This Cookie Policy explains what cookies and similar technologies we use at Reserva de Hamacas, in which contexts they load, and how you can manage them. It applies to every service we provide under the domains reservadehamacas.com and cdn.reservadehamacas.com.
We distinguish four contexts of use, each with different cookies and storage: the public website, the management dashboard for clients, the booking widget accessed by direct link, and the widget embedded in our clients’ websites.
Cookies are small text files stored on your device when you visit a website. Alongside them we also use Local Storage and Session Storage, browser mechanisms that fulfil the same role with greater storage capacity.
Under GDPR and the Spanish LSSI-CE, we classify them as:
Reserva de Hamacas is a multi-tenant SaaS. The cookies you will see depend on where you access from:
| Context | Where it loads | Who controls it |
|---|---|---|
| A. Public website | reservadehamacas.com (landing, blog, help) | Reserva de Hamacas |
| B. Management dashboard | reservadehamacas.com/dashboard (login) | Reserva de Hamacas |
| C. Widget via direct link | reservadehamacas.com/embed/{id} | Reserva de Hamacas |
| D. Embedded widget | Iframe served from cdn.reservadehamacas.com inside a client’s website | Reserva de Hamacas (third-party cookies with respect to the client’s website) |
When you browse reservadehamacas.com without being logged in (landing pages, information, help section, blog).
| Key | Purpose | Duration | Type |
|---|---|---|---|
| cookie_consent | Saved preferences from the cookie banner | Persistent | Necessary |
| cookie_consent_date | Date when preferences were saved | Persistent | Necessary |
| theme | Theme preference (light/dark) | Persistent | Functional |
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics 4 | Identify unique visitors | 2 years |
| _ga_PHQM7R0M4W | Google Analytics 4 | Maintain session state | 2 years |
We apply Google Consent Mode v2: until you accept analytics cookies, Google Analytics does not store identifiers in your browser. We anonymize IP addresses. Learn more: Google cookies.
Once logged in to the management dashboard as a client. These cookies are essential for the service to function and do not require consent.
| Cookie | Purpose | Duration | Attributes |
|---|---|---|---|
| access_token | JWT token for active session | 15 minutes | HttpOnly, Secure |
| refresh_token | Silent renewal of the access_token | 7 days | HttpOnly, Secure |
| has_session | Signal for the UI that a session is active | 15 minutes | Secure |
| Key | Purpose | Type |
|---|---|---|
| user_role | Cached role to speed up rendering | Necessary |
| planPermissions | Cached plan features | Necessary |
| categorySizes | Default sizes for the zone editor | Functional |
| theme | Theme preference (light/dark) | Functional |
For error monitoring in the dashboard we use Sentry, which may log technical session information (no personal data) when a failure occurs. See their privacy policy.
When a venue sends you a direct booking link (e.g. via WhatsApp or email) of the form reservadehamacas.com/embed/{id}. The domain you will see is ours.
| Key | Purpose | Type |
|---|---|---|
| cookie_consent | Cookie banner preferences | Necessary |
If the venue accepts online payments, reaching the payment step loads Stripe Elements, which sets its own anti-fraud cookies. They are technically necessary to process the payment.
| Cookie | Purpose | Duration |
|---|---|---|
| __stripe_mid | Fraud-prevention identifier | 1 year |
| __stripe_sid | Fraud-prevention session | 30 minutes |
| m | Stripe device identifier | 2 years |
Full details in Stripe’s privacy policy.
Important note: even though the link domain is ours, the data controller for your booking data is the venue that sent you the link. We act as a processor under Article 28 GDPR. You will find their identifying information and their privacy policy inside the widget itself.
When a venue integrates our widget directly into their website (e.g. hoteleldorado.com) via a script or iframe served from cdn.reservadehamacas.com.
| Key | Purpose | Type |
|---|---|---|
| widget_locale | Guest language preference | Necessary |
Identical to those in context C when the guest reaches the payment step: __stripe_mid, __stripe_sid, m.
We serve the widget through Cloudflare. Depending on the security configuration, Cloudflare may set the __cf_bm cookie (Bot Management, 30 minutes) to distinguish between human and automated traffic. It is strictly necessary for security reasons. Learn more.
Storage Partitioning:
Modern browsers (Safari, Firefox and Chrome) automatically partition iframe storage per embedding site. This means the storage the widget creates when you book at hoteleldorado.com is separate and isolated from the one it creates when you book at chiringuitojose.com, even though the iframe domain is the same. We cannot follow you between venues or cross-reference your activity across clients.
Division of responsibilities: the venue embedding the widget is responsible for managing cookie consent on its own website and for declaring our cookies as "third-party cookies" in its own policy. We keep this page up to date so they can link to it. See section 8 for the suggested text.
The first time you visit reservadehamacas.com we show a banner where you can:
You can change your preferences at any time by clicking "Cookie settings" in the footer.
All modern browsers allow you to manage cookies from their settings. Help links:
Important: if you block strictly necessary cookies you will not be able to log in to the dashboard or complete bookings with online payment.
You can disable Google Analytics by installing the official opt-out add-on in your browser.
These are the third-party services that may set cookies in any of the contexts described:
Strictly necessary cookies (authentication, language, payment fraud prevention) are applied under the legal basis of legitimate interest and the exception in Article 22.2 of the Spanish LSSI-CE for technical cookies.
Analytics cookies and non-essential third-party cookies are applied only with your express consent (GDPR Art. 6.1.a, LSSI-CE Art. 22.2). You can withdraw it at any time from the cookie banner in the footer, without affecting the lawfulness of prior processing.
If you are a Reserva de Hamacas client and you have integrated our widget on your website (context D), please bear in mind:
Suggested text for your cookie policy
You can copy this block and adapt it to your own cookie policy:
Reserva de Hamacas cookies (booking widget)
This website integrates the Reserva de Hamacas booking widget (Desatranques WEB, Torremolinos) via an iframe served from the domain cdn.reservadehamacas.com. The widget may set the following cookies and local storage items in your browser, considered third-party with respect to this website:
widget_locale — user language preference (Local Storage, necessary)__stripe_mid, __stripe_sid, m — Stripe cookies for fraud prevention, only when making a payment (necessary)__cf_bm — Cloudflare cookie to distinguish human from automated traffic (necessary, security)For more information see the Reserva de Hamacas Cookie Policy.
We may update this policy to reflect changes in the cookies we use, external providers or applicable regulations. The "Last updated" date at the top indicates the current version. If the changes are significant we will notify you via a banner on the site.
For any query about this policy or to exercise your rights:
Email: privacy@reservadehamacas.com
Data Protection Officer: dpo@reservadehamacas.com
Address: C/ Dávila Bertoli 6, 2.º C, 29620 Torremolinos, Málaga, España
This Cookie Policy complements our Privacy Policy and forms part of our Terms and Conditions.