Privacy policy

1. Data controller

• Controller: Staybybike S.L.
• Tax ID (NIF/CIF): B44743474
• Address: Av. Conde Rudi, 136, 2 Norte 1B, 29603 Marbella (Málaga), España
• Email: info@marbellarentabike.com

2. Data we process

Depending on how you use the site, we may process the following categories of data:

• Identification and contact data: name, phone and email.
• ID document or passport: image you provide when booking, used solely to verify your identity and prevent fraud. It is not shared with third parties for commercial purposes.
• Booking data: hotel, dates, bike and duration.
• Geolocation data: when the bike’s lock has GPS, we record the bike’s location, in particular when it is returned, to check that it is returned within the hotel’s authorised perimeter (geofence). For bikes whose lock does not have GPS, at the time of return we will ask your permission to access your device’s location, solely to make that same check; this access is one-off and only at that moment. We do not track your device continuously or outside the return.
• Return photo: image of the bike you take when returning it, to verify its condition.
• Payment data: handled directly by our payment gateway; we do not store full card details.
• Browsing data: IP address and technical data via cookies (see Cookie policy).

3. Purposes and legal basis

• Manage the booking and rental of bikes (performance of a contract).
• Verify the user’s identity to prevent fraud and protect the bikes (performance of the contract and legitimate interest).
• Verify the correct return of the bike through its geolocation and the return photo, and manage the deposit and any incidents (performance of the contract and legitimate interest; for accessing your device’s location, your one-off consent).
• Process payments, deposits and any surcharges (performance of the contract).
• Handle enquiries from hotels interested in becoming partners (consent or pre-contractual measures).
• Comply with legal, accounting and tax obligations (legal obligation).

4. Retention period

We keep data for as long as necessary to provide the service and, thereafter, for the periods legally required (for example, those under commercial and tax law). The image of the ID document is kept only for the time strictly necessary for verification and management of the rental.

5. Recipients

To provide the service, we rely on providers acting as data processors:

• Payment gateway (Stripe Payments Europe, Ltd.) to process payments and deposits.
• Transactional email provider (Resend) for booking communications.
• The hosting provider of the server where the platform is hosted.
• The partner hotel where the user picks up the bike, for the purposes of managing the rental.

6. International transfers

Some providers may process data outside the European Economic Area. In such cases, the safeguards provided for in the GDPR apply, such as the standard contractual clauses approved by the European Commission.

7. Your rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability by writing to info@marbellarentabike.com, stating the right you wish to exercise. If you believe the processing does not comply with the regulations, you may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

8. Security

We apply appropriate technical and organisational measures to protect personal data against loss, misuse or unauthorised access.

9. Minors

The services are intended for adults. We do not knowingly collect data from minors without the consent of their legal guardians.