PRIVACY POLICY — HOUH HOTELS

1. IDENTITY OF THE DATA CONTROLLER

In compliance with EU Regulation 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), the personal data provided by users will be processed by:

Data Controller: HOUM HOTELS & VILLAS SL (hereinafter, “Houm Hotels”)
Tax ID (N.I.F.): B16517195
Address: Av. Son Rigo nº 13, 1º, 07610 Palma de Mallorca (Spain)
Telephone: (+34) 971 265 710
Email: privacidad@houmhotels.com

2. PERSONAL DATA WE PROCESS

Depending on the services used, we may process the following categories of personal data:

• Identification data: name, surname
• Contact data: email, telephone, postal address
• Booking and stay data: hotel, dates, room type, preferences, companions
• Transactional data: payment method, amount, billing identifiers (if applicable)
• Web browsing data: IP address, device, browser, language, cookies
• Commercial data: interests, preferences, booking history
• Web interaction data: pages visited, clicks, session statistics
  

We do not intentionally collect special category data (health, religion, etc.) unless voluntarily provided by the client to improve their stay (e.g., allergies).

3. PURPOSES OF PROCESSING

Personal data may be processed for the following purposes:

a) Management of bookings and tourist accommodation services
b) Administrative, accounting and tax management
c) Customer service and communication during the stay
d) Management of cancellations, modifications and complaints
e) Sending of commercial communications, newsletters and offers (only with consent)
f) Analytics and statistics to optimize the user experience
g) Website security and fraud prevention
h) Personalization of content and advertising (only if cookies are accepted)

4. LEGAL BASIS FOR PROCESSING (ART. 6 GDPR)

Depending on the specific processing activity, the legal basis may be:

• Performance of a contract: bookings, payments, invoicing (Art. 6.1.b GDPR)
• Compliance with legal obligations: tax and accounting duties (Art. 6.1.c GDPR)
• Consent of the data subject: marketing, newsletters, cookies (Art. 6.1.a GDPR)
• Legitimate interest: website security, fraud control, basic analytics (Art. 6.1.f GDPR)
  

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

5. SOURCE OF THE DATA

Data may originate from:

• Forms submitted through the Website
• Booking engine systems
• Property Management System (PMS)
• Channel Manager
• Payment platforms or gateways
• Newsletter/CRM platforms
• Web browsing (cookies and similar technologies)
  

6. DATA RETENTION PERIODS

Data will be stored for the following periods:

• Bookings: for the duration of the contractual relationship + legal retention (5 years for tax obligations)
• Commercial communications: until consent is withdrawn
• Cookies: according to the Cookies Policy
• Invoicing and accounting: according to tax regulations
• Complaints and liability: for the limitation periods established by law
  

7. RECIPIENTS AND DATA PROCESSORS

Personal data may be communicated to:

• Booking engine providers
• Channel managers
• Property Management Systems (PMS)
• Payment platforms (TPV)
• CRM and email marketing platforms
• Digital marketing service providers
• Web hosting providers
• Website maintenance and IT services
• Legal or tax advisors
  

All such entities act as Data Processors, under contracts complying with Art. 28 GDPR.

8. INTERNATIONAL DATA TRANSFERS

Some processing activities may involve data transfers outside the European Economic Area (EEA), including services provided by:

• Google (Analytics, Ads, etc.)
• Meta (Facebook and Instagram)
• Email marketing or CRM tools
• Booking engines and PMS with servers outside the EU
  

In such cases, appropriate safeguards will be applied, including:

• Standard Contractual Clauses (SCCs), or
• Adequacy decisions, or
• International certifications
  

9. RIGHTS OF THE DATA SUBJECT

Users may exercise the following rights:

• Right of access
• Right of rectification
• Right of erasure
• Right to object
• Right to restrict processing
• Right to data portability
• Right to withdraw consent
  

Requests must be sent to: privacidad@houmhotels.com, including proof of identity.

Users may also file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es

10. AUTOMATED DECISION-MAKING AND PROFILING

Commercial profiling may be carried out to personalize content and offers; however, no automated decisions producing legal or significant effects will be taken.

11. DATA SECURITY

Houm Hotels applies technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.

12. DATA PROTECTION AND MINORS

Services provided by Houm Hotels are not directed at minors under 16 years of age. Personal data from minors will only be processed with the consent of their legal guardian.

13. UPDATES TO THIS POLICY

Houm Hotels may update this Privacy Policy to adapt it to legislative or operational changes. The version published on the Website shall apply at all times.