nerjatransferservice.com
I. PRIVACY POLICY AND DATA PROTECTION
In compliance with current legislation, Nerja Transfer Service (hereinafter also referred to as the Website) undertakes to adopt the necessary technical and organizational measures, according to the appropriate level of security based on the risk of the collected data.
Laws incorporated into this privacy policy
This privacy policy is adapted to the current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following laws:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
- Royal Decree 1720/2007 of 21 December, approving the Regulation implementing Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).
- Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the data controller
The controller of the personal data collected through Nerja Transfer Service is M Angeles Arrabal Armijo, with Tax ID: 77470858G (hereinafter, the Data Controller). Contact details are as follows:
Address: Calle Prolongación Antonio Millón
Phone: [not provided]
Fax: [not provided]
Email: info@nerjatransferservice.com
Registration of Personal Data
In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by Nerja Transfer Service through the forms on its pages will be included in our file and processed in order to facilitate, expedite, and fulfill the commitments established between Nerja Transfer Service and the User or to maintain the relationship established in the forms filled out by the User or to respond to a request or inquiry from the same.
Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained that details, according to their purposes, the processing activities carried out and other circumstances established by the GDPR.
Principles applicable to the processing of personal data
The processing of the User’s personal data will be subject to the following principles set out in Article 5 of the GDPR and Article 4 and following of Organic Law 3/2018:
- Lawfulness, fairness and transparency: User consent will always be required after fully transparent information is provided.
- Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes.
- Data minimization: Only data strictly necessary for the purposes will be collected.
- Accuracy: Personal data must be accurate and up to date.
- Storage limitation: Data will be retained only for as long as necessary.
- Integrity and confidentiality: Security and confidentiality of data will be guaranteed.
- Accountability: The Data Controller is responsible for ensuring compliance with all principles.
Categories of personal data
The categories of data processed by Nerja Transfer Service are only identifying data. No special categories of personal data are processed as defined in Article 9 of the GDPR.
[Alternative paragraph (if applicable): If special categories are processed, replace the above with:]
The categories of data processed by Nerja Transfer Service include both identifying data and special categories of personal data as defined in Article 9 of the GDPR.
Special categories include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a natural person, health data, or data concerning a natural person’s sex life or sexual orientation.
Explicit consent from the User will always be required for processing these categories of data.
Legal basis for processing personal data
The legal basis for processing is consent. Nerja Transfer Service commits to obtaining the explicit and verifiableconsent of the User for processing their personal data for one or more specific purposes.
Users may withdraw their consent at any time, as easily as they granted it. Withdrawal of consent will not affect the lawfulness of prior processing.
Where data is collected via forms for inquiries or other content-related matters, the User will be informed if providing such data is mandatory due to its essential nature for the operation.
Purpose of processing personal data
Personal data is collected and managed by Nerja Transfer Service to facilitate, expedite, and fulfill commitments between the Website and the User or to maintain the relationship initiated through forms or respond to requests or inquiries.
Additionally, data may be used for commercial, customization, statistical, and internal purposes, such as marketing research or improving website quality and navigation.
At the time of data collection, the User will be informed of the specific purpose(s) of the data processing.
Retention period
Personal data will be retained only for the minimum time necessary for their processing purposes and, in any case, for the following period: 18 months, or until the User requests deletion.
Users will be informed of the data retention period at the time of data collection, or the criteria used to determine this period if not exact.
Recipients of personal data
User data will not be shared with third parties.
[Alternative paragraph (if applicable): If recipients are known:]
User data will be shared with the following recipients or categories of recipients: [List if applicable].
If the Data Controller intends to transfer data to a third country or international organization, the User will be informed of the destination and the existence or absence of an adequacy decision by the European Commission.
Personal data of minors
Only those over 14 years old may lawfully consent to the processing of their personal data by Nerja Transfer Service. For minors under 14, parental or guardian consent is required.
Secrecy and security of personal data
Nerja Transfer Service commits to implementing the necessary technical and organizational security measures appropriate to the risk to ensure the confidentiality and integrity of personal data, preventing unauthorized access, loss, or alteration.
The Website uses an SSL (Secure Socket Layer) certificate to ensure data is transmitted securely and encrypted.
However, since the security of the internet cannot be fully guaranteed, the Data Controller will promptly notify the User of any personal data security breach likely to result in a high risk to their rights and freedoms.
All personal data will be treated as confidential. The Data Controller will ensure, through legal or contractual obligation, that confidentiality is respected by employees, partners, and anyone granted access.
User rights
Users may exercise the following rights under the GDPR and Organic Law 3/2018:
- Right of access: Know whether data is being processed and obtain information about it.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): Delete data when no longer needed or under other legally permitted grounds.
- Right to restriction of processing: Limit processing when accuracy is contested, processing is unlawful, or data is needed for legal claims.
- Right to data portability: Receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
- Right to object: Object to the processing of data.
- Right not to be subject to automated decisions, including profiling.
To exercise these rights, Users may send a written request to the Data Controller with the reference “GDPR-nerjatransferservice.com”, including:
- Full name and a copy of ID.
- Specific request and reason or information desired.
- Notification address.
- Date and signature.
- Any supporting documentation.
Requests can be sent to:
Postal address: Calle Prolongación Antonio Millón
Email: info@nerjatransferservice.com
Links to third-party websites
The Website may contain links to third-party websites not operated by Nerja Transfer Service. These third parties are responsible for their own data protection policies and practices.
Complaints to the supervisory authority
If the User believes that there is a problem with how their data is being handled, they have the right to effective judicial protection and to file a complaint with a supervisory authority, particularly in the country of their habitual residence, workplace, or where the alleged infringement occurred.
In Spain, the competent authority is the Spanish Data Protection Agency (AEPD): https://www.aepd.es
II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is necessary for the User to have read and accepted the terms regarding the protection of personal data in this Privacy Policy and to consent to the processing of their data so that the Data Controller can proceed in the manner, for the purposes, and during the periods indicated.
Use of the Website implies acceptance of this Privacy Policy.
Nerja Transfer Service reserves the right to modify its Privacy Policy at its own discretion or due to legal, jurisprudential, or doctrinal changes of the Spanish Data Protection Agency. Users are not explicitly notified of these changes. Users are advised to review this page periodically.
This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
English 
Spanish