Privacy Policy
How we handle your personal data · GDPR and Spanish data protection law.
This Privacy Policy describes how VENEGAS 90.0 SL (hereinafter, "the controller") processes personal data collected through the website moneaelnido.com and the hotel MONEA El Nido, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
1. Data controller
- Identity: VENEGAS 90.0 SL (operating company of MONEA Hotels & Resorts).
- NIF: B76010032
- Registered address: Calle Doctor Verneau, núm. 1, Oficina 108 · 35001 Las Palmas de Gran Canaria · España
- Data protection contact email: legal@monea.com
- Data Protection Officer (DPO): [ ⚠️ TO VALIDATE WITH LEGAL ADVISOR — confirm whether VENEGAS 90 is required to appoint one ]
2. Data we collect
Depending on how you interact with the website and the hotel, we may process the following categories of data:
- Contact details: first name, surname, email address, phone / WhatsApp.
- Enquiry details: approximate stay dates, number of guests, accommodation type of interest, free-form message.
- Booking data (where applicable): identity document, address, payment details (processed directly by our payment provider and not stored by VENEGAS 90).
- Browsing data: IP address, device and browser type, pages visited, traffic source, advertising identifiers. These data are processed as described in our Cookie Policy.
3. Purposes of processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Responding to your information request or booking enquiry | Performance of pre-contractual steps (Art. 6.1.b GDPR) | Up to 1 year from last contact, unless a confirmed booking exists. |
| Managing your booking and stay | Performance of a contract (Art. 6.1.b GDPR) | For the duration of the relationship + applicable legal retention periods (tax, accounting). |
| Compliance with legal obligations (traveller registration, tax) | Legal obligation (Art. 6.1.c GDPR) | As required by applicable law (typically 3–6 years). |
| Sending commercial communications | Consent (Art. 6.1.a GDPR) | Until consent is withdrawn. |
| Statistical analysis and website improvement | Consent via cookies (Art. 6.1.a) | As per the provider's cookie policy. |
4. Recipients and processors
Your data may be shared with:
- Booking engine and channel manager providers (RoomCloud, Turneo and similar) — data processors under Art. 28 GDPR agreements.
- Payment gateway provider (Stripe or equivalent approved provider) — to process booking payments.
- Hosting, email and analytics providers (Hostinger, Google, Microsoft Clarity and others) — data processors.
- MONEA El Nido hotel in Tanzania — to manage your stay on-site.
- Public authorities where required by law (traveller registration, tax authorities, etc.).
5. International transfers
As the hotel is located in Tanzania, some of your data will be transferred outside the European Economic Area (EEA) in order to manage your stay. Tanzania does not currently hold an adequacy decision from the European Commission.
To ensure an adequate level of protection, VENEGAS 90.0 SL applies the Standard Contractual Clauses (SCCs) approved by the European Commission in its arrangements with the hotel team and its providers in Tanzania, supplemented by reasonable technical and organisational measures. [ ⚠️ TO VALIDATE WITH LEGAL ADVISOR — confirm SCC execution and records of processing activities ]
Other processors may handle data in the United States or other countries; in such cases, the applicable SCCs are likewise applied, or reliance is placed on providers certified under the current EU–US data transfer framework.
6. Your rights
As a data subject, you may exercise the following rights at any time:
- Access to your personal data.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten"), where applicable.
- Restriction of processing.
- Data portability.
- Objection to processing, including objection for direct marketing purposes.
- Withdrawal of consent previously given, without affecting the lawfulness of processing carried out prior to withdrawal.
- Lodge a complaint with the Spanish Data Protection Agency (AEPD) (www.aepd.es) or the competent supervisory authority, if you consider that the processing does not comply with applicable law.
To exercise any of these rights, please send an email to legal@monea.com identifying yourself and describing your request. We will respond within a maximum of one month.
7. Security
VENEGAS 90.0 SL applies reasonable technical and organisational measures to ensure the confidentiality, integrity and availability of your data. That said, no system is 100% secure: if you become aware of any vulnerability or misuse, please notify us at legal@monea.com.
8. Changes to this policy
This policy may be updated to reflect legal, operational or technological changes. We will notify you of significant changes through the website.
Note: First draft. Before public release this document must be reviewed by a specialist data protection adviser. Outstanding items: confirm execution of Standard Contractual Clauses with the team in Tanzania, complete records of processing activities, and determine whether a Data Protection Officer (DPO) must be appointed.
Last updated: 28 May 2026.