Several Data Processors are established in the United States. Transfers are carried out with the safeguards required under Article 46 GDPR:
Google LLC and Meta Platforms Ireland Ltd.: transfers covered by the EU-US Data Privacy Framework, adopted by European Commission Adequacy Decision of 10 July 2023 (Decision 2023/1795/EU).
Webflow, Inc. and Cloudflare, Inc.: transfers carried out by means of Standard Contractual Clauses (SCCs) adopted by the European Commission.
Data Subjects may exercise the following rights recognised under the GDPR and Spanish Organic Law 3/2018 (LOPDGDD):
Access (Article 15): to obtain confirmation of the data processed and access it.
Rectification (Article 16): to request the correction of inaccurate or incomplete data.
Erasure (Article 17): to request the deletion of data when it is no longer necessary for the purposes collected or when consent is withdrawn.
Restriction (Article 18): to request the restriction of processing in the circumstances provided for by applicable law.
Portability (Article 20): to receive data in a structured, machine-readable format.
Objection (Article 21): to object to processing based on the Legitimate interest of the Data Controller.
Withdrawal of consent: at any time and without retroactive effect.
How to exercise these rights:
Email: legal@grupoamida.com
Postal address: Grupo Amida Restaurantes 2025, S.L., Carrer Gremi de Cirurgians i Barbers, 25, A.3.2, 07009 Palma de Mallorca
Requests must include the Data Subject's full name, a copy of their national ID or equivalent document and the specific request. The response period is one month, extendable by a further two months in cases of particular complexity.
If a Data Subject considers that their rights have been infringed, they may lodge a complaint with the Spanish Data Protection Authority (AEPD) — www.aepd.es
Grupo Amida Restaurantes 2025, S.L. applies appropriate technical and organisational measures in accordance with Article 32 GDPR, including encryption of communications, role-based access control, robust authentication and incident management procedures.
In the event of a security breach that may affect the rights of Data Subjects, the Spanish Data Protection Authority (AEPD) will be notified within a maximum of 72 hours of becoming aware of it (Article 33 GDPR).
The services of Grupo Amida Restaurantes 2025, S.L. are not directed at persons under the age of 14. Should data from minors be collected without the consent of their legal representative, it will be immediately erased.
Grupo Amida Restaurantes 2025, S.L. may update this policy in response to regulatory or technical changes. The date of the most recent update appears at the beginning of this document.
Last updated: 13 de junio de 2026