Holder: MELIÁ HOTELS INTERNATIONAL, S.A. (hereinafter, “MHI”).
TAX ID No.: A78304516
Registered office: Calle Gremio Toneleros 24, 07009 Palma de Mallorca
Registry data: Registered with the Mercantile Registry of Palma de Mallorca, Folio: 112, Volume: 1335, Sheet:PM-22603.
Data Protection Officer (DPO): The User may contact the DPO through the following email address: email@example.com, or by writing to the address of MHI marked for the attention of the “Data Protection Officer”.
2. INFORMATION AND CONSENT
3. OBLIGATORY NATURE OF PROVIDING THE DATA.
The data requested in the forms accessible from the MHI Website are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request.
4. FOR WHAT PURPOSE WILL MHI PROCESS THE USER’S PERSONAL DATA AND FOR HOW LONG?
Depending on the User’s requests, the personal data collected will be processed by MHI in accordance with the following purposes:
To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences.
To manage the subscription to the newsletter and subsequent sending of this.
To manage registration in the MeliáRewards programme, as well as obtaining and redeeming points.
To manage the User’s contact requests with MHI through the channels provided to this end.
To manage the sending of personalised commercial communications of the Meliá Group, by electronic and/or conventional means, in cases in which the User expressly consents.
To manage the sending of personalised commercial communications of the MeliáRewards programme, unless the User specifies otherwise by marking the corresponding box, or opposes said processing.
To manage the provision of the contracted accommodation service, as well as additional services.
To manage surveys and/or evaluations regarding the quality of the services provided by MHI and/or the perception of its image as a company.
The User’s data will be kept for the period required to fulfil each purpose or until the User requests their withdrawal from MHI, opposes or revokes their consent.
5. WHAT USER DATA WILL MHI PROCESS?
MHI may process the following categories of data, depending on the request made by the User:
Identification data: name, surname(s)
Contact details: Postal address, mobile telephone number, email address.
Data corresponding to the MeliáRewards loyalty programme.
User ID codes or passwords
Personal data: date of birth, gender, nationality.
Details of preferences.
Card data, required for payment of the booking or to guarantee the same as well as to pay for the stay or the services associated with it.
In the event of registration and/or access through a third-party account, MHI may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.
6. WHAT IS THE LEGITIMATION FOR THE PROCESSING OF YOUR DATA?
The data processing required in fulfilment of the aforementioned purposes that require the User’s consent cannot be undertaken without said consent.
Likewise, in the event that the User withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously.
To revoke such consent, the User may contact MHI through the following channels: By means of a letter addressed to MELIÁ HOTELS INTERNATIONAL, S.A., C/ Gremio Toneleros 24, 07009 Palma de Mallorca, or by means of an email sent to firstname.lastname@example.org, in both cases with the Reference “Data Protection”.
By the same token, in those cases in which it is necessary to process the User’s data for the fulfilment of a legal obligation or for the execution of the existing contractual relationship between MHI and the User, the processing would be legitimized as it is necessary for compliance with said purposes. Elsewhere, the processing undertaken in the performance of surveys and/or evaluations regarding the quality of the services provided by MHI and/or the perception of its image as a company will be carried out on the basis of the legitimate interest of the data controller.
7. TO WHICH RECIPIENTS WILL THE USER’S DATA BE DISCLOSED?
The User’s data may be disclosed to:
Investee companies or companies of the MHI business group, solely for internal administrative purposes and/or for the purposes indicated above.
Operators of hotels managed by MHI or under a franchise agreement, solely for internal administrative purposes and/or for the purposes indicated above.
Suppliers of MHI or of the hotel operators necessary for the adequate fulfilment of the legal obligations and/or the purposes previously indicated.
Partners and collaborating companies of the Meliá Group for the fulfilment of the aforementioned purposes and/or, if so authorised, for sending commercial communications.
Public Administrations, in the cases provided for under Law.
The recipients indicated in this section may be located within or outside the European Economic Area, in the latter case international data transfers must be duly legitimated.
8. USER’S RESPONSIBILITY.
Guarantees that they are of legal age or legally emancipated, where applicable, fully capable, and that the information furnished to MHI is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation.
Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorisation to provide their data to MHI for the purposes indicated.
Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to MHI or third parties.
9. COMMERCIAL AND PROMOTIONAL COMMUNICATIONS.
One of the purposes for which MHI processes the User’s data will be for the sending of commercial communications, through electronic and/or conventional means, with information concerning products, services, promotions, offers, events or relevant news for Users. Whenever any communication of this type is made, it will be sent solely and exclusively to those Users who have authorised its reception and/or who have not previously expressed their refusal to receive them.
To carry out the foregoing task, MHI may analyse the data obtained in order to create user profiles that allow a more detailed definition of the products that may be of interest.
In the event that the User wishes to stop receiving commercial or promotional communications from MHI, he/she may request cancellation of the service by sending an email to the following email address: email@example.com, as well as indicating their wish not to receive them through the withdrawal option provided in each of the commercial communications sent.
10. GEOLOCATION DATA.
Some of the MHI App functionalities allow geolocation of the device (Tablet, Smartphone, etc.) on which it is installed.
The User may disable this option directly on the device itself; however, disabling this option may prevent the use of some of the App features.
11. EXERCISE OF RIGHTS.
The User may send a letter to MELIÁ HOTELS INTERNATIONAL S.A., Calle Gremio Toneleros 24, 07009 Palma de Mallorca, or through an email to the address firstname.lastname@example.org, in both cases with the Reference “Data Protection”, and attaching a photocopy of the current ID document or passport, at any time free of charge, to:
Revocation of consent granted.
To obtain confirmation about whether or not personal data concerning the User is being processed at MHI.
To access their personal details.
To rectify any inaccurate or incomplete data.
To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
To obtain from MHI the limitation of data processing when any of the conditions provided in the data protection regulations are met.
To get human intervention, to express your point of view and to challenge the automated decisions adopted by MHI.
To request the portability of your data.
Likewise, the user is informed that at any time he/she may file a complaint regarding the protection of their personal data before the competent Control Authority.
12. SECURITY MEASURES.
MHI will process the User’s data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations, and to this end adopting the measures of a technical and organisational nature required to guarantee the security of their data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.
Date of last update: 27 April 2018