Privacy Policy

Mayto Astrological Park


  1. Data Controller Mayto Astrological Park ("Mayto", "we", "us") is the controller of the personal data collected during bookings and stays. For privacy inquiries contact: privacy@mayto.com (please replace with your actual contact email if different).
  2. Personal Data We Collect Depending on the service and interaction, we collect: full name, email address, phone number, date of birth, employer/company, credit card information (processed by payment providers), and stay records (check-in/out dates, room, internal charges). Additional operational data may be collected as required.
  3. Sources of Data
  • Data provided directly by guests at booking or check-in.
  • Data received through sales platforms and channels: Vik Booking, Expedia, Booking.com, Airbnb, and our website mayto.com.
  • Data generated by our services (stay records, internal logs, CCTV where applicable).
  1. Purposes of Processing We process personal data for:
  • Reservation management, check-in/out and provision of accommodation services.
  • Payment processing and fraud prevention.
  • Billing, accounting and tax compliance.
  • Communications related to bookings and stays (confirmations, changes, customer service).
  • Marketing and commercial communications (with consent).
  • Service improvement, safety and security of premises.
  • Legal compliance and defense of legal claims.
  1. Legal Bases Processing is based on one or more of:
  • Contractual necessity — to perform the booking and provide accommodation.
  • Legal obligation — to comply with tax, accounting and other laws.
  • Consent — for marketing communications and other optional processing.
  • Legitimate interests — for security, fraud prevention and operational needs, balanced against data subject rights.
  1. Recipients and Processors We may share data with third parties when necessary to provide services or required by law, including:
  • Online travel agents and booking platforms: Vik Booking, Expedia, Booking.com, Airbnb.
  • Payment processors and gateways.
  • Service providers: housekeeping, laundry, security, accounting, IT and website hosting.
  • Third-party software providers and analytics tools. These parties act either as processors on our behalf or as independent controllers. We require appropriate contractual protections to safeguard your data.
  1. International Transfers We serve guests from Mexico, the United States, the European Union and other jurisdictions. Personal data may be transferred and processed outside the country of origin. When international transfers occur, we will apply appropriate safeguards (adequacy decisions, standard contractual clauses, or other lawful measures) to ensure an adequate level of protection.
  2. Data Retention Periods
  • Billing and accounting records: retained for at least 1 year and as required by applicable tax and accounting laws.
  • Marketing data: retained up to 2 years from last contact or until consent is withdrawn.
  • Data related to legal claims, investigations or security matters: retained as required by law or until resolution of the matter.
  1. Data Subject Rights You have the right to:
  • Access your personal data.
  • Request rectification of inaccurate data.
  • Request erasure (right to be forgotten) where applicable.
  • Request restriction of processing.
  • Object to processing based on legitimate interests or direct marketing.
  • Request data portability where applicable.
  • Withdraw consent at any time (withdrawal does not affect prior lawful processing). To exercise these rights contact: privacy@mayto.com (include name, ID and the request). You may also lodge a complaint with the relevant supervisory authority (e.g., data protection authority in your country, INAI in Mexico, or EU supervisory authority for EU data subjects).

Additional Information and Contact For questions, to exercise your rights, or for details about processors and safeguards, contact: privacy@mayto.com (replace with your real contact email if different).

Security We implement technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure. Access is limited to authorized personnel and service providers who require the information to perform their duties.

Cookies and Website Analytics mayto.com may use cookies and similar technologies for site functionality, analytics and marketing. For non-essential cookies, we request explicit consent as required by applicable law. See our cookie notice on mayto.com for details.

Minors We do not intentionally collect personal data from minors without parental or guardian consent. If we learn we have collected personal data of a minor without authorization, we will delete it promptly.

Changes to this Policy We may update this policy as needed. The latest version will be posted on mayto.com with the date of last modification.