How It Works
Get Help

Privacy Policy

1. Introduction

Thank you for using our website. Your trust is important to us and we are committed to protecting the privacy and security of your personal information. This document describes how we use and process your personal data, provided in a readable and transparent manner. It also tells you how to contact us if you have questions about your personal data, which we are more than happy to answer. If you have ever used us before, you will know that we offer online travel-related services mainly through our website.

This Privacy Policy applies to any kind of information we collect through the website or other means connected to it (e.g. contacting our customer service team via email or telephone).

We might amend the Privacy Policy from time to time. Do not hesitate to visit this page regularly and you will know exactly where you stand. We will note the date that revisions were last made to this Privacy Policy at the bottom of this page, and any revisions will take effect upon posting.

If you agree with our Privacy Policy, then you’re all set to book your accommodation for your next trip through us.

2. Who is responsible for your data?

When this policy mentions “we”, “us”, or “our”, it refers to Vacaciones eDreams, S.L.U., a Spanish based corporation, with VAT number ESB61965778 and registered address at Calle Conde de Peñalver, 5, - 1º Ext. Izq., 28006, Madrid, Spain that is responsible for your information under this Privacy Policy (the “Data Controller”).

We share your personal data within our group companies for internal purposes relating to management centralization. In particular, we centralize the processing of personal data through the Spanish subsidiary eDreams International Network, SL, acting as a joint-controller and main establishment for data protection matters, and has adequate internal policies to ensure that any data processing carried out in our group of companies is made under the strictest security requirements and will be processed exclusively for the same purposes for which the data had been collected, according to the applicable laws.

3. Who is the Data Protection Officer?

Data Controllers of the group of companies have a common Data Protection Officer who watches over all processing carried out with respect for your privacy and the applicable regulations at all times.

The Data Protection Officer is at your disposal to answer all the questions you may have regarding the processing of your personal data and the exercise of your rights. Click here to exercise any data protection right or contact the Data Protection Officer for any data protection issue you would like to discuss. Please note that we may ask you to verify your identity and request before taking further action on your request

4. Why do we collect your personal data and which legal basis do we rely on?

I. Booking. During the purchase process, we ask you only for the personal data that we need to provide you with our mediation services to contract the accommodation. This includes completing and managing your booking, sending you communications by email, call or SMS in relation to your booking (e.g. confirmations, modifications and reminders), allowing us to respond to your queries. Such communications could be managed by us or by our travel partners. The booking process can be done on our website or our customer service. We endeavour to show to you the most relevant travel information and help you in a personalized manner with your booking and post-booking. Please bear in mind that the identification data we use is going to be your email that you introduce in your booking/account. Legal basis: This processing is necessary for the performance of the contract (e.g. to finalize and manage your booking)

II. User account. Our users must create a user account on our website for being able to view the prices and booking, as our Travel Partners mandate that the discounted rates must be displayed only to members. We use such information you give us to manage your account and with the objective to show you the most relevant travel booking and post-booking experience, allowing you to do a number of useful things. For more information about any of our services, please go to our General terms and conditions. Legal basis: This processing is necessary for the performance of the contract (e.g. to manage your account and offer you a more personalized service).

III. Other services. We may offer you other travel related services based on our role as a travel agent. This Privacy Policy shall apply to such data processing based on other travel related services. During the contracting process, prior or when filling in the data, we will inform you if there is any specific information that you should know apart from the one already covered in this Privacy Policy. Legal basis: This processing is necessary for the performance of the contract, to provide you with our services, or consent.

IV. Communications with you. There could be a number of reasons for different kinds of communications that we process where we get in touch with you:

a. To respond to any query or request from you or any travel provider and handle it

b. To contact you in a personalized manner and help you to finish your booking, if you are still interested, in case you have not finalized a booking online (as we believe that this additional service benefits you as it allows you to carry on with a booking without having to fill in your reservation details again). We also keep it to recognize you when you visit our website again, in order to improve your user experience.

c. To invite you to provide a review of your experience with us or the travel provider, when you use our services. Please bear in mind that this feedback may be available to other customers to help them make decisions about a product or a service.

d. To inform you how to contact us if you need assistance while you are away or other information that we feel might be useful to you in your planning or getting the best of your trip, or information of upcoming trips or a summary of previous bookings you made with us.

e. We may need to send you other administrative messages, which may include security alerts

Legal basis: This processing may rely on the necessity for the performance of the contract, on our legitimate commercial business interest to provide our services or on your consent.

V. Marketing activities. We use your information for marketing purposes, such as for:

a. To send you regular news of travel-related products and services, which you can unsubscribe from email marketing communications easily and at any moment, just by clicking on the unsubscribe link included in each newsletter or other communication.

b. To show to you individualized offers on our website or third-party platforms (including social media sites) and the content of the site displayed to you may be personalized. Such offers can be booked on our website.

c. To administer any promotional activity where you participate.

When you book with us, we subscribe you to our newsletters, unless you say otherwise before confirming your booking. Anyway, remember that you will be able to unsubscribe at any moment

Legal basis: This processing relies on our legitimate commercial business interest to provide our services or on your consent.

VI. Customers polls and surveys. You may be invited to submit a review on a trip you have booked with us or to take part in market research. In this last case, we will explain the personal data collected and how would it be used further. Legal basis: This processing relies on our legitimate commercial business interest to improve our services or on your consent

VII. Call & chat monitoring. In the event of contacting our customer services, our staff may ask for authentications, ensuring that your reservation details are kept confidential. Not all calls or chats are recorded and recordings are kept for a limited amount of time and automatically deleted thereafter (unless we have a legitimate interest to keep such recordings for a longer period, including fraud investigation and legal purposes).

Legal basis: This processing basically relies on our legitimate commercial business interest to improve our services (e.g. for quality control or training purposes), on your consent, or for legal dispute purposes

VIII. Improving our services or developing new services. We also use personal data for analytical purposes. This is part of our drive to enhance the user experience, but can also be used for testing purposes, troubleshooting and to improve the functionality and quality of our online travel services. The main goal here is to optimize our online platform to your needs, making our site easier and more enjoyable to use. We strive to use pseudonymized or anonymized data for these analytical purposes.

Legal basis: This processing relies on our legitimate commercial business interest to improve our services.

IX. Promotion of a safe and trustworthy service. In order to create a trustworthy environment for you, your fellow travellers, our business partners and our travel providers, we may use personal data for the detection and prevention of fraud and other illegal or unwanted activities, as well as for security purposes (e.g. authentication of users and bookings). For such purposes, we may have to stop or put on hold certain bookings.

One example of this is our five-attempt password policy (if you incorrectly enter your password more than five times, we will block your account, requiring you to change your password)

Another example is our preventive stolen-credential control on the internet (if we could have any hint that your credentials could have been compromised, we may also block your account and ask you to reactivate it with a new password). With these examples, among other actions, we protect your data and reduce fraud risk.

Legal basis: This processing relies on our legitimate commercial business interest to prevent fraud. Legal obligations could also apply.

X. Legal purposes. Finally, in certain cases, we may need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce our Terms or to comply with lawful requests from law enforcement.

Legal basis: This processing relies on legal obligation compliance

We do not make automated decisions based on profiles, beyond the legitimate prevention of fraud on the internet and the customization of your user experience, marketing and advertising. In any case, such an automated decision will not produce legal effects or similarly significantly affects you

5. Which kind of personal data do we collect?

The personal data that we may collect about you broadly fall into the following categories:

I. Information you give to us

a. Personal and contact details (e.g. full name, email address, telephone number…, as necessary) for enabling the booking, register an account with us, provide services and information, subscribe to our marketing communications, and/or submit enquiries to us. Please bear in mind that your email will be your identity data. We will be able to link your information based on your email.

b. Billing information (e.g. credit card number, cardholder name and expiration date) to make a payment.

c. Security data (e.g. password) when you create an account with us.

d. Other information (e.g. travel marketing preferences, additional information given in a survey, competition or by chat, email or call, etc.)

II. Information that we automatically collect from your use of our services

a. Information from your device (e.g. IP address, browser type, internet service providers, geographic location, technical information about the device, the time and duration of request and visit, the method used to submit the request to the server). When you visit our website, we may automatically collect certain information from your device. Please note that we may associate this information with your account.

b. Other technical information such as how your device has interacted with our website (e.g. the pages accessed and links clicked) or by other means. We use this information, as well as the personal data provided defined hereinafter, to analyse traffic, provide you with social media related services, customize advertising, improve quality and tailor your searches, to prevent and detect fraud. We will share it with third parties; where some of them, such as payment providers and financial institutions (fraud detection, prevention or chargeback purposes) could be acting as autonomous data controllers. If you sign up for our website using your social media account, link your account on our website to your social media account, or use certain other social media features of ours, we may access information about you via that social media provider in accordance with the provider's policies. The information may include your name, email address, profile picture, gender, list of friends, and other information that you authorize us to receive.

Some of this information may be collected by using cookies or similar tracking technology. The processing of the information collected through cookies is based on a different legal basis (e.g. they can be necessary to provide our services, based on your consent). For more information, please check our Cookies Policy.

We may process calls and online communications for quality control, analytics, staff training and legal dispute purposes. Any personal information obtained from you during any communication will be processed in accordance with our Privacy Policy. You can also share your personal data with us (e.g. your contact or booking details, etc.) for other purposes (e.g. when using any chat, call-back or other feature in order to help you to use our website, or with a future or current booking, etc.). Please bear in mind that, when using a third party's feature, this third party may act as a joint controller or as a processor as per its corresponding privacy policy.

III. Information we collect from third parties. We lawfully periodically obtain personal information about you from business partners and other independent third-party sources (e.g. contact information such as email, purchase or demographic information).

6. Who will be the recipients of your personal data?

In certain circumstances, we will share your personal data with third parties:

I. Travel partners (e.g. the hotel you have booked). In order to provide you with our services, we need to communicate your personal data to the Travel Providers involved, in order that they can provide you with the products or services you have requested, as well as those other parties to which it is necessary to disclose your personal data in order to provide you with the requested services in a diligent manner. These third parties will be operating as autonomous data controllers. Please note that these partners also may contact you as necessary to obtain additional information about you in accordance with their own independent privacy policy.

II. Our group companies may process your personal information, as previously referred to, for internal purposes relating to management centralization. In any case, they will follow practices that are at least as restrictive as the practices described in this Privacy Policy

III. Third party service providers (e.g. those providing us with IT and hosting services, customer support, analytics, payment and financial service providers for chargeback, fraud detection, prevention purposes, etc.) process your personal data on our behalf and under our instructions for the purposes described hereinabove, acting as data processors or acting as autonomous data controllers. Where third-party service providers have access to data they will only collect information as needed to perform their functions. They are not permitted to share or use the information for any other incompatible purpose.

IV. Business partners. Some of our website services might at some moment be fully or partially provided by our business partners and certain personal data that you give us (e.g. name, email address payment details and other relevant information) will be forwarded to our Business Partner to finalize and manage the service. The relevant information may be shared for necessary customer service support or for the purposes referred to above. As Business Partners will be operating as autonomous data controllers, their independent privacy policy or a specific version of it that shall also apply. You may find the link to their terms before booking the services.

V. Social media providers. When log in with your social media, clicking on a social media “like” button integrated in our website by plugins, or using any social media services to interact with us, personal data can be shared between us and the social media providers (e.g. your user names, email address, profile pictures, your contacts…). As the social media providers will be operating as autonomous data controllers, their independent privacy policy shall also apply. Furthermore, you can manage your privacy settings on your social media accounts

VI. Competent authorities. We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of third parties.

VII. Others, with your consent to the disclosure.

7. How do we protect your personal data?

Among other measures (e.g. protocols, internal policies, awareness, etc.), we can regroup the main protection actions we take:

I. Security measures. While no online service can guarantee absolute security, we implement reasonable procedures to protect your personal data’s confidentiality, integrity and availability (e.g. preventing unauthorized access or misuse of your data, employing technical and physical restrictions for accessing and using personal data, using firewalls, etc.).

If you know or have a reason to believe that your account credentials have been lost, stolen or otherwise compromised or in case of any actual or suspected unauthorized use of your account, or any security matter you consider relevant, please contact us by clicking here.

II. Retention procedures. We will keep your personal data for as long as we deem it necessary to enable you to use our services, to provide our services to you, to comply with the applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business (including, to detect and prevent fraud or other illegal activities). All personal data we retain will be subject to this Privacy Policy. If you have any question about a specific retention period for certain types of personal data we process about you, please contact us.

For instance, if you provide us with your contact email address, but then you are unable to finish your booking, we will keep your email address only temporarily and, in any case, for a maximum period of seven days to help you with the booking if you are still interested.

III. International data transfers. Our servers are located within the European Union. However, to facilitate our global operations (i.e. by means of third party service providers) the transmission of personal data to the recipients described above may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.

8. How can you control the personal data you have given to us?

We want you to be in control of how your personal data is used by us. You can do this in the following ways:

I. Managing your information. You may access and update some of your information through your account settings or Customer Services

II. Rectification of your information. You have the right to ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself with your account settings or through our Customer Services).

III. Data access. You may request information relating your personal data and copies of such data

IV. Data portability. You may also be entitled to request copies of your personal information that you have provided to us in a structured, commonly used, and machine-readable format where technically feasible

V. Data erasure. You may request to have your personal information deleted. We may not be able to erase it due to the fact that the data processing may be necessary for the performance of the contract between you and us, for our legitimate business interests (i.e. fraud prevention, security enhancing), to comply with our legal obligations (i.e. legal reporting, auditing obligations). In any case, we will immediately erase it when we can do so

Because we protect our services from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time (within a week).

VI. Objection and restriction of processing. You may require us not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest, such as, for direct marketing. If you object to such processing, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the exercise or defence of legal claims.

VII. Withdrawing your consent. If we are processing your personal information based on your consent you may withdraw your consent at any time, specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.

In order to exercise your rights, please click here, or send your request by post-courier to the following address: Data Protection – Calle Bailén, 67, 08009 Barcelona, Spain, European Union. In your request, you have to clearly state your personal identity, by indicating your complete name and the email address you used to purchase or create an account, and the right(s) you are exercising.

We will come back to you as soon as possible and no later than one month after receipt of your validated request unless we need further time to manage your request, in which case we will inform you.

Please note that we may ask you to verify your identity and request before taking further action on your request. You can also ask the Spanish Authority on Data Protection ( or any other applicable supervisory authority if you wish.

The exercise of these rights is free of charge unless you make unjustified or excessive requests. In this case, we will be entitled to charge you with a reasonable fee based on administrative costs.

Last Updated: April 2020.