The data collected during the accommodation check-in process is used to
manage people’s stay and to comply with the regulations of
the Spanish state security.
Legitimate Basis: Article 6 of the General Data Protection Regulation:
b) processing is necessary for the performance of a contract to which the data subject
is party or in order to take steps at the request of the data subject prior to entering
into a contract;
c) processing is necessary for compliance with a legal obligation to which the data
controller is subject.
Data Retention: Data will be retained for the necessary legal periods
required to fulfill the legal obligations of the entity.
Data will be transferred to the State Security Forces and Bodies: Royal
Decree 933/2021, of October 26.
Mandatory data according to RD 933/2021, Annex I, point 3:
a) Name.
b) First surname.
c) Second surname.
d) Gender.
e) Identification document number.
f) Document support number.
g) Document type (ID card, passport, TIE).
h) Nationality.
i) Date of birth.
j) Place of habitual residence.
– Full address.
– City.
– Country.
k) Landline phone.
l) Mobile phone.
m) Email.
n) Number of travelers.
o) Relationship between travelers (in case any are minors).
4. Transaction data
a) Contract data.
– Reference number.
– Date.
– Signatures.
b) Contract execution data.
– Entry date and time.
– Exit date and time.
d) Payment data.
– Payment type (cash, credit card, payment platform, bank transfer…).
– Payment method identification: card type and number, IBAN bank account, mobile
payment solution, others.
– Payment method holder
– Card expiration date.
– Payment date.
Rights of data subjects: Individuals have the right to access,
rectify, erase, port data, restrict processing, and object by sending an email or letter to our above-mentioned address, duly identifying themselves. You can exercise your rights before the Spanish Data Protection Agency, www.aepd.es.