Book now
Back to home

Privacy Policy

Last updated: February 2026

This Privacy Policy explains how Gos'ando Barcelona collects, uses, and protects your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPD-GDD).

1. Data Controller

The data controller responsible for your personal data is:

Andréa Royer

9 Carrer Aurora, attic, 08001 Barcelona, Spain

[email protected]

NIE: Y3661793T

2. Data We Collect

We collect the following categories of personal data:

Identity & Contact Data

Name, email address, phone number, WhatsApp number, preferred language

Dog Information

Dog's name, breed, age, weight, health conditions, behavioral notes, vaccination status, photos

Booking Data

Service type, dates, times, addresses, special requests, service history

Account Data

Email, password (encrypted), profile settings, notification preferences

Technical Data

IP address, browser type, device information, cookies (see our Cookie Policy)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to fulfill our service agreement with you (bookings, service delivery, communication)
  • Consent: Where you have given explicit consent, such as for marketing communications or optional cookies
  • Legitimate interests: For improving our services, website security, and fraud prevention
  • Legal obligation: Where required by Spanish or EU law (e.g., tax records, insurance requirements)

4. Data Retention

We retain your personal data for the following periods:

  • Active account data: For as long as your account is active, plus 2 years after last activity
  • Booking records: 5 years (Spanish tax law requirement)
  • Marketing consent: Until you withdraw consent
  • Technical logs: 12 months

5. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restriction: Limit how we process your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

6. Third-Party Services

We share your data with the following trusted third parties, only as necessary to provide our services:

  • Supabase (database hosting & authentication): Your account data and booking information are stored on Supabase servers. Supabase complies with GDPR and data is processed within the EU.
  • Vercel (website hosting): Our website is hosted on Vercel. Technical data such as IP addresses may be processed.
  • Google Analytics (optional): If you consent to analytics cookies, anonymized usage data is collected to improve our website.

7. International Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS), secure password storage, access controls, and regular security reviews.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

10. Contact

For any questions about this Privacy Policy or your personal data, please contact:

Andréa Royer - [email protected]