Zafiro Hotels is a hotel brand with more than 3 decades of experience in hospitality. It is a wholly family-owned company based in Port d'Alcudia (Mallorca), and operates 14 hotels in Mallorca and Menorca. The company prioritises the safety and protection of its guests, employees, suppliers and partners. Our priority is to protect the reputation of Zafiro Hotels and prevent digital fraud harming any of our customers, partners or employees through websites, emails, text messages, SMS, WhatsApp, social media or phone calls, among others. Fraudulent activities are constantly evolving, and currently the most prevalent is phishing, a technique used to get sensitive personal data such as credit card numbers, social security numbers, financial data and login information.

Below are some of the most common techniques to help you detect these activities and some best practices for prevention and online security.

• Phishing by email or SMS: this involves sending emails or text messages by SMS or WhatsApp that look like they’re from a legitimate source, encouraging you to click on links, download attachments or provide personal information.
• Vishing (phishing by phone): scammers phone up and pose as a representative of a company and then create a false sense of urgency to get personal information.
• Scams on social media and job offers: scammers create fake company profiles or ads targeted at job seekers using the Zafiro Hotels brand. Please note that the Zafiro Hotels official social media accounts are on the most popular platforms such as Twitter, Facebook, Instagram and LinkedIn.
• Mobile app scams: careful with unauthorised mobile apps that claim to be associated with Zafiro Hotels, especially those that ask for personal information or investment.
• Bank transfer scams: these involve urgent and fake scenarios that require bank transfers, often dressed up as lucrative investment opportunities.
• Investment scams: beware of “high-yield” investment proposals purportedly from Zafiro Hotels. These are generally fake.

• Verify authenticity: make sure you only interact with official Zafiro Hotels digital platforms. The only authorised domains and websites for Zafiro Hotels are listed on our official website.
• Email monitoring: look closely at the details of emails you receive, such as the sender’s address, language, and embedded links. Avoid clicking on suspicious links or providing personal data.
• Protect login data: Zafiro Hotels will never ask you for your password or login information outside of our secure login procedures.
• Careful with downloads: double check the source of content and downloadable apps, avoiding any suspicious ads.
• Scepticism is vital: be careful with any unsolicited messages, especially those asking for personal information.
• Caution with job applications: all real job openings at Zafiro Hotels are posted to our official website. We do not hire through social media and never request payments during the hiring process.

• Secure bookings on the official website: always book direct through our official website. Avoid clicking on links in unsolicited emails or ads that are not from verified Zafiro Hotels sources.
• Outsourced booking system: Zafiro Hotels uses an outsourced and highly secure booking system. It's important that guests ensure they are on the right website by checking the URL and looking for security symbols such as the padlock in the browser address bar.
• Booking confirmation and communication: after making a booking, you get an official confirmation from Zafiro Hotels by secure email. If you get requests for extra information or unexpected payments, please check with our customer service team before responding.
• Alerts about fake offers: be sceptical about deals or promotions that seem too good to be true, especially if they are not from our official channels.
• Education about phishing and fraud: we provide regular information to guests on how to detect and avoid phishing and fraud related to hotel bookings.

Zafiro Hotels ensures the privacy and safety of our guests. Always verify the authenticity of any message claiming to be from Zafiro Hotels.

• Official website: URL: www.zafirohotels.com
• Contact email: contacto@zafirohotels.com
• Security email: seguridad@zafirohotels.com
• Notification email: notifications@zafirohotels.com
• Email to report fraud: reportefraude@zafirohotels.com

Social media:

• Facebook: facebook.com/zafirohotels
• Twitter: twitter.com/zafirohotels
• Instagram: instagram.com/zafirohotels
• LinkedIn: linkedin.com/company/zafirohotels

If you detect possible fraud or crimes online, contact local authorities and think about reporting it to the appropriate authorities in Spanish-speaking regions and in the EU that handle digital security and GDPR compliance:

Spanish security services:

• National Police - Telematic Crime Service:
• Website: www.policia.es/
• Civil Guard - Telematic Crimes Group:
• Website: www.guardiacivil.es/en/servicios/delitos_telematicos/index.html.
• To report crimes related to new technologies (Internet, email, SMS, WhatsApp, etc.), visit the website of the Telematic Crimes Group of the Civil Guard at www.gdt.guardiacivil.es.
• Spanish Data Protection Agency (AEPD):
• Website: www.aepd.es.
• Phone numbers:
• For general questions or complaints: 901 100 099 and 91 266 35 17.
• Citizens’ Advice Service: 900 293 183.
• Education and minors: 900 293 621

EU Authorities:

• To contact your National Data Protection Authority, see the European Data Protection Board (EDPB) website at edpb.europa.eu.
• General link for European Commission Data Protection Authorities (DPAs): commission.europa.eu.
• Europol European Cybercrime Centre (EC3):
• Website: www.europol.europa.eu.
• European Data Protection Supervisor:
• Headquarters in Brussels:
• Postal address: Rue Wiertz 60, B-1047 Brussels.
• Office address: Rue Montoyer 30, B-1000 Brussels.
• Phone: +32 2 283 19 00.

Office in Strasbourg:

• Postal address: 1 Allée du printemps, Louise Weiss Building, 67070 Strasbourg (France).
• Phone: + 33 3 88 16 43 46.
• Email: edps@edps.europa.eu.
• Website: www.edps.europa.eu.

For more information on Internet security and fraud prevention, see the European Union Agency for Cybersecurity (ENISA) website at https://enisa.europa.eu.