Privacy Policy

In compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD).

Last updated: January 2026

“We believe privacy is a right, not a trade-off. This project is designed accordingly.”

1. Data Controller

ControllerBernardo Quintero
AddressMálaga, Spain
Contact Emailprivacy@malaga.is

2. No Cookies Policy

Cookie-Free Website

Málaga.is does not use cookies or similar tracking technologies. We do not use Google Analytics, Facebook Pixel, or any third-party tracking services.

This means:

  • No cookie consent banner is required
  • No personal data is collected through tracking
  • Your browsing is not profiled or shared with advertisers
  • We cannot track you across websites

3. Data We Collect

3.1 Server Logs (Anonymized)

Our web server automatically collects technical information for security and performance monitoring. This data is processed with privacy by design:

  • IP addresses are anonymized using one-way cryptographic hashing before storage
  • Original IP addresses are never stored or logged
  • Page URLs visited (without query parameters containing personal data)
  • Browser type and device category (mobile/desktop)
  • Timestamp of visit

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) for website security and performance optimization.

Retention: Anonymized logs are retained for 7 days maximum.

3.2 Contact Communications

If you contact us via email, we process your email address and message content to respond to your inquiry.

Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest to respond.

Retention: Communications are retained for 2 years unless longer retention is legally required.

4. Data We Do NOT Collect

To minimize privacy impact, we explicitly do not collect:

  • Raw IP addresses (only anonymized hashes)
  • Cookies or local storage identifiers
  • Advertising identifiers
  • Cross-site tracking data
  • Social media profiles
  • Precise geolocation
  • Biometric data

5. Data Sharing

We do not sell, trade, or rent your personal data. Data may be shared with:

  • Hosting provider (OVH): Server located in Warsaw, Poland (EU), processes server infrastructure
  • Legal authorities: When required by law or valid legal process

No data is transferred outside the European Economic Area (EEA).

6. Your Rights (GDPR Articles 15-22)

Under GDPR, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a portable format

Right to Object

Object to processing based on legitimate interest

To exercise your rights, contact us at privacy@malaga.is. We will respond within 30 days.

7. Supervisory Authority

You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

Agencia Española de Protección de Datos

C/ Jorge Juan, 6 - 28001 Madrid

Website: www.aepd.es

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data:

  • HTTPS encryption for all connections
  • Server located in EU data center (OVH, Warsaw, Poland)
  • Regular security updates and monitoring
  • Access controls and authentication
  • Privacy by design and by default

9. Children’s Privacy

This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to have it removed.

10. Changes to This Policy

We may update this privacy policy periodically. The “Last updated” date at the top indicates when the policy was last revised. Continued use of the website after changes constitutes acceptance of the updated policy.