All personal information that is provided or collected through the Web will be treated by Stayforlong, as the responsible subject for the treatment:
|Responsible for the processing /treatment of his data|
|Identity||STAYFORLONG, S.L., witj CIF B-66460536, registered in the Company Register of Barcelona with Volume 161, Sheet B-462443|
Users guarantee the authenticity and veracity of all their data communicated through the Web and must keep updated the information provided to Stayforlong, so that it responds at all times to their actual situation, being the users the only responsibles for false or inaccurate statements they carry out, as well as the damages caused to Stayforlong, or to third parties.
- Legitimation for data treatment
The legal basis for the treatment of your data is the registration of users on the Web and the provision of services contracted by them through the Web.
- Data collected
2.1 Information directly provided by users to Stayforlong
- Registration data: In order to register on the Web, users must provide their email and password, or they can choose to register on the Web either through their Facebook account or Google account.
These data are mandatory completion by users. The refusal on the part of the users to facilitate them will imply not being able to register on the Web.
- Information of «My Profile«: users can add or modify data in their profile in order to use Stayforlong services, such as their first and last name, contact telephone number or email address, by contacting Stayforlong to firstname.lastname@example.org
- Data of the reservations: the information of the reservations made by the users through the Web as well as the possible evaluations and / or comments made about them, as long as they are not done anonymously.
Users may, at any time, request Stayforlong to delete their credit / debit card data by email to email@example.com.
- Data derived from incident or issues management: if the user goes to Stayforlong via email, phone, chat available on the Web, Whatsapp or Facebook Messenger, Stayforlong will collect the messages received in the format used by the user and can use them and store to manage present or future incidents.
- Additional information: any information provided by the user through email, phone, chat available on the Web, Whatsapp or Facebook Messenger.
2.2 Information indirectly provided by users
- Data derived from the use of the Web: Stayforlong collects data derived from the use of the Web by users every time they interact with the Web.
- Application and device data: Stayforlong stores the device and application data that the user uses to access the services. These are:
- Internet IP address that the user uses to connect to the Internet with his computer or mobile.
- Information about your computer or mobile, such as your Internet connection, your browser type, the version and operating system, and the type of device.
- The complete clickstream of Uniform Resource Locators (URL), including the date and time.
- The browsing history and user preferences.
- Data derived from the website of origin of the user: if the user arrives at the Website through an external source (such as a link from another web page or from a social network), Stayforlong collects the data from the source of the which the user proceeds.
- Cookies: Stayforlong uses its own and third party cookies to facilitate navigation to its users and for statistical purposes (see Cookies Policy).
- Data derived from external third parties: Stayforlong may collect information or personal data from external third parties only if users authorize those third parties to share the information cited with Stayforlong, for example, in the event that users register on the Web through from your Facebook or Google account.
In the event that the user registers on the Website through his
Facebook account, Stayforlong may access the user’s public profile, his or her friends list and the email address associated with the Facebook account. In no case is the Web allowed to publish content in the user’s Facebook profile.
- Purposes of the collection and processing of personal data
3.1 Purposes related to the provision of the services requested by the user
The personal data of the users are treated by Stayforlong with the following purposes:
- The provision of Web services requested or contracted by users, in accordance with the General Conditions of Use and Contracting;
- Manage and control reservations made by Users through the Web;
- Provide any information requested by the User by email or telephone;
- The management and control of your account on the Web;
- The management and control of user participation in any of the sweepstakes, contests or promotions organized by Stayforlong;
Certain services provided through the Web, such as sweepstakes or contests, may contain legal bases with specific provisions regarding the protection of personal data. It is essential to read these legal bases and their acceptance prior to the request of the service in question.
- The detection and investigation of fraud, as well as other illegal activities or that violate the General Conditions of Use and Contracting;
- The realization of statistical studies in order to improve the services offered on the Web, according to the preferences of the users;
- The sending of communications relative to the status of reservations or transactions made by users through the Web;
3.2 Purposes expressly consented by the user
Likewise, as long as the users have given their express consent, by marking the corresponding checkbox for this purpose, Stayforlong may use the data of the users for the following purposes:
- The periodic remission, by electronic means, of commercial communications about the services offered on the Web and related to the hospitality and tourism sector, about raffles and contests organized by Stayforlong, and about offers and promotions about the services of the Web.
Users may exercise their right of opposition to their data being processed for the purpose of sending commercial communications by email to firstname.lastname@example.org or by clicking on the option enabled for this purpose in each commercial communication sent.
Under no circumstances will Stayforlong use the personal data of users for purposes other than those mentioned above, unless prior notification to the user, giving a reasonable period for the user’s opposition to it.
- Period of conservation of personal data
The personal data provided will be kept as long as the user remains registered on the Website and does not exercise his right of withdrawal.
In case of withdrawing the consent or opposing the treatment, the data will be blocked and will stop being treated, and will be kept for a period of legal prescription in order to be able to claim or defend us from possible claims.
- Transfer of personal data
The data of the users of the Web will not be transmitted to any third party except that (i) it is strictly necessary for the provision of the services requested, in case Stayforlong collaborates with third parties (ii) when Stayforlong has express and unequivocal authorization for part of the user and (iii) when requested by the competent authority in the exercise of its functions (to investigate, prevent or take actions related to illegal actions) or (iv) finally, if required by law.
5.1 Assignment for the correct provision of services
In order to provide the services requested by users, Stayforlong will share certain personal data of users with:
- Tour operators: Stayforlong may share certain user information, such as first and last name and email address, as well as the data of the reservations made through the website (name of the owner of the reservation and the accompanying persons) , check-in and check-out date, lodging regime, amount of the reservation, cancellation policy and room type) with the tour operators that manage the tourist services hired by the users through the Web, with the sole purpose of facilitate reservations.
- Hotels in which the user has made a reservation: Stayforlong may share certain user information, such as their first and last name and their email address, as well as the data of the reservations they have made through the Web (name of the user). holder of the reservation and of the companions, date of check in and check out, accommodation regime, amount of the reservation, cancellation policy and type of room) with the hotels in which the user has made a reservation, with the only purpose of facilitating the reservation.
- Payment gateway: the credit / debit card data of the users (cardholder, number, expiration date and type of card) are stored by the payment service provider, Ingenico ePayments, whose security measures are high. is PC1 Compliant according to the Data Security Standard for the Payment Card Industry or PCI DSS (see certificate here https://payment-services.ingenico.com/es/es/ogone/support/products/pci#). If the user asks Stayforlong to delete the data from their credit / debit cards, the third payment service provider will delete said data from their servers.
- Hosting services: Hosting services providers, where appropriate, will have access to personal data of users for the sole purpose of providing the hosting service of such data to Stayforlong.
- Mailing service providers: the third-party providers of emailing campaign management services, designing and sending commercial communications and managing transactional emails.
- Prevention and anti-fraud services: user data may be communicated to the company Ingenico e-Commerce Solutions SPRL, holder of the «Fraud Expert» solution, necessary for the correct development of the payment process and the operation of the services offered by Stayforlong. «Fraud Expert» is a tool aimed at preventing and combating fraud (determining the level of risk associated with a transaction, detecting and managing the resulting resulting alerts, informing merchants so that they can make decisions, perform a «human» verification of transactions that present a certain level of risk and develop scoring models).
Also, a fraud committed by a user may lead to the registration of some of your personal data in a specific file created by Ingenico e-Commerce Solutions SPRL; The purpose of this file is to keep a trail of previous frauds. The registration of a user in this file could also lead to an aggravated risk in a future order placed on a merchant in the same sector of activity that has chosen the Fraud Expert solution and, therefore, that the user’s order is rejected.
Likewise, user data may be communicated to the company Sift Science Inc., a provider of anti-fraud and prevention services to verify the legality of transactions made by users on the Web.
Stayforlong guarantees that all commercial partners, technicians, suppliers, or independent third parties to whom data are communicated, in accordance with the provisions herein, are linked to Stayforlong by means of a binding contract or legal act to process the personal data of the users, in accordance with the applicable legislation on the protection of personal data.
In the event that suppliers are located outside the European Economic Area, Stayforlong will communicate the data through systems enabled by the European Commission and the Regulation, to countries that have an adequate level of protection of personal data or through approved contracts. the European Commission by which the rights of the interested parties are established and guaranteed and will be communicated once the approval of the relevant control authority is obtained.
5.2 Assignment expressly consented by the user
5.3 Assignment requested by a competent authority for the exercise of its functions
Stayforlong may transfer user data to security companies and Security Forces when it believes that its disclosure is necessary for compliance with the law, to enforce or apply the General Conditions of Use and Contracting or to protect rights, the property or security of Stayforlong, its users or third parties. The foregoing includes, therefore, the exchange of information with other companies and organizations as well as with security forces and bodies for the protection against fraud and the reduction of credit risk.
5.4 Assignment prior legal requirement
Upon legal request, Stayforlong may share information with agencies of executive authorities and / or third parties regarding requests for information regarding criminal investigations and alleged illegal activities.
- Security Measures
Stayforlong undertakes to adopt the technical and organizational measures established by regulations that guarantee the security of users’ personal data and avoid their alteration, loss, treatment or unauthorized access, taking into account the state of the technology, the nature of stored data and the risks to which they are exposed, all in accordance with the applicable legislation on data protection.
Notwithstanding the foregoing, it is the responsibility of the users to duly safeguard the passwords and passwords that they provide for their access as registered users on the Web, preventing the improper use thereof by third parties. Stayforlong is not responsible for the misuse of passwords and access codes that users carry out.
- Exercise of rights
At any time users can exercise their rights of access, rectification, deletion, limitation of their treatment, opposition, and portability, by means of a written communication addressed to Stayforlong, with address at C / Muntaner 112 1º 1ª, (08036) Barcelona; or by email to email@example.com. In both cases the interested user must accompany a copy of their national identity document, passport or other valid document that identifies them.
The users understand and accept that the withdrawal of consent and / or the exercise of the right of withdrawal will imply that Stayforlong can no longer provide the services of the Web.
Likewise, users will have the possibility, at any time, to withdraw the consent in the case that they have granted it for a specific purpose (without affecting the legality of the treatment based on the consent prior to its withdrawal), and, in particular, to exercise your right to object to your data being processed for the purpose of sending commercial communications by email to firstname.lastname@example.org or by clicking on the option enabled for this purpose in each commercial communication sent.
Apart from the exercise of the rights described above, users have the right to file a claim with the corresponding control authority, with the Spanish Data Protection Agency being the one indicated in the case of Spain.
Stayforlong will send users notifications about substantial changes and modifications of this document through email or any other means that ensures receipt of them.
- Applicable Law