From Prinz Hoteles S.A., the company that manages the PRINSOTEL hotel establishments (Prinsotel La Dorada, Prinsotel La Pineda, Prinsotel Alba, Prinsotel Mal Pas, Prinsotel La Caleta and Villas Prinsotel Cala Galdana), we expressly inform all our guests of the following:

• The company’s Privacy Policy requires all employees and service providers to show the utmost respect for, and make strictly appropriate use of, personal data.
• Protecting your information is our responsibility, and should any vulnerability occur in the safeguarding of your data—whether internal or external—you will always be informed:
  • directly, if we have your email address;
  • through this publicly accessible section, which you may consult at any time, if we do not have your email address.
• In the event of a security incident, Prinz Hoteles S.A. will always inform you—either directly or through this public space—of the type of personal data that may have been affected.
• Prinz Hoteles S.A. does not store or process payment data such as debit or credit card details.

Common types of fraud and cyberattacks

Below we describe the most common fraud methods in order to help you identify and prevent them:

• Social engineering: A set of psychological manipulation techniques used by cybercriminals to deceive individuals into disclosing confidential information, making payments, or performing actions that may cause harm. Many of the attacks described below are based on this type of manipulation.
• Ransomware: A type of malware that blocks or encrypts the information on a device and demands a ransom for its recovery. It is commonly spread through malicious links or infected email attachments.
• Phishing: This involves sending emails that impersonate companies or public institutions and request personal or financial information. Through links included in the message, users are redirected to fraudulent websites where they are asked to enter credit card numbers, ID details, online banking credentials, or similar data. These emails often include company logos, may contain grammatical errors, and frequently attempt to create a sense of urgency or fear. Phishing emails may also include malicious attachments designed to infect the user’s device and steal confidential information.
• Spear phishing: A targeted form of phishing in which attackers create fake emails, websites or short messages that appear legitimate and request users’ login credentials. This allows fraudsters to gain access to online stores, social networks or cloud storage services. In more serious cases, banking or credit card information may also be compromised. These attacks often exploit the reuse of passwords across different services.
• Vishing: A combination of the words “voice” and “phishing.” In this type of attack, criminals use VoIP (Voice over IP) technology to make fraudulent phone calls in order to obtain passwords, verification codes or banking details from unsuspecting victims.
• Smishing: Derived from “SMS” and “phishing,” this attack uses text messages instead of emails. Cybercriminals pose as trusted companies or organisations to persuade recipients to disclose account details or to install malware or trojans on their devices without their knowledge.
• Pharming: A type of online fraud similar to phishing, in which website traffic is manipulated. Users attempting to access a legitimate website are redirected to a fake one designed to capture personal identification information and login credentials or to install malware on the user’s device.
• Whaling: Also known as CEO fraud, this attack involves cybercriminals impersonating senior executives in order to target top management or other key individuals within an organisation. The objective is to steal money, obtain confidential information, or gain unauthorised access to IT systems.

Basic security recommendations

• Be cautious of urgent messages
  Emails, SMS messages or phone calls that create fear, urgency or threats are often fraudulent.
• Never share passwords, verification codes or banking details electronically
  Legitimate companies will never request this information via email, phone or SMS.
• Always check the sender and the website address
  Make sure the domain name is correct and avoid suspicious or shortened links.
• Use strong and unique passwords
  Do not reuse the same password across different services and avoid easily guessable personal information.
• Enable two-factor authentication (2FA)
  This provides an additional layer of security whenever available.
• Keep your devices up to date
  Software updates fix vulnerabilities that cybercriminals may exploit.
• Do not download files or apps from unknown sources
  Especially if they arrive as unexpected attachments or unsolicited links.
• Be mindful of what you share on social media
  Cybercriminals use publicly available information to carry out targeted attacks.
• Avoid unsecured public Wi-Fi networks
  If you use them, do not access online banking or enter sensitive information.
• When in doubt, do not act—verify first
  If you are unsure, contact Prinz Hoteles S.A. directly through official channels before taking any action.