1. Identity of the data controller

In accordance with the applicable data protection regulations, please be informed that the personal data processed through the website and the services related to tourist accommodation activities are the responsibility of:

• Data controller: BELCORAN, S.L.
• Tax ID: B16798225
• Registered address: Calle Alcalde Marchesi, 23, 15006 A Coruña, Spain
• Email: info@belcoran.com
• Telephone: +34 660 72 09 61

2. What data we process

3. How we obtain data

• Through forms published on the website.
• By email, telephone, or WhatsApp when the user starts or maintains an enquiry or management related to a stay.
• Through the booking engine or technological systems linked to direct contracting.
• Through OTAs, agencies, or intermediaries when the booking is not made directly with us.
• Through the application or remote system used for online check-in and guest registration.
• Through cookies and similar technologies, when the user accepts them or when they are strictly necessary.

4. Purposes of processing and legal basis

4.1. Handling enquiries, requests for information, and user requests

We process data in order to reply to enquiries received through forms, email, telephone, or WhatsApp.

Legal basis: implementation of pre-contractual measures at the request of the data subject and, where applicable, consent when required by the nature of the enquiry.

4.2. Managing direct bookings and the contractual relationship with the guest

We process the data necessary to handle the booking, confirm the contract, manage the stay, deal with incidents, coordinate access to the accommodation, and provide the contracted service.

Legal basis: performance of a contract or implementation of pre-contractual measures.

4.3. Managing bookings made through third parties

When the booking comes from an OTA, agency, or intermediary, we will process the data sent by such third parties in order to manage the stay, communicate with the guest when necessary, and fulfil the obligations arising from the contracted service.

Legal basis: performance of the contract, implementation of pre-contractual measures, and, where appropriate, legitimate interest in the proper management of the service.

4.4. Managing check-in, operational communications, and support during the stay

We process the data necessary to send arrival instructions, access information, stay information, check-in instructions, incident-related communications, or operational information exclusively related to the provision of accommodation services.

Legal basis: performance of the contract or implementation of pre-contractual measures.

4.5. Complying with legal obligations applicable to accommodation activities

We process the data required by the applicable regulations on documentary registration and guest information, as well as the data needed to respond to requests from authorities and to comply with tax, accounting, administrative, or security obligations.

Legal basis: compliance with legal obligations.

4.6. Managing charges, payments, invoicing, and accounting

We process the data necessary to issue invoices, record charges, manage payments, process refunds, and comply with accounting and tax obligations.

Legal basis: performance of the contract and compliance with legal obligations.

4.7. Ensuring website security and protecting services

We may process technical or browsing data when necessary to maintain website security, prevent unauthorised access, fraud, misuse, or technical incidents.

Legal basis: legitimate interest in the security of systems and services and, where applicable, compliance with legal obligations.

4.8. Sending information expressly requested by the guest

We will only send non-strictly operational information when it has been expressly requested by the user or guest.

Legal basis: consent of the data subject or prior express request.

5. Data recipients

Personal data may be disclosed or made accessible, where necessary, to:

• technology providers related to the website, hosting, booking engine, check-in, operational management, or communications;
• analytics or technical support providers, where applicable;
• messaging or communication providers used for operational guest support;
• financial institutions or payment providers, where necessary to manage charges or refunds;
• consultants, administrative service providers, tax advisors, or accounting providers;
• law enforcement bodies, administrative, tax, or judicial authorities, where there is a legal obligation;
• OTAs, agencies, or intermediaries, where necessary for the proper management of the booking or related incidents.

6. International data transfers

As a general rule, BELCORAN, S.L. will seek to use providers that offer adequate data protection safeguards.

When any of the providers, tools, or services used involve international transfers of data outside the European Economic Area, such transfers will only be carried out where there is a valid legal basis and appropriate safeguards in accordance with the applicable regulations.

Users may request additional information about such safeguards by writing to info@belcoran.com.

7. Retention periods

Personal data will be retained for as long as necessary to fulfil the purpose for which it was collected and, thereafter, for the periods required by the applicable regulations or for as long as legal liabilities may arise.

• Enquiry data will be retained for the time necessary to handle the enquiry and, afterwards, for the applicable statutory limitation periods.
• Booking, stay, incident, payment, and billing data will be retained for the time necessary to perform the service and for the applicable legal periods.
• Data processed to comply with legal accommodation obligations will be retained for the periods required by the applicable regulations.
• Data associated with cookies will be retained in accordance with the Cookie Policy and the relevant settings panel.

8. Data obtained from third parties

When personal data has not been obtained directly from the data subject, but through OTAs, agencies, intermediaries, or authorised third parties, such data will be processed exclusively for the management of the booking, the stay, guest support, and compliance with the legal obligations associated with accommodation activities.

In these cases, the categories of data may include identification data, contact details, booking data, stay dates, and any other information necessary for the proper provision of the service.

9. Guest registration and online check-in

Within the framework of accommodation activities, BELCORAN, S.L. may use remote procedures or applications for online check-in and guest registration.

Such systems will be used exclusively to manage arrival, verify the necessary information, comply with the applicable legal obligations, and facilitate the provision of the service.

Excessive or unnecessary data will not be requested for that purpose.

10. Rights of data subjects

Where applicable, the data subject may exercise the following rights:

• access;
• rectification;
• erasure;
• objection;
• restriction of processing;
• data portability;
• withdrawal of consent in processing activities based on consent.

To exercise these rights, you may write to info@belcoran.com, stating your full name, the right you wish to exercise, a description of your request, and a contact method for the response.

Likewise, if you consider that your rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (AEPD).

11. Information security

BELCORAN, S.L. applies reasonable technical and organisational measures to protect personal data against loss, alteration, unauthorised access, or unlawful processing, taking into account the nature of the data, the context of the processing, and the existing risks.

However, no transmission or system can guarantee absolute security.

12. Changes to this policy

BELCORAN, S.L. may update this Privacy Policy in order to adapt it to legal, operational, or technical changes.

When the changes are relevant, the updated version will be published on this same page.