Privacy Policy

Introduction

At Expat Health Spain we value and protect your privacy. This policy explains how we collect, use and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Spanish legislation.

1. Data Controller

Expat Health Spain is the controller of your personal data.

• Identity: Expat Health Spain
• Email: privacy@expathealthspain.com
• Phone: +34 622 820 674
• Address: Madrid, Spain

2. Data We Collect

We only collect data necessary to provide you with our services:

Personal Data:

• Full name and surnames
• Date of birth
• Nationality and country of residence
• Passport number
• Contact details (email, phone)

Insurance Data:

• Type of visa applied for
• Arrival date in Spain
• Expected length of stay
• Desired coverage level

Payment Data:

• Billing information
• Card details (processed by secure gateway)
• Transaction history

Technical Data:

• IP address
• Cookies and browsing data
• Language and site preferences

3. Legal Basis for Processing

We process your data based on:

• Contract execution: To manage your insurance
• Consent: For commercial communications
• Legal obligation: To comply with tax and insurance regulations
• Legitimate interest: To improve our services

4. Purpose of Processing

We use your data to:

• Manage contracting and maintenance of insurance
• Issue official certificates for visa procedures
• Process payments and issue invoices
• Provide customer support
• Comply with legal and regulatory obligations
• Send communications about your policy
• Improve our services (with your consent)

5. Data Sharing

Your data may be shared with:

• Insurance companies: To issue and manage policies
• Payment processors: To manage transactions
• Competent authorities: When legally required
• Service providers: Under strict confidentiality agreements

6. Data Retention

We retain your data for the necessary time:

• During the validity of your policy
• 10 additional years for legal obligations
• Marketing data: until you withdraw your consent
• Technical data: maximum 2 years

7. Your Rights

You have the right to:

• Access: Know what data we have about you
• Rectification: Correct inaccurate data
• Deletion: Request deletion of your data
• Limitation: Restrict certain processing
• Portability: Receive your data in structured format
• Opposition: Object to certain processing
• Revoke consent: At any time

8. Security

We implement technical and organizational security measures:

• SSL/TLS encryption in transmissions
• Restricted access to personal data
• Regular security audits
• Continuous staff training
• Periodic backups
• Incident response protocols

9. Cookies

We use cookies to improve your experience:

• Essential Cookies: Necessary for site operation
• Analytics Cookies: To understand how you use our site (Google Analytics)
• Marketing Cookies: To personalize content (with your consent)

You can manage cookies from your browser settings.

10. International Transfers

Some service providers may be located outside the EU. In these cases, we guarantee adequate protection through:

• Standard contractual clauses approved by the EU
• Recognized privacy certifications
• Data transfer agreements

11. Minors

Our services are directed to people over 18 years old. If a minor needs insurance, it must be contracted by their legal guardian, who will provide the necessary consent.

12. Changes to this Policy

We may update this policy occasionally. We will notify you of significant changes by email. The current version will always be available on our website.

13. Complaints

If you are not satisfied with how we handle your data, you can file a complaint with:

• Spanish Data Protection Agency (AEPD)
• www.aepd.es

We recommend contacting us first to resolve any concerns.