1. Data Controller
Spain Proxy ("we", "us", "our") is the data controller for personal data collected through the website https://spain-proxy.com and our proxy services.
We are registered in Spain and subject to EU data protection law, including the General Data Protection Regulation (GDPR) (EU) 2016/679 and Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).
2. Data We Collect
We collect the following categories of personal data:
2.1 Data You Provide
- Contact form: name, email address, subject, and message content.
- Service registration: name, email, payment information (processed by third-party payment processors).
- Support communications: data contained in support requests and email correspondence.
2.2 Data Collected Automatically
- Log data: server logs including IP address, browser type, operating system, referring URL, pages visited, and timestamps. Retained for 30 days for security purposes.
- Cookies: see Section 8 and our Cookie Policy.
2.3 Data We Do NOT Collect
We maintain a strict no-logs policy for proxy usage. We do not log, monitor, or store the websites you visit, the content of your internet traffic, or your online activities when using our proxy services.
3. Legal Basis for Processing (GDPR Article 6)
| Purpose | Legal Basis |
|---|---|
| Responding to contact form inquiries | Legitimate interests (Art. 6(1)(f)) |
| Service delivery to registered customers | Contract performance (Art. 6(1)(b)) |
| Security logging | Legitimate interests (Art. 6(1)(f)) |
| Analytics cookies | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
- To respond to your contact form inquiries and provide customer support.
- To deliver, manage, and improve our proxy services.
- To send service-related notifications (not marketing without consent).
- To detect, investigate, and prevent fraud and security incidents.
- To comply with legal obligations.
5. Data Sharing and Transfers
We do not sell, rent, or trade your personal data. We may share data with:
- Payment processors: to process service payments (e.g. Stripe). They act as independent data controllers.
- IT service providers: hosting and email providers acting as data processors under signed Data Processing Agreements.
- Legal authorities: when required by applicable law, court order, or to protect our legal rights.
All third-party processors are contractually required to protect your data in accordance with GDPR.
6. Data Retention
- Contact form data: retained for 2 years, then deleted.
- Customer account data: retained for the duration of the service agreement plus 5 years for tax/accounting compliance.
- Security logs: retained for 30 days.
- Cookie consent records: retained for 1 year.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") subject to applicable exceptions.
- Right to restrict processing (Art. 18): Request we limit how we use your data.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at privacy@spain-proxy.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
8. Cookies
We use cookies to operate our website and (with your consent) for analytics. For full details, please see our Cookie Policy.
9. Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption, access controls, regular security audits, and staff data protection training. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
10. International Data Transfers
Your personal data is stored within the European Economic Area (EEA). If any transfer outside the EEA is necessary, it will be protected by Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards under GDPR Chapter V.
11. Children's Privacy
Our services are not directed to persons under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@spain-proxy.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be communicated via the website or, where appropriate, by direct notification. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes constitutes acceptance.
13. Contact & Data Protection
For privacy-related inquiries, data subject requests, or to request a Data Processing Agreement (DPA):
Spain Proxy — Data ProtectionEmail: privacy@spain-proxy.com
Website: https://spain-proxy.com