Home > Privacy statement

Privacy statement

By using our services, you entrust your data to us. We know that this is a great responsibility and we make the maximum effort to protect your information and to allow you to control it.

The purpose of this Privacy Statement is to inform you about what data we collect from you, why we collect it, who we share it with, for how long, the legal basis of processing it and how we protect it. It also tells you how you can exercise your rights over that data and how to contact us if you have any concern or enquiry regarding the privacy of your information.


Who is the data controller?

The following conditions apply to the services of RIU Hotels, including those offered on this website and on all the RIU Hotels websites and mobile applications, as well as the services offered at our call centre.

By reading and accepting this Privacy Statement, users are informed of how RIU HOTELS collects, processes and protects the personal data that is provided to it through the website www.riu.com and any other belonging to RIU HOTELS (hereinafter, “the websites”), through RIU HOTELS applications (hereinafter, “the apps”), as well as data deriving from connecting to and browsing the websites (hereinafter, “browsing”) and any other data that users may provide in the future to RIU HOTELS through the accommodation contract or any other means available through our call centre.

Users must read this Privacy Statement carefully, which has been written in a clear and simple way to make it easy to understand, and decide, freely and voluntarily, if they wish to provide their own details or those of third parties to RIU HOTELS.

For all data processing carried out through our websites, call centre and any other information exchange with our customers through websites belonging to RIU HOTELS, the data controllers are, jointly, the companies RIUSA II, S.A and RESERVATION SHOP, S.L.U. In addition, all the companies listed in the Terms and Conditions also act as joint data controllers for this data processing in order to market hotel services according to the booked hotel’s destination.


For what purposes do we process the data you give us?

RIU HOTELS may process the data for the following purposes, according to the request the user makes or the functionality he/she uses:

1. When you contact us to make a booking at our hotels, either through the website or the call centre.

  • To manage bookings requested by the user by means of web booking or through our call centre.
  • To send the relevant booking confirmation and documentation.
  • If consent is given for it, to send marketing communications from RIU HOTELS.
  • If consent is given for it, to save the search carried out.
  • To manage “personalised quote” bookings for groups and rewards.
  • To better meet expectations and increase customer satisfaction by sending birthday greetings.

2. When contacting us to manage your booking:

  • To manage requests to access, modify or delete bookings made by Users to RIU HOTELS through “Manage my booking” or through the call centre.
  • Other data that the user provides in the open fields of forms available on the website (“Notes” field intended only for preferences regarding the destination and hotel selected: type of room, special requests etc.).
  • To send replies to requests made to RIU HOTELS.
  • Access to the booking through the code, email address and hotel (booking management).
  • Access to the booking through the guest’s details and email address.

3. When you subscribe to our newsletter:

  • To manage subscription and/or unsubscription to the Newsletter, marketing communications about our hotels, offers and other services provided by our organisation, and registration through specific forms on our websites.

4. When you join our loyalty programme, Riu Class:

  • To manage the publication of your comments on our websites.
  • To manage subscription and/or unsubscription to the blog newsletter, on the User’s request.
  • To analyse the use of our websites and verify the users’ preferences and behaviour.
  • If necessary, to monitor the content of user comments and, where appropriate, delete those whose content does not meet the applicable conditions set by RIU HOTELS.

5. When interacting with our blog posts:

  • To manage the publication of your comments on our websites’ comment sections.
  • If necessary, to monitor the content of user comments and, where appropriate, delete those whose content does not meet the applicable conditions set by RIU HOTELS.

6. When interacting with us on social media:

  • To manage the publication of your comments on community spaces on Facebook, Instagram, Twitter, Pinterest and YouTube and on WeChat, Weibo and Youku in both the public space and in direct messages you send us.
  • To run competitions on Facebook.
  • If consent is given for it, to send marketing communications from RIU HOTELS.
  • If necessary, to monitor the content of user comments and, where appropriate, delete those whose content does not meet the applicable conditions set out in this privacy statement.
  • On being approved as an influencer, to manage the information needed to form part of our team.

7. When registering in our Press area:

  • To send communications from RIU HOTELS with press release contents.

8. When requesting a wedding quote:

  • To manage the bookings requested by the user by means of web booking or through our call centre.
  • To send the relevant booking confirmation and documentation.
  • If consent is given for it, to send marketing communications from RIU HOTELS.

9. When contacting us to report an incident or complaint:

  • To manage your enquiry and resolve it through our After-Travel Customer Service department.

10. When engaging with us as a professional travel agency at RIU Pro and RIU Partner Club

  • As a company and/or agent, to manage bookings in real time at any RIU HOTELS hotel.
  • As a member of Riu Partner Club and/or RIU Pro, to manage access codes and carry out bookings for the customers of professional agencies (travel agencies).
  • On Riu Partner Club when the information processed is needed by the agency loyalty programme staff.
  • To send e-mails about RIU HOTELS promotions and products.

11. When you interact with us through our website, social media profiles or any other RIU communication channel:

  • Market analysis
  • In order to provide users with more customised services, profiles will be created based on data extracted from sales made to users and also considering their travel preferences, travel history, etc.
  • The data used in these profiles may have been obtained from the information generated by users at the hotel where they stayed or extracted from external sources (e.g., the internet, social media) and users’ interactions with the communication channels made available by RIU.
  • This information is highly useful for RIU in order to offer its users customised products in accordance with the commercial interests expressed when using the services offered in hotels, thereby improving the user experience both when providing the requested service and any future services.

12. When you contact us to make a booking for a restaurant or terrace at our hotels through our web page:

  • To manage requests to access, modify or delete bookings, made by users to RIU Hotels.
  • To send emails and/or SMS messages to confirm or reconfirm any bookings made.
  • To send emails regarding satisfaction rates.

In all data processing conducted through our websites, we analyse usage and verify the users’ preferences and behaviour to show content that matches their preferences.


What user data does RIU Hotels process?

RIU HOTELS may process the following user data, according to the purpose of our services and the functionality used by the user:

1. When you contact us to make a booking at our hotels, either through the website or the call centre.

  • Identification details: name, surname, tax identification document (expiry date and nationality), date of birth, address and nationality.
  • Contact details: e-mail address and telephone.
  • Location details: country of origin and region.
  • Request details.
  • If registering online, browsing data: IP address and variables to maintain the browsing session using cookies.
  • If making enquiries through our call centre, the recordings made by our staff.

2. When contacting us to manage your booking.

  • Identification details: name, surname, tax identification document (expiry date and nationality), date of birth, address and nationality.
  • Contact details: e-mail address and telephone.
  • Location details: country of origin and region.
  • Request details.
  • If registering online, browsing data: IP address and variables to maintain the browsing session using cookies.

3. When you subscribe to our newsletter.

  • Identification details: name, surname.
  • Contact details: e-mail address.
  • Location details: country of origin and region.
  • Browsing data: IP address and variables to maintain the browsing session using cookies.

4. When you join our loyalty programme, Riu Class.

  • Identification details: name, surname, tax identification document (expiry date and nationality), date of birth, address and nationality.
  • Personal details: date of birth and sex.
  • Contact details: e-mail address and telephone number.
  • User or account-holder identification codes or passwords.
  • Details of beneficiaries (name, surname, e-mail, date of birth).
  • Goods and services transactions at RIU HOTELS: products and services purchased.
  • If registering online, browsing data: IP address and variables to maintain the browsing session using cookies.

5. When interacting with our blog posts.

  • Identification details: name, surname.
  • Contact details: e-mail address.
  • Browsing data: IP address and variables to maintain the browsing session using cookies.

6. When interacting with us on social media.

  • When you participate in competitions on Facebook, we process data such as your name, surname, country and e-mail address. In data processing for this purpose, the conditions of use are clearly stated.
  • In any other cases of interaction with users, their personal data will not be added to our information systems.
  • On being approved as an influencer, we will process your basic personal details, your social network handles, contact details (e-mail and telephone) and follower data (content categories, markets and countries of influence).

7. When registering in our press area.

  • Identification details: name, surname.
  • Contact details: e-mail address.
  • Location details: country of origin and region.
  • Browsing data: IP address and variables to maintain the browsing session using cookies.

8. When requesting a wedding quote:

  • Identification details: name, surname, tax identification document (expiry date and nationality), date of birth, address and nationality.
  • Contact details: e-mail address and telephone.
  • Location details: country of origin and region.
  • If making the request online, browsing data: IP address and variables to maintain the browsing session using cookies.
  • Browsing data: IP address and variables to maintain the browsing session using cookies.

9. When contacting us to report an incident or complaint.

  • Identification details: name, surname, tax identification document, date of birth, address and nationality.
  • Personal details: date of birth and sex.
  • Contact details: e-mail address and telephone number.
  • Goods and services transactions at RIU HOTELS: products and services purchased. Information relating to your complaint.
  • If making the request online, browsing data: IP address and variables to maintain the browsing session using cookies.

10. When interacting with us as a professional travel agent in RIU Pro and RIU Partner Club

  • In the RIU Pro basic B2B programme: Identification details: Username, contact details: email address, telephone.
  • In the Riu Partner Club loyalty programme: Identification details: name, surname, IATA staff, language, job title within the agency. Personal details: date of birth and form of address. Contact details: agency email address, personal email address. Goods and services transactions at RIU HOTELS, booked and undertaken.

11. When you interact with us through our website, social media profiles or any other RIU communication channel.

  • Identification details: name, surname, tax identification document (expiry date and nationality), date of birth, address and nationality.
  • Contact details: email address and telephone.
  • Location details: Country of origin and region.
  • If registering online, browsing data: IP address and variables to maintain the browsing session using cookies.
  • If making enquiries through our call centre, the recordings made by our staff.

12. When you make a booking for a restaurant or terrace at our hotels through our web page.

  • Customer identification details: name, surname, telephone and email address.
  • Booking details: restaurant or terrace, day, time and number of people.
  • Payment card details may also be requested, such as provision or payment methods, but in compliance with the PCI DSS standard.

In addition, in any information request form we process the basic details of the request: Name and surname, e-mail address, telephone, message and which RIU Hotels department it is addressed to.

Some functions of the RIU Hotels app enable the geolocation of the device (tablet, smartphone etc.) that it is installed on. The user can disable this option on the device itself. However, deactivating the location may prevent the use of some of the app’s functionality.

If the user sends data about third parties, he/she expressly states that he/she has their consent and undertakes to provide the interested party, the holder of that data, with the information contained within this Privacy Statement and exempting RIU HOTELS from any responsibility in this regard. However, RIU HOTELS may carry out the verifications needed to confirm this and adopt the corresponding due diligence measures in accordance with data protection legislation.


What is the legal basis for processing personal data?

1. When you contact us to make a booking at our hotels, whether through the website or the call centre, the consent you give us on accepting this statement. with a legitimate interest we can send you birthday greetings in order to better meet expectations and increase the level of satisfaction.

2. When you contact us to manage your booking, the consent you give us on accepting this statement.

3. When you subscribe to our newsletter, the consent you give us on accepting this statement.

4. When you join our loyalty programme, Riu Class, the consent you give us on accepting this statement.

5. When you interact with our publications on our blog, the consent you give us on accepting this statement.

6. When you interact with us on social media, the consent you give through the social network.

7. When you subscribe to our press area, the consent you give us on accepting this statement.

8. When you request a wedding quote, the consent you give us on accepting this statement.

9. When you contact us to report an incident or make a complaint, the consent you give us on accepting this statement.

10. When engaging with us as a professional travel agency at RIU Pro and RIU Partner Clubthe consent you give us on accepting this statement.

11. When you interact with us through our website, social media profiles or any other RIU communication channel, the consent you give us on accepting this statement.

12. When you make a booking for a restaurant or terrace at our hotels through our web page, the consent you give us on accepting this statement.

In general, as you browse our websites and apps, we have a legitimate interest in storing your IP address and the activity carried out.

The purpose of this data processing is based on carrying out analysis of the use of the website and verifying user preferences and behaviours in order to show content that matches their preferences.


How long do we store your data?

In general, the personal data to which we have access is processed for the amount of time necessary to fulfil the purpose for which it was collected. Then, RIU Hotels will hold duly blocked personal data after it is no longer relevant to the purposes for which it was collected, in order to make it available to the competent public authorities, judges or tribunals, or the tax administration, for the duration of the limitation period of the actions that may derive from our relationship with the customer and/or the legally established storage periods. RIU Hotels will proceed to physically delete the data once those periods have passed.


Who do we share your personal data with?

In general, all the information collected from our websites and call centre is managed by companies that are part of, or affiliated with, the RIU Hotels group, all of which are in the hospitality sector. In addition, your data will be communicated to the bodies to which the hotels belong, in order that they know the conditions of your stay (price, dates, services included etc.). Some of them may be situated outside of the European Economic Area, including in countries which do not have a comparable level of protection to that of Spain, with the sole purpose of being able to render you the services appropriately.

Some of our companies may be located outside the European Economic Area, and in this case any international data transfers are duly authorised, according to the details listed below:

Personal data processing Company and location of information systems Contractual measures and authorisation
Global call centre management MX RIUSA Internal contractual measures in the RIU Hotels group.
Management of the call centre that serves local requests in Morocco. SOCIEDAD MARRUECOS Internal contractual measures in the RIU Hotels group.
Marketing e-mail delivery provider. EXPERIAN Contractual measures with the provider. Assurance of the supply chain with third parties.
Storage of personal data in blogs and wedding services. JOOPBOX or MARKSITE Contractual measures with the provider. Assurance of the supply chain with third parties.
Management of bookings for restaurants and terraces at our hotels COVER MANAGER / STRIPE Contractual measures with the provider. Assurance of the supply chain with third parties.

In complaint management, data is managed only by the After-Travel Customer Service department, and the data is only processed for that purpose. Data may only be made available to the public authorities for legal reasons. You can contact us at [email protected]

To be able to travel, it may be compulsory (due to being a requirement of the government authorities in the points of departure and/or arrival) to disclose and process your personal data for the purposes of immigration, border control, security and anti-terrorism, or any other purpose that those authorities deem appropriate. Certain countries only allow you to travel if you provide your passenger details in advance (for example, the Caribbean Community and United States security with flight details). These requirements may change, depending on your destination and we recommend checking them. We may share the minimum necessary personal data with other public authorities if there is a law that obliges us to do so, or if we are legally authorised to do so.


Cookies

Cookies and identification of devices.

The RIU Hotels & Resorts websites use cookies, which are small encrypted text files stored on the computer or device (smartphone, tablet, smartTV etc.) that the user accesses the website with. They are saved on the hard drive or storage system and your browser may use them in the future. Your browser settings allow you to accept or refuse the installation and/or use of cookies.

If you use or access our website, you consent to the use of cookies by RIU Hotels & Resorts and the third parties that offer advertising services. This page lists the tools that allow you to configure your browser correctly.

Types of cookies used by RIU Hotels & Resorts.

On the RIU Hotels & Resorts websites, we use different types of cookies, some of which are strictly necessary in order to provide some of our services via the website and to ensure certain aspects of security (for example, we need to use this technology for you to make a booking with us). We also have functionality and performance cookies which allow your visit to our website to adapt to your needs and use, as well as to improve performance so that your experience is satisfactory.

At RIU we use cookies for the following purposes:

  • For web bookings.
  • The useability and functionality of the website (remembering your preferences and which pages you have viewed).
  • Statistical purposes, without storing identification data.
  • Performance improvement (calculating the time it takes for the information to reach you etc.).
  • To identify the user if he/she has responded to a campaign, and therefore provide the offers indicated in that campaign.
  • If the user is a repeat visitor, to save previous searches in order to make it easier to browse, or other aspects for the same purpose.
  • To make our website and services more user-friendly and to show personalised advertising messages (retargeting).
  • Cookies with personal information are never used.

Manage your cookies.

You can see, delete or manage the cookies stored on your device, as well as block cookies from RIU or associated third parties or any other website. Internet browsers let you install only cookies from the websites you visit or block third party advertising cookies.

Through these links, you can find information about how to configure your browser:

Be aware that if you block certain cookies, it may affect the quality of your experience on our websites.

If you would like more information about how to manage advertising cookies, visit www.youronlinechoices.com where you can set your general preferences with the main advertising service providers.


Legal age and capacity

The user declares that he/she is over 16 years of age (expressed as “legal adult” in any potential documentation from RIU Hotels) and therefore has the necessary legal capacity to engage the services offered on the website in accordance with the contracting terms and conditions https://www.riu.com/terms


How RIU Hotels protects your personal data

RIU Hotels will at all times process users’ data with absolute confidentiality and honour the compulsory duty to keep it secret, in accordance with the provisions of the applicable legislation. It will, to this effect, adopt the necessary technical and organisational measures that guarantee the security of your data and prevent its unauthorised alteration, loss, processing or access, taking into account the development of technology, the nature of the stored data and the risks to which it is exposed.


What are your rights over your personal data

You have the right to obtain confirmation of whether we are processing your personal data or not and, if we are, to access it. You may also request that your data is corrected if it is inaccurate or completed if it is incomplete, and request its deletion when the data is no longer needed for the purposes for which is was collected, among other reasons.

In certain circumstances, you can request limitation to the processing of your data. In this case, we will only process the data affected by lodging, pursuing or defending a complaint or with a view to protecting the rights of other people. In certain conditions and for reasons related to your specific situation, you may also oppose the processing of your data. In this case, we will stop processing your data except for compelling legitimate reasons that override your interests or rights and freedoms, or to lodge, pursue or defend a complaint. In addition, and under certain circumstances, you may request that your data is made portable so that it can be transferred to another data controller. You may also revoke the consent you gave for certain purposes (for example, marketing communications), without that affecting the legality of the data processing based on consent prior to its withdrawal.

To request and exercise your rights, send an e-mail to [email protected]

In addition, if you believe that we have not met the terms of this Privacy Statement, you can contact the RIU HOTELS Data Protection Officer at the e-mail address [email protected]. You also have the option of making a complaint to the competent supervisory authority, following the procedure set out by that authority in your country.


Changes to our declaration

Version updated on 7 April 2022. Statement written in accordance with the General Data Protection Regulation GDPR 2016/679 and our data security policies and directives. The current content replaces all previous versions. We may modify the Statement at any time, so please check our websites regularly for any updates. If the changes are significant, we will post a prominent notification on our websites.