Please read this policy carefully. Here you will find important information about how your personal data will be processed and your rights under the relevant legislation in force.
You declare that the information you provide, now and in the future, is correct and truthful and undertake to inform us of any changes to said information. When providing the personal data of a third party, you agree to obtain prior consent from the party in question and to inform them of the content of this policy.
Generally speaking, the fields on our forms that are marked as mandatory must be completed in order for us to process your requests.
Who is responsible for processing your personal data?
The company responsible for processing your data collected via the Website is IBEROSTAR HOTELES & APARTAMENTOS, S.L., with registered address at C/ General Riera 154, 07010, Palma de Mallorca, Balearic Islands, (hereinafter GRUPO IBEROSTAR).
The company responsible for processing your data collected via the Booking Platform portal-interactiv.com is PORTAL INTERACTIV, S.L., with registered address at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, (hereinafter PORTAL INTERACTIV).
The company responsible for processing your data collected via the Booking Platform isecure.visitus-inc.com is VISIT US, Inc., with registered address at 9250 NM, 36th St, STE 360, Doral, Florida 33178, USA (hereinafter VISIT US) and its representative in Spain is PORTAL VENTAS ON LINE, S.L., with registered address at calle General Riera, 154 de Palma de Mallorca, Spain.
You can contact the Data Protection Officer of the Iberostar group at email@example.com.
What personal information do we collect?
The data we process is the data we collect:
- From the forms that you fill in and the requests that you send via the Website, for example when you register, subscribe to our newsletters or book accommodation. We also process the data included in the requests and applications that we receive via email or through our call centre.
- From profiles and analytics obtained from registered and unregistered users browsing the Website.
- From your social profile and the data generated by your use of the social network account with which you register on our website, in accordance with the authorisation you have granted.
The data we obtain is provided, either directly by you, or by third parties who process requests on your behalf, for example the lead name on the booking.
The type of data we process usually consists of:
Why do we process your data?
- Identification and contact information, identity document or passport;
- Personal information such as language, sex, date of birth and nationality;
- Financial and transaction information;
- Information relating to your booking history and contact with the group;
Website users’ data is processed by GRUPO IBEROSTAR in order to manage the relationship with them, deal with their requests and queries, administer and manage the security of the Website and fulfil GRUPO IBEROSTAR’s legal obligations.
This data will also be processed for GRUPO IBEROSTAR’s internal administrative purposes, statistics and quality assessment. This includes analysis of consolidated data of bookings processed via the Website and conducting opinion surveys, although completing these is not mandatory.
If you sign up for our newsletter, your data will be processed by GRUPO IBEROSTAR in order to send you promotional communications from the Iberostar Group.
Data provided during the booking process will be processed by PORTAL INTERACTIV or VISIT US, as applicable, in order to facilitate the processing and commercial follow-up of your requests, provision of the requested services, administration and security management of the Booking Platform and the fulfilment of their legal obligations. This data will also be processed for statistical and quality improvement purposes. When following up your requests, our agents will be able to contact you by email or by telephone, e.g. to resolve any potential problems in the booking process.
Only for users resident in the Americas (except CUBA): If you consent to receive promotions, your identifying and contact information will be received by Visit Us so that they can send you commercial information about the tourist products that they sell, including via electronic mail. For the purposes of the European data protection regulations, the guarantees offered by Visit US with regard to providing an adequate level of personal data protection are specified in the formalisation of the standard data protection clauses adopted by the European Commission in its Decision 2004/915/EC of 27 December 2004. You can request a copy of these guarantees from the GRUPO IBEROSTAR Data Protection Officer.
Who can we share your data with?
Your data will only be provided to third parties under legal obligation, with your consent or when your request requires such communication. For example:
- In order to process the booking correctly, the information provided will necessarily be communicated to the destination hotels or to the companies whose services are included in the contracted service. This includes providing said hotels with the bank card information provided during the booking process to process any potential penalties for cancellations or no shows, as established in the terms and conditions of the rate booked. The processing of your bookings necessarily involves the aforementioned handling of your data, with the result that the booking cannot be completed if you oppose this process.
- The data provided in the contact form will be communicated to the addressee that you have indicated, which may involve the international transfer of your data when said addressees are located outside the European Economic Area.
- Any comments and reviews regarding the IBEROSTAR hotels that you submit using the corresponding opinion form will be published on the website, together with the user name that is provided, meaning that they become public information. You should be especially careful when you decide to share your personal information.
You agree to use the functionality to publish comments on the Website appropriately and, in particular, but not exclusively, to not enter data and/or comments that:
- Represent illicit or illegal activity, or are contrary to good faith and public order;
- Disseminate content or propaganda of a racist, xenophobic or pornographic nature, or which supports terrorism or attacks human rights;
- Contain content that represents a violation of intellectual and industrial property rights;
- Are prejudicial to the image of third parties;
- Introduce or disseminate computer viruses, or any other hardware or software systems that may cause damage to the systems;
- Use other users’ email accounts or personal data and modify or manipulate their messages.
GRUPO IBEROSTAR reserves the right to delete or not publish any comments and contributions that fail to comply with the aforementioned points, and especially those that violate respect for the dignity of the person, that are discriminatory, xenophobic, racist or pornographic, that put young people, children, public order or safety at risk or those that, in their opinion, are not appropriate. In accordance with the rules established by Art. 16.1 of Law 34/2002, of 11 July, on information society and e-commerce services, GRUPO IBEROSTAR is not responsible for information stored at the request of users and, in particular, relating to opinions expressed, nor the accuracy, quality, reliability and correctness of the information added by users. Notwithstanding the foregoing, individuals whose personal information is included in comments or posts published on the Website, may request, at any time, the cancellation of said data, as indicated in the section entitled What are your rights?".
Legal grounds for processing
The grounds for processing your data include the administration of the legal relationship established with you, the provision of requested and contracted services, and the fulfilment of legal obligations, especially in respect of the applicable legislation relating to accounting, tax and tourism.
The management of the security of the Website and Booking Platforms is based on the premise of legitimate interest. The analysis of consolidated customer data, statistical analysis and quality control, commercial follow-up of your requests and the sending of promotional communications are based on our legitimate interest for internal administrative purposes, as well as evaluating and promoting our services.
The creation of commercial profiles, personalisation of services and sending of offers and personalised promotions are based on the consent requested, without the withdrawal of such consent conditioning the provision of the contracted services.
How long will we store your data?
We generally store personal data for the duration of your relationship with us and always in accordance with the terms set forth in applicable legal regulations, such as for accounting and tax purposes, and for the duration necessary to handle any possible liabilities that arise as a result of data processing. We will delete your data once they are no longer relevant to, or necessary for, the purposes for which they were collected.
Access logs for restricted areas of the website will be deleted in the month in which they are created. Browsing information will be deleted once connection to the website has been finalised and the corresponding statistical analysis completed.
Data processed for commercial purposes, including commercial profiles, will be stored until you request their deletion. The media in which your consent for the processing of your data for these purposes is recorded, for example, the electronic form submission logs, will be kept for the entire period of processing and the applicable limitation periods.
What are your rights?
You have the right to receive confirmation of whether or not we are processing your personal data, and, in such case, to access them. Likewise you can request for any incorrect data to be rectified or for incomplete data to be completed, as well as request removal of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
In certain circumstances, you can request for the processing of your data to be limited. In such case, we will only process the affected data for the filing, processing or response to complaints, or with a view to protect the rights of other parties. In certain situations and for reasons related to your specific circumstances, you may object to the processing of your data. In this case, we will stop processing the data unless legitimate compelling grounds are given that prevail over your interests, rights and liberties, or in order to file, process or respond to complaints. Additionally, under certain circumstances, you may ask for your data to be transferred to another responsible party for its processing.
You can revoke the consent you have granted for certain purposes without this affecting the lawfulness of the processing undertaken before consent was withdrawn, and file a claim before the Agencia Española de Protección de Datos [Spanish Data Protection Agency].
To request the removal of your data from processing for commercial purposes, you can use the remove link at the bottom of our emails or send an email to the following email address: firstname.lastname@example.org
In order to exercise your rights, you must send the person responsible for processing data a request together with a copy of your national identification document or another valid form of identification by post or by email to the addresses given in the “Who is responsible for processing your data?” section.
For further information about your rights and how to exercise them, visit the Agencia Española de Protección de Datos website at http://www.agpd.es.