PRIVACY POLICY — HOUH HOTELS
1. IDENTITY OF THE DATA CONTROLLER
In compliance with EU Regulation 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), the personal data provided by users will be processed by:
Data Controller: HOUM HOTELS & VILLAS SL (hereinafter, “Houm Hotels”)
Tax ID (N.I.F.): B16517195
Address: Av. Son Rigo nº 13, 1º, 07610 Palma de Mallorca (Spain)
Telephone: (+34) 971 265 710
Email: privacidad@houmhotels.com
2. PERSONAL DATA WE PROCESS
Depending on how you interact with our website and services, we may process the following categories of personal data:
- Identification data: name, surname
- Contact data: email address, telephone number, postal address
- Booking and stay data: selected hotel, dates, room type, number of guests, preferences, services contracted
- Transactional data: booking amount, payment method, billing identifiers (credit card details are not stored by Houm Hotels)
- Commercial data: interests, preferences, booking history, marketing engagement data
- Web browsing data: IP address, device, browser type, language, cookies and similar technologies
- Data received from third-party tools (with consent): such as CRM interactions, analytics, advertising and lead forms
3. PURPOSES AND LEGAL BASIS FOR PROCESSING
Below are the purposes for which we process personal data and their corresponding legal bases under Article 6 GDPR:
3.1 Booking and hotel service management
- Purpose: manage and confirm bookings, provide hotel services, customer support, invoicing and related operations
- Legal basis: performance of a contract (Art. 6.1.b GDPR)
- Third-party tools involved:
— Witbooking (booking engine and reservation management)
— Property Management System (PMS) and Channel Manager as required for operations
3.2 Commercial communications (email/SMS/newsletters)
- Purpose: send promotional offers, updates, newsletters and marketing campaigns
- Legal basis: consent of the data subject (Art. 6.1.a GDPR)
- Third-party tools involved:
— Fideltour CRM (email marketing, segmentation and automation)
Users may withdraw consent at any time through the unsubscribe link or by contacting us directly.
3.3 Lead capture, personalisation and website analytics
- Purpose: personalise website content, analyse browsing behaviour, capture leads and optimise marketing
- Legal basis: consent (via cookie banner and/or lead forms)
- Third-party tools involved:
— Fideltour CRM (lead forms)
— THN – The Hotels Network (lead capture, personalisation, benchmarking)
— Google services (Analytics, Ads)
— Meta Platforms (Pixel, Ads)
Cookies and tracking technologies are only activated after user consent, except for strictly necessary cookies.
3.4 Customer service and contact requests
- Purpose: respond to inquiries and requests sent through contact or information forms
- Legal basis: consent (Art. 6.1.a GDPR)
3.5 Compliance with legal obligations
- Purpose: tax obligations, regulatory requirements and accounting documentation
- Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR)
3.6 Security and fraud prevention
- Purpose: protect the website, services and users, as well as prevent fraudulent activities
- Legal basis: legitimate interest (Art. 6.1.f GDPR)
4. DATA RECIPIENTS AND PROCESSORS
Your data may be shared with the following categories of recipients, always under a GDPR-compliant Data Processing Agreement (Art. 28 GDPR):
- Booking engine provider (Witbooking)
- CRM and marketing automation provider (Fideltour)
- Lead capture and personalisation provider (THN – The Hotels Network)
- Payment gateways (for secure transaction processing)
- PMS and Channel Manager (hotel operations)
- IT, hosting and maintenance service providers
- Advertising and analytics platforms (only with consent): Google, Meta
- Public Authorities (in cases of legal obligation)
We never sell personal data to third parties.
5. INTERNATIONAL DATA TRANSFERS
Certain service providers, such as Google and Meta, may process data outside the European Economic Area (EEA).
When such transfers occur, Houm Hotels ensures compliance with Chapter V of the GDPR through mechanisms such as:
- European Commission Standard Contractual Clauses (SCC)
- EU–US Data Privacy Framework, when applicable
- Additional contractual and technical safeguards
6. DATA RETENTION PERIODS
We apply the principle of data minimisation and retain data only for the necessary time:
- Booking and billing data: duration of contractual relationship + 5 years (legal/tax obligations)
- Commercial and marketing data: until withdrawal of consent or 24 months of inactivity
- Web browsing data: according to the Cookie Policy
- Complaints or legal documentation: according to statutory limitation periods
Once expired, the data will be deleted or anonymised.
7. RIGHTS OF DATA SUBJECTS
Users may exercise the following rights under the GDPR:
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent
Requests shall be directed to:
📩 Email: privacidad@houmhotels.com
We may request proof of identity for security reasons. Users also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) or with their national supervisory authority.
8. DATA RELATING TO MINORS
We do not intentionally collect personal data from children under 16 years of age. If users believe that such data has been processed, they may contact us for removal.
9. SECURITY MEASURES
Houm Hotels implements appropriate technical and organisational measures to protect personal data as required by Article 32 GDPR, including but not limited to:
- Encrypted communications (TLS)
- Access control policies
- Secure backups
- Limited data access based on roles
- Security audits of third-party processors
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in legislation, technology or service operation. The updated version will always be available on this website.
EN