Our Privacy Policy

1 | IDENTIFICATION
Holder: Meliá Hotels International, S.A. (hereinafter, “MHI”).
Tax ID No.: A78304516
Registered office: Calle Gremio Toneleros 24, 07009 Palma de Mallorca
Registry data: Registered with the Mercantile Registry of Palma de Mallorca, Folio 112, Volume 1335, Sheet PM-22603.
Email: privacy@melia.com
Data Protection Officer (DPO): Users may contact the DPO by email at dpo@melia.com or by letter sent to MHI, marked for the attention of the “Data Protection Officer”.

2 | INFORMATION AND CONSENT
By reading this Privacy Policy, the user is hereby informed on how MHI collects, processes, and protects personal data collected through the website www.melia.com (hereinafter, the “website”), the MHI App (hereinafter, the “App”), their connection to and browsing of the Website (hereinafter, “browsing”), and any other data that may be provided in the future to MHI through the Accommodation Agreement or any other enabled means.

The User must carefully read this Privacy Policy, which has been written clearly and simply to facilitate understanding, and freely and voluntarily determine whether they wish to provide their personal data, or those of third parties, to MHI.

3 | OBLIGATORY NATURE OF PROVIDING DATA
In order to meet its stated purposes, the data requested in forms on the MHI Website is, in general, mandatory, unless specified otherwise. If it is not provided, or not provided correctly, we will be unable to process the request.

4 | FOR WHAT PURPOSE WILL MHI PROCESS THE USER'S PERSONAL DATA AND FOR HOW LONG?
Depending on the User’s requests, the personal data collected will be processed by MHI in accordance with the following purposes:

-To manage bookings, including payment management (where applicable) and the management of the user’s requests and preferences;
-To manage newsletter subscriptions and deliveries;
-To manage registration in the MeliáRewards programme, as well as obtaining and redeeming points;
-To manage the User’s MHI contact requests;
-To manage the sending of personalised commercial communications by the Meliá Group, by electronic and/or conventional means, in cases where the User expressly consents;
-To manage the sending of personalised commercial communications related to the MeliáRewards programme, unless the User specifies otherwise;
-To manage the provision of contracted accommodation services, as well as additional services; and
-To manage surveys and/or evaluations regarding the quality of the services provided by MHI and/or the perception of its image as a company.

The User’s data will be kept for the period required to fulfill each purpose, or until the User requests their withdrawal from MHI or opposes or revokes their consent.

5 | WHAT USER DATA WILL MHI PROCESS?
MHI may process the following types of data, depending on the User’s request:
-Identification data: name, surname(s)
-Contact details: Postal address, mobile telephone number, email address
-Data corresponding to the MeliáRewards loyalty programme
-User ID codes or passwords
-Personal data: date of birth, gender, nationality
-Details of preferences
-Geolocation data
-Card data required for payment or to guarantee the same, as well as to pay for the stay or the services associated with it

In the event of registration and/or access through a third-party account, MHI may collect and access certain information of the User’s profile from the corresponding social network, solely for internal administrative purposes and/or for the purposes indicated above.

In the event that the User provides third-party data, he/she declares that they have the third party’s consent and undertakes to provide the interested party -the data holder- with the information contained in this Privacy Policy, duly exonerating MHI from any liability in this regard. However, MHI may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.

6 | WHY DO WE PROCESS YOUR DATA?
The data processing required to fulfill the aforementioned purposes cannot happen without the User’s consent. In the event that the User withdraws their consent, the legality of any previously-completed processing shall not be affected.

To revoke said consent, the User may contact MHI through the following channels:
-By means of a letter addressed to Meliá Hotels International, S.A., C/ Gremio Toneleros 24, 07009 Palma de Mallorca; or
-By means of an email sent to privacy@melia.com,

In both cases, Users should reference “Data Protection”.

However, in cases where it may be necessary to process the User’s data to fulfill a legal obligation or execute an existing contractual relationship between MHI and the User, the processing would be legitimized, as it is necessary to comply with said purposes. Elsewhere, the processing undertaken in the performance of surveys and/or evaluations regarding the quality of the services provided by MHI and/or the perception of its image as a company will be carried out on the basis of the legitimate interests of the data controller.

7 | WHO DO WE DISCLOSE DATA TO?
The User’s data may be disclosed to:

-Investee companies or companies within the MHI business group, solely for internal administrative purposes and/or for the purposes indicated above;
-Hotel operators managed by MHI or under a franchise agreement, solely for internal administrative purposes and/or for the purposes indicated above;
-MHI’s or hotel operators’ suppliers, for the fulfillment of legal obligations and/or the purposes previously indicated;
-Partners and collaborating companies of the Meliá Group, for the fulfilment of the aforementioned purposes and/or, if so authorized, for sending commercial communications; and
-Public Administrations, in cases stipulated by Law.

The recipients indicated in this section may be located within or outside the European Economic Area. For the latter, international data transfers must be duly legitimated.

8 | USER’S RESPONSIBILITY
The User:
-Guarantees that they are of legal age or legally emancipated (where applicable), fully capable, and that the information furnished to MHI is true, accurate, complete, and up-to-date. For these purposes, the User is responsible for the truthfulness of all provided data and will keep the information updated, so that said data reflects their actual situation.
-Guarantees that they have informed third parties on whose behalf they have provided data, where applicable, of the aspects contained in this document. They also guarantee that they have obtained the third party’s authorisation to provide their data to MHI for the purposes indicated.
-Will be responsible for false or inaccurate information provided through the Website and for any damages, direct or indirect, that this may cause to MHI or third parties.

9 | COMMERCIAL AND PROMOTIONAL COMMUNICATIONS
One of the purposes for which MHI processes User data is to send commercial communications, through electronic and/or conventional means, with information concerning products, services, promotions, offers, events, or other relevant news. Whenever any communication of this type is made, it will be sent solely and exclusively to those Users who have authorized its reception and/or who have not previously expressed their refusal to receive it.

To this end, MHI may analyse the data obtained in order to create user profiles that help better understand which products may be of interest.

In the event that the User wishes to stop receiving commercial or promotional communications from MHI, they may opt out by either sending an email to privacy@melia.com or exercising the withdrawal option provided in each commercial communication sent.

10 | GEOLOCATION DATA
Some of the MHI App’s functionalities allow for the geolocation of the device (Tablet, Smartphone, etc.) on which it is installed. The User may disable this option directly on the device itself; however, disabling this option may prevent the use of some App features.

11 | EXERCISING USER RIGHTS
At any time, the User may send a letter to Meliá Hotels International, S.A., C/ Gremio Toneleros 24, 07009 Palma de Mallorca, or an email to privacy@melia.com — in both cases referencing “Data Protection” and with a photocopy of a current ID or passport — in order to:

-Revoke previously granted consent;
-Obtain confirmation about whether or not personal data concerning the User is being processed at MHI;
-Access their personal details;
-Rectify any inaccurate or incomplete data;
-Request the deletion of their personal data when, among other reasons, the data is longer necessary for the purposes for which it was collected;
-Obtain data processing limitations when any of the conditions provided in the data protection regulations are met;
-Express your point of view and challenge the automated decisions adopted by MHI; or
-Request the portability of your data.

Likewise, the User may, at any time, file a complaint regarding the protection of their personal data before the competent Control Authority.

12 | SECURITY MEASURES.
MHI will always process the User’s data in a confidential way, and will maintain secrecy regarding said data, in accordance with provisions set out in applicable regulations. To this end, MHI will adopt measures — technical and organisational — required to guarantee the security of said data and prevent it from being altered, lost, processed, or accessed illegally, depending on the state of the technology, the nature of the stored data, and the risks to which they are exposed.

Last updated: 27 April 2018