Privacy policy

Data controller

• Controller: Restauración Intervejer S.L. (Spanish Tax ID B90358920).
• Address: Calle Judería 3A, 11150 Vejer de la Frontera, Cádiz, Spain.
• Privacy contact email: vejer@lajuderiadevejer.com.
• Phone: +34 956 90 74 71.

This policy explains how we handle personal data that may reach us through the website https://www.lajuderiadevejer.com, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

What data we process and why

The website is primarily informational and does not include our own contact form. We do not collect personal data from browsing beyond what is described in the cookie policy.

The only processing activities carried out directly by the restaurant in connection with the website are:

1. Enquiries initiated by the user

If you write to vejer@lajuderiadevejer.com or call +34 956 90 74 71, we will process the data you provide (name, email, phone and the content of your enquiry) in order to respond to it.

• Legal basis: the legitimate interest of the controller in handling enquiries (Art. 6.1.f GDPR) and, where applicable, pre-contractual steps taken at the data subject’s request (Art. 6.1.b GDPR).
• Retention period: the time needed to respond and, thereafter, the period required to handle potential liabilities.

2. Bookings made through the CoverManager widget

The website integrates the CoverManager booking service (CoverManager, S.L.). When you make a booking through the embedded widget, your data (name, email, phone, number of guests, notes) are collected directly by CoverManager, S.L., which acts as a data processor for that service. The restaurant subsequently accesses the booking information in order to manage it.

• Purpose: managing the table reservation and related communications (confirmation, reminders, cancellations).
• Legal basis: performance of the reservation contract requested by the user (Art. 6.1.b GDPR).
• Retention period: as long as needed to provide the service and then the period required by applicable law.
• You can consult CoverManager’s official policies at:
  • Legal notice: https://www.covermanager.com/legal-notice
  • Privacy policy: https://www.covermanager.com/privacy-policy
  • Cookie policy: https://www.covermanager.com/cookies-policy

3. Statistical measurement via Google Analytics 4

The website uses Google Analytics 4 (Measurement ID G-VCJEV982VP) to obtain aggregated traffic statistics, only once you have given your consent through the cookie banner.

• Service: Google Analytics 4 (aggregated statistical measurement of web traffic).
• Data processor: Google Ireland Ltd.
• Registered office: Gordon House, Barrow Street, Dublin 4, Ireland.
• Purpose: aggregated analysis of visits, page views and browsing behaviour in order to improve the website.
• Legal basis: the data subject’s consent (Art. 6.1.a GDPR and Art. 22.2 LSSI-CE).
• International transfer: yes, to Google LLC (United States), under the EU–US Data Privacy Framework (European Commission adequacy decision of 10 July 2023).
• Provider’s privacy policy: https://policies.google.com/privacy.

4. Gift voucher purchases

When you buy a gift voucher on the /regalar or /bono/{code} paths of this site, payment is delegated to a payment service provider. The restaurant only receives the data needed to issue and, where applicable, deliver the voucher to its recipient (name, email, amount, transaction identifier and an optional message).

• Service: payment gateway for gift voucher purchases.
• Data processor: Stripe Payments Europe Ltd. (Ireland) — Identifies the buyer with the minimum data needed to process the payment and applies its own GDPR compliance safeguards.
• Data processed by Stripe: card data, amount, transaction identifier, IP address, billing information where applicable. Restauración Intervejer S.L. does not store full card details.
• Purpose: collecting payment for the gift voucher and fraud prevention.
• Legal basis: performance of the voucher purchase contract (Art. 6.1.b GDPR) and the payment provider’s legitimate interest in fraud prevention (Art. 6.1.f GDPR).
• Retention period: the payment record is retained for the periods required by applicable commercial and tax law.
• International transfer: Stripe Payments Europe Ltd. is based in Ireland and may transfer data to Stripe Inc. (United States) under the Standard Contractual Clauses approved by the European Commission.
• Provider’s privacy policy: https://stripe.com/privacy.

Recipients of the data

We do not share personal data with third parties except where legally required. Data collected through CoverManager are processed by that provider as a data processor. In addition, embedded third-party services (Google Maps, Matterport and, potentially in the future, video platforms such as YouTube) may process technical data such as your IP address on their own servers; those processing activities are governed by the respective providers’ privacy policies.

International data transfers

Some of the providers mentioned may process data outside the European Economic Area. These providers rely on appropriate safeguards under the GDPR, such as the Standard Contractual Clauses adopted by the European Commission.

In particular:

• Cloudflare, Inc. (United States) acts as the CDN and edge compute provider serving both the public website and the gift voucher store. It processes IP addresses and technical metadata for security, attack mitigation and content delivery. Cloudflare relies on the Standard Contractual Clauses approved by the European Commission. Privacy policy: https://www.cloudflare.com/privacypolicy/.
• Stripe Payments Europe Ltd. (Ireland) may transfer data to Stripe Inc. (United States) under Standard Contractual Clauses. More information at https://stripe.com/privacy.
• Google Ireland Ltd. transfers data to Google LLC (United States) under the EU–US Data Privacy Framework, as detailed in section 3.

Your rights

You may exercise the following rights:

• Access to your personal data.
• Rectification of inaccurate data.
• Erasure (“right to be forgotten”).
• Objection to processing.
• Restriction of processing.
• Data portability.
• Not to be subject to automated decisions with legal effects.

To exercise these rights, please write to vejer@lajuderiadevejer.com or to the postal address above, enclosing a copy of a document proving your identity.

If you feel your request has not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss or alteration. The website is served over encrypted connections (HTTPS).

Children

The website is not directed at children under 14, and we do not knowingly process their data without the consent of their legal representatives.

Changes to this policy

We may update this policy to reflect legal changes or new services. The version in force will always be the one published on this page, together with its last-updated date.

---

Last updated: 13 May 2026.