GDPR Compliance

Last updated: 19 March 2026

Our Commitment to GDPR

CostaDelClicks is fully committed to compliance with the EU General Data Protection Regulation (GDPR) 2016/679 and the Spanish Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPD-GDD).

As a business operating in Spain and serving clients across the European Union, data protection is fundamental to how we operate.

Data Controller

CostaDelClicks
Almería, Spain
Email: hello@costadelclicks.com

Principles We Follow

All personal data processing at CostaDelClicks follows these GDPR principles:

  • Lawfulness, fairness, and transparency: we process data lawfully and are transparent about how we use it
  • Purpose limitation: we collect data only for specified, explicit, and legitimate purposes
  • Data minimisation: we collect only the data that is necessary for the stated purpose
  • Accuracy: we take reasonable steps to ensure data is accurate and up to date
  • Storage limitation: we retain data only for as long as necessary
  • Integrity and confidentiality: we implement appropriate security measures to protect your data
  • Accountability: we can demonstrate compliance with these principles

Your Rights Under GDPR

As a data subject, you have the following rights. We will respond to any request within 30 days.

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data when it is no longer necessary for the purpose it was collected, when you withdraw consent, or when you object to processing.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. CostaDelClicks does not currently use automated decision-making processes.

How We Protect Your Data

  • Encryption: all data in transit is encrypted via HTTPS/TLS
  • Hosting: our website is hosted on Cloudflare's global network, which maintains SOC 2, ISO 27001, and PCI DSS compliance
  • Access control: personal data access is limited to authorised personnel only
  • Minimisation: we collect only the data necessary to provide our services
  • No selling of data: we never sell personal data to third parties

Data Processing Activities

We process personal data for the following activities:

  • Contact form submissions: to respond to your enquiries (legal basis: consent)
  • Client services: to deliver web design, automation, and AI implementation services (legal basis: contractual necessity)
  • Website analytics: to understand and improve our website (legal basis: legitimate interest, using privacy-respecting tools)

Third-Party Processors

We use the following third-party data processors, all of which are GDPR-compliant:

  • Cloudflare (USA): website hosting and CDN — EU Standard Contractual Clauses in place
  • Fillout (USA): form submission processing — GDPR-compliant data processing
  • Google Maps (USA): embedded maps on location pages — governed by Google's data processing terms

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Spanish Data Protection Authority (AEPD) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights

Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Email: hello@costadelclicks.com

Please include your name and a description of the right you wish to exercise. We may need to verify your identity before processing your request.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid
Website: www.aepd.es
Phone: +34 901 100 099