Cyber Attacks

At Prinz Hoteles, S.A., the company managing the PRINSOTEL hotel establishments (Prinsotel La Dorada, Prinsotel La Pineda, Prinsotel Alba, Prinsotel Mal Pas, Prinsotel La Caleta, and Villas Prinsotel Cala Galdana), we would like to expressly inform all our clients:

That the company's privacy policy imposes maximum respect and strict use of personal data on its employees and suppliers.
That it is our responsibility to protect your data, and if a data breach occurs, whether internal or external, you will always be informed: a) Directly if we have your email address. b) If we do not have your email, a notification will immediately be posted in this public space, which you can consult at any time.
That in the event of a data breach, Prinz Hoteles, S.A. will always inform you directly or through this public space about the type of private data that has been compromised.
That Prinz Hoteles, S.A. never stores or retains payment information, such as debit or credit card details.

Here are some guidelines to ensure the security of your personal data:
We will never, under any circumstances, request your banking information by electronic means. If you receive a call or message asking for such data, NEVER share it.

If you receive PRINSOTEL advertisements via email, SMS, or social media, always verify the sender's identity, and if in doubt, never click on any link you do not trust.
Additionally, through this document, we would like to warn you about possible fraud attempts, such as phishing, spear phishing, vishing, smishing, pharming, whaling, etc., so that you can be alert to any malicious activity. Below are descriptions of these types of attacks or frauds to help you identify any suspicious behavior and prevent these actions:

• Phishing: Phishing is a social engineering technique where fraudulent emails impersonate legitimate companies or public organizations to request personal and banking information from the user. These emails often include a link directing the user to a fake website, where they may be prompted to enter their credit card number, ID, online banking password, etc. These fraudulent emails usually contain the brand's logo or image, may have grammatical errors, and sometimes attempt to create a sense of urgency and fear to push the user into taking action. A phishing email can also include an attachment infected with malicious software. The purpose of this malware is to infect the user's device and steal their confidential information.

• Spear Phishing: Attackers create fake emails, websites, or even short messages that appear legitimate, asking users for their login information. This way, scammers obtain login credentials for online stores, social media accounts, or cloud storage spaces. In severe cases, they may even gain access to bank information or credit card details. Scammers know many users do not take password security seriously and use the same password across different services. Thus, even a simple phishing website can yield sensitive data, which has high value on the digital black market.

• Vishing: The term vishing combines "voice" and "phishing," also known as voice phishing. Attackers use VoIP (Voice over IP) technology to make affordable or free fraudulent calls to obtain codes, passwords, or banking data from unsuspecting victims.

• Smishing: Smishing is a blend of SMS and phishing. Like phishing, cybercriminals posing as representatives of a trustworthy company or organization use SMS (Short Message Service) instead of emails. These mobile messages serve either to prompt the victim to reveal account information or to install malware and trojans on their device without their knowledge.

• Pharming: Pharming, a blend of "phishing" and "farming," is an online scam similar to phishing, where website traffic is manipulated, and confidential information is stolen. In this social engineering attack, criminals redirect users attempting to access a specific website to a different, fake site. These "fake" sites aim to capture the victim's personal identification information and login credentials, such as passwords, social security numbers, account numbers, etc., or attempt to install pharming malware on their device.

• Whaling: A whaling attack is a method used by cybercriminals to impersonate high-level positions within an organization to directly target top executives or other key individuals to steal money, obtain confidential information, or gain access to their computer systems for criminal purposes. Whaling, also known as CEO fraud, is similar to phishing, as it uses methods like website impersonation and emails to trick the victim into revealing confidential information or making money transfers, among other actions.