PRIVACY POLICY

Last update: November 2025.

Please read this Privacy Policy carefully. This contains important information about the processing of your personal data and the rights recognized by applicable regulations.   

We reserve the right to update our Privacy Policy at any time due to operational decisions and to comply with possible legislative or case-law changes. If you have any doubts or need clarification about our Privacy Policy or your rights, please contact us through the channels indicated below. 

Who is the Data Controller?

The Meliá Group is a company in which to operate, manage and market hotels around the world (hereinafter, hotels are referred to as “ Meliá Hotels ”).
When you visit www.melia.com (hereinafter, the “ Website ” or “ Website ”), the people responsible for processing your data is:

• Meliá Hotels International, SA (hereinafter “ Meliá ” or “ MHI ”) with fiscal ID number A-78304516 and registered office at Calle Gremio Toneleros, 24, Polígono Son Castelló, 07009 Palma de Mallorca, Spain.
• E-mail address: privacy@melia.com.
• Data Protection Delegate: dpo@melia.com. 

When you book or enjoy a stay in one of the Meliá hotels, your data will also be processed by the hotel in question.

As the company that manages central services for the Meliá Group, MHI processes your data in its capacity as customers of the Meliá Group. In this context, a “ Meliá customer ” is anyone who visits the Meliá website, makes a booking or stays in any of the Meliá hotels.

In regard to the above:

a)    Managing operations with the website and user browsing.

Meliá processes the data users provide when they visit the Website (IP address and data on the pages visited) to manage their use.
The legal basis for this processing is the legal relationship that is established when you visit our website.

If you authorize us to do so, we will use your browsing data to remember preferences, prepare statistics and, where appropriate, personalize the ads you receive.

The legal basis for this processing is your consent, given by authorizing your authorization through the cookie settings panel for analysis and measurement, behavioral advertising or preferences and personalization (+ info in our Cookie Policy).

b)    Manage requests through the Chat Service. 

If you use our “Chat Service”, (hereinafter, the “Chat”), Meliá will process your data to respond to any requests or questions you may send us through the channel. The legal basis for this data processing is the legal relationship established with users of the website or the application of pre-contractual measures at the request of the data.
Your data, including Chat transcripts, will be kept for up to 24 months, except when they have to be kept for longer in order to comply with legal obligations and/or to defend legitimate interests against possible claims.

c)    Access to MeliáRewards. 

The "My account” section on the Website allows you to create or access your Meliá Rewards account. When you enter your MeliáRewards account, you also have a communication channel available to you that allows you to get information about our hotels.
Information on the program and the processing of personal data by members is available in the MeliáRewards Privacy Policy and its General Terms and Conditions.

d)    Manage subscription to the Meliá newsletter. 

If users sign up for our newsletter, Meliá will process their email address to send them messages about the Meliá Group products and services. The legal basis for this is your express consent when signing up for the newsletter. 
You may withdraw your consent and unsubscribe from the newsletter at any time using the link provided in each message or by sending an email to: privacy@melia.com.  Withdrawal of consent will not affect any processing carried out prior to consent.

e)    Website statistical and quality management purposes

To evaluate and manage the quality of our services and products, we may gather statistics based on aggregated data obtained from transaction data and website browsing, for example, IP address, pages visited or actions carried out on the Website (+ info in our Cookie Policy).

This processing is based on our legitimate interest to assess and manage the quality and correct operation of our Website. In order to weigh this interest with regard to their rights and freedoms, it has been determined that the data processing has a limited impact on the privacy of the people involved, responds to their reasonable expectations and does not pose significant threats.

f)    Administer and manage Website security. 

Meliá will process your browsing data (IP addresses, user ID or logs) to manage the security of the website and its restricted areas. 
This is based on our legitimate interest in guaranteeing the security of our website. This interest is expressly recognized by recital 49 of the General Data Protection Regulation 2016/679 (“RGPD”). In weighing this interest with regard to their rights and freedoms, the fact that this data is processed is in line with generalized security practices and does not pose significant threats to the people involved.

a)    Management of accommodation and services bookings.

Meliá will process the data provided in the accommodation or service booking forms in order to manage and complete said bookings. The personal data we process for these purposes are: 

• Data on the name of the person booking the booking or the person requesting or contracting the service;
• Contact information;
• Data on the booking or service request;
• Financial and transaction data for goods and services related to the booking or contracted services;
• Payment method data;

This data is obtained directly from you or from third parties that process your booking or request services on your behalf, for example, the travel agency through which you booked your stay.

Depending on the type of rate you select when making your booking, we will process your financial data and data on transactions for goods and services for billing and payment for your booking. If you book a rate with direct payment in the hotel, we will process your payment method data as a guarantee of your booking.

This data is required to implement the booking contract or take pre-contractual measures at your request and also for compliance with our legal obligations in accounting and tax matters.

Your data will be shared with the Meliá hotel where the stay is booked. If your booking contains services provided by third parties, the personal data required to process the booking will be shared with the service suppliers only for this purpose. These messages are required for the implementation of the booking contract and may involve international data transfer in the case of Meliá Hotels and/or suppliers located outside the European Economic Area. 

b)    Sending marketing messages from the Meliá Group based on your customer profile.
 
If you have given your consent, Meliá will process your data to manage marketing campaigns and send you personalized information for marketing purposes using electronic and/or conventional means (among others, e-mail, SMS and telephone, etc. …) in order to offer products and services or those products marketed by the Meliá Group . Meliá will therefore prepare a customer profile based on their personal characteristics, preferences and interactions with Meliá Group digital media, as well as the products and/or services contracted and the stays enjoyed in Meliá Hotels. This profile will include the following categories of data:

• Identification and contact data,
• Personal characteristics data, 
• Goods and services transaction data, 
• Preferences shown during their stay,
• Data collected in interactions with digital media, 
• Data provided in any surveys, claims or complaints.  

This processing is based on consent and does not affect your stay in Meliá Hotels nor the delivery of the contracted services. You can revoke your consent at any time through the preferences center on our website or by sending an email to: privacy@melia.com. Withdrawal of consent will not affect any processing carried out prior to consent.

c)    Traveler register.

In compliance with the laws in each destination on traveler control and protection of public safety, Meliá may be required to report the data collected in your booking to the corresponding authorities. 

This data transfer may involve an international data transfer if the Meliá Hotel that receives the data is located outside the European Economic Area.  

Your data will be stored for the period required by applicable law. 

d)    Communications via WhatsApp.

Meliá will contact you through WhatsApp to send you messages related to your booking, which may include confirmations, reminders, information about your stay or contracted services.

Meliá will also contact you through WhatsApp to send you marketing messages, including promotions, news or personalized recommendations. This processing is based on consent and does not affect your stay in Meliá Hotels nor the delivery of the contracted services. You can revoke your consent at any time through the preferences center on our website or by sending an email to: privacy@melia.com

Withdrawal of consent will not affect any processing carried out prior to consent.

e)    Attention to special requests or needs.

Meliá will process the data on the preferences or requests you make when you book on the website in order to take into account your preferences, requests or special needs during your stay at the Meliá Hotel.

The legal basis for this processing is the contractual relationship that created when the accommodation booking or services are contracted.

If you provide health data in your preferences or requests when making a booking on the Website, such as allergies, intolerances or disabilities, for example, this data will be processed for the sole purpose of managing said preferences or requests. express consent of the guest. You may revoke your consent for the processing of your health data at any time, although if you do so it may not be possible to provide you with the requested care.

This data will be communicated to the Meliá hotel where the customer is staying. This data may involve an international data transfer if the Meliá Hotel that receives the data is located outside the European Economic Area.  

f)    Attention to claims. 

Meliá will process the data provided in any claims related to products or services offered or marketed by the Meliá Group in order to respond to them. 
This processing is required to attend to claims based on the implementation of the contract 

When required, this may include the processing of health data based on art. 9.2.f GDPR as they are required to exercise or defend claims. It may also involve communicating your data to the hotels involved and/or insurers when the matter requires their intervention. This communication of data may involve an international bank transfer if the hotel or the insurer are located outside the European Economic Area.  

g)    Application of MeliáRewards conditions.

If you are a MeliáRewards member and identify yourself as a member when you make your booking through the website, Meliá will process data on your membership to apply the benefits and conditions your membership level loyalty program. Meliá will also communicate to the Meliá Hotel that it is a member of MeliáRewards for the same purpose.

You can get more information about this process in the MeliáRewards Privacy Policy and General Terms and Conditions.

You may not know it, but the owner of the business of the Meliá Hotel in which you are staying (hereinafter the “ Owner”) may not necessarily be the Meliá Group or one of its affiliated companies. In many cases, the Owner is a third party that has signed with a Meliá Group company a hotel distribution, franchise or management agreement.

Without prejudice to the information that the Owner may provide you on arrival at the Meliá Hotel about other personal data processing, we inform you that the Meliá Hotel will process your data for the purposes related to services stipulated in their accommodation contract. We would also like to inform you that the privacy policy for each of the Meliá hotels can be viewed at check-in or by contacting the hotel directly. 

MHI will process the data generated during your stay at the Meliá Hotel for the following purposes:

a)    Attention to claims. 

Meliá will process the data provided in any claims related to products or services offered or marketed by the Meliá Group in order to respond to them. 
This processing is required to attend to claims based on the implementation of the contract. 

When required, this may include the processing of health data based on art. 9.2.f GDPR as they are required to exercise or defend claims. It may also involve communicating your data to the hotels involved and/or insurers when the matter requires their intervention. This communication of data may involve an international bank transfer if the hotel or the insurer are located outside the European Economic Area.  

b)    Sending marketing messages from the Meliá Group based on your customer profile. 

If you have given your consent, Meliá will process your data to manage marketing campaigns and send you personalized information for marketing purposes using electronic and/or conventional means (among others, e-mail, SMS and telephone, etc. …) in order to offer products and services or those products marketed by the Meliá Group . Meliá will therefore prepare a customer profile based on their personal characteristics, preferences and interactions with Meliá Group digital media, as well as the products and/or services contracted and the stays enjoyed in Meliá Hotels. This profile will include the following categories of data:

• Identification and contact data,
• Personal characteristics data, 
• Goods and services transaction data, 
• Preferences shown during their stay,
• Data collected in interactions with digital media, 
• Data provided in any surveys, claims or complaints; 

This processing is based on consent and does not affect your stay in Meliá Hotels nor the delivery of the contracted services. You can revoke your consent at any time through the preferences center on our website or by sending an email to: privacy@melia.com. Withdrawal of consent will not affect any processing carried out prior to consent.

c)    Communications via WhatsApp.

Meliá will contact you through WhatsApp to send marketing messages including promotions, news or personalized recommendations.

This processing is based on consent and does not affect their stay in Meliá Hotels nor the delivery of the contracted services. You can revoke your consent at any time through the preferences center on our website or by sending an email to: privacy@melia.com

Withdrawal of consent will not affect any processing carried out prior to consent.

d)    Quality management. 

To guarantee an optimal experience for guests and improve the operational efficiency of our hotels, Meliá will process personal data for the following purposes:

• Carrying out satisfaction surveys to determine satisfaction levels and the quality of the products and services provided.
• Analysis of data on guests and services provided in company hotels for anonymised statistical purposes and to assess the efficiency and quality of the management and delivery of services.

The legal basis for this processing is our legitimate interest in maintaining and improving the quality of our services. To assess the legitimate interests of Meliá with regard to your rights and freedoms, the following has been determined:

• The data processing is compatible with the reasonable expectations of the data subject given that they are customers of Meliá hotels and this is a general practice in the industry. 
• The impact of processing on the privacy of the interested parties is limited depending on the type of data affected and the purpose of the processing.

If you contact our Call Centre, Meliá will process the data you provide in your application, booking request, question and/or claim in order to attend to the request.  

Calls managed by our Call Center may be recorded for service quality control purposes and, where appropriate, for the management of claims. Recordings may be kept for a maximum of 24 months, except when they have to be kept for longer in order to comply with legal obligations and/or to defend legitimate interests against possible claims.

Your data will be processed to respond to enquiries, booking requests or claims in the implementation of a contract or to apply pre-contractual measures at the request of the hotel or to defend against customer claims.

The processing of call recordings for quality control purposes is legally based on our legitimate interest in maintaining and improving the quality of our services. To assess the legitimate interests of Meliá with regard to your rights and freedoms, the following has been determined:

• The data is compatible with the reasonable expectations of the data subject given that they are customers or potential customers of Meliá hotels and this is a normal practice in the industry. 
• The impact of processing on the privacy of the interested parties is limited depending on the type of data affected and the purpose of the processing.
• If calls are recorded, the people involved must be informed prior to the recording regarding the way their data will be processed.

Data conservation periods

Unless specific periods are indicated in relation to a specific purpose, personal data will be processed for the period required for the fulfillment of each purpose and during the applicable legal limitation periods to attend to any possible liabilities derived from processing.

If the basis for legitimation of data processing is the express consent of the interested party, we would like to inform them that that data will be processed until they revoke their consent. Users may revoke their consent for the processing of their data at any time by sending a request to: privacy@melia.com. Likewise, the revocation of consent will not affect the legality of the processing based on consent prior to its cancellation.

What are your rights?

In the terms and with the requirements defined by applicable data protection regulations, you have the right to:

• Revoke any consent they have previously given.
• Access their personal data.
• Rectify inaccurate or incomplete data.
• Request the deletion of their data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Oppose the processing of their data.
• Not be the subject of a decision based solely on automated processing, including profiling, that has legal effects on them or significantly affects them in a similar way. 
• Limit the processing by Meliá of their data if any of the data protection regulations are not met.
• Request the portability of their data.

To exercise the aforementioned rights, you must send a written message to Meliá Hotels International, SA, Calle Gremio Toneleros, 24, Polígono Son Castelló, 07009 Palma de Mallorca, Spain or by email to privacy@melia .com, proving your identity. 

The person may also make a complaint to the corresponding data protection authority if they consider that Meliá has violated their rights under applicable data protection regulations.

You can contact our data protection officer at dpo@melia.com.

Responsibility of the data subject

The stakeholder is responsible for:

• Ensure that the data provided to Meliá is true, accurate, complete and up to date. They are responsible for the accuracy of all the data provided and for keeping the information provided up to date so that it reflects their real situation. 
• Inform third parties that provide personal data about the content of this document, if any. The Contractor is also responsible for obtaining authorization to provide their data to Meliá for the purposes indicated.
• The Parties will be responsible for any false or inaccurate information provided through the Website and for any direct or indirect damages this causes to Meliá or third parties.

Security Measures

Meliá will process the data at all times with absolute confidentiality and with the mandatory duty of secrecy in accordance with the applicable regulations, adopting the technical and organizational measures required to guarantee the security of their data to avoid its alteration, loss, processing or unauthorized access, taking into account the state of technology, the nature of the data stored and the risks to which it is exposed.

Notices related to local laws and regulations:

Meliá Hotels International, SA ( “Meliá” ) is a Spanish company and data processing must comply with the Law on Data Protection and Digital Rights Guarantee 3/2018, of December 5, ( "LOPDGDD" ) and with the European General Data Protection Regulation 2016/679 ( "RGPD" ). In addition to the LOPDGDD and GDPR, there are also other laws and regulations that, depending on your specific situation, may also regulate the processing of your personal data. The following is additional information that may be applicable:

a)    The following conditions only apply to the US market. in compliance with the telephone consumer protection law of 1991

Meliá offers free SMS text messaging services to inform you about important issues related to your account or our products. This may include information about your account, updates or products. Meliá provides the service free of charge. The frequency of messages may vary. Standard message and data rates may apply. Consent to receive marketing text messages is not required to buy products or services. Texts can be sent using automatic telephone dialing systems.

To get a Meliá email alert, text JOIN to 45534. If you want to unsubscribe from this service, please send the message STOP to 45534. If you have any questions about SMS text services, please send HELP to 45534.

The participating companies are: AT&T, Verizon Wireless, Sprint, T-Mobile, US Cellular, Boost Mobile, MetroPCS, Virgin Mobile, Asia Pacific Communications Systems (ACS), Appalachian Wireless (EKN), Bluegrass Cellular, Cellular One of East Central, IL (ECIT), Cellular One of Northeast Pennsylvania, Cricket, Coral Wireless (Mobi PCS ), COX, Cross, Element Mobile (Flat Wireless), Epic Touch (Elkhart Telephone), GCI, Golden State, Skye (Chat Mobility), Skye (NW Missouri), illinois Valley Cellular, Inland Cellular, iWireless (Iowa Wireless), Keystone Wireless (Immix Wireless/PC Man), Mosaic (Consolidated or CTC Telecom), Nex-Tech Wireless, NTelos, Panhandle Communications, Pioneer, Plateau (Texas RSA 3 Ltd), Revol, RINA, Simmeter (TMP Corporation), Thumb Cellular , Union Wireless, United Wireless, Viaero Wireless, and West Central (WCC or 5 Star Wireless).
Note: T-Mobile is not responsible for delayed or undelivered messages.

For more information, see our Privacy Policy.

If you have questions about SMS services or need help, call 18444259969. To cancel the service, send a text message with the word STOP to 45534.

b)    Special provisions for residents in Thailand:

1. International data transfers: 

As some recipients may be located outside of Thailand and Meliá's systems are located outside of Thailand, the data will be transferred to and processed outside Thailand. 

2. Exercise of rights

In addition to the rights described in the section "What are your rights", users may also exercise the following rights:

• Right to suspend data processing
• Right to request copies of your data

c)    The following conditions only apply in Canada:

If you sign up for our MeliáRewards loyalty program and choose to redeem your MeliáRewards points on the website or through the App, we may use your mobile phone number to send you a confirmation code to confirm your transaction before processing your points redemption . Message and data rates may apply.

d)    Special provisions for residents in China    

Additional information about the People’s Republic of China (only for the purposes of this Declaration, excluding the Hong Kong Special Administrative Region, the Macao Special Administrative Region and the TaiWan region) (hereinafter "China" )

If there is any discrepancy between the Privacy Policy and the provisions of this section, the latter will prevail for residents in China.

Data processor:

In the People’s Republic of China, the data processor designated by Meliá is Sol Meliá Hotel Management (Shanghai) Co., LTD., with registered office at: Unit 02, 03, Floor 34, Jinmao Tower, No. 88 Century Avenue, China (Shanghai) Pilot Free Trade Zone. If you have any questions or concerns regarding your personal information or this Privacy Policy, please contact China.Policy@melia.com.

Collection and consent

To the extent required by applicable law, we will obtain your consent (separate, if applicable) to collect, use, share, transmit (including, among others, transmission abroad), disclose or process your personal information.
Directly from you: We collect this information: 

To register you for MeliáRewards, the information collected includes: 

• Nationality, first name, last name, email address, country of residence, phone number, date of birth
• To ensure secure access to MeliáRewards, we will collect your username and password.

Members’ data will be processed to manage their registration for the program and to earn and redeem points. Once members become members, we will therefore process all the data related to their accommodation contracts and how to earn and redeem points. This information is not collected when you register, but is rather processed whenever you become a member.
To book a stay, the information collected includes:

• Gender, nationality, name, surname, email address, country of residence, phone number, credit card information or other payment data

To sign up for the newsletter, the information collected includes:

• Nationality, first name, last name, email address, phone number, contact preferences

If you provide us with additional information about food allergies and intolerances, preferences and geolocation data, we can provide you with better personalized service. 

If you provide us with personal information about other people (for example, relatives) during your hotel booking or stay, we would ask you to make sure they are willing to share their personal information with us and that they should be guided by this Privacy Policy if they want to know how we use their information.

And also: We automatically collect information when you use our website and mobile applications, when you interact with other digital channels, and in some cases when we contact you by email. In these cases, we may automatically collect information such as your country, Internet protocol ( IP ) addresses, intermediate access control addresses, your interactions with these channels and other characteristics about your system or device. 
This information is collected to complete the functionality and improve the user experience of the services. This information is also used to aggregate trends and statistical analyzes to show you more relevant ads and information.

Confidential personal information:

Certain types of personal information described in this Privacy Policy are considered "confidential" information and are subject to other applicable regulations depending on the jurisdiction and applicable laws in which you work or live. When applicable, the personal information referred to in this Privacy Policy will be considered to include sensitive personal information, if applicable.

“Sensitive personal information” as defined by Chinese laws and regulations which we collect and use for the purposes described in the above Privacy Policy includes the following information:

• Food allergy 
• Accommodation registers;
• Location information;
• Payment card information (used to pay for hotel stays, deposits or other services);

Information for children

We take the protection of children’s personal information very seriously. Our Website and services are mainly aimed at adults. Children should not create their own user accounts without the consent of their parents or guardians. Although local laws and customs define children differently, we consider anyone under the age of 14 to be a child.

If we collect information on minor users with the consent of their parents or guardians, we will only store, use or publicly disclose that information if allowed by law, with the express consent of the parents or guardians or if it is required for the protection of children and we will delete any relevant data as soon as possible.

Due to the limitations of technology and the existing business model, it is difficult for us to proactively identify children's personal information. If you discover that we have collected personal information from children without our knowledge or without the prior consent of verifiable guardians, you may contact us in time and we will try to delete it in a timely manner if discovered. If we find any of the above circumstances ourselves, we will also eliminate them in a timely manner, except for those that are required by law to be preserved.

The exception to authorized consent

Please understand that according to relevant national laws and regulations we do not need to get your authorization and consent to collect and use your user information in the following circumstances:
1. Directly related to national security and the security of national defence;
2. Directly related to public safety, public health and key public interests;
3. Directly related to the criminal investigation, judicial process and the implementation of sentences;
4. To protect their life, property and other important legal rights and interests or those of other people, but it is difficult to obtain their consent;
5. The collected user information is disclosed to the public by yourself;
6. Your user information collected from legally disclosed information, such as legal news reports, governmental information disclosure and other channels;
7. Required for the signature or implementation of the contract in accordance with your requirements;
8. Necessary for the safe and stable operation of the software and related services, such as the discovery and management of software failures and related services;
9. The person controlling personal information is the news organization required to carry out legal news reports;
10. When an academic research institution performs statistics or research of public interest and provides the results of the academic research or a description to the public, it must de-identify the personal information contained in the results.
11. Other circumstances provided by law.

How do we use the information we collect?

Unless otherwise indicated when data is collected or unless authorized by the law or you, we use personal information only for the purposes described in this Privacy Policy. 
We also use the personal information collected by Meliá for the following purposes:

• Operate, maintain, update and provide all of the highlighted services, provide you with the services and information you require, respond to comments and questions and provide support to users.
• To understand and analyze user trends and preferences, improve Meliá hotel services and develop new products, services, features and functions. With your consent or as allowed by applicable law, we may send you marketing information by email and/or traditional letters, SMS,/or telephone, etc. depending on your preferences. to share products, services, promotions, special offers, events or other matters related to you. If you do not wish to receive promotional messages, you can choose to not receive any promotional messages through privacy@melia.com or using the option to cancel each of the marketing messages received.

Share and disclose your personal information with third parties

We may share and disclose your personal information with third parties.
If you request services offered by MeliáRewards partners (including airlines, shopping, car rental, leisure and others), we will share your data with these partners so that they can attend to your request.

We will also share information with sub-processors to provide you the services defined in this Privacy Policy. 

We will also send your personal information to the hotel where you made your booking so they can manage your stay.

Personal data transfer:

As a global hotel group, Meliá may transfer your personal information to Meliá in Palma de Mallorca, Spain, and other affiliated entities or Meliá hotels in countries where you book stays, always as required by law and with your consent . These entities will process your personal data in accordance with this Privacy Policy to provide you with premium quality services.

Meliá will take appropriate measures to ensure that the cross-border transfer of data and processing of personal information by Meliá affiliated entities abroad comply with the requirements of applicable law. These mechanisms are designed to ensure appropriate protection of your personal information in accordance with applicable law. If you would like to exercise your rights with regard to personal information, you may contact Meliá at privacy@melia.com.

How we store and protect your personal information

We will store your personal information for as long as it is required to achieve the purposes described in this Privacy Policy during your use of our services and as required by applicable law. 

We will take reasonable security measures to protect your personal information in accordance with industry standards, and promise to use various technologies and measures to protect your personal information from unauthorized access, use, modification, disclosure and damage, such as the use of encryption technology to protect your personal information. 
We will attend personal information security incidents in accordance with applicable laws and regulations and provide training in personal information protection to relevant personnel to raise their awareness about the importance of personal information and their responsibilities in the protection of personal information. personal information.

SDK and other similar software technologies provided by unaffiliated entities

According to the laws of the People's Republic of China, Meliá must disclose the SDK for recognition. In the course of providing products or services, we may implement plug-ins that are not associated with entities, such as SDKs for software development kits, statistical analysis tools, etc., which may collect your personal information. 

To help you understand the SDKs we use from unaffiliated entities, you can see the following list of SDKs to get more information about our integrated SDKs.

If you use features and plug-ins provided by unaffiliated entities, those entities’ privacy policies may also apply.

Some of these organizations may collect data on you for use and processing and may ask for your consent before doing so. 

We recommend that you read the privacy policies of these unaffiliated entities before using their functions and plug-ins to understand how they collect and process your data:

SDK name application	SDK name supplier Purpose of	Collection and Use	Personnel Information Collected through SDK	Sensitive Permission Inquiry	Link to SDK Supplier Privacy policy
Dynatrace	Dynatrace LLC	Collect and analyze data to provide information on application performance and behavior	Device information: -Device type -Operational system Version -Device Language - Device ID User location	Location	https://www.dy natrace.com/s upport/help/m anage/data-pri vacy-
FBSDKCoreKi	Goal	To control linking to the app from the Facebook app or manage a deferred deep link that was sent to a user through a Push notification	N/A	Push notifications	https://www.fa cebook.com/p privacy/policy/? entry_point = d ata_policy_re direct&entrada= 0
MarketingClou dSDK	Salesforce, Inc.	Create Personalised led Marketing Campaigns for better engagement	Device information: - Device type -Operational system Version - Device ID -Device Language Location data	Location Push notifications	https://www.sa lesforce.com/ es/company/p rivacy/full_priv Days
ServiceSDK/C hat	Salesforce, Inc.	To offer Personalised customer support and improve customer satisfaction through efficient communication and collaboration	Device information: - Device type -Operational system Version - Device ID -Device Language User information: -Full name -Bookings information	Location Push notifications	https://www.sa lesforce.com/ es/company/p rivacy/full_priv Days
SaltoJustINM obileSDK	SALTO Sistemas, SL	To allow users to access through a mobile app	Book information: - Digital code	Location Bluetooth	https://saltosy stems.com/es -es/datos-lega /privacy/ Privacy - Police without system jump s /
MCM	ONE2ONE DIGITAL STRATEGY SL	To personalize and optimize the user experience	Equipment Advertising ID	Permission for Court (AppTracking Transparency) [iOS]	https://www.m o2o.com/politi Ca-de-Privacy announcement/
Akamai	Akamai Technologies Inc.	Support against attacks already improve safety of network access	-IP address -device information	N/A	https://www.ak amai.com/es/l egal/complian CE/Privacy-TRU ST-CE
FirebaseCras Lithic	Google, Inc	. to identify and Solve application blocked and issues Improve the application performance and improve the user experience	Device information: - Device type -Operational system Version - Device ID	Permission for Court (AppTracking Transparency) [iOS]	https://policies .google.com/p rivacy?hl=es- 419
VWO	Wingify	To personalize and optimize the user experience from User tracking behavior and Interactions using the APP	Device information: - Device type -Operational system -Device Language -IP address	N/A	https://vwo.co m/es/privacy policy
Fire base	Google, Inc.	To track users behavior and Interactions with the application, and use this data to be generated information and Improve the user experience. To deliver and contextual messages to user-based in their behavior and Preferences.	Device information: - Device type -Operational system -Device Language -IP address User behavior data: -use Patrons -user Interactions using the APP Related data to events, such as request and response Payloads.	Push notifications	https://policies .google.com/p rivacy?hl=es- 419
FirebaseAnalytics	Google, Inc.	To track users behavior and interactions with the application and use this data to generate information and improve the user experience.	Device information: - Device type -Operational system - Device language -IP address User behavior data: - patterns of use - user interactions using the APP Data related to events such as request and response Payloads.	N/A	https://policies.go ogle.com/privacy? HL = ES-419S
FirebaseInAppMe ssagingDisplay	Google, Inc	To deliver and contextual messages to based on their behavior and Preferences.	Device information: - Device type -Operational system - Device language -IP address User behavior data: - patterns of use -Clicks - user interactions using the APP	N/A	https://policies.go ogle.com/privacy? HL = ES-419
FirebaseMessagi Ng	Google, Inc.	To deliver and Personalised Push notifications and messages to based on their behavior and Preferences.	Device information: - Device type -Operational system - Device language -IP address User behavior data: - patterns of use -Clicks - user interactions using the APP	Push notifications	https://policies.go ogle.com/privacy? HL = ES-419
FirebasePerformance	Google, Inc.	to monitor and optimize application performance to guarantee User experience	Device information: - Device type -Operational system - Device language -IP address User behavior data: - patterns of use -Clicks - user interactions using the APP	N/A	https://policies.go ogle.com/privacy? HL = ES-419
FirebaseRemote Settings	Google, Inc.	To personalize the user significant experience and improve Commitment through delivery Personalized content and to users based on their behavior and Preferences	Device information: - Device type -Operational system - Device language -IP address User behavior data: - patterns of use -Clicks - user interactions using the APP	N/A	https://policies.go ogle.com/privacy? HL = ES-419

Mobile device permissions

If you decide to use the option to find nearby hotels, we will need your permission to access your location data to carry out this function.

Personalized marketing messages

To help you get more information you need to collect your personal information to provide you with personalized marketing messages.

If customers wish to stop receiving commercial or promotional messages, they may request cancellation by sending an email to the following address: privacy@melia.com indicating in the email that they do not wish to receive said marketing or promotional information or (ii) using the cancellation option in each of the marketing messages sent.

What are their rights:

In addition to the rights indicated in the section “What are your rights?” of this Privacy Policy, you also have the following rights under the data protection laws of the People’s Republic of China:

• Access their personal information and get a copy of the information. You have the right to access the personal information we have about you or to get copies of that information.
• Transfer your personal information. You have the right to request that your personal information be transmitted to another data controller as allowed by applicable law.
• Close your account. You also have the right to contact china.policy@melia.com and request that we close your MeliáRewards account.
• The right to request the deletion and correction of data: You can ask us to correct any incorrect information about you (see the section on "Exercise of rights" for more details). We would be happy to correct any such information, but first we must verify its accuracy.

If you believe that we no longer need to use your information for the purpose for which it was collected, you can request that we delete your information. You can also ask us to delete your information if you have withdrawn your consent for us using your information (if we originally asked you to give consent for us using your information), or if you have exercised your rights against the subsequent legal use of your information, or if we have used your personal information illegally, or if we are required by legal obligations to delete your personal information.

• In individual cases, we may not be able to meet your requirements. Examples of such circumstances include the need to retain your information to comply with legal obligations, or the use of information to support a legitimate claim, exercise a legal right or defend yourself against a lawsuit.
• The right to revoke consent for permission to use mobile devices
• You can revoke authorization or consent for the use of mobile devices in the settings options on the device.

To exercise any of the above rights, you can also contact us by sending an email to China.Policy@melia.com.

We are committed to responding to all valid requests to exercise the above rights within 15 business days of verifying your identity. In order to respond more quickly, we may ask you to provide more detailed information related to your request.

In individual cases, we may not be able to comply with your request. For example, your request may affect our duty of confidentiality towards others, or we may have a legal right to handle your request differently.

Privacy policy update

Meliá reserves the right to update or modify this policy from time to time. If our privacy policy changes, we will publish the latest version of the privacy policy here. If we make a material change to our Privacy Policy, we may also notify you of the change through several channels, for example, by publishing a notice on our website or by publishing a separate notice to you.

How to contact us:

If you have any questions or concerns about the Privacy Policy or data privacy terms, please contact us at: 

E-mail address: China.Policy@melia.com

Address: Unit 08, 16th Floor, 1788 Square, No. 1788, West Nanjin Road, Jing'an District, Shanghai, 200040, China

Contact person: Data Protection Delegate

We will respond within 15 business days of verifying the identity of the requester.

e)    Provisions applicable to residents in Vietnam:

If there is any discrepancy between the Privacy Policy and the provisions of this section, the latter will prevail for residents in Vietnam.

The following information is aimed at the Vietnamese market and in order to ensure compliance with Vietnamese regulations on personal data protection.

Legitimation: Consent is the main basis for the processing of personal information, with the exception of emergencies to protect vital interests, applicable legal requirements, national security, public order, catastrophes, crime prevention, contractual obligations (in the Meliá General Booking Conditions, MeliáRewards Program Conditions, etc.) and compliance with specific laws. 

Confidential personal data: Geolocation data and payment card information are considered confidential personal data under Vietnamese law and must be protected with the appropriate protection measures. 

Processing method: Customer data is collected from numerous sources, including, among others, directly through the Meliá application and website, during check-in and the stay in the hotel, from online travel agencies, etc. This data is stored in Meliá systems. Automated tools are used to manage bookings, send booking confirmations and analyze data to understand customer behavior and provide personalized services. Data is shared with hotels and partners as required with strict security measures and access controls. Partners must comply with Meliá's data processing standards.

Recipients of the data: User data may be shared with companies in the Meliá group, hotel operators, suppliers and partners for internal administrative purposes, compliance with legal obligations or other specific purposes, including marketing communications if so authorized. The data may also be communicated to public authorities when required by law. 

When you book a hotel on the Website, your data will also be shared with the hotel owner and the service providers in the reserved area for the management of the stay and the delivery of auxiliary services.

As the hotel management company for the hotels in Vietnam, Meliá Vietnam Company also has access to User data for hotel management purposes. 

Rights and obligations of the interested parties: 

In addition to the rights described in the section on "What are your rights", you also have the right to take legal action and claim compensation for any breach of data protection. You can also take measures to protect your data or ask for help from the authorities. You are required to safeguard your own data, respect the data of others, provide accurate information and comply with data protection law. 

How to contact us: 

If you have any questions or concerns about the Privacy Policy or data privacy terms, please contact us at: E-mail address: vietnam.dpo@melia.com or to the postal address: Level 8-9, Worc@Q2, 21 Vo Truong Toan, An Khanh Ward, Ho Chi Minh City, Vietnam.