Privacy policy

This legal text provides you with details on how we collect and process your personal data through the use of our website, including any information you may provide to us through the site when subscribing to a service or providing your contact information through the designated form.

When you provide us with information, we inform you that our services are not possible for individuals whose regulations prevent them from giving their consent, so when you submit the forms, you ensure that you have sufficient capacity to grant consent.

  1. Data controller

Company Name: YELLOW CAR S.A, with Tax Identification Number (C.I.F): A-29.030.020, Registered Office Address: El Rosario Urbanization, Yellow Car Building, Marbella, Málaga, Postal Code 29.604. Telephone: 952831492, and Email:

Registration Details: Registered in the Mercantile Register of Málaga on September 22, 2004, in Volume 1890, Book 803, Page 153, Section 8, MA 26053.

YELLOW CAR, S.A, is the data controller (hereinafter referred to as “we” or “our”).

  1. What data do we collect?

The General Data Protection Regulation tells us that personal data is any information about an identified or identifiable natural person, meaning all information capable of identifying a person. This would not include anonymous or percentage data.

On our website, we may process certain types of personal data, which may include:

  • Identity data: name, surname, ID / Passport number. Driver’s license data.
  • Personal characteristics data: date of birth.
  • Contact information: email and phone number.

We do not collect any data related to special categories of personal data (those revealing your ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, and information about your health, genetic or biometric data).

If you are requested to provide personal data by law or in accordance with the terms of the contract between us and refuse to do so, we may not be able to enter into such a contract or provide the service, and you must notify us in advance.

  1. How do we collect your personal information?

The means we use to collect personal data are:

  • Through the form on our website, via our contact emails, or over the phone, when:
    • You request information about our services.
    • You contract the provision of our services.
    • You request quotes.
  • Through technology or automated interactions: on our website, we may automatically collect technical data about your device, browsing actions, and usage patterns. This data is gathered through cookies or similar technologies. If you would like more information, you can refer to our cookie policy.
  • Through third parties:
  • Google: analytical data or search data. Outside the European Union.
  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • For the conclusion of a contract between YELLOW CAR S.A. and you.
  • When you consent to the processing of your data.
  • When we need it to comply with a legal or regulatory obligation.
  • Where it is necessary for our legitimate interest.

The User may revoke the consent given at any time by sending an email to or by consulting the exercise of rights section below.

Below, we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for its use, as well as know what kind of personal data we will process. We may process some personal data for some additional legal reason, so if you need details about this, please email

PurposeData typeLegitimacy for processing.
Request information via the contact form.–        Name–        EmailConsent of the data subject
To obtain a quote for our services.–        Name–        Surname–        Birth Date–        Email Consent of the party concerned Formalisation of the contract
Make a reservation–        Name–        Surname–     Birth Date–        Email–        Telephone–        DNI / Passport–       Driving licenceConsent of the party concerned Formalisation of the contract

Purpose: We will only use your data for the purposes for which we collected them unless we reasonably believe we should use them for another reason, notifying you in advance so that you are informed of the legal basis for processing and provided that the purpose is compatible with the original purpose.

Retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data. The provisions of archives and documentation regulations will be applied.

  1. Your rights in data protection.

How to exercise these rights? Users can send a communication to the registered office of YELLOW CAR, S.A or to the email address, including in both cases a photocopy of their identification card or another similar identification document, to request the exercise of the following rights:

  • Access to your personal data: you can ask YELLOW CAR, S.A if they are using your personal data.
  • Request rectification if they were not correct or exercise the right to be forgotten regarding them.
  • To request the limitation of processing, in this case, they will only be retained by YELLOW CAR, S.A for the exercise or defense of claims.
  • To object to their processing: YELLOW CAR, S.A will allow you to process the data in the manner you specify, except that for legitimate reasons or for the exercise or defense of possible claims, they must continue to be processed.
  • To data portability: in case you wish your data to be processed by another company, YELLOW CAR, S.A will facilitate the portability of your data to the new controller.

You can use the models provided by the Information Commissioner’s Office to exercise your rights as follows: Here

Complaint to the Information Commissioner’s Office: If you believe there is an issue with how YELLOW CAR, SA processes your data, you can direct your complaints to the relevant supervisory authority, which is located in the United Kingdom: The Information Commissioner’s Office.

We may need to request specific information to help us confirm your identity and ensure your right to access your personal data (or exercise any of the other rights mentioned above). This is a security measure to ensure that personal information is not disclosed to anyone not entitled to receive it.

All requests are resolved within the legally specified timeframe of 1 month. However, it may take longer than a month if your request is particularly complex or if you have already taken a series of actions previously. In such cases, we will notify you and keep you updated.

  1. Transfer of personal data.

In the performance of our work, it may be necessary for us to seek the assistance of third parties who will only process the data to provide the contracted service, and with whom we have appropriate measures in place to ensure their rights:

– Service providers who offer system administration and information technology services.

– Professional advisors, including lawyers, auditors, and insurers, who provide banking, legal, insurance, and accounting consulting services.

All data processors to whom we transfer your data will respect the security of your personal data and process them in accordance with GDPR. We only allow such processors to handle your data for specific purposes and in accordance with our instructions. However, in compliance with transparency, you may request a list of the companies that provide us with these services by emailing us at

  1. Data security

We have implemented appropriate security measures to prevent your personal data from being lost, accidentally used, or accessed, altered, or disclosed without authorization. Furthermore, we restrict access to your personal data to those employees, contractors, and other third parties who have a legitimate business need to know such information. They will only process your personal data in accordance with our instructions and will be subject to a duty of confidentiality.

We have established procedures to address any suspicion of a breach of your personal data, and we will notify you and the Supervisory Authority in the event of a security breach, as regulated in the GDPR under Articles 33 and 34.

Update: Version 1.4

March 2019