AI Governance

Last updated: January 10, 2026

At Accolier, we are committed to the responsible development and deployment of artificial intelligence technologies. This document describes our principles, practices, and commitments regarding AI governance.

1. GUIDING PRINCIPLES

Transparency

  • Guests always know they are interacting with a digital avatar powered by artificial intelligence
  • The virtual concierge is clearly presented as an AI assistant, not a real person
  • We provide clear information about the service's capabilities and limitations

Privacy and Data Protection

  • We comply with the General Data Protection Regulation (GDPR) and Spanish legislation
  • All data is stored on servers located in the European Union
  • We implement encryption in transit (TLS) and at rest for all information

Responsible Use

  • Our technology is designed exclusively to enhance the guest experience
  • We actively prohibit any use that could result in discrimination or harm
  • The service complements, never replaces, professional human attention

2. DATA AND STORAGE

What data we store

Data typeDescriptionAuthorization
ConversationsHistory of interactions between guests and the virtual conciergeAuthorized by the hotel
Hotel dataInformation about services, schedules, facilities, and configuration preferencesProvided by hotel management
Guest preferencesInformation entered by hotel staff to personalize the serviceAuthorized by the hotel

How we protect data

  • Encryption in transit: All communications use HTTPS/TLS protocol
  • Encryption at rest: Stored data is encrypted on our servers
  • Restricted access: Only authorized personnel can access the systems
  • EU servers: All infrastructure is located in the European Union

What we do NOT do with data

  • We do not train models: Conversation and hotel data is NOT used to train or improve artificial intelligence models
  • We do not share with third parties: Data is NOT sold, transferred, or shared with third parties, except when strictly necessary for service provision or by legal obligation
  • We do not create commercial profiles: We do not use data for advertising or targeted marketing

3. SHARED RESPONSIBILITY

Accolier's Responsibilities (BuddyBeam S.L.)

  • Develop and maintain the technology securely and responsibly
  • Implement technical and organizational security measures
  • Comply with data protection regulations as data processor
  • Provide management and control tools to the hotel
  • Notify security incidents as established in the contract

Hotel's Responsibilities (Client)

  • Act as data controller for their guests' data
  • Inform guests about the use of AI technology in rooms
  • Obtain necessary consents when applicable
  • Provide truthful and updated information about hotel services
  • Define the limits and scope of the virtual concierge service

4. SERVICE LIMITATIONS

What Accolier is NOT

Our virtual concierge is designed to assist and inform. In no case does it constitute or replace:

  • Medical, health, or emergency services
  • Therapeutic or psychological care
  • Legal or financial advice
  • Health or security monitoring systems
  • Human staff for critical situations

Nature of AI

  • The service uses generative artificial intelligence
  • Responses are generated in real-time and may contain inaccuracies
  • The system is designed to escalate to human staff when it detects situations beyond its scope

5. OVERSIGHT AND CONTROL

Human oversight

  • Hotel staff can intervene at any time
  • Escalation protocols exist for situations requiring human attention
  • The administration dashboard allows configuring the service and reviewing usage metrics

Content moderation

  • We implement filters to prevent inappropriate or harmful content
  • The system is designed to reject requests that violate our usage policies
  • We actively monitor to detect and prevent misuse

6. REGULATORY COMPLIANCE

EU Artificial Intelligence Act

Accolier is designed to comply with the European AI Regulation. Our service, when used as intended, does not constitute a high-risk AI system.

GDPR and LOPDGDD

We comply with:

  • Regulation (EU) 2016/679 (GDPR)
  • Organic Law 3/2018 on Data Protection (LOPDGDD)
  • Privacy by design and by default principles

7. CONTINUOUS IMPROVEMENT

We commit to:

  • Periodically review and update our governance policies
  • Stay current with regulatory advances in AI matters
  • Incorporate industry best practices
  • Listen to client and user feedback to improve our processes

8. CONTACT

For AI governance inquiries:

BUDDYBEAM, S.L. Email: dpo@accolier.com Address: Carrer del Pare Palau, N.º 5, Izquierda, Entresuelo 3, 43001 – Tarragona, Spain