Privacy & Data Protection Policy

Stayforlong values your privacy and we are committed to protecting the privacy of your personal data. This privacy policy explains how we use your personal information when you interact with the us on (the “Website”), through email or telephone.  We control the processing of data over our website – in legal terms, this means that StayforLong, is the Data Controller for the purposes of EU Data Protection laws.

Responsible for the processing /treatment of your  data
IdentitySTAYFORLONG, S.L., with CIF B-66460536, registered in the Company Register of Barcelona with Volume 161, Sheet B-462443
Postal AddressRonda Sant Pere 17, 3ro 3ra 08010 Barcelona

By providing personal data to Stayforlong, users expressly declare that they have read and accepted this Privacy Policy and give their informed consent to the processing of their personal data in the terms indicated in this Privacy Policy.

Users guarantee the authenticity and veracity of all personal data you provide through the Website, or via other communication with us and you agree to update information provided to Stayforlong, so that we may communicate with you effectively.  You are solely responsible for false or inaccurate information you provide to us, including any damages caused to Stayforlong, or to third parties.

  1. Legitimation for data treatment

The legal basis for the treatment of your data is the registration of users on the Web and the provision of services contracted by them through the Web.

The consent of the users is the legitimate basis for the treatment of the data that Stayforlong does for the purposes explained specifically in this Privacy Policy, other than the provision of the services expressly requested by the users.

  1. Data collected

2.1 Information directly provided by users to Stayforlong

  • Registration data: In order to register on the Website, users must provide their email and password, or you can choose to register on the Website either through your Facebook  or Google account.  A user account cannot be made without this personal information and refusal to provide this information will result in the user not being registered. If you happen to fill in the registration pages but for some reason don’t actually complete your registration, you will still be considered to have provided us with your information.
  • Information from “My Profile“: users can add or modify data in your profile in order to use Stayforlong services, such as their your first and last name, contact telephone number or email address. ,  If you happen to fill in the profile pages but for some reason don’t actually complete your profile, you will still be considered to have provided us with your information. 
  • Data for Bookings: When you book through us, you need to provide certain information such as your name, address, e-mail, phone number and payment information. If you happen to fill in the booking pages but for some reason don’t actually complete the booking, you will still be considered to have provided us with your information. Credit / debit card details: Stayforlong may store some bank card details provided by the user, such as the cardholder’s name, the expiration date, the last four digits of the card and the type of card. Notwithstanding the foregoing, the complete data of the credit / debit card of the users will be stored by the payment service provider chosen by Stayforlong for the purposes of correctly processing the payment made by the user, in accordance with the provisions of the clause 5.1 of this Privacy Policy.

Information You Provide about Others: If you’re booking with others or for someone else, you will have to give us their information as well, for example their name and date of birth. It is your responsibility to ensure that they are aware that you have done so, and also that they accept how we use and process their information as well as yours.If you contact us: if the user contacts Stayforlong via email, phone, chat available on the Website, Whatsapp or Facebook Messenger, Stayforlong  you’ll be asked to provide certain information. This is likely to include your name, address, e-mail address and phone number.  We need this information so that we can respond to you appropriately. 2.2 Information indirectly provided by users

  • Data derived from the use of the Web: When you visit our website we automatically collect certain information such as the device IP address, the date and time you visited, the hardware, software or particular browser used and information about your visit, including any pages you viewed and interacted with. We do this automatically, even when you don’t actually make a booking. Cookies: Stayforlong uses its own and third party cookies to facilitate navigation to its users and for statistical purposes (see Cookies Policy).
  • Data derived from external third parties: Stayforlong may collect information or personal data from external third parties only if users authorize those third parties to share the information cited with Stayforlong, for example, in the event that users register on the Web through from your Facebook or Google account.

In the event that the user registers on the Website through his Facebook account: Stayforlong may access the user’s public profile, your friends list and the email address associated with the Facebook account. In no case is Stayforlong  allowed to publish content in the user’s Facebook profile.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

What about data that is collected through a mobile device?

Mobile devices can be used to access our services, as well as versions of our regular website.  These mobile sites work in a similar way to our main website. Sometimes we make use of something known as cross-device tracking, which allows us to track user behavior across different devices. We use this to improve the service that we provide you and for marketing activities, so advertisements shown to you on other websites may be offered based on your activities on linked devices.

  1. Purposes of the collection and processing of personal data

3.1  Purposes related to the provision of the services requested by the user

We may use your personal data in the following ways:

Processing your bookings: We have to use your personal information to ensure the accommodations, insurance and other ancillary products, are provided to you. We need certain information about you and your party so we can fulfil the contractual obligations when you make a booking.

User Accounts: The information that you provide when you set up an account allows us to provide you with additional services including the ability to manage your bookings, personal settings and access to special offers.

To communicate with you about your booking: We’ll need to contact you using the email or telephone number you provided to give you information relevant to your arrangements. For example, to confirm your booking, notification of any changes, security alerts, administrative messages about your arrangements and reminders.

Customer Services: You can contact us at any time, whether this is a general query, a question about your booking or to report an issue. You can do this through our website, by telephone, email, or via social media. We’ll use the information that you’ve given us to answer any questions and respond to your query or other queries you might have in the future. If you do contact us by telephone, your call may be recorded and reviewed for quality and training purposes. Recordings are only kept for a limited period and then automatically deleted, unless we’ve got a legitimate interest in keeping them for a longer period.

Personalization of your experience: We sometimes use your data to enable us to show you the most relevant products and services we think you’ll be interested in, such as the best deals and special offers for destinations you like or have been to previously.

Marketing: Where you make a booking, or in any other case, if you have opted-in or signed-up, we may contact you with information about other products and services that we offer that are similar to those that you have already purchased or enquired about and we think may interest you based on your personal information. Don’t worry, you can opt-out of these emails at any time.

When you book or register with us, we will ask you if you would like to receive marketing communications. You may request that we stop sending you marketing communications at any time by emailing us at  or by clicking on the “unsubscribe” option in the communication. Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us you will miss out on receiving great offers and promotions that may be of interest to you.

You may still receive service-related communications from us.  For example, confirming bookings you make with us and providing important information about the use of our products and/or services.

Promotional Activities: If you take part in any of our promotions (such as surveys or competitions) we will need to use the information you provide to run these promotions.

Improving our services: Sometimes we might use your data to help us improve the quality and functionality of our services. This could include eliminating bugs in our system, data analysis, testing, and for statistical and survey purposes, all of which helps us improve the service we offer.

Security: We may use your data as part of the efforts to keep our sites (and the information you provide to us) safe and secure, and to prevent fraud or unauthorized access/use of our sites.

Fraudulent Claims: We may use your personal information in order to prevent, detect or defend any claims/actions we believe to be potentially fraudulent or detrimental to our legitimate interests.

Legal and regulatory compliance: We might need to use your information in relation to any legal disputes, regulatory, compliance or criminal investigations, or if necessary, to enforce our rights.

3.2 The Legal Basis for Processing Your Data

When we process your information as described above, we will be relying on one or more of the following legal rights:

Performance of a contract: We use your information to carry out the contract that you have with us and your Service Providers. We’ll use the information that you provide us when making a booking to conclude and process the reservations with the relevant third-party Service Providers.

Consent: You may, through your action(s) of providing us your details, consent to us sending you marketing and promotional material. If you do kindly give us this consent, we’ll rely on this consent when contacting you. You can always withdraw your consent at any time by simply unsubscribing.

Legitimate interest: We may use your information for our own legitimate interest, for example to provide you with the most relevant content on our site or to promote new services and for certain administrative and legal purposes. If you fail to complete a purchase, we may send you some follow-up emails to try and help you, or seek your feedback or offer you alternative products related to your selection.

Business transaction: We may use your data in connection with a business transaction such as the sale of a part or the whole of our business.

To Comply with a legal obligation:  We may share your personal data with regulatory authorities such as immigration, border control, security and anti-terrorism purposes and any other legitimate legal obligation as required.

To protect your vital interests or those of another individual: We may share your information in the case of an emergency.  For example, with insurance companies or medical personnel.

  1. How Long Is Your Data Stored?

The personal data provided will be kept as long as the user remains registered on the Website and does not exercise his right of withdrawal. See below for the right to withdraw.

  1. When We Share Your Data With Third Parties

In order to provide the services requested by users, Stayforlong will share certain personal data of users with:

  • Tour operators: Stayforlong may share certain user information, such as first and last name and email address, as well as the data of the reservations made through the website (name of the owner of the reservation and the accompanying persons) , check-in and check-out date, lodging regime, amount of the reservation, cancellation policy and room type) with the tour operators that manage the tourist services hired by the users through the Web, with the sole purpose of facilitate reservations.
  • Hotels in which the user has made a reservation: Stayforlong may share certain user information, such as their first and last name and their email address, as well as the data of the reservations they have made through the Web (name of the user). holder of the reservation and of the companions, date of check in and check out, accommodation regime, amount of the reservation, cancellation policy and type of room) with the hotels in which the user has made a reservation, with the only purpose of facilitating the reservation.
  • Payment gateway: the credit / debit card data of the users (cardholder, number, expiration date and type of card) are stored by the payment service provider, Ingenico ePayments, whose security measures are high. is PC1 Compliant according to the Data Security Standard for the Payment Card Industry or PCI DSS (see certificate here If the user asks Stayforlong to delete the data from their credit / debit cards, the third payment service provider will delete said data from their servers.
  • Hosting services: Hosting services providers, where appropriate, will have access to personal data of users for the sole purpose of providing the hosting service of such data to Stayforlong.
  • Mailing service providers: the third-party providers of emailing campaign management services, designing and sending commercial communications and managing transactional emails.
  • Prevention and anti-fraud services: user data may be communicated to the company Ingenico e-Commerce Solutions SPRL, holder of the “Fraud Expert” solution, necessary for the correct development of the payment process and the operation of the services offered by Stayforlong. «Fraud Expert» is a tool aimed at preventing and combating fraud (determining the level of risk associated with a transaction, detecting and managing the resulting resulting alerts, informing merchants so that they can make decisions, perform a “human” verification of transactions that present a certain level of risk and develop scoring models).

Also, a fraud committed by a user may lead to the registration of some of your personal data in a specific file created by Ingenico e-Commerce Solutions SPRL; The purpose of this file is to keep a trail of previous frauds. The registration of a user in this file could also lead to an aggravated risk in a future order placed on a merchant in the same sector of activity that has chosen the Fraud Expert solution and, therefore, that the user’s order is rejected.

Likewise, user data may be communicated to the company Sift Science Inc., a provider of anti-fraud and prevention services to verify the legality of transactions made by users on the Web.

All information provided by users directly to such providers beyond the control of Stayforlong, will not be covered by this Privacy Policy, and we would urge to check their own privacy policies before providing any personal information.

Stayforlong guarantees that all commercial partners, technicians, suppliers, or independent third parties to whom data are communicated, in accordance with the provisions herein, are linked to Stayforlong by means of a binding contract or legal act to process the personal data of the users, in accordance with the applicable legislation on the protection of personal data. However, we don’t control the privacy practices of any of these third-parties or your Service Providers and we would encourage you to review their own privacy policies where appropriate.

In the event that suppliers are located outside the European Economic Area, Stayforlong will communicate the data through systems enabled by the European Commission and the Regulation, to countries that have an adequate level of protection of personal data or through approved contracts. the European Commission by which the rights of the interested parties are established and guaranteed and will be communicated once the approval of the relevant control authority is obtained.

  1. Security Measures

Any information that you provide is stored on secure servers and all payment transactions are encrypted. Only authorized personnel are permitted to access your information in the course of their work with us. Our data security protections meet the “reasonable security requirements of the New York “Shield Act”.  While we do our best to protect your information, no information transferred over the internet or stored electronically can be guaranteed to be completely secure and you provide your information to us at your own risk.

We’ll only retain your information for a reasonable period of time, or for so long as either you or the law allows. 

When you pay for your tour, we don’t store your card details – instead we use an encrypted authorization ‘token’ issued by your payment provider to collect the payments. 

  1. Exercise of rights

At any time users can exercise their rights of access, rectification, deletion, limitation of their treatment, opposition, and portability, by means of a written communication addressed to Stayforlong, with address at C / Muntaner 112 1º 1ª, (08036) Barcelona; or by email to In both cases the interested user must accompany a copy of their national identity document, passport or other valid document that identifies them. If there is no other reason beside you providing your consent for us to hold your data, we will delete it upon receiving your request.

If you are a California resident, we may not delete your personal information if one of the following exceptions exists:

  • Information is necessary to complete the transaction;
  • Information is necessary to detect security incidents;
  • Information is necessary to protect against deceptive, fraudulent or illegal activity;
  • Information is necessary to identify and repair errors;
  • Information is necessary to promote free speech;
  • Information is necessary for scientific, historical, or statistical research in the public interest;
  • Information is necessary for internal uses of the company if those uses are reasonably expected by consumers;
  • Information is necessary to comply with a legal obligation; or 
  • Information is used internally in a manner that is compatible with the context of the collection.

Apart from the exercise of the rights described above, users have the right to file a claim with the corresponding control authority, with the Spanish Data Protection Agency being the one indicated in the case of Spain.

Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

  1. Changes in our privacy policy

Stayforlong may update or modify this Privacy Policy. An updated version of this Privacy Policy will always be available on the Web.

Stayforlong will send users notifications about substantial changes and modifications of this document through email or any other means that ensures receipt of them.

How do we treat personal information of children?

You are only allowed to book through our site if you are over 18 years of age. We only process information about children with the consent of the parents or legal guardians.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

  1. Severability 

When by judicial provision or of any other nature, any clause of this Privacy Policy is declared invalid or ineffective, in whole or in part, such invalidity or ineffectiveness shall not be extended to the rest of the clauses herein provided, which shall remain in force. The invalid or ineffective provision, for the purposes of the provisions herein, will be replaced by another valid and effective clause, trying that the effect of the latter be as similar as possible to that of the first.

  1. Applicable Law

This privacy policy will be governed by and construed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of data personal data and the free circulation of these data (General Data Protection Regulations).

Scroll to top