5-star Secrets Mallorca Villamil Resort & Spa
Except as otherwise noted in this Privacy Policy, Funway Holidays International Inc., a company incorporated in the United States of America, with UK establishment number BR001433 and UK establishment office address of Third Floor Northside House 69 Tweedy Road, Bromley, BR1 3WA (“FHI”, “we”, “us”, “our”) is a data controller (as that term is used under the EU General Data Protection Regulation 2016/679 (“GDPR”)), which means that we decide how and why the information you provide to us is processed. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your information, or changes in applicable law.

We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make.

“EEA” means the European Economic Area.

“EU” means the European Union.

“Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable.

“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, and for the purposes of this Privacy Policy, FHI is the data Controller in relation to the personal data you disclose to us.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Services” means FHI’s services as an online booking agent in respect of accommodation reservations.

Information We May Collect
Information about your use of the Services, such as usage data and statistical information, which may be aggregated.

Searches for and interactions with e-commerce opportunities, such as merchants and offers contained in the Services.
Non-precise information about the approximate physical location (for example, at the city or postal code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device but is different than a hardware serial number.
Advertising ID, which is a unique, user-resettable identification number for advertising associated with a device (e.g., iOS uses the Identifier for Advertising (or “IDFA”) and Android uses Google Advertising ID).
Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
Information collected through the use of cookies, eTags, Javascript, pixel tags, device ID tracking, anonymous identifiers and other technologies, including information collected using such methods and technologies about (i) your visits to, and interaction and engagement with, the Services, content and ads on third party websites, applications, platforms and other media channels (“Channels”), and (ii) your interaction with emails including the content and ads therein (collectively, “Online Data”).
Device type, settings and software used.
Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third-party website.
Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
Mobile analytics to understand the functionality of our mobile applications and software on your phone.
Sensitive Personal Information
We do not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual preference, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business except where we are explicitly given consent to support the booking process.

Children
The Services and this website is not intended for children, (defined as anyone under the age of 18), and anyone under the age of 18 is not permitted to use this website or the Services. The only circumstances in which we collect data relating to children, is where you (a person over the age of 18) makes a booking of travel services and you have children in your party, in which case we will ask you to confirm that you have authority to disclose their personal data to us, and we shall process that personal data in accordance with this Privacy Policy. We do not collect data directly from anyone under the age of 18.

How we Collect Information
Data you provide: We may obtain your Personal Information when you provide it to us across our Services (e.g., where you sign up for emails, newsletters, bulletins, webinars or white papers; register for site membership or create a profile or account on any part of the Services; enter a sweepstakes, contest, competition or prize draw; receive promotional information by SMS text message; participate in surveys; perform search queries through the Services; contact us via email, telephone or by any other means; purchase a subscription, software license or product; or when you provide us with your business card, etc.).

Relationship data: We may collect or obtain your Personal Information in the ordinary course of our relationship with you (e.g., if you purchase a service from us).
Service data: We may collect or obtain your Personal Information when you visit, download, use or register to use any part of our Service.
Content and advertising information: If you choose to interact with any third-party content or advertising on the Services or Channels, we may receive Personal Information about you from the relevant third party.
Third party information: We may collect or obtain your Personal Information from third parties who provide it to us. This may include offline channels such as through telephone or direct mail efforts; from customers, vendors, suppliers, third parties, commercially available or publicly-available sources (e.g., data brokers, data aggregators, public databases, etc.); third party affiliate network operators; referral sources; social network sites or services (e.g., Facebook, Twitter, LinkedIn, etc.). If you use a third party connection or log-in (e.g., Facebook Connect, Twitter, or Google+) to access the Services, create a membership or profile on any part of the Services, access our content or forward our content to another person, platform or service, we may also receive your username or email address for those third party services or other information available about you or collected from you on those services.
Purposes for Which We May Process Your Information
Accounts and Personalization: providing personalization for Services from company’s name or its partners including (i) management of your account, (ii) posting of your personal reviews, testimonials or comments, (iii) offering of contests, as well as chat areas, forums and communities, and (iv) customer support and relationship management.

Offering and Improving the Services: operating and managing the Services for you; providing personalized content to you; communicating and interacting with you via the Services; identifying issues with the Services and planning improvements to or creating new Services; and notifying you of changes to any of our Services.
Surveys: engaging with you for the purposes of obtaining your views on our Services.
Communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) regarding news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required. We may provide direct marketing to you.
Advertising: providing advertising based on your interests and interactions with the Services and Channels, including using Personal Information to serve you advertisements on the Services and Channels.
User Engagement and Purchases: tracking purchase traffic and activity across the Service and on Channels, including review of your browsing history (if available); provision of analytics and measurement of cost of traffic against money being made.
Commerce Offerings: using cookies to track your browsing history and the amount of money spent at a particular third-party merchant’s site to offer coupons and other offers that are relevant to your shopping experience; offering of coupons via SMS messages if a mobile phone number is provided.
Marketing to Customers: We may market to current and prospective customers who have indicated an interest in doing business with, or have previously conducted business with, in order to further generate and promote our business. Such efforts include sending marketing emails or conducting phone calls to drive the purchase of advertising.
IT Administration: compliance audits in relation to internal policies; identification and mitigation of fraudulent activity; and compliance with legal requirements.
Security: Cyber-security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of Services when we have grounds to believe that the user is in violation of our Terms and conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security company’s name, any of our users or the public, or to respond to an emergency.
Disclosures of your personal data

We may have to share your personal data with the parties set out below for the purposes set out above.

Internal Third Parties: FHI is part of the the Apple Leisure Group (a United States of America incorporated company, with address: 7 Campus Blvd, Newtown Square, PA 19073), and therefore may share data with other companies in the Apple Leisure Group (“ALG”) .
External Third Parties:
Suppliers of accommodation and travel services based within or outside the EEA who provide the services that make up any booking of travel services that you make with us;
Service providers based within and outside the EEA who provide IT and system administration services;
Professional advisers including lawyers, bankers, auditors and insurers based within and outside the EEA who provide consultancy, banking, legal, insurance and accounting services;
Regulatory and governmental bodies and other authorities based within and outside the EEA who require reporting of processing activities in certain circumstances.
Specific third parties: Such as Elavon Financial Services DAC, based in UK, who provides a credit card merchant service, and Trisept Solutions LLC, the technology provider behind the Website’s booking platform, and based in the United States.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers of Information
Because of the international nature of our business, we may need to transfer your Personal Information within the ALG group of companies, and to third parties, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

In accordance with the above, we may send your Personal Information to the following countries where Apple Leisure Group has operations and partnership with services providers:

United States of America
Mexico
Dominican Republic
Panama
Curacao
Jamaica
Costa Rice
Spain
St Martin
Netherlands
United Kingdom
We have implemented appropriate technical security measures in order to protect Personal Information during International transfers, in compliance with applicable laws.

Where you have made a reservation for accommodation or travel arrangements which are located or otherwise due to be fulfilled outside the EEA, we will have to transfer your personal data to the suppliers fulfilling or providing those travel arrangements outside the EEA in order to make your booking and for those suppliers to be able to provide you with the travel arrangements you have booked. Where we are unable to rely on one of the safeguards outlined below when transferring data to those suppliers outside the EEA, we will rely on the derogation under Article 49 of the GDPR in order to transfer your personal data to countries outside the EEA (as the transfer relates to the performance of a contract for your benefit), and you hereby permit us to do so. You also acknowledge that where your personal data is transferred outside the EEA, controls on data protection may not be as wide as the legal requirements within the EEA.

For all other transfers of data, whenever your personal data is transferred outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. Contact details can be found at the bottom of this Privacy Policy.

Data Security
We have implemented appropriate technical and organizational security measures designed to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In certain instances, we may use Transport Layer Security (TLS) 1.1 or higher to transfer certain Personal Information to provide protection. However, we are not responsible for any breach of security or for the actions of any third parties.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet. Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us is sent securely.
Data Accuracy
We take every reasonable step to ensure that your Personal Information that we Process is accurate and up to date. When you inform us that your Personal Information is inaccurate we will correct or erase it.

Know Your Rights
In accordance with GDPR a person living in the EU has the right to request

a copy of what information we collected from you
to update/rectify your personal information
deletion of your personal information
we stop certain types of processing with your information
an electronic copy of your data
Keep in mind that your information is important to provide you with products and services. Deletion or restriction of certain data may prevent us from providing the services you requested. You also have the right to file a complaint with the EU Data Protection Authorities.

No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Data Minimization
We take every reasonable step to ensure that your personal information collected and processed is limited to what we need to provide you services, or access to the services, described in this Privacy Policy.

Data Retention
We take every reasonable step to ensure that your Personal Information is only Processed and stored for the minimum period necessary for business and legal requirements. We will only use your data for the reasons you provided it to us, and for legal reporting purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By legal and tax purposes we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Contact Details
You may contact us at the addresses set out below or by emailing enquiries@funway.co.uk

Attention: After Sales Team

Funway Holidays International LLC, 3rd Floor, Northside House, 69 Tweedy Road, Bromley, Kent, BR1 3WA, England. Email enquiries@funway.co.uk.

Terms of Use
These websites (www.amigoresorts.co.uk, www.secretresorts.co.uk and www.dreamresorts.co.uk), collectively known hereafter as the “Website” is owned and operated by Funway Holidays International Inc. a company with UK establishment number BR001433 and UK establishment office address of Third Floor, Northside House, 69 Tweedy Road, Bromley, BR1 3WA (“FHI”). Access to and use of any information on this Website is conditional on your acceptance of these Website Terms and Conditions (“the Conditions”). We recommend you read them carefully. Where you make a reservation on the Website, you must also read and agree to our Booking Terms & Conditions. If you do not wish to accept any part of these Conditions (or where you make a booking, our Booking Terms & Conditions), then you may not use our Website or make any reservations on the Website.

Please Note:

When you visit our Website or send e-mails to us, you are communicating electronically. We will also communicate with you by e-mail. You agree that all notices, agreements, disclosures and other communications that we provide to you electronically satisfy any requirement that such communications be in writing.

By using this Website, you warrant to us that:

1. You will not use this Website or any material or information on it for any purpose that is unlawful or prohibited by these Conditions or our Booking Terms & Conditions;

2. You are at least 18 years old and have the legal authority to use this Website in accordance with these Conditions;

3. You agree to be financially responsible for all charges, fees and other sums of whatever nature which arise out of your use of this Website;

4. All information that you provide about yourself and about anyone else shall be true and accurate.

Our Website is made available for personal and non-commercial use only. You must not link (including deep linking) to our Website or access, monitor or copy any content or information of this Website using any robot, spider, scraper or other automated means or any manual process for any purpose without our prior written agreement

Copyright Notice
All content of this Website (such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations and software) is our exclusive property or that of our content providers, (if applicable) and is, unless specifically stated otherwise, protected by copyright or similar ownership rights. It is published by us and may not be reproduced other than by downloading and viewing on a single computer and/or printing a single hard copy, for private purposes only. It is not to be otherwise reproduced, transmitted, made available on a network or used to create derivative works without our prior written consent. All rights are reserved.

The trade marks, logos and service marks shown on our Website, unless otherwise specified, are our or our content providers’ intellectual property. No rights are granted to use any of them without our prior written consent.

Booking Terms & Conditions
All reservations made on this Website are subject to our Booking Terms & conditions in addition to these Conditions. We recommend that you read our Booking Terms & Conditions carefully and print out and keep a copy of them for your future reference.

Website Content
Our Website is governed by the applicable laws of England and Wales. No warranties, promises and/or representations of any kind, express or implied, are given as to the accuracy or completeness of any of the material or information contained on this Website (in accordance with English law or with any laws of any other country) or as to the nature, standard, suitability or otherwise of any services offered by us or on our behalf.

We shall not be liable for any loss or damage or other sum or claim of any nature whatsoever (direct, indirect, consequential or other) which arises, directly or indirectly, in connection with this Website.

The information contained on this Website may contain technical inaccuracies and typographical and other errors. The information on these pages may be updated from time to time and may at times be out of date. If any price or other information is obviously incorrect, we will not be bound by it. You must ensure you check all details of the chosen arrangements (including the price) with us at the time of booking.

Occasionally, we may upload traveller reviews, blogs and recommendations on to our Website. Such reviews and blogs are the personal opinions of the author of said content and not that of FHI. We take no responsibility and accept no liability in relation to these reviews, blogs, recommendations or other similar content on the Website, or any resulting acts, omissions or losses incurred.

This Website may contain links to other Websites. Except where they belong to us, such other Websites are not under our control or maintained by us. We are not responsible for the content of such Websites. We provide these links for your convenience only but do not monitor or endorse the material on them. We cannot accept any liability in relation to any such other Websites or in relation to any material or information appearing on them or which you may otherwise come across after leaving our Website by way of a hypertext link or any other means.

This Website or any part of it (or any websites that are linked to this Website) may not be compatible with your browser or computer configuration and we make no warranty that it is. We make no warranty that your access to our Website will be uninterrupted, timely or error free. It is your responsibility to ensure you carry out sufficient checks (including virus checks) to satisfy your particular requirements.

User Reviews
Occasionally, we may allow users to upload comments, videos, photographs, reviews, blog entries and other material in relation to accommodation or other services. Where you upload such materials, you disclaim any proprietary or

other rights you may have in the materials, and agree that such materials can be freely used by FHI for any reason whatsoever, without your further permission.

You agree that, at the date of posting, the material submitted by you is appropriate and accurate. You warrant that the material is not misleading, defamatory, untrue, malicious, offensive or abusive. You agree that you will not post any information or material that is owned by another third party without their express authority to do so.

You agree to indemnify FHI for the full amount of all damages, losses, costs and expenses in (including legal costs) in relation to claims brought by any third party against FHI arising out of or in connection with breach of these Conditions in relation to the materials.

FHI reserves the right to refuse to post or remove (without notice) any materials for any reason at its sole discretio

Law and Jurisdiction
Access to this Website is conditional on your agreement that all information contained in it and all matters which arise between you and us will be governed by English law. Access is further conditional on your agreement that any dispute or matter which arises between you and us will be dealt with by the Courts of England and Wales only to the exclusion of the Courts of any other country.

If any exclusion(s) or limitation(s) contained in these Conditions is found, in whole or part, to be unlawful, void or for any other reason unenforceable for any purpose(s), that exclusion(s) or limitation(s) or the part(s) in question shall be deemed severable and omitted from these Conditions for that purpose / those purposes. Such omission shall not affect the validity, effectiveness or enforceability of the other provisions of these Conditions.

We may alter these terms and conditions at any time. If we do so, all subsequent use of our Website will be governed by the newer version. You must check these terms and conditions regularly.