Reservation of vacation apartments

1. Personal data collected

When making a reservation through our website, we collect the following personal data in order to properly process your request and comply with the legal obligations established:

  • Full name.
  • Date of birth.
  • Nationality.
  • Identification document number (ID or passport).
  • Type of document.
  • Date of issue (when applicable).
  • Contact phone number.
  • Email address.
  • Check-in and check-out dates.
  • Reserved apartment.
  • Number of guests.

Additionally, a digital copy of the identification document of each guest will be requested, in accordance with national regulations on traveler registration.

2. Purpose of processing

The personal data obtained will be processed for the following purposes:

  • Use the provided email address or phone number to carry out communications related to the management of the reservation, such as confirmations, check-in or check-out instructions, reminders, incidents, or any information necessary during the stay.
  • Verify the identity of guests and comply with the obligation to report data to law enforcement authorities.
  • Provide useful information related to the reserved accommodation.
  • Facilitate communication with the guest before, during, and after the stay.
  • Maintain a record of preferences for future reservations.

3. Legal basis for processing

The processing of your data is based on the following legal grounds:

  • Performance of a contract: Managing the reservation implies the formalization of a tourist accommodation contract.
  • Compliance with a legal obligation: The law requires accommodation providers to register and report guest information.
  • Legitimate interest: To ensure security, improve the quality of service provided, and personalize assistance for future stays.

4. Data recipients

Your personal data may only be disclosed to:

  • Law enforcement authorities, in accordance with current regulations on public safety and traveler control.
  • Electronic payment entities (e.g., Stripe), solely for the purpose of securely processing transactions, in compliance with PCI-DSS standards and other applicable regulations.

No data will be transferred to third parties for commercial or advertising purposes.

5. Data retention

The collected data will be retained for the following periods:

  • Guest identity data: up to 1 year from the date of check-out.
  • Contact details and preferences of the reservation holder: up to 4 years, based on the legitimate interest of offering personalized future reservations, facilitating procedures, and responding to incidents.

6. User rights

As the data subject, the user may exercise the following rights:

  • Access: To know which data we are processing.
  • Rectification: To request the correction of incorrect data.
  • Erasure: To request the deletion of data when possible.
  • Objection: To oppose processing in certain circumstances.
  • Restriction: To temporarily limit the use of your data in certain cases.

To exercise these rights, you may send a written request to info@poloapartments.com. A copy of your identification document must be attached in order to verify your identity.

7. Security measures

Personal information is transmitted and stored using secure encryption technologies (SSL and AES), in accordance with the European GDPR and the Spanish LOPDGDD. All data are processed under measures that ensure their integrity, confidentiality, and availability.

The data are stored on servers located within the European Union, managed by providers that ensure compliance with the General Data Protection Regulation (GDPR) and provide appropriate levels of security and confidentiality.

8. Processing of payment data

Payments made through our website are processed by the Stripe payment gateway, a platform certified under the PCI-DSS (Payment Card Industry Data Security Standard), ensuring maximum protection of users’ financial data.

We never store the client’s credit or debit card data directly on our servers. The data entered during the payment process (card number, expiration date, CVV code, etc.) are encrypted and transmitted directly to Stripe, which securely processes the transaction.

Stripe acts as an independent data controller in relation to financial information. You can consult its privacy policy at:
👉 https://stripe.com/es/privacy

In addition, in some cases we use Stripe features such as:

  • Security deposit charge
  • Split payments (15% at the time of booking and 85% scheduled before check-in)
  • Payment method retention to facilitate scheduled charges in accordance with the conditions accepted by the customer

All these processes are carried out transparently and in compliance with current data protection regulations (GDPR and LOPDGDD).

9. Policy updates

We reserve the right to modify this policy to adapt it to legislative updates or changes in our procedures. Updates will be published on our website.