1. Information We Collect

At ByME Transport and Relocation Group S.L. we collect personal data directly from the user and also automatically during use of our services. This information includes, among others:

  • Name and surnames
  • Collection, delivery and correspondence addresses
  • Contact phone and email
  • Tax and billing data (NIF, billing address, company name)
  • Payment data, securely managed through Stripe (we do not store complete card data)
  • Volume, typology and characteristics of goods to be moved
  • Navigation and platform usage data through cookies (see Cookie Policy)
  • IP address, browser type, operating system, screen resolution and other technical device data
  • Unique user identifiers, session ID and interactions with forms and website elements
  • Approximate location (country or city) derived from IP, used to improve user experience

Part of this information is obtained automatically through cookies or similar technologies, and is subject to your explicit consent as indicated in our Cookie Policy.

2. Use of Information

We use collected personal data for the following purposes, in accordance with provisions of article 6 of the General Data Protection Regulation (GDPR):

  • Manage, plan and correctly execute contracted services (moves, transport, storage, customs procedures, etc.).
  • Process payments securely through certified platforms like Stripe, without storing sensitive payment method information.
  • Issue quotes, invoices, pre-contractual and operational communications linked to requested service.
  • Attend information requests, incidents, service modifications or cancellations.
  • Comply with our legal, tax, commercial and administrative obligations.
  • Improve service quality through internal analysis of usage, platform performance, navigation flows and error frequency (through tools like Google Analytics or Firebase).
  • Verify and protect system integrity against fraudulent activities or automated through tools like Google reCAPTCHA.
  • Send satisfaction surveys, follow-up notices, operational reminders and informational content whenever there is prior consent.
  • Perform statistical or technical segmentations for optimization of our internal and logistics processes (for example, to estimate demand by area or season).
  • Manage automated sending of technical or administrative communications through services like MailerSend.

ByME does not make automated decisions with legal effects on the user nor elaborate commercial profiles without legal basis or explicit consent.

3. Data Sharing

ByME does not sell, rent or transfer personal data to third parties without your consent, except in cases strictly necessary to provide our services or by legal obligation. We share information only with the following types of recipients:

  • Logistics operators and subcontractors: collaborating companies necessary for collection, transport, storage, delivery and handling of goods.
  • Customs agents and processors: when necessary for compliance with legal or regulatory requirements in international services.
  • Payment platforms: such as Stripe, to manage secure processing of economic transactions.
  • Technology providers: that provide essential services for functioning of our digital infrastructure, including:
    • Google Cloud and Firebase (cloud platform and database)
    • GoDaddy (web domain management and security certificates)
    • Microsoft 365 (internal communications and document management)
    • MailerSend (sending transactional and operational emails)
    • Google reCAPTCHA (protection against fraud and bots)
    • CookieManager (cookie consent management tool)
  • Public administrations and competent authorities: when required by tax, customs, transport regulations or in compliance with judicial or administrative resolutions.

All third parties who access personal data will act as data processors, signing corresponding contracts in accordance with article 28 of GDPR and guaranteeing security measures equivalent to ours.

4. User Rights

As holder of personal data, the user may exercise at any time and free of charge the following rights recognized by the General Data Protection Regulation (GDPR):

  • Right of access: obtain confirmation about whether we process your data and access them.
  • Right of rectification: request correction of inaccurate or incomplete data.
  • Right of deletion: request deletion of your data when they are no longer necessary for purposes for which they were collected, or when you withdraw your consent.
  • Right of opposition: oppose processing of your data for reasons related to your particular situation, especially in processing for direct marketing purposes.
  • Right to limitation of processing: request that no processing operations be applied to your data in certain cases (for example, while data accuracy is being verified).
  • Right to portability: receive your personal data in a structured, commonly used and machine-readable format, and be able to transmit them to another data controller.
  • Right not to be subject to automated decisions: including profiling that produces legal effects or significantly affects you.

To exercise any of these rights, the user must send an express request, indicating the right they wish to exercise, to email address legal@bymegroup.com, attaching a copy of their identity document or equivalent.

Likewise, the user has the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider their rights have been violated.

5. Security

At ByME we implement appropriate technical and organizational measures to guarantee confidentiality, integrity and availability of processed personal data. These measures are aligned with article 32 of the General Data Protection Regulation (GDPR) and are periodically reviewed to ensure their effectiveness.

Among applied measures are included:

  • Use of encrypted connections (SSL/TLS) in all communications through our website.
  • Access authentication to internal environments, with permission control and activity traceability.
  • Data storage on secure servers located in the European Union through providers like Google Cloud Platform and Firebase.
  • Regular backups and encryption of sensitive data when appropriate.
  • Continuous monitoring of suspicious activity, code integrity and system security.
  • Protection against automated access and malicious activities through Google reCAPTCHA.

Likewise, our personnel and collaborators with access to personal data are duly trained in data protection matters and subject to confidentiality obligations.

6. Data Retention

ByME will retain personal data for the time strictly necessary to fulfill purposes for which they were collected, and subsequently during periods required by applicable legislation, especially in tax, commercial, accounting and transport matters.

Criteria applied to determine retention periods are as follows:

  • Data derived from contractual relationships: up to 6 years after service completion, in accordance with Commercial Code and tax regulations.
  • Operational tracking and customer service data: up to 2 years from last recorded interaction.
  • Data processed for commercial purposes (for example, sending newsletters, satisfaction surveys): until user revokes their consent or requests deletion.
  • Anonymized technical or analytical data: may be retained indefinitely for statistical purposes and service improvement, provided they do not allow user identification.
  • Access logs, technical logs and cybersecurity-related data: up to 12 months, unless necessary for incident investigation or regulatory compliance.

Once corresponding period ends, data will be securely deleted or, where applicable, anonymized to prevent their linking with identified or identifiable natural persons.

7. Contact

For any query related to this Privacy Policy, processing of your personal data or exercise of your rights in accordance with GDPR, you may contact our Data Protection Officer by writing to:

Email: legal@bymegroup.com
Data controller: ByME Transport and Relocation Group S.L.
CIF: B56917271
Registered office: Calle Fuengirola 26, Arroyomolinos, Madrid, Spain

We will respond within a maximum period of 30 calendar days from receipt of your duly documented request.

8. Protection against abuse and use of reCAPTCHA

We use Google reCAPTCHA v3 and v2 on our website to protect forms and ensure they are only used by humans, preventing abuse by automated bots. This service automatically verifies user interaction and may collect information such as IP address, cookies, device data, and browsing patterns.

The use of Google reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

By using our forms, you agree to the processing of your data by Google for the purposes described in these policies.