Terms & Conditions

Privacy policy

This privacy policy applies to the website www.iberostar.com (hereinafter the Website) and to the booking platforms portal-interactiv.com and isecure.visitus-inc.com, accessible from the Website and hereinafter referred to as the Booking Platform(s).

Please read this policy carefully. Here you will find important information about how your personal data will be processed and your rights under the relevant legislation in force.

We reserve the right to update this privacy policy at any time due to business decisions and to comply with possible changes to legislation or case law. If you have any doubts or need further clarification with regards to this privacy policy or your rights, please contact us through the channels indicated below.

You declare that the information you provide, now and in the future, is correct and truthful and undertake to inform us of any changes to said information. When providing the personal data of a third party, you agree to obtain prior consent from the party in question and to inform them of the content of this policy.

Generally speaking, the fields on our forms that are marked as mandatory must be completed in order for us to process your requests.

  1. Who is responsible for processing your personal data?

The company responsible for processing your data collected via the Website is Iberostar HOTELES & APARTAMENTOS, S.L., with registered address at C/ General Riera 154, 07010, Palma de Mallorca, Balearic Islands, (hereinafter GRUPO Iberostar).

The company responsible for processing your data collected via the Booking Platform portal-interactiv.com is PORTAL INTERACTIV, S.L., with registered address at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, (hereinafter PORTAL INTERACTIV).

The company responsible for processing your data collected via the Booking Platform isecure.visitus-inc.com is VISIT US, Inc., with registered address at 9250 NM, 36th St, STE 360, Doral, Florida 33178, USA (hereinafter VISIT US).

You can contact the Data Protection Officer of the Iberostar group at privacy.dpd@grupoiberostar.com.

  1. What personal information do we collect?

The data we process is the data we collect:

  • From the forms that you fill in and the requests that you send via the Website, for example when you register, subscribe to our newsletters or book accommodation. We also process the data included in the requests and applications that we receive via email or through our call centre.
  • From profiles and analytics obtained from registered and unregistered users browsing the Website.
  • From your social profile and the data generated by your use of the social network account with which you register on our website, in accordance with the authorisation you have granted.

The data we obtain is provided, either directly by you, or by third parties who process requests on your behalf, for example the lead name on the booking.

The type of data we process usually consists of:

  • Identification and contact information, identity document or passport;
  • Personal information such as language, sex, date of birth and nationality;
  • Financial and transaction information;
  • Data related to your browsing, for example the IP address from which you connect to the Website, blogs, pages visited or actions performed on the Website. To do this, we use cookies and similar technologies that may involve tracking your browsing. You can find more information about our cookie policy at grupoiberostar.com/portal-privacidad.
  • Information relating to your booking history and contact with the group;
  • Commercial tracking data and, where appropriate, data relating to preferences and commercial profile. You can find more information about the privacy policy applicable to the creation and use of GRUPO Iberostar’s customer and user profiles at grupoiberostar.com/portal-privacidad.
  • Information from your social profile and data generated by your use of social networks that you have decided to share with us. For example, other contact information, images, likes and comments. You can find more information on our privacy policy applicable to the Social Log-In functionality at grupoiberostar.com/portal-privacidad.
  1. Why do we process your data?

Website users’ data is processed by GRUPO Iberostar in order to manage the relationship with them, deal with their requests and queries, administer and manage the security of the Website and fulfil GRUPO Iberostar’s legal obligations.

This data will also be processed for GRUPO Iberostar’s internal administrative purposes, statistics and quality assessment. This includes analysis of consolidated data of bookings processed via the Website and conducting opinion surveys, although completing these is not mandatory.

If you sign up for our newsletter, your data will be processed by GRUPO Iberostar in order to send you promotional communications from the Iberostar Group.

If you consent, GRUPO Iberostar will create a commercial profile based on the data provided on the Website and via the Booking Platforms in order to offer you a personalised service when providing the requested services and to send you promotions that are tailored to said profile. Automated decisions will not be made on the basis of our customers’ profiles. Personalisation of services implies that you consent for your data as a user of the chain to be accessed by any hotels and groups within GRUPO Iberostar that you contact in the future to contract or provide services to, and you also consent to international transfers of your data, when these entities are located outside the European Economic Area. You can find more information about the privacy policy applicable to the creation and use of profiles for GRUPO Iberostar customers and users at grupoiberostar.com/portal-privacidad.

Data provided during the booking process will be processed by PORTAL INTERACTIV or VISIT US, as applicable, in order to facilitate the processing and commercial follow-up of your requests, provision of the requested services, administration and security management of the Booking Platform and the fulfilment of their legal obligations. This data will also be processed for statistical and quality improvement purposes. When following up your requests, our agents will be able to contact you by email or by telephone, e.g. to resolve any potential problems in the booking process.

Only for users resident in the Americas (except CUBA): If you consent to receive promotions, your identifying and contact information will be received by Visit Us so that they can send you commercial information about the tourist products that they sell, including via electronic mail. For the purposes of the European data protection regulations, the guarantees offered by Visit US with regard to providing an adequate level of personal data protection are specified in the formalisation of the standard data protection clauses adopted by the European Commission in its Decision 2004/915/EC of 27 December 2004. You can request a copy of these guarantees from the GRUPO Iberostar Data Protection Officer.

  1. Who can we share your data with?

Your data will only be provided to third parties under legal obligation, with your consent or when your request requires such communication. For example:

  • In order to process the booking correctly, the information provided will necessarily be communicated to the destination hotels or to the companies whose services are included in the contracted service. This includes providing said hotels with the bank card information provided during the booking process to process any potential penalties for cancellations or no shows, as established in the terms and conditions of the rate booked. The processing of your bookings necessarily involves the aforementioned handling of your data, with the result that the booking cannot be completed if you oppose this process.
  • The data provided in the contact form will be communicated to the addressee that you have indicated, which may involve the international transfer of your data when said addressees are located outside the European Economic Area.
  • Any comments and reviews regarding the Iberostar hotels that you submit using the corresponding opinion form will be published on the website, together with the user name that is provided, meaning that they become public information. You should be especially careful when you decide to share your personal information.

You agree to use the functionality to publish comments on the Website appropriately and, in particular, but not exclusively, to not enter data and/or comments that:

  • Represent illicit or illegal activity, or are contrary to good faith and public order;
  • Disseminate content or propaganda of a racist, xenophobic or pornographic nature, or which supports terrorism or attacks human rights;
  • Contain content that represents a violation of intellectual and industrial property rights;
  • Are prejudicial to the image of third parties;
  • Introduce or disseminate computer viruses, or any other hardware or software systems that may cause damage to the systems;
  • Use other users’ email accounts or personal data and modify or manipulate their messages.

GRUPO Iberostar reserves the right to delete or not publish any comments and contributions that fail to comply with the aforementioned points, and especially those that violate respect for the dignity of the person, that are discriminatory, xenophobic, racist or pornographic, that put young people, children, public order or safety at risk or those that, in their opinion, are not appropriate. In accordance with the rules established by Art. 16.1 of Law 34/2002, of 11 July, on information society and e-commerce services, GRUPO Iberostar is not responsible for information stored at the request of users and, in particular, relating to opinions expressed, nor the accuracy, quality, reliability and correctness of the information added by users. Notwithstanding the foregoing, individuals whose personal information is included in comments or posts published on the Website, may request, at any time, the cancellation of said data, as indicated in the section entitled What are your rights?“.

  1. Legal grounds for processing

The grounds for processing your data include the administration of the legal relationship established with you, the provision of requested and contracted services, and the fulfilment of legal obligations, especially in respect of the applicable legislation relating to accounting, tax and tourism.

The management of the security of the Website and Booking Platforms is based on the premise of legitimate interest. The analysis of consolidated customer data, statistical analysis and quality control, commercial follow-up of your requests and the sending of promotional communications are based on our legitimate interest for internal administrative purposes, as well as evaluating and promoting our services.

The creation of commercial profiles, personalisation of services and sending of offers and personalised promotions are based on the consent requested, without the withdrawal of such consent conditioning the provision of the contracted services.

  1. How long will we store your data?

We generally store personal data for the duration of your relationship with us and always in accordance with the terms set forth in applicable legal regulations, such as for accounting and tax purposes, and for the duration necessary to handle any possible liabilities that arise as a result of data processing. We will delete your data once they are no longer relevant to, or necessary for, the purposes for which they were collected.

Access logs for restricted areas of the website will be deleted in the month in which they are created. Browsing information will be deleted once connection to the website has been finalised and the corresponding statistical analysis completed.

Data processed for commercial purposes, including commercial profiles, will be stored until you request their deletion. The media in which your consent for the processing of your data for these purposes is recorded, for example, the electronic form submission logs, will be kept for the entire period of processing and the applicable limitation periods.

  1. What are your rights?

You have the right to receive confirmation of whether or not we are processing your personal data, and, in such case, to access them. Likewise you can request for any incorrect data to be rectified or for incomplete data to be completed, as well as request removal of your data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

In certain circumstances, you can request for the processing of your data to be limited. In such case, we will only process the affected data for the filing, processing or response to complaints, or with a view to protect the rights of other parties. In certain situations and for reasons related to your specific circumstances, you may object to the processing of your data. In this case, we will stop processing the data unless legitimate compelling grounds are given that prevail over your interests, rights and liberties, or in order to file, process or respond to complaints. Additionally, under certain circumstances, you may ask for your data to be transferred to another responsible party for its processing.

You can revoke the consent you have granted for certain purposes without this affecting the lawfulness of the processing undertaken before consent was withdrawn, and file a claim before the Agencia Española de Protección de Datos [Spanish Data Protection Agency].

To request the removal of your data from processing for commercial purposes, you can use the remove link at the bottom of our emails or send an email to the following email address: lopd@iberostar.com

In order to exercise your rights, you must send the person responsible for processing data a request together with a copy of your national identification document or another valid form of identification by post or by email to the addresses given in the “Who is responsible for processing your data?” section.

For further information about your rights and how to exercise them, visit the Agencia Española de Protección de Datos website at http://www.agpd.es.

Privacy policy – call center

This privacy policy applies to the processing of data carried out by the Iberostar Group call center and completes the privacy policy pertaining to the website www.iberostar.com (hereinafter, the Website).

Who is responsible for processing my personal data? Unless otherwise indicated, the party responsible for processing data is Iberostar Hoteles & Apartamentos, S.L., with registered address at Calle General Riera 154, Palma de Mallorca, Spain. You can contact the Data Protection Representative of the Iberostar Group at privacy.dpd@grupoiberostar.com.

Why is my data being processed?

  1. Handling your request: The telephone number provided in the call request form on the Website is processed in order to make the call as requested. This processing is necessary in order to adopt the pre-contractual measures linked to your request. This telephone number will be deleted once the request has been addressed and the metrics indicated in the following point have been taken. The data that you provide to our agent during the call, for example, to make a reservation or file a complaint, will be processed according to the terms and conditions and within the scope indicated in the privacy policy on our Website.
  2. Metrics: We prepare statistics from the telephone numbers of the people who call or who request a call from our call center. These statistics are produced using aggregated data with the aim of identifying the countries from or to which calls are made, as well as reviewing the volume of repeat calls in order to determine the number of calls received from a single telephone number. This processing is based on our legitimate interest in measuring the volume of calls received by or made from our call center and in identifying the markets concerned. When deliberating this interest with respect to your rights and liberties, it was determined that the processing had a limited impact on the privacy of the interested parties since it does not involve collecting new data and is done using aggregated data.
  3. Recording the calls: The calls received or made by our agents are recorded for security and quality management purposes. These recordings are deleted after a maximum period of 18 months, except when they must be stored longer in order to manage any possible incidents or complaints. The foregoing is understood without prejudice to the storage of the recordings for the time required to handle any possible responsibilities arising from the processing or the deadlines set by the applicable legal measures. On the one hand, the recording of the calls is based on our legitimate interest in being able to verify the content of the conversation held between our clients and agents, especially in relation to the contracting of products or services and the management of claims or complaints; on the other hand, it is based on evaluating and managing the quality of our customer service. If you do not wish for your call to be recorded, please inform the agent who is helping you. When deliberating this interest with respect to your rights and liberties, it was determined that the processing falls within the reasonable expectations of our clients as it is a widespread practice and that these recordings could also benefit said clients, for example, in the event of a discrepancy about the content of a reservation or the management of a claim, there being no significant threat to their privacy provided they have the option to oppose their data being processed, the limited number of people with access to the recordings, and a short storage period.

With whom can we share your data? In general, we will only communicate your data with your consent when it is necessary to process the reservation correctly, provide the services requested, or fulfill legal obligations. In the event a reservation is requested, the data from your request will be received by the marketer corresponding to the geographical area that your request concerns. Said marketer will process this data as the party responsible for the processing and commercial monitoring of your request, the provision of the services requested, and the fulfillment of their legal obligations. You can find more information about the data processing carried out by our marketers in the privacy policy on our Website. The marketers of our hotels are as follows:

  • Hotels located in Europe and Africa: PORTAL INTERACTIV, S.L., with address at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, Spain (hereinafter, PORTAL INTERACTIV).
  • Hotels located in the Americas and the Caribbean, except Cuba: VISIT US, Inc., with address at Le Jeune Road Suite 704. Coral Gables, FL 33134, USA (hereinafter, VISIT US), whose representative in Spain is PORTAL VENTAS ON LINE, S.L., with address at Calle General Riera 154, Palma de Mallorca, Spain.
  • Hotels located in Cuba: LAISLA OVERSEAS, S.L.U., with address at C/ General Riera 154, 07010 Palma de Mallorca, Balearic Islands, Spain (hereinafter, LAISLA OVERSEAS).

For how long will we store your data? Notwithstanding the specific storage terms indicated in the sections above, in general we store the data you provide for as long as is necessary to handle your request and, in any case, until the deadlines set in the applicable legal regulations, for example, for accounting and fiscal matters, and for the time required to handle any possible responsibilities arising from the processing. We will delete your data once they are no longer relevant to or necessary for the purposes for which they were collected.

What are your rights? You have the right to receive confirmation of whether or not we are processing your personal data and, in such a case, to access the data. Likewise, you can request for any incorrect data to be rectified or for incomplete data to be completed; you can also request the removal of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, you can request for the processing of your data to be limited.

In such a case, we will only process the affected data for the filing, processing, or response to complaints, or with a view to protect the rights of other parties. In certain situations and for reasons related to your specific circumstances, you may object to the processing of your data. In this case, we will stop processing the data unless legitimate, compelling grounds are given that prevail over your interests, rights, and liberties, or in order to file, process, or respond to complaints.

Additionally, under certain circumstances, you may ask for your data to be transferred to another controller to be processed.

You can revoke the consent you have granted for certain purposes without this affecting the lawfulness of the processing undertaken before consent was withdrawn.

You have the right, at any given time, to revoke your consent or oppose the processing of your data for the purposes of direct marketing, including for the creation of commercial profiles. In said case, we will cease to process your personal data for such purposes. You also have the right to object to automated, individual decision-making that would produce legal effects over you or would significantly affect you in a similar way when this right exists in accordance with the stipulations of Article 22 of Regulation (EU) 2016/679.

If you wish to stop receiving commercial communication from the group, you can use the relevant link contained in our communications or send an email to the following email address: lopd@iberostar.com.

To request the removal of your commercial profile or the cancellation of your membership to the Horizons loyalty program, send an email to the following email address: lopd@iberostar.com.

You also have the right to file a complaint with a data protection authority. You can find the list and the contact information for European data protection agencies on the European Commission website at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In order to exercise your rights, you must send us a request by post or by email to the addresses indicated in the section “Who is responsible for processing your personal data?”

For further information about your rights and how to exercise them in the privacy portal of the Iberostar Group, visit https://www.grupoiberostar.com/en/privacy-portal and the Spanish Data Protection Agency website (http://www.aepd.es).