Privacy Policy

Identity: CARGAME LOCKERS BALEARES S.L.

Tax ID: B16774341

Address: C/ Clara Castellanos 74, 50270 Ricla (Zaragoza)

Email: info@itslockers.tech

GDPR enquiries: rgpd@itslockers.tech

CARGAME LOCKERS BALEARES S.L. has appointed an external Data Protection Officer (DPO):

Datages Consulting, S.L.U. (CIF B47697453)

Address: Paseo Arco de Ladrillo 88, Planta 1, Of. 2B, 47008 Valladolid

Email: dpd@datagesconsulting.com

For GDPR enquiries about your personal data, please first write to rgpd@itslockers.tech; our team will coordinate with the DPO if needed.

When you book a locker we may process: name, email address, phone number, payment data (managed by the payment provider), IP address and device data, and access codes (PIN) generated for opening the locker.

We do not collect special categories of data (Article 9 GDPR).

Managing the locker rental contract.

Processing payments through Redsys (Servired) and confirming transactions.

Sending booking confirmations, access codes and service-related communications.

Complying with tax, accounting and consumer-protection legal obligations.

Investigating incidents and preventing fraud.

Performance of the rental contract (Article 6.1.b GDPR).

Compliance with legal obligations (Article 6.1.c GDPR).

Legitimate interest in security and fraud prevention (Article 6.1.f GDPR).

Your data may be shared with:

Redsys Servicios de Procesamiento, S.L. — payment gateway processor.

SendGrid (Twilio Inc., USA) — transactional email delivery, under EU Standard Contractual Clauses.

Hosting and infrastructure providers acting as data processors.

Spanish tax and competent administrative authorities when legally required.

Some of our service providers (e.g. SendGrid) are located outside the European Economic Area. Such transfers are protected by Standard Contractual Clauses approved by the European Commission, in accordance with Articles 44–49 GDPR.

Booking and transactional data are retained for the duration of the rental and afterwards for the legal periods required by tax law (currently 6 years).

Access codes are encrypted and deleted after the booking expires.

IP and log data are retained for up to 12 months for security purposes.

You have the right to access, rectification, erasure, restriction, portability and objection (Articles 15–22 GDPR).

You also have the right to withdraw consent at any time and to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

To exercise these rights, please contact rgpd@itslockers.tech or the DPO at dpd@datagesconsulting.com.

We apply technical and organisational measures appropriate to the risk: TLS encryption in transit, encryption at rest of access codes, principle of least privilege and regular backups.