SpainPorFavor — The Smartest Way to Move to Spain

1. Who We Are

SpainPorFavor is an immigration document preparation service that connects clients with licensed Gestores Administrativos in Spain. We process personal data to prepare and submit visa applications on your behalf.

Data Controller: SpainPorFavor
Contact: [email protected]
Data Protection Officer: [email protected]

2. What Data We Collect

We collect and process the following categories of personal data:

Category	Examples	Purpose
Identity documents	Passport, criminal record, birth certificate	Visa application preparation
Financial documents	Bank statements, employment contracts	Income verification for visa requirements
Contact information	Name, email, phone number	Service delivery and communication
Health insurance	Insurance policy documents	Visa requirement compliance
Usage data	Login times, document upload history	Service improvement and security

3. Legal Basis for Processing

We process your data under the following legal bases (GDPR Article 6):

Contract performance (Art. 6(1)(b)): Processing necessary to deliver our visa preparation service.
Consent (Art. 6(1)(a)): For AI-powered document validation and optional marketing communications.
Legitimate interest (Art. 6(1)(f)): For security monitoring, fraud prevention, and service improvement.
Legal obligation (Art. 6(1)(c)): Where required by law (e.g., anti-money laundering checks).

4. How We Use AI

We use AI-powered document validation to check your uploaded documents for completeness, accuracy, and compliance with Spanish immigration requirements. This includes:

Checking document dates and validity periods
Verifying name consistency across documents
Detecting missing apostille stamps or translations
Identifying formatting or quality issues

Document images are processed by our AI system for validation purposes only. No document data is retained by the AI system after processing. You can opt out of AI validation at any time (documents will then be reviewed manually by our team, which may take longer).

5. Who Has Access to Your Data

Your assigned Gestor: Licensed immigration specialist who prepares your application. Bound by professional confidentiality under Spanish law.
SpainPorFavor administrators: For quality control and support purposes.
Spanish immigration authorities: Your documents are submitted as part of your visa application.
Cloud infrastructure providers: For secure data storage (encrypted at rest).

We never sell your data. We never share your data with third parties for marketing purposes.

6. Data Retention

Active cases: Your documents and data are retained for the duration of your case plus 30 days after resolution (approval or rejection).

After case closure: All uploaded documents are permanently deleted 30 days after your visa is approved or your case is otherwise resolved. Your case record is anonymized (personal identifiers removed) but retained for our internal compliance records.

Renewal clients: If you opt into our renewal service, your data is retained until you cancel or your case concludes.

7. Your Rights (GDPR Articles 15-22)

You have the right to:

Access: Request a copy of all data we hold about you.
Rectification: Correct inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten"). You can do this directly from your portal.
Portability: Receive your data in a machine-readable format.
Restriction: Limit how we process your data.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Revoke any consent you've given, at any time.

To exercise any of these rights, use the controls in your client portal or email [email protected]. We will respond within 30 days.

8. Data Security

All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access controlled by role-based permissions (you, your Gestor, administrators only)
All document access logged in audit trail
EXIF metadata stripped from uploaded images (GPS, device info removed)
Rate limiting on all API endpoints
Session-based authentication with HTTP-only cookies

9. International Transfers

Your data is stored on servers within the European Union. Where data is processed outside the EU (e.g., AI validation services), we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Spanish Data Protection Agency (AEPD): www.aepd.es
Your local supervisory authority if you are based in another EU/EEA country.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via your portal or email before the changes take effect.

Privacy Policy