Privacy Policy

Version 1.2 · Last updated: 19 January 2026

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), Directive 2002/58/EC (ePrivacy) and other applicable EU and Spanish regulations, the data controller is:

2. Scope, Users and Professional Nature of the Service

HOSTELELLA is a professional digital platform (SaaS and, where applicable, marketplace) designed exclusively for business and commercial use (B2B), providing operational, financial and document-management functionalities.

The Service is not intended for personal, domestic or consumer use. Users act exclusively in a professional or business capacity.

3. Exclusion of Minors

The Service is intended exclusively for adults. Users must be at least 18 years of age.

HOSTELELLA does not knowingly process personal data of minors. Any unauthorized access by minors is contrary to the intended scope of the Service.

4. Categories of Data Subjects

• End users of business customers (owners, administrators, employees).
• Professional contacts of suppliers, distributors and partners.
• Legal representatives and business contact persons.

5. Categories of Personal Data

• Identification and contact data (name, business email, phone).
• Account and authentication data (credentials, roles, business membership).
• Business and operational data entered into the platform.
• Financial, accounting and commercial documents (invoices, receipts, expenses, sales).
• Personal data of employees, customers or suppliers contained in uploaded documents.
• Technical and usage data (logs, IP address, device/browser data, timestamps).

6. Data Sources

• Data provided directly by users.
• Data provided by other users within the same business (invitations, roles).
• Data contained in documents uploaded by customers.
• Data collected automatically through use of the Service.

7. Allocation of Roles (Controller / Processor / Joint Controller)

7.1 HOSTELELLA as Data Controller

HOSTELELLA acts as a data controller for personal data necessary to operate the Service, including account management, authentication, security monitoring, support, communications and billing (where applicable).

7.2 HOSTELELLA as Data Processor

Where customers upload documents or records containing personal data of third parties, HOSTELELLA acts as a data processor on behalf of the customer, in accordance with a Data Processing Agreement (DPA) pursuant to Article 28 GDPR.

7.3 Joint Controllership

In certain workflows (e.g. marketplace interactions or inter-business communications), HOSTELELLA and customers may jointly determine purposes and means of processing, acting as joint controllers pursuant to Article 26 GDPR.

8. Purposes of Processing

• Provision, maintenance and improvement of the Service.
• User and role management.
• Document upload, processing, extraction and analysis.
• Generation of reports, analytics and insights.
• Customer support and service communications.
• Security, fraud prevention and abuse detection.
• Legal compliance and defence of legal claims.

9. Legal Bases

• Performance of a contract (Art. 6(1)(b) GDPR).
• Compliance with legal obligations (Art. 6(1)(c) GDPR).
• Legitimate interests (Art. 6(1)(f) GDPR).
• Consent (Art. 6(1)(a) GDPR), where required.

10. Mobile App Permissions

The mobile application may request optional permissions, including:

• Camera / gallery: document and image uploads.
• Microphone: voice-based features.
• Contacts: inviting team members.
• Location: proximity- or map-based features.

Permissions are based on user consent and may be withdrawn at any time via device settings.

11. Artificial Intelligence

HOSTELELLA uses artificial intelligence to assist users with analysis and automation.

No solely automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR is carried out.

12. Cookies and Tracking Technologies

HOSTELELLA uses cookies and similar technologies for:

• Core functionality and security.
• Analytics and performance measurement.
• Service improvement.

Non-essential cookies are used only with consent, in accordance with ePrivacy and local law.

13. Recipients and Subprocessors

Personal data may be processed by selected technology providers (cloud hosting, email, analytics, AI) acting under data processing agreements and appropriate safeguards.

14. International Data Transfers

Where data is transferred outside the EEA, Standard Contractual Clauses and transfer impact assessments are applied in accordance with Articles 44–49 GDPR.

15. Data Retention

Data is retained for the duration of the contractual relationship and as required by law, or for the establishment, exercise or defence of legal claims.

16. Security Measures

Appropriate technical and organisational measures are implemented in accordance with Article 32 GDPR, including access controls, encryption, logging and incident response.

17. Personal Data Breaches

In the event of a personal data breach, HOSTELELLA follows notification procedures under Articles 33 and 34 GDPR.

18. Data Subject Rights

• Access, rectification, erasure.
• Restriction, objection, portability.
• Withdrawal of consent.

Requests: legal@hostelella.com

19. Supervisory Authority

Data subjects may lodge a complaint with the Spanish Data Protection Authority (AEPD).

20. Changes to this Policy

This Policy may be updated from time to time. The current version is always available within the Service.

21. Limitation of Liability

To the maximum extent permitted by law, HOSTELELLA is not liable for damages arising from misuse of the Service or unlawful data uploaded by users.