Cookie Policy
This policy explains which cookies we use on SpainHotels, what they are used for, and how you can manage them. It is complementary to the privacy policy.
What are cookies?
Cookies are small text files that a website saves on your device when you visit it. They allow the site to remember information about your visit, such as your preferred language, your logged-in session, or the pages you view, in order to make the experience more useful and, in some cases, measure service usage.
Types of cookies we use
Based on their purpose, the cookies we use are classified as essential, analytical, and marketing. Essential cookies are necessary for the website's operation and are installed without requiring consent. Analytical and marketing cookies are only installed if you give your consent. Based on their owner, we distinguish between first-party cookies (managed by SpainHotels) and third-party cookies (Google and Stripe). Stripe cookies are activated solely during the payment process: for accommodation bookings, they are set by the LiteAPI SDK loaded on the page, while for the HotelShop service, they are activated by our own integration with Stripe.
Cookies we use
The following table lists the active cookies in production, indicating their name, owner, purpose, and approximate duration.
| Name | Owner | Purpose | Duration |
|---|---|---|---|
| Must-haves | |||
| laravel_session | SpainHotels | Identify the visitor's PHP session to maintain state between pages. | Session |
| XSRF-TOKEN | SpainHotels | Cross-Site Request Forgery (CSRF) protection token. | Session |
| sh_tracking_id | SpainHotels | Internal identifier for traffic attribution and booking traceability. | 30 days |
| preferred_locale | SpainHotels | Remember the language chosen by the user. | 1 year |
| preferred_currency | SpainHotels | Remember the currency chosen by the user. | 1 year |
| __stripe_mid | Stripe | Stripe identifier used during the payment flow for fraud prevention. In accommodation bookings, it is set by the LiteAPI SDK loaded on the page; in the HotelShop service, it is set by our own integration with Stripe. | 1 year |
| __stripe_sid | Stripe | Stripe session identifier used during the payment flow. In accommodation bookings, it is set by the LiteAPI SDK loaded on the page; in the HotelShop service, it is set by our own integration with Stripe. | 30 minutes |
| Analytics | |||
| _ga | Distinguish users for Google Analytics 4. | 2 years | |
| _ga_* | The session state persists for a Google Analytics 4 property. | 2 years | |
| _gid | Distinguish users for 24 hours for Google Analytics. | 24 hours | |
| Marketing | |||
| _gcl_au | Measures ad effectiveness and attributes conversions in Google Ads. | 90 days | |
| _gcl_aw | Associate Google Ads ad clicks with on-site measured conversions. | 90 days | |
Consent Configuration
The granular cookie settings banner is currently under development. In the meantime, no analytics or marketing cookies are installed until explicitly allowed by the browser or user, and you can manage or delete stored cookies from your browser settings. When the banner is available, you will be able to manage your preferences from a link on this page.
How to manage cookies in your browser
You can view, delete, and block cookies from your browser settings. Each browser has its own procedure, described on its official help pages: Google Chrome (https://support.google.com/chrome/answer/95647), Mozilla Firefox (https://support.mozilla.org/es/kb/proteccion-mejorada-rastreo-firefox-escritorio), Apple Safari (https://support.apple.com/es-es/guide/safari/sfri11471/mac), and Microsoft Edge (https://support.microsoft.com/es-es/microsoft-edge). Please note that disabling essential cookies may affect the site's functionality.
Modifications
This policy may be updated when we incorporate new cookies or the purposes change. When the changes are significant, we will notify you through the usual service channels.