This document regulates the rules relating to the Privacy Policy on which ABRIL, S.A.U. (Hotel Abril) as Data Controller (hereinafter, “the Data Controller”) will carry out the processing of the personal data of its customers (buyers or not of its services) and suppliers or third parties, provided by those during their access to the website in their registration process or provided by any other means valid in law.

If you expressly accept the transfer of your data to the Data Controller, whatever the means by which you do so, provided that your consent is express, you will give your consent in a free, informed, specific and unequivocal way for the Data Controller to process your personal data, in accordance with the General Data Protection Regulation of the Parliament and of the Council 679/2016, of April 27 (hereinafter “RGPD”) and Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights.

Content of the website Data collection

The Data Controller may collect on its website the data of its customers, suppliers and other third parties (hereinafter they will be called, collectively, “the interested party” or “the interested parties”) when they access it and register or request their services through the contact link.

The interested party must enter all the data that the Platform requires at all times (especially those marked with an asterisk), because in case of not doing so, he will not be able to complete his registration as a user or the use of certain functionalities or services available through it.

Data will also be collected from interested parties when by other means the interested parties have provided them to the Data Controller, within the normal development of a commercial or professional activity.

Likewise, the interested party will guarantee that the Personal Data provided are true and accurate and must notify by the appropriate channel, any change or modification thereof.

In the event that the interested party provides data of third parties, he assumes the responsibility of having previously informed him and having his consent to do so, in accordance with article 14 of the RGPD.

Category of data collected

The Data Controller may process the following personal data of the user:

  • Identification data: name and surname, NIF
  • Contact details: telephone number, email and postal address.
  • Company you work for
  • Resume

Recipients of the data

Those suppliers who perform services to the Data Controller related to the service it provides to the interested party or vice versa will have access to your data. The Data Controller will maintain the corresponding treatment order contracts with each of the suppliers that provide services in order to guarantee that said suppliers will treat your data in accordance with the provisions of current legislation.

Personal data may also be transferred to the competent authorities whenever there is a legal obligation.

In the same way, they may be communicated to the financial institutions through which the management of collections and payments is articulated.

They may also be transferred to third companies related to the activity of the Data Controller, in order to send the user commercial information that may interest him, always connected with the business of the Data Controller and provided that the user has expressly accepted it.

Purpose of the treatment

The Data Controller will process personal data for the purposes set out below, depending on the reason for which they were provided:

  • Carry out the provision of the contracted services, the maintenance of the contractual relationship and the monitoring of it.

·Contact, process, manage and respond to the request, request, incident or query of the user (either through email, contact form or telephone).

  • Manage, where appropriate, the user’s participation in the client’s private area.
  • Manage, where appropriate, the sending of commercial communications about products and services marketed by the Data Controller by electronic and / or conventional means.
  • Make, where appropriate, a profile of the user to offer the products and services related to the Data Controller in accordance with their interests.
  • Assess and manage, where appropriate, the curriculum provided by the user for selection processes that adapt to their professional profile and carry out the necessary actions for the selection and hiring of personnel.
  • Manage the membership of the user and, or the company to which he belongs, to the company, to provide the services of the Association

Based on the foregoing and depending on the category of user, the Data Controller may give the following uses to the data:


Budgeting Billing

Sending commercial communications Terms of Service Updates

Regular communication within the provision of contracted services Make a professional profile for the offer of services



Sending commercial communications Terms of Service Updates

Regular communication within the provision of contracted services.

Social Media Contacts

Creation of community of followers Managing friend requests

Sending commercial information.

Make a professional profile for the offer of services Terms of Service Updates

Job seekers

Assessment of the data included in the curriculum to analyze the adequacy to the needs of the Data Controller

Sending relevant information related to the job sought in the organization

In case the user expressly accepts it, the data may be transferred to collaborating or related companies with the aim of helping the user to get a job.

Make a professional profile.

Legitimation for the collection and processing of data

The legal basis for the collection and processing of user data is, on the one hand, the imperative obligation to be able to provide the contracted services and, on the other, the consent expressly granted by the user for its collection and processing.

Duration of data processing and storage

The data for the management of the relationship with the client, the billing and collection of the services will be kept for as long as the contract is in force. Once this relationship has ended, where appropriate, the data may be kept for the time required by the applicable legislation and until the possible responsibilities derived from the contract prescribe.

The data for the management of queries and requests will be kept for the time necessary to respond to them, with a maximum period of one year.

The data for the sending of commercial communications and elaboration of commercial profiles of our products or services will be kept as long as the commercial relationship with the user is maintained and does not withdraw their consent for it.

The curriculum vitae data for selection processes will be kept for two years.

For information purposes, the legal periods of conservation of information in relation to different matters are set out below:




Documentation of a labor nature or related to social security

4 years

Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infractions and Sanctions in the Social Order

Accounting and tax documentation for commercial purposes

6 years

Art. 30 Commercial Code

Accounting and tax documentation for tax purposes

4 years

Articles 66 to 70 General Tax Law

Building access control

1 month

Instruction 1/1996 of the AEPD

Video surveillance

1 month

Guide of November 26, 2018 of the AEPD Organic Law 4/1997. Law 5/2014 of 4 April, on Private Security

User Rights

Any user who provides their personal data to the Data Controller may exercise the following rights:

Access, rectification, opposition, deletion, portability and limitation of treatment, as well as rejecting the automated processing of personal data collected by the Data Controller.

In turn, every user will have the right to withdraw at any time, the consent that had been granted.

These rights may be exercised free of charge by the user, referring to the request that is specified in the request through the contact information contained in the Legal Notice link.

The user has the right to revoke his consent given at any time for the sending of commercial communications, simply by notifying the Data Controller and informing that he does not wish to continue receiving commercial communications. To do this, the user may revoke their consent by referring to their request through the contact details contained in the Legal Notice or by clicking on the link “no more commercial communications“.

The user has the right to file a claim with the Spanish Agency for Data Protection if he understands that the Data Controller has committed some type of infringement in the processing of his data.


The Data Controller will not collect in any case data of minors except in cases where the Law allows it. Given the difficulty of verifying the age of users, it will be the holders of parental authority or guardianship of children under 14 years of age who must establish control measures on the devices to which minors could access, to prevent them from transferring their data unduly.

If the Data Controller has reliable knowledge at any time that a minor has accessed its platform and their data is being processed without the authorization of their legal representatives, they will proceed to immediately unsubscribe said user.

Social Media

The Data Controller has corporate profiles on certain social networks such as Instagram, Facebook, Google or Linkedin and may have other profiles in the future on other social networks existing now or to be created.

In this way, the User may be linked to the Data Controller not only through the direct and explicit transfer of their data, but also by the fact that they follow the Data Controller or by the fact that it is the Data Controller who follows the User. The fact that the User gives a “like”, “like”, etc. to the Data Controller, will imply the acceptance of the Terms and Conditions of the Web.

The Data Controller may upload news and information about its services in accordance with the terms of the platforms used, so it is possible that the User receives communications about them through the means activated with the platform (either on the wall, or by pop up ads, etc.). The Data Controller will not have any responsibility for the configuration of the social networks that the User has made.

In the event that the Data Controller Party has WhatsApp Business at any time, it may respond to queries that the User may raise.

Security measures

The Data Controller undertakes to comply with the commitment of secrecy of personal data and its duty to keep them, treating the user’s personal data confidentially, adopting the necessary technical and organizational measures to guarantee the security of the data and avoid its alteration, loss, treatment or unauthorized access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

Data Protection Officer

Who exercises the functions of Data Protection Delegate is Carlos Cano de Santayana Boullosa, with whom you can contact to resolve any questions or claims, through the email

Changes to the Privacy Policy

The Data Controller may modify its Privacy Policy in accordance with the applicable legislation at any time. In any case, any modification of the Privacy Policy will be duly notified to the user so that he is informed of the changes made in the processing of his personal data and, in case the applicable regulations so require, the user can grant his consent.