• Logo Esera Group
  • About us
  • Our Brands
  • Contact
  • EN

    • ES

Privacy Policy

Esera Group as Data Controller of this website, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018, informs you about how we process your personal data and protect your privacy.

In this privacy policy, we explain your rights and how to exercise them. Additionally, we provide contact details of the competent data protection authority.

We, the data controllers of your data

  • Identity: ESERA CAPITAL PARTNERS SL
  • Tax ID (NIF): B88705157
  • Registered Office: Paseo de Gracia, 12, 08012, Barcelona
  • Email: privacy@eseragroup.com

What type of information about you might we collect?

Personal data collected from users, customers, guests, and prospective clients can be grouped into the following categories:

  • Basic and contact data: name, surname, billing address, email, and phone number.
  • Financial and economic data: payment details, returns, reimbursements, and transactions.
  • Professional and employment data: professional interests and online identity.
  • Technical data: IP address, browser, operating system, and device information.
  • Navigation data: browsing behavior on the website.
  • Marketing preferences: communication consents and preferences.
  • Video surveillance images: CCTV recordings in hotel facilities.

How do we collect your personal data?

Most of your personal information is provided directly by you. We may also obtain information from:

  • Third parties linked to us
  • Third parties with your prior consent
  • Cookies used on our website
  • Access systems, communications, and security tools

What happens if you do not provide your personal data?

If required data is not provided, we may not be able to deliver services or complete reservations.

If necessary, cancellations will be communicated in advance with proper justification.

For what purpose do we treat your personal information?

Processing Purpose
Why do we collect your information?
Legal Basis
To process your personal information
Provide our services, reservations, payments and collections Contract execution / Legitimate interest
Register as a web user or new client Consent / Contract execution
Manage client relationship, updates and surveys Contract execution / Legal obligation / Legitimate interest
Send commercial communications and newsletters Consent / Legitimate interest
Respond to inquiries and provide quotes Legitimate interest / Contract / Consent / Legal obligation
User interactions on social networks Legal obligation / Legitimate interest
Analytics and cookies processing Legitimate interest / Consent
Website security and business protection Legal obligation / Legitimate interest
Product and service recommendations Legitimate interest
Legal compliance and authorities requests Legal obligation
CCTV and physical security Legitimate interest / Third-party interest
Customer data updates and maintenance Legal obligation / Contract / Legitimate interest
Workplace security and HR management Legal obligation / Legitimate interest
Complaints and incident management Consent / Legitimate interest / Legal obligation
Complaint forms provision Legal obligation
EU dispute resolution (ODR) Legal obligation

With whom might we share your personal data?

We may need to share your personal information with:

  • Third-party companies we subcontract or service providers we employ to provide our services (e.g., payment gateways, reservation management).
  • Third parties we need to manage our business (e.g., advertising agencies, lawyers, IT specialists).
  • Insurance companies, brokers.
  • Banks with which we work.

All providers we work with are contractually bound to us. We can guarantee that they comply with all necessary security measures to safeguard your personal information and will use your data solely for the specified purposes, according to our instructions.

We will also share personal information with law enforcement bodies when the law requires us to do so.

Where do we host your personal information?

All information you provide us, both through this website and via other channels, will be hosted on Microsoft cloud servers. These servers are hosted within the European Economic Area.

How long will we keep your personal data?

Your data will be kept as long as the commercial relationship with us lasts or until you exercise your right of cancellation, opposition, or limitation of treatment.

Likewise, if we have not maintained relevant contact with you for a period of two years, we will delete your personal data from our systems, unless the law requires us to keep them (e.g., at the request of an authority or regarding possible disputes).

Our information retention policies conform to the deadlines set by various legal responsibilities for prescription purposes:

  • General Rule: Under Article 30 of the Commercial Code, company documents/information are kept for 6 years.(accounting, tax, labor, or commercial documentation).
  • Specific Deadlines:
  • Labor (infractions): 3 years
  • Social Security (infractions): 4 years
  • Occupational Risk Prevention (infractions): 5 years
  • Tax (tax debts): 4 years
  • Tax (checks on quotas/deductions): 10 years
  • Accounting and commercial: 6 years
  • Crimes against Public Treasury/Social Security: 10 years

You will not be subject to decisions based on automated processing that produce effects on your data.

Our communications

All personal information you communicate to us will be incorporated into our information systems. By accepting this privacy policy, you grant Esera Group express consent to carry out the following activities until you indicate otherwise:

  • Send commercial, promotional, and direct marketing communications to inform you of activities, services, and offers related to us.
  • Send electronic communications, provided you have subscribed to our NEWSLETTER and have not unsubscribed.
  • Retention of data during the periods provided for in applicable provisions.

How to stop receiving marketing communications (opt-out)?

You can revoke any express consent granted for commercial information at any time. To do so, request your removal via the opt-out option on our web or by writing an email with the subject "unsubscribe" to privacy@eseragroup.com.

In accordance with LSSICE, we do not SPAM; we will not send commercial emails if not requested or authorized. In all communications, you will have the possibility to revoke your consent.

User Responsibility - Declaration of Veracity

By providing personal information through electronic channels, the user declares they are over 18 years old and that all data provided to Esera Group is true, exact, complete, and up-to-date. The user is responsible for the veracity of communicated data and for keeping it updated, being liable for false or inaccurate data and any resulting damages.

If you send us your CV

If you send your CV via email, the data will be treated to include you in selection processes, analyzing your profile for vacancies.

We do not accept CVs via other channels (e.g., paper). CVs will be kept for a maximum of two years, after which they will be destroyed.

Confidentiality is guaranteed. Data may be shared with group companies during the retention period for the same purposes.

How do we keep your information secure?

We take data protection very seriously. We implement physical, organizational, and technological security measures appropriate to prevent accidental loss, unauthorized use, or access.

We limit access to legitimate persons and train our staff. All parties involved are subject to the duty of confidentiality. In case of a security breach, we will notify you and the control authority (AEPD) as required.

How to exercise your ARCOLP rights?

The GDPR and LOPDGDD guarantee the following rights, which can be exercised at any time free of charge:

  • Right of access Receive a copy of personal information.
  • Right of rectification Request correction of errors.
  • Right of cancellation/suppression (right to be forgotten): Request deletion of information.
  • Right of limitation Request restriction of processing.
  • Right of opposition Object to processing (e.g., for marketing).
  • Right of portability Receive information in a structured format or transmit it to a third party.
  • Automated individual decisions: Right not to be subject to decisions based solely on automated processing.

To exercise these rights, write to: privacy@eseragroup.com attaching proof of identity.

You must attach to your request information about what you need exactly and, in any case, proof of your identity.

Data Protection Control Authority

If you wish to file a complaint, the maximum authority in Spain is the Spanish Data Protection Agency (AEPD).Website:

https://www.aepd.es/es - Tel: 91 266 35 17.

Changes to this privacy policy

Esera Group reserves the right to modify this policy to adapt it to legislative changes.

Last updated November 2025

Contact

Paseo de Gracia, 12
08012 Barcelona
  • privacy@eseragroup.com
  • +34 93 301 14 04
  • Legal notice
  • Privacy Policy
  • Cookie Policy