Privacy Policy

The controller of your personal data is VTC Mijas Costa, with registered office in Mijas Costa, Malaga, Spain. You can contact us through our contact form or by phone at +34 672 21 31 00.

We collect the following types of information: • Identification data: name, surname, ID • Contact data: email, phone, address • Service data: booking information, destinations, dates • Navigation data: cookies, IP, behavior on the website • Payment data: information necessary to process transactions

We use your personal data to: • Manage and process your service bookings • Communicate with you about your services • Send confirmations and booking reminders • Process payments and issue invoices • Comply with legal and fiscal obligations • Improve our services and user experience • Send commercial communications (with your consent)

The processing of your data is based on: • Execution of a service contract • Explicit consent for commercial communications • Legal obligations (invoicing, accounting) • Legitimate interest in improving our services

We will retain your personal data for as long as necessary to fulfill the purposes described. Fiscal and accounting data will be retained for the period established by Spanish legislation (minimum 6 years). Marketing data will be retained until you withdraw your consent.

You have the right to: • Access your personal data • Rectify inaccurate or incomplete data • Delete your data ('right to be forgotten') • Limit the processing of your data • Data portability • Object to processing • Withdraw consent at any time • Lodge a complaint with the Spanish Data Protection Agency To exercise these rights, contact us through our contact form.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration. We use SSL/TLS encryption in all communications and secure data storage.

We do not sell or share your personal data with third parties, except: • Necessary service providers (payment gateways, hosting) • When required by law or competent authorities • With your explicit consent

Some of our service providers may be located outside the European Economic Area. In these cases, we ensure that appropriate protection measures are applied according to the GDPR.

We may update this Privacy Policy periodically. We will notify you of any significant changes and the date of the last update appears at the beginning of this document.