Privacy Policy

Last updated: 8 May 2026

This privacy policy explains what personal information My Shadow in Madrid collects through this website, how it's used, and what rights you have. We comply with the EU General Data Protection Regulation (GDPR) and Spain's organic law on data protection (LOPDGDD).

Who is the data controller

Alberto M. Villa, operating as Grupo Amvilla, with registered address in Collado Villalba, Madrid, Spain. Contact: [email protected].

What data we collect

When you submit the contact form, we collect: your name, email, phone (optional), country of origin, number of travellers, arrival date, trip duration, preferred package, and the message you write. We also automatically log the timestamp and the page from which the form was sent.

This site does not use tracking cookies, analytics, or third-party advertising scripts. The only cookies set are strictly technical, by Cloudflare, to keep the site secure and fast.

Why we collect it

• To respond to your booking enquiry — legal basis: your consent and the steps required to enter into a contract.
• To send you a price quote and itinerary suggestions.
• To keep records of business communications, as required by Spanish tax law.

Who we share it with

We use Resend (resend.com), a transactional email provider based in the EU/US, to deliver your form submission to our inbox. Resend processes the data on our behalf and does not use it for any other purpose. The site is hosted by Cloudflare Pages (cloudflare.com), which provides network security and content delivery.

We do not sell or rent your data to anyone. We do not use it for marketing emails unless you specifically subscribe.

How long we keep it

If you become a client, we keep records for the legally required period (typically 6 years for invoices in Spain). If you don't proceed, we delete enquiry data after 12 months unless you ask us to delete it sooner.

Your rights

Under GDPR you can: access your data, correct it, delete it, restrict its use, object to its processing, or request portability. Write to [email protected] from the email address you used. We respond within 30 days. You can also file a complaint with the Spanish data protection agency (aepd.es).

International transfers

Our email provider may process data in the United States. They operate under EU-approved standard contractual clauses, providing the same level of protection as if your data stayed in Europe.

Changes to this policy

We update this policy when our practices change. Significant updates will be announced on this page with a new "last updated" date.