Privacy Policy

Privacy Policy

This legal text gives you details of how we collect and process your personal data through the use of our website, including any information that you can provide us through the site when you sign up for a service, or provide your contact information through the form enabled for this purpose.

When you provide us with the information, we inform you that our services are not possible for those people whose regulations prevent them from giving their consent, so when you send us the forms you guarantee that you have sufficient capacity to grant consent.

  1. Data controller

Company name: YELLOW CAR S.A, con C.I.F: A-29.030.020, Registered Office: Urbanización El Rosario, Edificio Yellow Car, Marbella, Málaga, C.P. 29.604. Phone: 952 831 492 y email:

Registry data: Inscrita en el Registro Mercantil de Málaga el 22 de septiembre de 2004, al Tomo 1890, Libro 803, Folio 153, Sección 8, MA 26053

YELLOW CAR, S.A, es el responsable de sus datos. (En adelante nosotros o nuestro).

  1. What data do we collect?

The General Data Protection Regulation tells us that personal data is all information about an identified or identifiable natural person, that is, all the information capable of identifying a person. This would not include anonymous or percentage data.

On our website we can process certain types of personal data, which may include

  • Identity data: name, surname, DNI/Passport. Driving license data.
  • Personal characteristics data: date of birth
  • Contact information: email and telephone

We do not collect any data related to special categories of personal data (those that reveal their ethnic or racial origin, political opinions, religious or philosophical convictions, union affiliation and information about their health, genetic or biometric data).

In case you are requested to collect personal data by law or according to the terms of contract between us and you refuse to provide them, we may not be able to make such a contract or provide the service, and you must notify us about this in advance..

  1. How we collect your personal information?

The means we use to collect personal data are:

  • Through the form on our website, through our contact emails or by phone, when:
    • You request information about our services
    • You contract the provision of our services
    • You request quotes
  • Through technology or automated interactions: on our site we can automatically collect technical data about your equipment, navigation actions and usage patterns. This data is collected through cookies or similar technologies. If you want to expand the information, you can consult our cookies policy
  • Through third parties:

Google: analytical data or search data. Outside the European Union..


  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • For the formalization of a contract between YELLOW CAR S.A and you.
  • When you give your consent in the processing of your data
  • When we need them to comply with a legal or regulatory obligation
  • When necessary for our legitimate interest.

The User may revoke the consent given at any time by sending an email to or consulting the section of exercise of rights below.

Below we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for its use, as well as knowing what kind of personal data we are going to deal with. We can process some personal data for some additional legal reason, so if you need details about it you can send an email to


Purpose Data Type Legitimacy for its treatment
To request information through the contact form –        Name

–        Email

Consent of the interested party
To get a quote about our services


–        First name

–        Surnames

–        Birthdate

–        Email


Consent of the interested party

Contract formalization

To make a reservation


–        First name

–        Surnames

–        Birthdate

–        Email

–        Phone

–        DNI / Passport

–        Driving license data


Consent of the interested party

Contract formalization

Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably believe that we must use it for another reason, notifying you in advance so that you are informed of the legal reason for processing it and provided the purpose is compatible with the original purpose.

Conservation period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and the treatment of the data. The provisions of the files and documentation regulations will apply.

  1. Your Rights in Data Protection

How to exercise these rights? Users can send a communication to the registered office of YELLOW CAR, S.A or email address,including in both cases photocopy of your ID card or other similar identification document, to request the exercise of the following rights:

Access to your personal data: you can ask YELLOW CAR, S.A if you it is using your personal data.

– To request rectification, if they were not correct, or to exercise the right to be forgotten with respect to them.

– To request the limitation of the treatment, in this case, they will only be conserved by YELLOW CAR, S.A for the exercise or defense of claims

– To oppose your treatment: YELLOW CAR, S.A will let you process the data in the way you indicate, except that for legitimate reasons or for the exercise or defense of possible claims, these should continue to be treated.

– To the portability of the data: in case you want your data to be processed by another firm, YELLOW CAR, S.A, will facilitate the portability of your data to the new manager.

You can use the models placed at your disposal by the Information Commissioner’s Office, to exercise your previous rights: Here

Claim before the Information Commissioner’s Office: if you consider that there is a problem with the way in which YELLOW CAR, S.A is processing your data, you can direct your claims to the corresponding control authority, being in the UK, the competent for it: The Information Commissioner’s Office.

We may have to request specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any of the other rights mentioned above). This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.

All the requests are solved within the legal term indicated 1 month. However, it can take more than a month if your request is particularly complex, or if you have already performed a series of actions previously. In this case, we will notify you and keep you updated.

  1. Transfer of personal data

It is possible that, in the performance of our work, we need the help of third parties, who will only process the data to provide the contracted service, and with whom we have the corresponding measures to guarantee their rights:

– Providers of services that provide systems administration and information technology services.

– Professional advisors that include lawyers, auditors and insurers that provide banking, legal, insurance and accounting consulting services.

All those in charge of treatment to whom we transfer your data will respect the security of your personal data and will treat them according to the GDPR. We only allow such managers to process your data for certain purposes and in accordance with our instructions. However you can ask us, in compliance with the transparency, a list of who are these companies that provide us services, you can do it to the email:

  1. Data Security

We have implemented the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized manner, modified or disclosed. In addition, we limit the access to your personal data to those employees, contractors and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspicion of violation of your personal data and will notify you and the Control Authority in case it occurs, as regulated in the GDPR in its articles 33 and 34, a security breach.

Actualización: Versión 1.4

Marzo 2019