Privacy policy

1. Purpose

This Privacy Policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter GDPR) and Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights (hereafter, LOPDGDD).

Furthermore, with this policy, we aim to inform people (hereafter, users or interested parties) who visit our website (hereafter, website or the web) about how we collect, process and protect the personal data that they may provide us through any means (forms, emails, phone, contracts or other channels), as well as about the purposes of the processing, the legal bases that legitimise it and the rights they have in terms of data protection. In addition, it will serve as an extended version of the information we have previously provided to interested parties, in the informative clauses arranged in the processes of collecting their personal data.

2. Who is responsible for processing your personal data?

The Data Controller is: CENTRO DIRECTIVO S.L. with CIF B46475000 and HOTEL AD HOC PARQUE S.L. with CIF: B96833637. Hereafter, ADHOC Hotels.

Postal address: Calle Samaniego, 20, CP 46003 Valencia (Valencia) Spain
Email: adhoc@adhochoteles.com
Website: https://www.adhochoteles.com/
Centro Directivo SL registration data: Valencia Mercantile Register T. 2862, L. 178, F. 225, S. 8, H. 2659
Hotel Ad Hoc Parque SL registration data: Valencia Mercantile Register T. 6303, L. 3608, F. 68, S. 8, H. 65077

3. What personal data will we process and how do we obtain it?

For the development of our business activity, it is essential to process personal data whose collection can be carried out digitally, through paper documents or as a result of face-to-face or telephone conversations and in any of these cases the data will be processed fairly, lawfully and transparently.

The categories of data that ADHOC Hotels will process about the interested parties are:

  • Identification data: name and surname, ID or equivalent document, image, voice and signature.
  • Contact details: phone, email, address.
  • Guest registration data: gender, nationality, birth date, relationship with accompanying guests.
  • Commercial data: budgets, purchase conditions, management and history of services and/or purchases, result of contacts

1. Purpose

This Privacy Policy is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, RGPD) and Organic Law 3/2018 of 5 December, on Protection of Personal Data and guarantee of digital rights (hereinafter, LOPDGDD).

Similarly, with this policy we aim to inform individuals (hereinafter, users or interested parties) who visit our website (hereinafter, website, website or the web) about how we collect, process and protect the personal data that they may provide us by any means (forms, emails, phone, contracts or other channels), as well as about the purposes of processing, the legal bases that legitimize it and the rights they have in terms of data protection. Additionally, it will serve as an extended version of the information that we have previously provided to the interested parties, in the informative clauses set out in the processes of collecting their personal data.

2. Who is responsible for processing your personal data?

The Data Controller is: CENTRO DIRECTIVO S.L. with CIF B46475000 and HOTEL AD HOC PARQUE S.L. with CIF: B96833637. Hereinafter, ADHOC Hotels.

Postal address: Calle Samaniego, 20, CP 46003 Valencia (Valencia) Spain
Email: adhoc@adhochoteles.com
Website: https://www.adhochoteles.com/
Registry data Centro Directivo SL: Registro Mercantil de Valencia T. 2862, L. 178, F. 225, S. 8, H. 2659
Registry data Hotel Ad Hoc Parque SL: Registro Mercantil de Valencia T. 6303, L. 3608, F. 68, S. 8, H. 65077

3. What personal data will we process and how do we obtain it?

For the development of our business activity, it is essential to process personal data whose collection can be carried out by digital means, through paper documents or as a result of face-to-face or telephone conversations and in any of these cases the data will be treated fairly, lawfully and transparently.

The categories of data that ADHOC Hotels will process about the interested parties are:

  • Identification data: name and surname, ID or equivalent document, image, voice and signature.
  • Contact data: phone, email, address.
  • Guest registry data: gender, nationality, date of birth, kinship with accompanying guests.
  • Commercial data: budgets, purchase conditions,

1. Object

This Privacy Policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR) and Organic Law 3/2018, of December 5, on Personal Data Protection and the guarantee of digital rights (hereinafter, LOPDGDD). 

Also, with this policy we intend to inform people (hereinafter, users or interested parties) who visit our website (hereinafter, website or the web) about the way we collect, process and protect the personal data that they may provide us by any means (forms, emails, telephone, contracts or other channels), as well as about the purposes of the processing, the legal bases that legitimize it and the rights that they have in terms of data protection. Additionally, it will serve as an extended version of the information that we have previously provided to the interested parties, in the informative clauses provided in the processes of collecting their personal data. 

2. Who is responsible for the processing of your personal data?

The Data Controller is: CENTRO DIRECTIVO S.L. with CIF B46475000 and HOTEL AD HOC PARQUE S.L. with CIF: B96833637. Hereafter, ADHOC Hotels

Postal address: Calle Samaniego, 20, CP 46003 Valencia (Valencia) Spain 

Email: adhoc@adhochoteles.com 

Website: https://www.adhochoteles.com/ 

Registration details Centro Directivo SL: Registro Mercantil de Valencia T. 2862, L. 178, F. 225, S. 8, H. 2659 Registration details Hotel Ad Hoc Parque SL: Registro Mercantil de Valencia T. 6303, L. 3608, F. 68, S. 8, H. 65077

3. What personal data will we process and how do we obtain it?

For the development of our business activity, it is essential to process personal data that can be collected through digital means, paper documents, or as a result of face-to-face or telephone conversations, and in any of these cases, the data will be treated in a fair, lawful, and transparent way.

The categories of data that ADHOC Hotels will process about the interested parties are: 

  • Identification data: name and surname, ID or equivalent document, image, voice, and signature.
  • Contact data: phone, email, address. 
  • Guest registration data: gender, nationality, date of birth, relationship with accompanying guests. Trade data: quotations, purchasing conditions, management and history of services and/or purchases, results from contacts (phone, email, messaging and other communication channels).
  • Accounting data: income and expense control, billing data.
  • Banking data: bank accounts and cards. 
  • Curriculum data: academic data, professional experience, personal characteristics, etc.
  • Goods and services transaction: bank transfers and direct debits, amounts and concepts. Navigation data: analysis of time spent on our website, pages visited, demographic data (e.g. age, sex, language).

Below, the categories of data processed are detailed, from the different groups with which we maintain some type of relationship:

3.1. Customers:

Data of an identifying nature, contact data, guest registration data, commercial, accounting, banking, goods and services transaction data will be processed.

The data may be collected only if the customer provides them to us at the time of contracting services, requesting pre-contractual measures or during the maintenance of the relationship, whether in person, by telephone, email or through the forms available on our website, although they may also be collected by an authorized collaborator, such as certain booking platforms.

3.2. Information Applicants:

Whether the information requested is in person, over the phone or in writing (e.g. email or web forms), we will ask for and subsequently process: identifying data, contact information and commercial data.

3.3. Suppliers:

Identification, contact, commercial, accounting, banking, goods and services transaction data will be processed. These data will be processed when initiating a pre-contractual or contractual relationship and throughout all stages of the business relationship. The data will be collected in person, by telephone, email, through web forms, online chat, instant messaging, etc.

3.4. Job Applicants:

Curriculum, identification, and contact data will be processed, which will be provided by the applicant themselves by sending us their application. 

The collection of data may be done through the hand delivery of documents, receipt of emails or web forms, data collected in personal selection interviews (in person or telematically), and it may even reach us through a collaborator to whom we have delegated certain functions.

3.5. Social network users:

We are present on different social networks and we can process identification, contact, commercial data and other data that the user enables to be viewed or shared with the rest of the social network users, even curriculum data (e.g. LinkedIn). For more information, please see our Social Networks Policy.

3.6. Claimants:

Identifying data, contact information, and personal information from the claimant or third parties that are sent to us will be processed. The data can be collected in person, by phone, email, through web forms, online chat, instant messaging, etc.

3.7. Visitors:

Identification, contact, company for which you work, and reason for your visit data will be processed. This data is collected when provided by the visitor upon access to our facilities or when your counterpart at ADHOC Hotels or client provides them to allow access to these or to provide our services to the client.

3.8. Web users:

Technical data necessary for the operation of the website will be processed and, in case the user voluntarily requests the installation of non-technical or unnecessary cookies for the user, navigation data will be processed.

For more information visit our Cookies Policy.

3.9. More information for those interested:

The legally established information will be made available to interested parties in the corresponding informative clauses, included in the different data collection methods and the way to access extended information from this policy. 

Personal data processing carried out by ADHOC Hotels is duly documented in their corresponding Register of Processing Activities, in accordance with Article 30 of the GDPR.

4. For what purpose will your data be processed and on what legal basis?

We detail below for what purposes and legal basis, we will process the personal data of the different groups with whom we relate:

4.1. Customers:

Fulfill and maintain the precontractual or contractual relationship. Art. 6.1.b GDPR (contract execution).

Provide our services, manage reservations, related communications. Art. 6.1.b GDPR (contract execution). Invoicing and compliance with tax obligations and other legal obligations to which we are subject. Art. 6.1.c GDPR (legal obligation). Management of collections and payments. Art. 6.1.b GDPR (contract execution).

Internal administrative management. Art. 6.1.f GDPR (legitimate interest).

Legal defense or claims. Art. 6.1.f GDPR (legitimate interest).

Satisfaction surveys and business analysis. Art. 6.1.f GDPR (legitimate interest).

Sending electronic commercial communications. Art. 6.1.a GDPR (consent). Art. 21.2 LSSI (prior client).

4.2. Suppliers:

Fulfill and maintain the pre-contractual or contractual relationship. Art. 6.1.b GDPR (contract execution). 

Administrative, accounting, and financial management. Art. 6.1.b GDPR (contract execution). 

Billing and compliance with tax obligations and other legal obligations. Art. 6.1.c GDPR (legal obligation). Management of payments and bank transfers. Art. 6.1.b GDPR (contract execution). 

Evaluation quality of suppliers. Art. 6.1.f GDPR (legitimate interest). 

Internal administrative management and organizational control. Art. 6.1.f GDPR (legitimate interest). 

Legal defense and management of claims. Art. 6.1.f GDPR (legitimate interest).

4.3. Information Requesters:

To attend, register, manage and respond to inquiries or requests. Art. 6.1.f GDPR (legitimate interest). Apply, where appropriate, pre-contractual measures requested by the interested party. Art. 6.1.b GDPR (pre-contractual measures). Internal administrative management resulting from the attention to the inquiry. Art. 6.1.f GDPR (legitimate interest). Legal defense against claims. Art. 6.1.f GDPR (legitimate interest).

4.4. Job Applicants:

Manage your participation in ongoing selection processes. Art. 6.1.b GDPR (pre-contractual measures). Evaluate your professional profile and suitability for the position offered. Art. 6.1.b GDPR (pre-contractual measures). Conduct personal or telematic interviews and selection tests. Art. 6.1.b GDPR (pre-contractual measures). Manage and document the selection process. Art. 6.1.b GDPR (pre-contractual measures). 

Communications with the candidate. Art. 6.1.b GDPR (pre-contractual measures). 

Legal defence against claims. Art. 6.1.f GDPR (legitimate interest). 

Preservation of the job application for future selection processes. Art. 6.1.a GDPR (consent of the interested party).

4.5. Social network users:

Manage our corporate presence on social networks. Art. 6.1.f GDPR (legitimate interest). 

Answer inquiries, requests or messages received through the social network. Art. 6.1.f GDPR (legitimate interest). Interact with users through comments, posts or replies. Art. 6.1.f GDPR (legitimate interest). Analyze statistics on user interaction with our profile. Art. 6.1.f GDPR (legitimate interest). Send direct commercial communications through the social network (where applicable). Art. 6.1.a GDPR (user consent). The processing of data carried out by the social network is governed by its own privacy policy.  

For more information, please consult our Social Media Policy.

4.6. Claimants:

Manage, process and resolve claims, complaints or incidents. Art. 6.1.f GDPR (legitimate interest). Fulfill legal obligations regarding customer service or applicable sector regulations. Art. 6.1.c GDPR (legal obligation). Conduct investigation actions on the claim. Art. 6.1.f GDPR (legitimate interest). 

Communications with the claimant. Art. 6.1.f GDPR (legitimate interest). 

Formulate, exercise or defend administrative or judicial claims. Art. 6.1.f GDPR (legitimate interest) When it is necessary to process special category data, Art. 9.2.f GDPR (formulation, exercise or defense of claims). Preserve the supporting documentation for the legally required periods. Art. 6.1.c GDPR and Art. 6.1.f GDPR, as applicable

4.7. Visitors:

Manage and control access to our facilities. Art. 6.1.f GDPR (legitimate interest).

Ensure the security of people, property and facilities. Art. 6.1.f GDPR (legitimate interest).

Verify the visitor’s identity and register their entry and exit. Art. 6.1.f GDPR (legitimate interest).

Comply with occupational risk prevention regulations. Art. 6.1.c GDPR (legal obligation).

Formulate, exercise or defend claims. Art. 6.1.f GDPR (legitimate interest).

4.8. Web Users:

Allow navigation and proper functioning of the website. Art. 6.1.f GDPR (legitimate interest). 

Ensure the security of the website. Art. 6.1.f GDPR (legitimate interest). 

Ensure network security and prevent unauthorized access or cyber attacks. Art. 6.1.f GDPR (legitimate interest). Analyze the use and performance of the website through analytical cookies. Art. 6.1.a GDPR (consent). 

Display personalized advertising or perform advertising profiling (when applicable). Art. 6.1.a GDPR (consent). For more information visit our Cookie Policy.

4.9. More information for those interested:

The legally required information regarding data protection will be provided to those concerned in the relevant informative clauses included in the various methods of data collection (forms, contracts, electronic communications, telephone speeches or other channels), in accordance with articles 13 and 14 of the GDPR.

When the processing is based on consent, this will be requested in a free, specific, informed and unambiguous manner, and can be withdrawn at any time.

In the event that the interested party does not provide the necessary data or provides incomplete or inaccurate information, we may not be able to address your request or formalize the corresponding relationship.

Personal data will be processed exclusively for the purposes previously informed and determined, without prejudice to subsequent treatments that are compatible as provided in article 6.4 of the GDPR.

The purposes and characteristics of each treatment are properly identified in the corresponding Register of Treatment Activities owned by ADHOC Hotels.

5. Data Preservation

The personal data provided will be retained as long as there is a contractual, pre-contractual, commercial, labor or other relationship with the interested person, and for the necessary time to fulfill the purpose for which the data has been collected. Subsequently, they will be retained for legally required/permitted periods to address any liabilities arising from the processing, in accordance with the retention limitation principle established in the GDPR.

Once the relationship has ended, the data may remain duly blocked in accordance with Article 32 of the LOPDGDD, in those cases where it is necessary to keep them, either until the prescription of responsibilities for the exclusive purpose of claims or legal actions, as well as to comply with our legal obligations.

The periods indicated below may vary depending on the specific regulations applicable, the existence of legal or contractual liabilities, and administrative, judicial, or police requirements:

Interests Activity / area Legal basis Retention period
  • Clients
  • Suppliers
Accounting and commercial Art. 30 Commercial Code 6 years from the last entry
  • Clients
  • Suppliers
Fiscal and tax Arts. 66 and ss. Law 58/2003 General Tax
  • General deadline: 4 years
  • In case of losses during the exercise: 10 years
  • Invoices: 5 years
  • Any person
General Art. 1964.2 of the Civil Code 5 years for personal actions without special deadline.
  • Job applicants
Labor Guide to labor relations of the AEPD
  • 1 year
  • Unless expressly consented, it can be kept for a longer period.
  • Visitors
Access control to facilities Instruction 1/1996 of the AEPD 1 month
  • Web users
Use of cookies AEPD’s Guide on the use of cookies 24 months maximum
  • Clients
  • Suppliers
  • Visitors
  • Job applicants
  • Employees
Video surveillance Art. 22.3 LOPDGDD – personal data protection 1 month
  • Clients
  • Accompanying
Lodging / Hospitality Art. 5.3 RD 933/2021 3 years

When the data is no longer necessary, ADHOC Hotels will proceed to its deletion, anonymization or secure destruction.  

6. Profile Development

As a general rule, ADHOC Hotels does not create profiles or make automated decisions that have legal effects on the individuals concerned or similarly affect them significantly. 

In the event that in the future treatments involving the creation of profiles or automated decisions were carried out, the interested party will be informed beforehand in accordance with the provisions of Article 22 of the GDPR. 

When the processing is based on legitimate interest, the interested party may exercise their right to object at any time. Likewise, when the processing is based on consent, this can be withdrawn at any time.

7. Recipients

As a general rule, personal data will only be communicated to third parties when there is a valid legal basis in accordance with the GDPR, such as the fulfillment of a legal obligation, the execution of a contractual relationship, or the legitimately balanced interest of the data controller. In such cases, they may be communicated to:

  • Competent Public Administrations (Tax Agency, Social Security, or other authorities), when there is a legal obligation. Banking entities, for the management of collections and payments.
  • Judges, Courts, or the Public Prosecutor’s Office, when it is necessary for making, exercising, or defending claims. Companies of our business group, when necessary for internal administrative management, acting as data processors.
  • Providers acting as data processors, with whom a contract has been formalized in accordance with Article 28 of the GDPR.

8. International data transfer

In the event that it is necessary to carry out international data transfers to countries located outside the European Economic Area, these will only be carried out when there is a decision of adequacy by the European Commission or adequate guarantees have been adopted as provided in Articles 45 and 46 of the GDPR.

In the absence of such guarantees, the transfer will only be made when one of the exceptions provided in Article 49 of the GDPR is met.

9. Security Measures

ADHOC Hotels has adopted the appropriate technical and organizational measures to ensure a level of security suitable to the risk, in accordance with what is provided in Article 32 of Regulation (EU) 2016/679.

These measures are aimed at ensuring the confidentiality, integrity, availability, and continuous resilience of the processing systems and services.

The implemented measures are determined taking into account the nature of the processed data, the purposes of the processing, the state of the art, the cost of implementation, and the risks to the rights and freedoms of the concerned individuals.

Furthermore, ADHOC Hotels regularly reviews and updates these measures as part of its internal data protection compliance procedures.

10. Your Rights

You can exercise the following rights in relation to your personal data at any time: 

Right to Access:  

Obtain confirmation whether we are processing your personal data and, if so, access them and the information provided in Article 15 of the GDPR. 

Right to Rectification:  

Request us to rectify your personal data when they are inaccurate or to complete them when they are incomplete. 

Right to Object:  

Oppose the processing of your data when it is based on legitimate interest or public interest, for reasons related to your particular situation, unless there are peremptory legitimate reasons that prevail. 

Right to Erasure:  

Request the erasure of your data when any of the circumstances provided for in Article 17 of the GDPR occur, among others, when the data are no longer necessary for the purposes for which they were collected or when you withdraw your consent if this was the basis of the processing. 

Right to Restriction of Processing:  

You can request us to exercise this right when one or several of these situations occur: 

  • When you challenge the accuracy of your data, for a period that allows the data controller to verify the accuracy of them. When the processing is unlawful and you oppose the erasure of your data and request instead the restriction of their use. When the data are no longer needed for the purposes of the processing, but you need them for the establishment, exerciseor defence of legal claims.  
  • When you have objected to the processing under Article 21, paragraph 1, while it is being verified whether the legitimate reasons of the data controller prevail over yours. 

Right to Data Portability:  

Receive the personal data you have provided us, in a structured, commonly used, and machine-readable format, and transmit them to another data controller, when the processing is based on consent or on a contract and is carried out by automated means. 

Right not to be subject to automated decisions:  

Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you, except in the cases provided for in Article 22.2 of the GDPR. 

How to exercise your rights 

To exercise any of your rights, you must write to ADHOC Hotels, either by postal mail to the address: Calle Samaniego, 20, CP 46003 Valencia (Valencia) Spain or to the email: adhoc@adhochoteles.com, stating the rights you wish to exercise. If you are acting on behalf of another person, you must provide proof of your representation. If there are reasonable doubts about the identity of the person making the request, we may ask for additional information necessary to confirm their identity. 

The request will be addressed within a maximum of one month from its reception, extendable in complex cases according to Article 12 of the GDPR. The exercise of rights is free of charge unless the requests are manifestly unfounded or excessive. 

We inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es

If you wish to make any suggestion or consultation about the processing of your personal data, you can contact our data protection consultants: 

BUSINESS ADAPTER, S.L. 

Ronda Guglielmo Marconi, 11, 26, (Technology Park) 46980 Paterna (Valencia). 

Data Subject Access Request Form 

11. Commitment to the Protection of Personal Data

ADHOC Hotels expresses its strong commitment to the fulfillment of Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), ensuring that the processing of personal data is carried out in accordance with the principles of legality, loyalty, transparency, minimization, accuracy, limitation of the period of conservation, integrity, confidentiality and proactive responsibility.

This commitment applies to all workers and collaborators who are involved in the processing of personal data, as well as third parties acting on behalf of ADHOC Hotels.

Governance and compliance

ADHOC Hotels keeps the corresponding Register of Treatment Activities updated in accordance with Article 30 of the GDPR. Moreover, whenever a treatment may imply a high risk for the rights and freedoms of the interested parties, the corresponding Data Protection Impact Assessment is carried out in accordance with Article 35 of the GDPR.

Security and incident management

Appropriate technical and organizational measures are adopted to guarantee an adequate level of security according to the risk. In the event of a personal data security breach, the internal incident management protocol will be activated, in accordance with Articles 33 and 34 of the GDPR.

Rights of the interested parties

ADHOC Hotels ensures the diligent attention of the exercise of rights recognized in the data protection regulations.

Digital rights in the workplace

In the workplace, the digital rights recognized in the LOPDGDD are respected, ensuring the balance between the power of business direction and the right to privacy, to digital disconnection and to the protection of worker’s data.

Training and supervision

ADHOC Hotels promotes training in data protection and digital rights, also, it has specialized external advice to ensure compliance with regulations.

12. Update of this Policy

The present Policy may be updated to adapt to regulatory or jurisprudential changes. In the case of substantial modifications that affect the interested parties, appropriate measures will be taken for their communication.

Last update: June 15, 2026.