|Responsible for the processing /treatment of your data|
|Identity||STAYFORLONG, S.L., with CIF B-66460536, registered in the Company Register of Barcelona with Volume 161, Sheet B-462443|
|Postal Address||Ronda Sant Pere 17, 3ro 3ra 08010 Barcelona|
Users guarantee the authenticity and veracity of all personal data you provide through the Website, or via other communication with us and you agree to update information provided to Stayforlong, so that we may communicate with you effectively. You are solely responsible for false or inaccurate information you provide to us, including any damages caused to Stayforlong, or to third parties.
- Legitimation for data treatment
The legal basis for the treatment of your data is the registration of users on the Web and the provision of services contracted by them through the Web.
- Data collected
2.1 Information directly provided by users to Stayforlong
- Registration data: In order to register on the Website, users must provide their email and password, or you can choose to register on the Website either through your Facebook or Google account. A user account cannot be made without this personal information and refusal to provide this information will result in the user not being registered. If you happen to fill in the registration pages but for some reason don’t actually complete your registration, you will still be considered to have provided us with your information.
- Information from “My Profile“: users can add or modify data in your profile in order to use Stayforlong services, such as their your first and last name, contact telephone number or email address. , If you happen to fill in the profile pages but for some reason don’t actually complete your profile, you will still be considered to have provided us with your information.
Information You Provide about Others: If you’re booking with others or for someone else, you will have to give us their information as well, for example their name and date of birth. It is your responsibility to ensure that they are aware that you have done so, and also that they accept how we use and process their information as well as yours.If you contact us: if the user contacts Stayforlong via email, phone, chat available on the Website, Whatsapp or Facebook Messenger, Stayforlong you’ll be asked to provide certain information. This is likely to include your name, address, e-mail address and phone number. We need this information so that we can respond to you appropriately. 2.2 Information indirectly provided by users
- Data derived from the use of the Web: When you visit our website we automatically collect certain information such as the device IP address, the date and time you visited, the hardware, software or particular browser used and information about your visit, including any pages you viewed and interacted with. We do this automatically, even when you don’t actually make a booking. Cookies: Stayforlong uses its own and third party cookies to facilitate navigation to its users and for statistical purposes (see Cookies Policy).
- Data derived from external third parties: Stayforlong may collect information or personal data from external third parties only if users authorize those third parties to share the information cited with Stayforlong, for example, in the event that users register on the Web through from your Facebook or Google account.
In the event that the user registers on the Website through his Facebook account: Stayforlong may access the user’s public profile, your friends list and the email address associated with the Facebook account. In no case is Stayforlong allowed to publish content in the user’s Facebook profile.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en.
What about data that is collected through a mobile device?
Mobile devices can be used to access our services, as well as versions of our regular website. These mobile sites work in a similar way to our main website. Sometimes we make use of something known as cross-device tracking, which allows us to track user behavior across different devices. We use this to improve the service that we provide you and for marketing activities, so advertisements shown to you on other websites may be offered based on your activities on linked devices.
- Purposes of the collection and processing of personal data
3.1 Purposes related to the provision of the services requested by the user
We may use your personal data in the following ways:
Processing your bookings: We have to use your personal information to ensure the accommodations, insurance and other ancillary products, are provided to you. We need certain information about you and your party so we can fulfil the contractual obligations when you make a booking.
User Accounts: The information that you provide when you set up an account allows us to provide you with additional services including the ability to manage your bookings, personal settings and access to special offers.
To communicate with you about your booking: We’ll need to contact you using the email or telephone number you provided to give you information relevant to your arrangements. For example, to confirm your booking, notification of any changes, security alerts, administrative messages about your arrangements and reminders.
Customer Services: You can contact us at any time, whether this is a general query, a question about your booking or to report an issue. You can do this through our website, by telephone, email, or via social media. We’ll use the information that you’ve given us to answer any questions and respond to your query or other queries you might have in the future. If you do contact us by telephone, your call may be recorded and reviewed for quality and training purposes. Recordings are only kept for a limited period and then automatically deleted, unless we’ve got a legitimate interest in keeping them for a longer period.
Personalization of your experience: We sometimes use your data to enable us to show you the most relevant products and services we think you’ll be interested in, such as the best deals and special offers for destinations you like or have been to previously.
Marketing: Where you make a booking, or in any other case, if you have opted-in or signed-up, we may contact you with information about other products and services that we offer that are similar to those that you have already purchased or enquired about and we think may interest you based on your personal information. Don’t worry, you can opt-out of these emails at any time.
When you book or register with us, we will ask you if you would like to receive marketing communications. You may request that we stop sending you marketing communications at any time by emailing us at firstname.lastname@example.org or by clicking on the “unsubscribe” option in the communication. Of course, the choice is entirely yours, but if you say you do not want to receive marketing information from us you will miss out on receiving great offers and promotions that may be of interest to you.
You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products and/or services.
Promotional Activities: If you take part in any of our promotions (such as surveys or competitions) we will need to use the information you provide to run these promotions.
Improving our services: Sometimes we might use your data to help us improve the quality and functionality of our services. This could include eliminating bugs in our system, data analysis, testing, and for statistical and survey purposes, all of which helps us improve the service we offer.
Security: We may use your data as part of the efforts to keep our sites (and the information you provide to us) safe and secure, and to prevent fraud or unauthorized access/use of our sites.
Fraudulent Claims: We may use your personal information in order to prevent, detect or defend any claims/actions we believe to be potentially fraudulent or detrimental to our legitimate interests.
Legal and regulatory compliance: We might need to use your information in relation to any legal disputes, regulatory, compliance or criminal investigations, or if necessary, to enforce our rights.
3.2 The Legal Basis for Processing Your Data
When we process your information as described above, we will be relying on one or more of the following legal rights:
Performance of a contract: We use your information to carry out the contract that you have with us and your Service Providers. We’ll use the information that you provide us when making a booking to conclude and process the reservations with the relevant third-party Service Providers.
Consent: You may, through your action(s) of providing us your details, consent to us sending you marketing and promotional material. If you do kindly give us this consent, we’ll rely on this consent when contacting you. You can always withdraw your consent at any time by simply unsubscribing.
Legitimate interest: We may use your information for our own legitimate interest, for example to provide you with the most relevant content on our site or to promote new services and for certain administrative and legal purposes. If you fail to complete a purchase, we may send you some follow-up emails to try and help you, or seek your feedback or offer you alternative products related to your selection.
Business transaction: We may use your data in connection with a business transaction such as the sale of a part or the whole of our business.
To Comply with a legal obligation: We may share your personal data with regulatory authorities such as immigration, border control, security and anti-terrorism purposes and any other legitimate legal obligation as required.
To protect your vital interests or those of another individual: We may share your information in the case of an emergency. For example, with insurance companies or medical personnel.
- How Long Is Your Data Stored?
The personal data provided will be kept as long as the user remains registered on the Website and does not exercise his right of withdrawal. See below for the right to withdraw.
- When We Share Your Data With Third Parties
In order to provide the services requested by users, Stayforlong will share certain personal data of users with:
- Tour operators: Stayforlong may share certain user information, such as first and last name and email address, as well as the data of the reservations made through the website (name of the owner of the reservation and the accompanying persons) , check-in and check-out date, lodging regime, amount of the reservation, cancellation policy and room type) with the tour operators that manage the tourist services hired by the users through the Web, with the sole purpose of facilitate reservations.
- Hotels in which the user has made a reservation: Stayforlong may share certain user information, such as their first and last name and their email address, as well as the data of the reservations they have made through the Web (name of the user). holder of the reservation and of the companions, date of check in and check out, accommodation regime, amount of the reservation, cancellation policy and type of room) with the hotels in which the user has made a reservation, with the only purpose of facilitating the reservation.
- Payment gateway: the credit / debit card data of the users (cardholder, number, expiration date and type of card) are stored by the payment service provider, Ingenico ePayments, whose security measures are high. is PC1 Compliant according to the Data Security Standard for the Payment Card Industry or PCI DSS (see certificate here https://payment-services.ingenico.com/es/es/ogone/support/products/pci#). If the user asks Stayforlong to delete the data from their credit / debit cards, the third payment service provider will delete said data from their servers.
- Hosting services: Hosting services providers, where appropriate, will have access to personal data of users for the sole purpose of providing the hosting service of such data to Stayforlong.
- Mailing service providers: the third-party providers of emailing campaign management services, designing and sending commercial communications and managing transactional emails.
- Prevention and anti-fraud services: user data may be communicated to the company Ingenico e-Commerce Solutions SPRL, holder of the “Fraud Expert” solution, necessary for the correct development of the payment process and the operation of the services offered by Stayforlong. «Fraud Expert» is a tool aimed at preventing and combating fraud (determining the level of risk associated with a transaction, detecting and managing the resulting resulting alerts, informing merchants so that they can make decisions, perform a “human” verification of transactions that present a certain level of risk and develop scoring models).
Also, a fraud committed by a user may lead to the registration of some of your personal data in a specific file created by Ingenico e-Commerce Solutions SPRL; The purpose of this file is to keep a trail of previous frauds. The registration of a user in this file could also lead to an aggravated risk in a future order placed on a merchant in the same sector of activity that has chosen the Fraud Expert solution and, therefore, that the user’s order is rejected.
Likewise, user data may be communicated to the company Sift Science Inc., a provider of anti-fraud and prevention services to verify the legality of transactions made by users on the Web.
Stayforlong guarantees that all commercial partners, technicians, suppliers, or independent third parties to whom data are communicated, in accordance with the provisions herein, are linked to Stayforlong by means of a binding contract or legal act to process the personal data of the users, in accordance with the applicable legislation on the protection of personal data. However, we don’t control the privacy practices of any of these third-parties or your Service Providers and we would encourage you to review their own privacy policies where appropriate.
In the event that suppliers are located outside the European Economic Area, Stayforlong will communicate the data through systems enabled by the European Commission and the Regulation, to countries that have an adequate level of protection of personal data or through approved contracts. the European Commission by which the rights of the interested parties are established and guaranteed and will be communicated once the approval of the relevant control authority is obtained.
- Security Measures
Any information that you provide is stored on secure servers and all payment transactions are encrypted. Only authorized personnel are permitted to access your information in the course of their work with us. Our data security protections meet the “reasonable security requirements of the New York “Shield Act”. While we do our best to protect your information, no information transferred over the internet or stored electronically can be guaranteed to be completely secure and you provide your information to us at your own risk.
We’ll only retain your information for a reasonable period of time, or for so long as either you or the law allows.
When you pay for your tour, we don’t store your card details – instead we use an encrypted authorization ‘token’ issued by your payment provider to collect the payments.
- Exercise of rights
At any time users can exercise their rights of access, rectification, deletion, limitation of their treatment, opposition, and portability, by means of a written communication addressed to Stayforlong, with address at C / Muntaner 112 1º 1ª, (08036) Barcelona; or by email to email@example.com. In both cases the interested user must accompany a copy of their national identity document, passport or other valid document that identifies them. If there is no other reason beside you providing your consent for us to hold your data, we will delete it upon receiving your request.
If you are a California resident, we may not delete your personal information if one of the following exceptions exists:
- Information is necessary to complete the transaction;
- Information is necessary to detect security incidents;
- Information is necessary to protect against deceptive, fraudulent or illegal activity;
- Information is necessary to identify and repair errors;
- Information is necessary to promote free speech;
- Information is necessary for scientific, historical, or statistical research in the public interest;
- Information is necessary for internal uses of the company if those uses are reasonably expected by consumers;
- Information is necessary to comply with a legal obligation; or
- Information is used internally in a manner that is compatible with the context of the collection.
Apart from the exercise of the rights described above, users have the right to file a claim with the corresponding control authority, with the Spanish Data Protection Agency being the one indicated in the case of Spain.
Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Stayforlong will send users notifications about substantial changes and modifications of this document through email or any other means that ensures receipt of them.
How do we treat personal information of children?
You are only allowed to book through our site if you are over 18 years of age. We only process information about children with the consent of the parents or legal guardians.
Links to other sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
- Applicable Law