Best Price Guaranteed

Privacy Policy

In accordance with current legislation on the Protection of Personal Data, users of the website www.postcodestays.com (hereinafter, the Website) are informed of the Privacy and Data Protection Policy that will be applied to the processing of personal data that the User voluntarily provides when accessing the Website.

By providing their personal data, the User expressly consents that GRUPO MESETA may process such data under the terms of this Privacy and Data Protection Policy and for the purposes stated herein, being solely responsible for the accuracy of the data provided.

Users are informed that their personal data may only be obtained for processing when they are appropriate, relevant, and not excessive in relation to the scope and purposes for which they were obtained. They will be deleted when they are no longer necessary or relevant for said purpose or when requested by the owner in the exercise of their right to deletion.

GRUPO MESETA declares its commitment to complying with the legislation in force at all times regarding data protection.
Below, you will find detailed information about the processing of your personal data:

INFORMATION ON DATA PROTECTION OF A PERSONAL NATURE
Data Controller If you have made a reservation, the Data Controller entity will be the one from GRUPO MESETA to which you address to make the reservation, depending on the chosen accommodation:
  • RSM56 Unipeessoal LDA, with NIF PT517048248, and address: Rua Castilho, 13 D-8ºA, Lisbon, Portugal.
  • SATURN CAPITAL, S.L., with NIF B67990093, and address Av. Doctor Arce, 14, 28002 Madrid.
  • SMITH CAPITAL, S.L., with NIF B67758227, and address: Av. Doctor Arce, 14, 28002 Madrid.
  • TERRANOVA CAPITAL, S.L., with NIF B0973427, and address: Av. Doctor Arce, 14, 28002 Madrid.
  • POSTCODE HOSPITALITY, S.L.U. with NIF B44742534, and address: Paseo de la Castellana, 60, 6th floor, 28046 Madrid.

Additionally, regarding the use of cookies and the subscription to the Loyalty Club (POSTCODE Club), the Data Controller is POSTCODE HOSPITALITY, S.L.U.
Purpose of Processing
  • Booking: Managing reservations made through the website, including long-term stays.
  • Loyalty Club Registration: Managing user registration and membership in the Loyalty Club.
  • Contact: Responding to information requests made through the contact channels available on the website.
  • Cookies: Managing the booking engine, configuring visitor language and currency preferences, ensuring proper website functionality, maintaining login for the Loyalty Club, analyzing website visits, and advertising.
Legal Basis for Processing The legal basis for processing your data through the Booking Form and Loyalty Club Registration is the execution of the contractual relationship between the User and the GRUPO MESETA entity providing the service.
The legal basis for processing data through the Contact Form and enabling Cookies is the User’s consent, granted by marking the acceptance checkbox.
Fields marked with an asterisk (*) in the Contact Form are required to process the request. Failure to provide this data will prevent the request from being processed.
Please review our cookie policy for more information on necessary cookies for website functionality.
Data Retention Period
  • Booking: Data will be retained for the duration of the reservation process and subsequently for the period required to meet legal obligations related to the booking.
  • Loyalty Club Registration: Data will be retained while the User is an active member of the Loyalty Club. Once the user opts out, data will be stored only for the period required to comply with legal obligations.
  • Contact Requests: Data will be stored as long as necessary to respond to inquiries and unless deletion is requested.
  • Cookies: Please review our Cookie Policy to identify the retention period for each type of cookie.
  • Public Authorities: Your data may be shared with public administrations when required to fulfill legal obligations.
  • Internal Management: SMITH CAPITAL, S.L. acts as the Data Processor on behalf of RSM56 Unipessoal LDA, SATURN CAPITAL, S.L., and TERRANOVA CAPITAL, S.L., managing reservations and inquiries, with access to personal data provided through these channels.
Recipients of the Data We inform you that Public Administrations may have access to your data when necessary to comply with legal obligations.
Additionally, we inform you that SMITH CAPITAL, S.L. acts as Data Processor for RSM56 Unipessoal LDA, SATURN CAPITAL, S.L. and TERRANOVA CAPITAL, S.L., for the management of reservations and queries, and may have access to the personal data received through these channels.
International Data Transfers If the User has consented to analytical and advertising cookies, data related to analytics and technical aspects may be transferred to the following countries:
  • United States: Due to the use of Google Analytics (Google, LLC), Facebook (Meta, Inc.), Mixpanel, Inc., Amazon.com, Inc., Microsoft Corporation, Adobe, Inc., Hotjar, Ltd., Quantcast Corporation, Vimeo.com, Inc., and Tawk.to, Inc. These entities comply with the EU-USA Data Privacy Framework (July 10, 2023), allowing lawful data transfers. If not, standard contractual clauses regulate such transfers.
  • United Kingdom: Due to the use of cookies from Ve Interactive Ltd. and Triptease Ltd., which comply with the EU-UK Adequacy Decision (June 28, 2021), allowing legal data transfers.
  • Russia: Due to the use of cookies from Yandex N.V., based in Moscow, Russia, where standard contractual clauses regulate the data transfers.

For more information on international data transfers, please review our Cookie Policy.
User Rights Access, rectification, erasure, portability, restriction, and objection by sending a written request to the above-listed addresses.
Withdrawal of consent when processing is based on user consent.
Filing a complaint with the Spanish Data Protection Agency ( www.aepd.es) if they believe their rights have not been properly addressed.

We implement the necessary technical and organizational measures to guarantee the security of personal data and prevent its alteration, loss, unauthorized processing, or access, considering the state of technology, the nature of the data, and the risks involved.

The Website uses SSL (Secure Socket Layer) Certificates to secure data transmission between the User’s browser and our Website.

The secure server establishes an encrypted connection, ensuring that data is only accessible to the User’s device and the Website. By using SSL, we guarantee:

  • That the user is communicating their data to the Website server and not to any other.
  • That between the user and the Website, data is transmitted encrypted, preventing its possible reading or manipulation by third parties.

To verify that you are in a secure environment, the User can:

  • Check that the Website address starts with https://.
  • Look for the padlock icon in the browser’s address bar.
  • Review the SSL certificate properties in their browser settings.

Any modifications to the Privacy Policy or data management practices will be reflected accordingly.

This policy may be added to, modified, or removed when necessary, but will not be changed to be less effective in protecting personal data without prior consent from Users.

Last updated: [25/03/2025].