Privacy Policy

This privacy policy applies to the website Iberostar.com (hereinafter the Website) and the booking platforms Portal-interactiv and Isecure.visitus-inc accessible from the Website (hereinafter the Booking Platform(s)). Please read this privacy policy carefully. It provides you with important information about the processing of your personal data and the rights you have in accordance with current laws and regulations.  

We reserve the right to update our Privacy Policy at any time as a result of business decisions, as well as in order to comply with any legislative or jurisprudential changes. 

If you have any questions or need clarification regarding our Privacy Policy or your rights, you may contact us using the channels below.

You state that the data you provide us with, now or in the future, is correct and truthful and you agree to notify us of any modification thereto. In the event of providing personal data from third parties, you undertake to obtain the prior consent of the parties concerned and to inform them of the contents of this policy.

As a general rule, the fields in our forms marked as mandatory must be filled out in order to be able to process your applications.

1 Who is the controller of your data?

The data controller of the data collected on the Website is the company Iberostar Hoteles y Apartamentos, S.L., with registered office at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, Spain (hereinafter Iberostar Group).*

The data controller for the data collected on the Portal-interactiv Booking Platform is the company Portal Interactiv, S.L., with registered office at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, Spain (hereinafter Portal Interactiv).

The data controller for the data collected on the Isecure.visitus-inc Booking Platform is the company Visit Us, INC., with registered office at 9250 NM, 36th St, STE 360, Doral, Florida 33178, USA (hereinafter Visit Us) and whose representative in Spain is Portal Ventas On Line, S.L., with registered office at C/ General Riera, 154 in Palma de Mallorca, Spain.

You can contact the Data Protection Officer for the Iberostar Group at privacy.dpd@grupoiberostar.com 


2. What personal information do we obtain?

The data we process is obtained from:

  • The forms you complete and the applications you submit via the website, for example when you register, sign up for our newsletters or book a stay. We also process the data included in the applications and requests we receive by email or at our call centre;
  • Profiles and analytics obtained from web users' browsing, registered or not; 
  • Your social profile and the data generated by your use of the social media with which you register on our website, insofar as you have authorised it. 

The data we obtain is provided either directly by you or by third parties who process requests on your behalf, the booking holder, for example.     

The categories of data we process typically consist of:

  • Identification and contact details, ID card or passport;
  • Data on personal characteristics such as language, gender, date of birth and nationality;
  • Financial and transactional data;
  • Data related to your browsing, e.g. the IP address from which you connect to the Web, weblogs, pages visited or actions performed on the Web. We do this by using cookies and similar technologies that may involve tracking your browsing. 
  • More information on the cookies policy of the Iberostar Group can be found at GrupoIberostar.com/Portal-Privacidad; 
  • Details of your booking history and contact with the group;
  • Commercial monitoring data and, where applicable, data regarding preferences and commercial profile. 
  • Further information regarding the development and use of customer profiles and users of the Iberostar Group is available in the privacy policy at GrupoIberostar.com/Portal-Privacidad;
  • Details of your social profile and data generated by your use of social media, which you have decided to share with us, for example other contact details, images, likes and comments. 
  • Further information regarding the function of the Social Login of the Iberostar Group is available in the privacy policy atGrupoIberostar.com/Portal-Privacidad;

3 What will we process your data for? 

Web users' data will be processed by the Iberostar Group in order to manage the relationship with them, offer support for their requests and queries, administration and management of the website's security and compliance with legal obligations. 

This data will also be processed for internal administrative purposes by the Iberostar Group, statistics and quality assessment. This includes the analysis of consolidated booking data processed via the website and carrying out opinion surveys, although completing these is not mandatory.

If you sign up for our newsletter, your data will be processed by the Iberostar Group to send you commercial communications from the Iberostar Group. 

If you provide your consent, the Iberostar Group will draw up a commercial profile based on the data provided on the website and on the Booking Platforms in order to offer you personalised treatment in the provision of the requested services and send you commercial offers in accordance with this profile. No automated decisions will be made based on our clients’ profiles. Personalisation of the services implies your consent so that the hotels and Iberostar Group companies you make contact with in the future for contracting or provision of services, can access your data as a user of the chain, while also providing your consent for your data to be subject to international transfer when these entities are based outside the European Economic Area. 

Further information regarding the privacy policy applicable to profiling and the use of Iberostar Group’s clients and users profiles is available at GrupoIberostar.com/Portal-Privacidad;

The data provided during the booking processes will be processed by Portal Interactiv or Visit Us, as applicable, for the processing and commercial monitoring of their applications, the provision of the requested services, the administration and management of the Booking Platform's security and the fulfilment of legal obligations. This data will also be processed for statistical and quality improvement purposes. In order to monitor your applications, our agents may contact you by email and/or telephone, for example in order to resolve any incidents in the booking process. 

For users residing on the American continent, except CUBA: If you provide your consent to receive commercial offers, your identification and contact details will be shared with Visit Us in order to send you commercial information about the tourism products they offer, including by electronic means. For the purposes of European data protection regulations, the guarantees provided by Visit Us to ensure adequate levels of protection of personal data take the form of formalising the standard data protection clauses adopted by the European Commission in its EC Decision 2004/915/EC of 27 December 2004. A copy of these safeguards may be requested from the Iberostar Group's Data Protection Officer.

4 Who can we share your data with?

Your data will only be disclosed to third parties in the case of legal obligation, with your consent or when your request implies such notification. For example:

  • In order to process the booking correctly, the data provided will necessarily be disclosed to the destination hotels or to the companies whose services are included in the contracted service. This includes notifying said hotels of the bank card details you have provided during the booking process in order to cover any possible penalties for cancellations or defaulting established in the tariff conditions. Processing your bookings necessarily entails the aforementioned data processing, therefore in the event of any objection, the procedure cannot be carried out. 
  • The details provided in the contact form will be disclosed to the recipient you have indicated, which may imply the international transfer of your data, where said recipients are based outside the European Economic Area; 
  • The comments and ratings of the Iberostar hotels you complete through the use of the corresponding opinion forms will be published on the website together with the username provided, and will therefore become public information. You should take particular care when deciding to share your personal information.

You agree to make appropriate use of the comment posting function on the website and  in particular, but not exclusively, not to enter data and/or comments that:

  • Incur unlawful or illegal activities or those contrary to good faith and public order;
  • Disseminate content or propaganda of a racist, xenophobic, pornographic nature or that constitutes terrorist apology or a breach of human rights;
  • Include content that violates intellectual and industrial property rights;
  • Harm the image of third parties;
  • Introduce or disseminate computer viruses on the network or any other software or hardware systems likely to cause system damage;
  • Use other users’ email accounts or personal data or modify or manipulate their messages.

The Iberostar Group reserves the right to withdraw or not publish any comments or contributions that are in breach of the aforementioned conditions, and in particular those that violate individual dignity, which are discriminatory, xenophobic, racist, pornographic, which threaten young people or children, public order or security or which, according to their judgement, are inappropriate. Pursuant to the regime provided for in Article 16.1 of Act 34/2002, of 11 July 2002, on information society services and electronic commerce, Iberostar Group is not responsible for the information stored at the request of users, and in particular regarding the opinions expressed, nor for the accuracy, quality, reliability and accuracy of the information which users include. 

Notwithstanding the above, individuals whose personal data is included in comments or posts published on the website may at any time request the cancellation of said data as indicated in section 7. What are your rights?

5 Legal basis for data processing

The basis for processing your data is to manage the legal relationship established with you, the provision of the requested or contracted services, and compliance with legal obligations, in particular the corresponding accounting, tax and tourist regulations.

The management of the website and Booking Platforms' security is based on the existence of a legitimate interest. The analysis of consolidated client data, gathering statistics and conducting quality control, commercial monitoring of your requests and the sending of commercial communications are based on our legitimate interest for internal administrative purposes, as well as the evaluation and promotion of our services.

Commercial profiling, personalisation of services and sending personalised commercial communications and offers are based on the consent requested, without withdrawal of such consent conditioning the provision of the contracted services. 

6 How long will we store your data?

We generally store your data for the duration of your relationship with us and, in any event, for the time periods provided for in the applicable legal provisions, for example in accounting and tax matters, and for as long as necessary to cover possible liabilities arising from the processing. We will erase your data when it is no longer necessary or relevant for the purposes for which it was collected. 

Access logs to restricted areas of the website will be cancelled on a monthly basis. Information related to browsing will be erased once connection to the website has ended and statistics are completed. 

Data processed for commercial purposes, including commercial profiles, will be store unless erasure is requested. The storage mediums on which consent exists for processing your data for said purposes, for example electronic form logs, will be stored for the duration of the processing and the applicable limitation periods.

7 What are your rights?

You have the right to obtain confirmation as to whether or not we are processing your personal data and, where that is the case, to have access to it. You may also request that your data be rectified if inaccurate or that incomplete data be completed, as well as requesting its erasure when, among other reasons, the data is no longer needed for the purposes for which it was collected. 

In certain circumstances, you may request restrictions to the processing of your data. In such cases, we will only process the data concerned for the establishment, exercise or defence of legal claims, or for the protection of the rights of others. 

Under certain conditions and on grounds relating to your particular situation, you may also object to the processing of your data. In this case, we will stop processing the data except for on compelling legitimate grounds which override over your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. 

Likewise, under certain conditions, you may request the portability of your data, to have it transferred to another data controller.

You may revoke your consent for certain purposes, without affecting the lawfulness of the processing based on consent prior to its withdrawal, and file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos). 

To request that the processing of your data for commercial purposes be discontinued you can send an email to the following email address: lopd@iberostar.com    

In order to exercise your rights, you should send a request to the appropriate data controller accompanied by a copy of your national identity card, or another valid identity document by post or e-mail, to the addresses indicated in section 1. Who is responsible the data controller of your data?    
More information about your rights and how you can exercise them can be found on the Spanish Data Protection Agency website at https://www.agpd.es/