Privacy policy

Last updated: January 2025

1. Data controller

  • Controller: La Maleta Lockers
  • Tax ID (NIF): B22607832
  • Address: C/ San Marcos 13, Carchelejo (Jaén) 23192
  • Contact email: info@lamaletalockers.com

2. Data we process

The website lamaletalockers.com does not directly collect personal data. The booking process is handled entirely through the third-party platform drop-point.com, which acts as controller or processor of the data provided during the booking.

The only data we may collect indirectly are:

  • Contact data: when a user contacts us via email or phone (name, email address, phone number and message content).
  • Browsing data: IP address, browser type, pages visited and time spent, collected anonymously and in aggregate by the hosting server.

3. Purpose of processing

Contact data voluntarily provided by the user is processed for the following purposes:

  • To handle and manage enquiries, requests or incidents raised by the user.
  • To maintain communication with the user for as long as necessary to resolve their request.

4. Legal basis

The legal basis for processing contact data is the controller's legitimate interest in handling received enquiries (Article 6.1(f) GDPR), and where applicable the consent of the data subject (Article 6.1(a) GDPR) when expressly provided.

5. Retention period

Contact data will be retained only for as long as necessary to respond to the enquiry submitted, and subsequently for the applicable statutory limitation periods. Once those periods expire, data will be securely deleted.

6. Recipients

Personal data is not transferred to third parties, except where required by law. The booking process is managed entirely on the drop-point.com platform; data provided on that platform is subject to its own privacy policy, which users should consult before making a booking.

The website is hosted by Hostinger, whose servers may access anonymised browsing data under the applicable data processing agreement.

7. International transfers

No personal data is transferred to third countries outside the European Economic Area.

8. Data subject rights

Users may exercise the following rights against the data controller at any time:

  • Access: obtain confirmation of whether their data is being processed and access it.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of their data when, among other reasons, it is no longer needed for the purposes for which it was collected.
  • Restriction of processing: request restriction of the processing of their data in certain circumstances.
  • Portability: receive their data in a structured, commonly used format.
  • Objection: object to the processing of their data based on the controller's legitimate interest.

To exercise these rights, users may write to [TO BE COMPLETED email], attaching a copy of their identity document.

If you believe the processing of your data does not comply with applicable law, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Security

The controller has adopted the technical and organisational measures necessary to ensure the security of personal data and prevent its alteration, loss, processing or unauthorised access, taking into account the state of technology, the nature of the data and the risks to which it is exposed.

10. Modifications to this policy

The controller reserves the right to modify this Privacy Policy at any time to adapt it to legislative changes or changes in the service. Changes will be published on this page with the update date indicated. Users are advised to review this policy periodically.