Privacy Policy
In compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD).
Last updated: January 2026
“We believe privacy is a right, not a trade-off. This project is designed accordingly.”
1. Data Controller
| Controller | Bernardo Quintero |
| Address | Málaga, Spain |
| Contact Email | privacy@malaga.is |
2. No Cookies Policy
Cookie-Free Website
Málaga.is does not use cookies or similar tracking technologies. We do not use Google Analytics, Facebook Pixel, or any third-party tracking services.
This means:
- No cookie consent banner is required
- No personal data is collected through tracking
- Your browsing is not profiled or shared with advertisers
- We cannot track you across websites
3. Data We Collect
3.1 Server Logs (Anonymized)
Our web server automatically collects technical information for security and performance monitoring. This data is processed with privacy by design:
- IP addresses are anonymized using one-way cryptographic hashing before storage
- Original IP addresses are never stored or logged
- Page URLs visited (without query parameters containing personal data)
- Browser type and device category (mobile/desktop)
- Timestamp of visit
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) for website security and performance optimization.
Retention: Anonymized logs are retained for 7 days maximum.
3.2 Contact Communications
If you contact us via email, we process your email address and message content to respond to your inquiry.
Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest to respond.
Retention: Communications are retained for 2 years unless longer retention is legally required.
4. Data We Do NOT Collect
To minimize privacy impact, we explicitly do not collect:
- Raw IP addresses (only anonymized hashes)
- Cookies or local storage identifiers
- Advertising identifiers
- Cross-site tracking data
- Social media profiles
- Precise geolocation
- Biometric data
5. Data Sharing
We do not sell, trade, or rent your personal data. Data may be shared with:
- Hosting provider (OVH): Server located in Warsaw, Poland (EU), processes server infrastructure
- Legal authorities: When required by law or valid legal process
No data is transferred outside the European Economic Area (EEA).
6. Your Rights (GDPR Articles 15-22)
Under GDPR, you have the following rights:
Right of Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate personal data
Right to Erasure
Request deletion of your data
Right to Restriction
Limit how we process your data
Right to Portability
Receive your data in a portable format
Right to Object
Object to processing based on legitimate interest
To exercise your rights, contact us at privacy@malaga.is. We will respond within 30 days.
7. Supervisory Authority
You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):
8. Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- HTTPS encryption for all connections
- Server located in EU data center (OVH, Warsaw, Poland)
- Regular security updates and monitoring
- Access controls and authentication
- Privacy by design and by default
9. Children’s Privacy
This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us to have it removed.
10. Changes to This Policy
We may update this privacy policy periodically. The “Last updated” date at the top indicates when the policy was last revised. Continued use of the website after changes constitutes acceptance of the updated policy.