Last Updated: January 13, 2026
This Privacy Policy applies to the ESCAPE HOME website (hereinafter, the “Website”). Please read this policy carefully. It contains important information about how we process your personal data and the rights granted to you under applicable law.
We reserve the right to update our Privacy Policy at any time for operational reasons or to comply with legislative or case law changes. If you have any questions or need clarification regarding our Privacy Policy or your rights, you may contact us through the channels indicated below.
If you provide personal data of third parties, you agree to obtain their prior consent and inform them of the contents of this policy.
Fields marked as mandatory in our forms must be completed in order to process your requests.
1. Who is the Data Controller?
Unless otherwise indicated, the data controller for your personal data is WORLD 2 MEET, S.L.U. (hereinafter, “ESCAPE HOME”), with registered office at Calle General Riera 154, 07010, Palma (Balearic Islands), Spain. We are part of the World2Meet tourism group. [More information about the group here].
For further details on how we process your data or to exercise your rights under applicable law, you may email us at dataprotection@w2m.com or contact the Data Protection Officer of the W2M Group at dpo@w2m.com.
2. What will we use your data for and on what legal basis?
Managing the relationship with users: We process the data provided by users in their inquiries to respond to their requests and manage their registration as users. These processing activities are necessary for the performance of the legal relationship with Website users or for the application of pre-contractual measures at their request.
Managing bookings and providing requested services: The data provided in your booking or service requests will be processed for the management of such bookings and the provision of the requested services. The categories of data we process for these purposes are as follows:
- Identification and contact details of the booking holder.
- Booking details (stay dates, number and age of guests, and services included in the reservation).
- Financial and transaction data.
These data are obtained directly from you or from third parties who processed the request on your behalf, such as the booking holder. The processing of these data is necessary for the provision of the requested services, the execution of the rental agreement, or the application of pre-contractual measures at your request.
Financial and transaction data related to goods and services will be processed for accounting and administrative management purposes and to comply with our legal obligations in accounting and tax matters.
WhatsApp Business as a Contact Channel: This processing is based on our legitimate interest in facilitating efficient and quick communication with you regarding our products and services. To assess this interest, we have determined that the use of this channel does not significantly affect your rights and freedoms, as it is limited to informational and customer service purposes.
You may stop receiving messages through this channel at any time by typing “STOP WHATSAPP” in the chat or contacting us at booking@escapehome.com.
Through this channel, we will process the personal data you provide for the following purposes:
- Manage, confirm, or modify bookings made by users.
- Respond to requests related to contracted or prospective services.
- Send reminders or notifications related to the booking.
Compliance with Traveler Control Regulations: Traveler control regulations require lodging establishments to collect, document, verify, communicate, and retain personal information of their guests, including minors listed in a reservation.
These processing activities are based on compliance with a legal obligation (Article 6.1.c of the GDPR).
Use of “Autofill” Functionality in Traveler Registration Forms: To facilitate and speed up the completion of the traveler registration form, the platform offers guests the option to use an “autofill” feature.
This feature allows, through the voluntary upload of an image of the guest’s identity document, the extraction of certain data to automatically complete the entry form. The image of the document is used only for the time strictly necessary to provide this service. Escape Home does not download or store copies of identity document images used during this process.
The processing of personal data resulting from the use of this functionality is based on the application of pre-contractual measures at the request of the data subject (Article 6.1.b of the General Data Protection Regulation – GDPR).
Handling Inquiries and Complaints: The data provided in your inquiries or complaints will be processed to respond to your requests and manage any potential claims. This processing is necessary for the execution of the rental agreement, the application of pre-contractual measures at your request, or for defending against customer claims. The processing of any health-related data you may provide in your complaint is based on Article 9.2(f) of the GDPR, as such processing is necessary for the establishment, exercise, or defense of legal claims.
Data Consolidation for Internal Administrative Purposes within the W2M Group: Personal data, financial data, booking information, and, in general, transaction data related to goods and services generated by the businesses operated by companies within the group are consolidated into centralized databases for internal administrative purposes. Below you will find a general description of these processing activities. For more information, particularly to learn about the companies that make up the group, please refer to the
The entity W2M SERVICIOS CORPORATIVOS, S.L.U., with registered office at C/ General Riera 154, 07010, Palma (Balearic Islands), Spain (hereinafter, “W2M”), is responsible for the administration and security of the consolidated databases. Each company within the group is responsible for the data transfers it makes to W2M for consolidation and for its own use of the consolidated group data. These processing activities are based on the W2M Group’s legitimate interest in sharing personal data within the corporate group for internal administrative purposes and maintaining a consolidated view of its businesses to support decision-making.
Creation of a Group-Level Master Record of Individuals: Identification and contact details you have provided, along with information related to your identity document (type and number), gender, and language, will be consolidated into a unified group-level database. The purpose is to maintain a single record of individuals to optimize operational processes common to group companies where identification is necessary, such as for payments, service invoicing, or integration with booking systems. This unified database will be synchronized with the systems of the group companies with which you maintain an active relationship.
Management Control and Business Data Analysis: We also process information obtained from consolidated financial data, bookings, and, in general, transaction data related to goods and services generated by the businesses operated by group companies to produce reports and analyze business data for business intelligence and management control purposes. These analyses and reports provide aggregated data results and are used to create statistics and forecasts to facilitate business decision-making, optimize processes, measure the performance of tourism products offered by the group, and establish commercial strategies.
Data Consolidation for Advertising and Commercial Profiling Purposes: Customer and prospective customer data of the W2M Group are consolidated into a commercial database for direct marketing purposes and the creation of commercial profiles. Below you will find a general description of these processing activities. For more information, please refer to the
The data controller for the data included in the W2M Group’s commercial database is W2M SERVICIOS CORPORATIVOS, S.L.U., with registered office at C/ General Riera 154, 07010 Palma, (Balearic Islands), Spain (hereinafter, “W2M”).
Your inclusion in this database is based on the consent requested from you. Failure to provide or withdrawal of consent does not affect the execution of bookings or the provision of services you have contracted. The scope of the data relating to you that will be consolidated in W2M’s database and the specific use of such data will depend on the consent you provided when submitting your data. You may revoke this consent or modify your preferences at any time using the mechanisms described in the section “What Are Your Rights?”
Sending Non-Personalized Marketing Communications and Managing Distribution Lists (Segmentation): W2M processes the identification and contact details you have provided, along with data relating to your status as a customer, language, and market/data origin, to send non-personalized marketing communications by any means regarding tourism products and services offered under the brands operated by the group. [More information about
To manage our distribution lists, we segment recipients of our communications based on data origin, market, and language. This processing involves simple classification according to objective criteria and does not aim to create commercial profiles, predictions, or behavioral analyses.
The service we use to send our marketing communications is located outside the European Economic Area. The service has been configured so that data are stored in a data center located within the EU. As an additional safeguard, the contractual terms applicable to this service include the standard contractual clauses approved by the European Commission to ensure an adequate level of protection for personal data transferred to this processor.
Creation of a Commercial Profile for Personalized Marketing Communications and Group Services: Data consolidated in the group’s commercial database are used to perform behavioral analyses and predictive models to understand and anticipate our customers’ desires and needs, actions related to purchasing our products and services, and the factors influencing them. If you have authorized the personalization of group services and communications, W2M will access data generated by your bookings to include them in your commercial profile. This profile will be enriched with information generated from your interactions with group companies and digital channels, such as your information requests or quotes, or data generated from your browsing on our websites. [More information about the data included in our commercial profiles and their sources can be found in Section 2 of the
Your profile will allow us to determine when to send you marketing communications and to personalize our offers based on the type of product likely to interest you, according to the results of behavioral analyses and predictive models.
We will also use the data included in your profile to personalize the treatment and services provided by group companies you interact with, for example, to wish you a happy birthday or to take into account the preferences you expressed when making your bookings or during your use or enjoyment of contracted tourism products. For this purpose, group companies you interact with in the future will access your profile.
[More information about the logic behind our commercial profiles and what personalization of our services entails can be found in Section 3(b) of
Statistical and Quality Management Purposes: To evaluate and manage the quality of our services and products, we compile statistics based on aggregated data obtained from transaction data and website browsing data, such as IP address, weblogs, pages visited, or actions performed on the Website (see more in our
We also compile anonymous statistics based on aggregated booking data to measure the performance of our products.
These processing activities are based on our legitimate interest in evaluating and managing the quality of our services and products. When assessing this interest against your rights and freedoms, it was determined that the processing has a limited impact on individuals’ privacy, as it corresponds to reasonable expectations and does not pose significant risks, given that it is carried out on aggregated data and with the individual’s consent regarding metrics obtained through the use of cookies.
Administration and Management of Website Security: We process browsing data (IP addresses or logs) to administer and manage website security. This processing is based on our legitimate interest in ensuring the security of the Website. This interest is expressly recognized in Recital 49 of the GDPR. When assessing this interest against your rights and freedoms, it was considered that this processing corresponds to generalized security practices and does not pose significant risks to individuals.
3. Who Can We Share Your Data With?
In general, we will share your data or the data of guests included in bookings when required by law, with your consent, or when necessary for the proper processing of the booking or the provision of requested services. Specifically:
- We share guest registration forms with law enforcement authorities in compliance with traveler control regulations and public security requirements.
- Please note that WhatsApp is a service provided by WhatsApp Ireland Limited, and the use of this channel may involve international data transfers to countries outside the European Economic Area, such as the United States. WhatsApp states that it provides adequate safeguards in accordance with the Standard Contractual Clauses (SCCs) approved by the European Commission. More information is available in their Privacy Policy: https://www.whatsapp.com/legal/privacy-policy-eea.
- If your booking includes ancillary services provided by third-party suppliers or if your requests involve such services, the personal data necessary to process the booking/request for availability will be shared with the relevant suppliers solely for this purpose. Likewise, when necessary for resolution, we will forward your complaints to property owners and, where applicable, service providers affected by them. Depending on the nature of your complaint, recipients of the data may include, among others, public administrations or entities, official bodies, attorneys, courts, or insurance companies. These disclosures are necessary either for the provision of contracted services or for the application of pre-contractual measures at your request, or for the establishment, exercise, or defense of legal claims.
4. How Long Will We Keep Your Data?
In general, we will retain your data for as long as your relationship with us remains in effect and, in any case, for the periods established by applicable legal provisions, for example, in accounting and tax matters, and for the time necessary to address any liabilities arising from the processing. We will delete your data when it is no longer necessary or relevant for the purposes for which they were collected.
Customer data consolidated for internal administrative purposes within the group will be retained according to the criteria set out in the
Data processed by W2M for commercial purposes, including commercial profiles, will be retained unless you object to the processing or request its deletion, applying the retention criteria indicated in the .
In compliance with current regulations, we are required to retain traveler registration logs for a period of three years.
Messages exchanged via WhatsApp Business will be retained only for the time necessary to manage the booking and provide the service, and in any case, for a maximum of 60 calendar days from the last communication, unless the data subject requests deletion earlier or retention is required by law or for the establishment, exercise, or defense of legal claims.
After this period, the data will be deleted, and no copy of the conversation history will be retained.
5. What Are Your Rights?
You have the right to obtain confirmation as to whether or not we are processing your personal data and, if so, to access such data. You may also request that your data be rectified if inaccurate or completed if incomplete, as well as request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
In certain circumstances, you may request the restriction of the processing of your data. In such cases, we will only process the affected data for the establishment, exercise, or defense of legal claims or to protect the rights of other individuals. Under certain conditions and for reasons related to your particular situation, you may also object to the processing of your data. In this case, we will cease processing the data unless there are compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. Likewise, under certain conditions, you may request the portability of your data so that they can be transmitted to another data controller.
You may revoke the consent you have given for specific purposes at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
At any time, you may withdraw consent granted for the use of WhatsApp as a communication channel by typing “STOP WHATSAPP” in the chat, using the link provided for this purpose in the chat, or by writing to booking@escapehome.com.
You may also revoke the consent you have given for the processing of your data for commercial purposes, including commercial profiles, or modify your preferences at any time using the mechanisms described in the section “What Are Your Rights?” of the
You also have the right to lodge a complaint with a data protection authority. You can consult the list and contact details of European data protection authorities on the European Commission website at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
To request account deletion or exercise your data protection rights, you may send a request by postal mail or email indicating the right(s) you wish to exercise to:
Grupo W2M – Attn. GDPR Rights Officer, C/ General Riera 154, 07010, Palma (Balearic Islands), Spain. Email: dataprotection@w2m.com.
You can obtain more information about your rights and how to exercise them on the W2M Group Privacy Portal, on the Spanish Data Protection Agency website, or by contacting the W2M Group Data Protection Officer at dpo@w2m.com.
