Privacy policy

Last updated: May 13, 2026

1. Data Controller

Data Controller:

Owner: Jordi Hidalgo Borrego

Trade Name: Hidalgo Junior

Tax ID (NIF/CIF): 52422181Y

Address: Calle Calderón de la Barca 6. Sant Pere de Ribes 08810 (Barcelona), Spain

Email: [email protected]

Phone: +34 938963275

2. Personal Data Processed

We may process the following categories of data:

Identification Data

  • full name
  • email address
  • phone number

Account Data

  • login credentials
  • internal user identifiers

Booking Data

  • selected services
  • appointment date and time
  • duration
  • appointment status
  • booking history
  • associated notes

Technical Data

  • IP address
  • device type
  • browser
  • operating system
  • technical logs
  • technical incidents
  • access date and time

3. Purpose of Processing

Data will be processed in order to:

  • create and manage user accounts
  • authenticate users
  • manage bookings
  • modify or cancel appointments
  • display booking history
  • send confirmations and reminders
  • password recovery
  • customer support
  • prevent fraud or misuse
  • maintain technical operations and service security

No data processing will be carried out for advertising purposes or automated commercial profiling.

4. Legal Basis

The applicable legal bases are:

Performance of a Contract

For:

  • user registration
  • authentication
  • bookings
  • appointment management
  • history management
  • password recovery
  • communications necessary for the service

Legitimate Interest

For:

  • system security
  • fraud prevention
  • resolution of technical incidents
  • service maintenance

Compliance with Legal Obligations

When information must be retained due to tax, legal, or administrative obligations.

5. Recipients and Data Processors

Technology providers necessary for the provision of the service may access personal data:

Cloudflare

Reverse proxy, security, performance, and content delivery services.

Railway

Infrastructure and backend hosting services.

Brevo

Transactional email provider used exclusively for password recovery and operational communications related to the service.

Google

When users interact with external services such as Google Maps.

These providers will process data solely according to the controller’s instructions and under their own applicable legal conditions.

6. International Transfers

Some technology providers may process data outside the European Economic Area.

When this occurs, appropriate legal safeguards will be implemented in accordance with the General Data Protection Regulation (GDPR), including standard contractual clauses or other legally valid mechanisms.

7. Data Retention

Data will be retained:

  • while there is an active relationship with the user
  • while necessary to provide the service
  • while legally required
  • while legal liabilities may arise

Afterwards, the data will be deleted or anonymized.

8. User Rights

Users may exercise the following rights:

  • access
  • rectification
  • erasure
  • objection
  • restriction of processing
  • data portability

These rights may be exercised by writing to:

[email protected]

Including sufficient information to identify the request.

Users may also file a complaint with:

Agencia Española de Protección de Datos   https://www.aepd.es

9. Security

Reasonable technical and organizational measures are applied to protect data against:

  • unauthorized access
  • loss
  • alteration
  • destruction
  • misuse

However, no system can guarantee absolute security.

10. Minors

This service is not directed at children under 14 years of age.

If unauthorized processing of minors’ data is detected, appropriate measures will be taken.

11. Changes to this Policy

This policy may be updated to adapt to legal, technical, or functional changes.

The current version will always be available on this website and in the mobile application.