The obligation of Royal Decree 933/2021 is not new for regulated hotels and rental car services, as they already have reporting obligations for security reasons in Spain. The aim of this Royal Decree is to adapt reporting obligations to the new online platforms that have appeared with the growth of E-commerce businesses.
Who is affected by this Royal Decree?
In relation to lodging services, the Royal Decree covers services, whether offered by a business or otherwise, that provide overnight accommodations in exchange for economic consideration, including:
- E-commerce platforms that act as intermediaries between lodging services and consumers through electronic means (e.g. the internet) insofar they provide said services in Spain.
- Lodging activities open to the public and regulated by the corresponding sectorial laws, such as hotels, rural houses, hostels, etc.
- Camping facilities and motor-homes.
- Tourism operators that act as intermediaries between lodging companies and consumers.
In relation to car rental services, it affects companies that offer cars without driver, for a predetermined period of time in exchange of economic consideration. This definition encompasses traditional rental car companies, as well as E-commerce platforms that act as intermediaries between rental car services and consumers through electronic means (e.g. the internet) insofar they provide said services in Spain.
When will this Royal Decree be applicable?
The Royal Decree will be applicable in six months. However, the obligations to communicate data to the relevant authorities will be applicable from 2 January 2023.
How will the reporting duties work in practice?
Companies under the scope of the Royal Decree will need to have in place an electronic registry in order to comply with the new obligations. Before starting the activity, the company will need to communicate business data details in order to "sign-up" in the platform.
In relation to customer data, it will need to complete a very detailed form and keep customer data for three years. These data will need to be communicated through an electronic platform to the relevant authorities.
Which are the data that will need to be reported?
Data to be shared includes, for instance:
- Traveler Data: (i) name; (ii) surname; (iii) second surname; (iv) gender; (v) ID number; (vi) document support number; (vii) type of document (national ID, passport, foreigner ID); (viii) nationality; (ix) date of birth; (x) place of habitual residence, including full address, region (localidad) and country; (xi) landline number; (xii) mobile phone number; (xiii) email address; (xiv) number of travelers; and (xv) kinship relationship between travelers (in the case that someone is a minor).
- Transaction data: (i) contract data, including reference number, date and signatures; (ii) contract execution data, including date and hour of entering and exiting; (iii) property data, including full address, number of rooms and internet connection (yes/no); and (iv) payment data, including type (cash, credit card, etc.), identification of the means of payment (type of card and number, etc.), holder of the means of payment, expiration date of the card, date of payment, paid amounts and identification of the transaction/authorization.
Is there any option to challenge the Royal Decree?
Yes, Royal Decrees can generally be challenged, within 2 months from the date of enactment, if they are not consistent with "superior" laws, including organic laws and the Spanish Constitution. Of course, each specific situation needs to be carefully considered.
Next steps
Authored by Gonzalo F. Gállego and Juan Ramón Robles.
