Privacy Policy

The entity 'Rafaelhoteles S.A.U.' (hereinafter, RAFAELHOTELES) provides its services through the website (hereinafter, the Website).

Your privacy is important to us. That is why we want to be transparent about what we intend to do with the information you provide us, or what we come to know about you: in other words, with your personal data (hereinafter, Data), not only because data protection laws require it, but also because we believe in being honest towards our users and customers. Please read this Privacy Policy carefully.

We will notify you in advance about any change made to this Privacy Policy and we will not make retroactive changes which reduce your privacy rights unless legally required to do so and, in that case, your consent will always be necessary. Nevertheless, you may request to unsubscribe from the services offered on the Website if you do not accept the modifications made.

In accordance with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR); RAFAELHOTELES would like to inform you that by accepting this Privacy Policy, you are providing your informed, express, free and unequivocal consent for the Data that you provide through the website and any other data that you may provide in the future to RAFAELHOTELES through the Accommodation Contract or any other authorised means, to be processed by RAFAELHOTELES, as the data controller, and to which are applied the security, technical and organisational measures established in current legislation.

To this effect, and in accordance with that established in the GDPR, the following section provides details on how RAFAELHOTELES processes your data.

Who is responsible for the processing of your data?

Rafaelhoteles, S.A.U.
C/Acanto, 22 - 9ª - 28045 Madrid
Telephone: +34 91 539 90 21

What is the purpose of processing your data?

Depending on the User’s requests, the purpose of processing your personal data is as follows:

-Managing reservations, including managing payments (where relevant) and managing your requests and preferences

-Managing your subscription to our Newsletter for periodically sending information

-Managing the commercial communications that are sent containing offers and promotions from RAFAELHOTELES by electronic and/or conventional means, if the User has expressly consented to this

-Managing your requests for information and contact from RAFAELHOTELES through the means established for this

-Managing the accommodation service and/or other possible contracted services

-Managing the surveys and/or evaluations conducted in relation to the quality of the service provided by RAFAELHOTELES

-If you send us your CV, we will process your data in order to evaluate and manage your employment request, and if applicable, make the necessary updates for participating in the various staff selection processes in the chain’s different hotels

What are the legal grounds for processing your data?

The legal basis for processing your data is your consent.  Your data will be processed on the basis of the various purposes detailed in the previous section, and based on the consent which is requested of you.

In addition, if it is necessary to process the User’s data to comply with a legal obligation or to implement the existing contractual relationship between RAFAELHOTELES and the User, this processing will be legitimised due to being necessary for carrying out these purposes.

To which recipients will your data be sent?

For organisational and operational reasons and out of necessity, Rafael Hoteles SAU may engage the services of advisers, professionals, or similar to carry out the processing of your personal data on behalf of Rafael Hoteles SAU. This processing on behalf of third parties is regulated in a written agreement or in any other way that can certify it being performed and its content, expressly specifying that the data controller will process the data according to the instructions of Rafael Hoteles SAU and shall not apply them or use them for purposes other than those provided in said agreement, nor shall they communicate them, even for their conservation, to other persons.

There will be no cession, transmission or transfer of personal data except if required by law or at the request of the Public Administration or the Autonomous Institutions and it is carried out within the scope of the functions that the law expressly attributes to them.

If there is a cession, transmission or transfer of personal data outside of the cases determined, the owner of personal data will be informed in advance by giving his/her consent if appropriate.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation of whether RAFAELHOTELES is processing personal data which concerns them.

You may also exercise your rights under the legislation in force: the rights of access, rectification, erasure and objection, restriction, data portability and to not be the subject of automated individual decision-making.

You also have the right to withdraw your consent at any time.

You can exercise your rights by any means which allow the dispatch and reception of your request to be proven. The request must be addressed to RAFAELHOTELES, using the details included in the 'Data Controller' section, and displaying the reference 'Data Protection'. The request must include: Your name, surname(s) and a photocopy of your national identity document, written details of your specific request and an address to which notifications may be sent.

If you are not satisfied with how RAFAELHOTELES responds to the exercise of your rights, you have the right to file a rights protection claim before the Supervisory Authority.

How did we collect your data?

The personal data subject to processing by RAFAELHOTELES was provided by you by completing a reservation request, sending your CV through the `work with us´ section, registering for the newsletter through our website, or by signing the relevant contract for Accommodation or other types of Services.

RAFAELHOTELES hereby informs you of processing the following types of data:

-Identification data (Name and Surname/s)

-Contact data (Postal and e-mail addresses and movile telephone number)

-Personal data (Nacionality, date of birth and sex)

-Credit card information, necessary for the payment of the reservation or as a guarantee of the same

-In the section Work with us: academic and professional data (work experience)

 We never process specially protected data.


In addition, we would like to inform you that our establishments have videosurveillance systems, the function of which is to guarantee the safety of people and facilities. We would like to remind you that current legislation legitimises processing carried out on the basis of the legitimate interest of RAFAELHOTELES in guaranteeing the safety of our facilities, therefore your image may be recorded following the simple fact of entering the building.

This data may be sent to the Spanish law enforcement authorities if it becomes necessary. The images will be preserved for a maximum period of one (1) month from when they are recorded.

For how long do we store your data?

The User’s data will be stored while it is necessary for completing the purpose for which it was collected or until the User requests its removal from RAFAELHOTELES, opposes or withdraws their consent.

CVs that we receive will be stored for a maximum period of 6 months from when we receive them.

We also retain your data to comply with the requirements of the applicable law, to prevent unlawful actions, resolve disputes, solve problems and other actions permitted by the law. Once it is no longer necessary to process your data, we will delete and/ or block them, in accordance with our data retention and erasure policy and the statutory limitation period under the legislation in force.

At RAFAELHOTELES we are concerned about security and guaranteeing and protecting your privacy. That is why we guarantee that your data will be processed with a high level of security.

In accordance with standards for the sector, we maintain technical and organisational safeguards against accidental or illegal destruction, accidental loss or alteration, unauthorised disclosure or access and other illegal acts or procedures.