Privacy Policy

Contact information of the data controller: THE HOTELS NETWORK, S.L., with CIF B-65542714 and address at Avda. Diagonal, 439, 3º-1ª, 08036 Barcelona, and contact email privacy@thehotelsnetwork.com corresponding to the DPO (Data Protection Officer) of THN.

By accepting this Privacy Policy, you give your free, informed, specific, and unequivocal consent for The Hotels Network (hereinafter, "THN") to process the personal data provided through this website (hereinafter, the "Website") as Data Controller. The user must carefully read this Privacy Policy, which has been drafted clearly and simply to facilitate its understanding, and indicate freely and voluntarily if they wish to provide their personal data to THN.

This Privacy Policy applies to the personal information we collect through:

• Online services: websites owned or managed by us, web and mobile applications, social media pages.

This Privacy Policy does not apply to personal information that we may collect, generate, use, and disclose aggregated, anonymous, and other non-identifiable data related to our Services.

We use personal data to provide you with the following services:

• Manage the loyalty program and process your application, assign your membership number, access codes to your online private area, and allow you to accumulate and redeem your points.
• Tailor the services of the loyalty program to the preferences and tastes of the member, as well as measure their satisfaction with the service provided in our hotels. This purpose may include sending quality surveys and adapting and personalizing the services provided by THN.
• Sending communications related to your account, including, among others, point balance, card category, notifications, and any other information that keeps you informed about the status of your account.
• Sending personalized commercial communications via email or equivalent means, about offers and services related to the Program unless you object to such processing. The legal basis for these processing activities is the explicit consent given by the user based on Article 6.1 a) of the GDPR.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed ("Aggregated Data"). We may collect, use, store, and transfer different types of personal data about you, which we have grouped according to the different purposes as follows:

• Contact information (email address, postal address, country, and phone number);
• Payment data (card number, billing address, and bank account details);
• Demographic data (gender, age, and preferred language);
• Information related to your booking, stay, or visit to a property (including the property you stayed at or the establishment you visited, arrival and departure dates, as well as goods and services purchased, interests, and preferences);
• Information necessary to fulfill your special requests and specific accommodations;
• Customer preferences;
• Employment information (such as company name, position, and contact information) to respond to proposal requests or fulfill contractual agreements;
• Comments and survey responses;
• Information related to your use and interaction with our website and our network; as well as

We do not collect information about the following special categories of personal data: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, genetic or biometric data, and criminal convictions and offenses.

Our goal is to offer you the highest level of service possible, so we share personal data with the following parties:

• Service providers: We share personal data with third-party service providers for the purposes described in the Privacy Policy. Some examples of service providers are companies that offer web hosting, data analysis, payment processing, order processing, information technology and related infrastructure provision, customer service, email delivery, and marketing.
• Public administrations and law enforcement: We share personal data with public administrations and police if required, or in the framework of an investigation, so that we can respond to obligations derived from regulations to prevent fraud or money laundering and cooperate with these entities to carry out their functions.
• Compliance with the law: We may share personal data with courts and other authorities if required by law. We require all third parties to protect your personal data and treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specific purposes and in accordance with our instructions.

The Hotels Network will not carry out personal data transfers outside the European Economic Area (EEA). In the event that such transfers are made, THN would do so in compliance with applicable data protection laws. Regardless of where your personal data is collected or processed, THN ensures and guarantees that service providers maintain appropriate administrative, technical, and physical security measures to protect your information.

For more information on the use of contractual models by THN, please contact us at privacy@thehotelsnetwork.com

When we share data, they may be transferred and processed in other countries than where you live or where our data hosting provider's servers are located. These countries may have different laws from your own. If we share personal data with a third party in another country, we implement safeguards to ensure that your personal data remains protected.

For individuals from the European Economic Area (EEA), this means that your data may be transferred outside the EEA. If your personal data is transferred outside the EEA, it will only be to countries that have been confirmed to provide adequate protection for EEA data, or to a third party with whom we have approved the implementation of transfer mechanisms that protect your personal data, for example, by complying with the European Commission's standard contractual clauses.

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it, including compliance with any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a claim, or if we reasonably believe there is a possibility of litigation regarding our relationship with you.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting, or other requirements in the relevant country.

We determine this retention period based on the following:

• If personal data was collected for the execution of a contract, it will be retained for the duration of the contractual relationship and, once it has ended, until the statute of limitations expires.
• If personal data was collected to comply with legal obligations, it will be stored until the obligation is fulfilled.
• If personal data was collected for legitimate interest purposes, it will be stored until that interest ends.
• If personal data was collected with your consent, it will be retained until you withdraw your consent. You can withdraw your consent at any time through the link provided in our communications.

Users can request the following rights by writing to privacy@thehotelsnetwork.com:

• Right to request access to personal data: You can ask THN if your data is being processed, and if so, access the same.
• Right to request rectification: If the data is inaccurate, you can request its correction or the completion of any incomplete data we have.
• Right to request deletion of your data.
• Right to request restriction of processing: In this case, we will only keep them for the exercise or defense of claims.
• Right to object to processing: THN will stop processing personal data, except if necessary for legitimate reasons or for the exercise or defense of possible claims.
• Right to data portability: If the user wants their data to be processed by another data controller, THN will facilitate the transfer of their data to the new controller.
• Right not to be subject to a decision based solely on automated processing of personal data.

If you have given consent for a specific purpose, you may withdraw it at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

In certain circumstances, and when applicable law permits, you also have the right to file a complaint with a competent data protection authority.

Data We May Need to Provide
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to ask for more information regarding your request to speed up our response.

Response Time
We aim to respond to all valid requests within one month or within the period specified in the applicable data protection legislation. Occasionally, it may take us more than a month if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you informed.

We will not use users' personal data for direct marketing purposes without their prior express consent.

If at any time you decide to stop receiving commercial or promotional information from THN, you can unsubscribe from direct marketing campaigns and oppose future processing of your personal data for such purposes, free of charge and without providing any justification, by emailing us at privacy@thehotelsnetwork.com or by clicking on the "opt-out" (unsubscribe) link in the subject line of the email. You can also use the unsubscribe procedure provided in any promotional message you receive from THN.
Please note that even if you decide not to subscribe or unsubscribe from promotional emails or newsletters, we may still need to contact you regarding important non-commercial information, such as troubleshooting, error detection, and prevention, or in general to comply with the Legal Notice and/or Terms and Conditions of the website.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. Additionally, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data according to our instructions, and they are subject to a duty of confidentiality.

This website is not designed or directed to children under sixteen (16) years of age without parental or legal guardian authorization. Accordingly, we do not knowingly collect information from such individuals. In any case, if parents or legal guardians believe that their children have provided us with personal data without their consent, please contact us by writing to privacy@thehotelsnetwork.com.

You guarantee that you have informed those third parties whose data you have provided, if you have done so, of the points addressed in this Privacy Policy. Additionally, you guarantee that you have obtained their authorization to provide us with their data for the purposes indicated.

You will be responsible for any false or inaccurate information you provide and for any direct or indirect damages that may be caused to us or to third parties.

We will only use your personal data as set out in the Privacy Policy in force at the time we collect your personal data. THN reserves the right to modify this Privacy Policy at any time by posting such modifications on our website, so we recommend that you visit it each time you access the Privacy Policy. If at any time we decide to use personal data differently from what was stated at the time of its collection, we will inform you by email, provided we have it. At that time, you will be given the option to authorize other uses or disclosures of the personal data you have provided to us before the modification of our Privacy Policy.

If any clause of this Privacy Policy is annulled or deemed null, the remaining conditions will not be affected, retaining their full validity and effectiveness, in accordance with the applicable regulations in force at any given time.