EzCita logoEzCita

Privacy Policy

Last updated: June 2026

Data Controller

Philip Murray, NIE Y5233988F, info@ezcita.com
PLACEHOLDER: [Registered address when Autónomo]

1. Data We Collect

  • Name and surname(s)
  • Document type and number (NIE, DNI, or Passport)
  • Year of birth
  • Nationality
  • Email address
  • Language preference
  • Order and payment history (including Stripe-generated payment reference)
  • Support ticket content
  • IP address and basic browser data (via Cloudflare, for security)

Data We Do NOT Collect

  • Phone number
  • Home address
  • Bank account details (Stripe handles all card processing — we never see card numbers)
  • Government portal credentials

2. Legal Basis for Processing

  • Contract performance — processing your order
  • Consent — sending marketing communications (you can unsubscribe at any time)
  • Legal obligation — maintaining financial records as required by Spanish tax law

3. Data Storage and Security

  • All data is stored on servers located in Frankfurt, Germany (within the EU), operated by Hetzner Online GmbH
  • Personal data in the PostgreSQL database is encrypted at rest
  • Personal data transmitted to Oracle VPS nodes (for appointment booking purposes) is encrypted using Fernet/AES and stored in the local SQLite database only for the duration of the active search

4. Data Retention

  • Order data: retained for 5 years from completion (Spanish tax law requirement)
  • Appointment confirmation PDFs: deleted after 12 months from the appointment date
  • Support ticket content: retained for 2 years
  • After the retention period, data is anonymised

5. Third Parties

  • Stripe — payment processing (Stripe's privacy policy applies to payment data)
  • Zoho — email sending (Zoho's privacy policy applies to email transmission)
  • Cloudflare — DNS, DDoS protection, and security (Cloudflare's privacy policy applies)
  • Hetzner — server hosting (data processing agreement in place)
  • No data is sold to third parties. No marketing third parties receive your data.

6. Your Rights

  • Right to access your data
  • Right to correct your data
  • Right to erasure (“right to be forgotten”) — subject to the retention requirements above
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es

To exercise your rights, contact info@ezcita.comwith the subject “Data Request — [your order ID]”.

7. Cookies

We use only essential cookies to keep you logged in and secure. We do not use analytics, advertising, or tracking cookies. See our Cookie Policy for full details.

8. Changes

We may update this policy. Changes will be posted on this page with an updated date and notified by email.

9. Contact

Data Protection Officer: Philip Murray. info@ezcita.com