Privacy policy

Privacy policy

The purpose of this document is to inform users of the ACR website about the processing of personal data that is carried out while browsing the site.

1. Website Ownership

The owner of the Website is ACR, located c/ Príncipe de Vergara, 131, 1.ª planta, 28027, Madrid.
You can contact our Data Protection Officer here:

2. Data collected and processing purposes

  • When a user accesses the Service, ACR collects the IP address and other data relating to the connection and its origin. The IP address is a code that identifies the user’s Internet connection at a specific time.
  • Only the user’s Internet access provider can identify the subscriber who was assigned an IP address at a specific time. By the very nature of the server supporting the Service, the user’s IP address is automatically logged along with the date and time of access.
  • ACR will process the data collected in the Consultation and Complaint section that users provide in order to manage the consultation or complaint made. The personal data that we will process from these users are: name, surname, e-mail and telephone number.
  • In the People section the user can consult all the selection processes currently open. In case of applying to any of them, ACR will process the personal data provided by the user in order to evaluate his or her candidacy and professional fit within any of the processes we currently have open.
  • Finally, in the case of suppliers, through the Suppliers Access section, the user can use our tool to solve all the procedures related to ACR in a fast and user-friendly way, this portal being the solution that ACR provides to manage telematic invoices, save costs and comply with current legislation. Supplier Access is only available to ACR’s suppliers and ACR will process suppliers’ personal data in order to carry out activities related to access management.

3. Legal basis for processing

  • The consent of the user expressed through the sending of a Consultation or Complaint through the form established for this purpose, together with the need for processing for the maintenance or fulfilment of a contractual relationship, are the bases that legitimise this processing.
  • For the management of job applications received through our Job Portal, we will process the user’s data on the basis of the consent given by the user for the processing of his/her data, through the inclusion of his/her data in our form and/or by sending his/her data via e-mail.
  • ACR will process the data of supplier representatives including Access Suppliers on the basis of the performance of the contract we have with the supplier.
  • In the event that users expressly consent, ACR will send commercial communications by e-mail or other means of electronic communication.

4. Data recipients and international transfers

Your personal data may be transferred to Administrations, Authorities and Public Bodies, including Courts and Tribunals, when so required by the applicable regulations.

Likewise, ACR has service providers, such as computer and web maintenance companies, legal services and administrative agencies that, in the course of providing their services, have access to ACR’s personal data. 

ACR makes a selection and control of these third parties with which it has signed data protection agreements, where they are bound to follow a series of obligations in terms of data protection. Other than the above, ACR does not communicate your personal data to any additional third parties. In the event that any of our service providers or IT system providers are located outside the EU, ACR will use all applicable safeguards in accordance with the applicable regulations to ensure proper data management.

5. Retention of personal data

Personal data will be retained for the period of time during which any legal liability may arise (e.g. until the statute of limitations for liability arising from data protection or cybersecurity regulations). 

6. Users’ data protection rights 

Users may exercise their rights of access, rectification, erasure, objection, limitation of processing and portability, as well as revoke the consent given, with respect to the processing for which ACR is responsible, by writing to the responsible party, proving their identity, to the following address: c/ Príncipe de Vergara, 131, 1.ª planta, 28027, Madrid, or by e-mail to, providing your ID card or equivalent document, identifying yourself as a user of the ACR contact page, and specifying your request.

Si los usuarios desean más información al respecto o consideran If users require further information on this matter or consider their right to data protection has been violated, they may contact the Spanish Data Protection Agency ( or ACR’s Data Protection Officer (

7. Security measures

ACR has adopted all necessary security measures to ensure the integrity, security and conservation of the personal data stored in its systems, in accordance with the provisions of current legislation on data protection, recognising and appreciating the importance of the responsible use of this information.

8. Additional information

If you have any questions about the information contained in our Privacy Policy, you can send an email to: