Privacy Policy
At YIMAILIFE we respect and protect your privacy. This document informs you, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), about how we process the personal data of individuals who interact with our website.
1. Data controller
Identity: YIMAILIFE, S.L.
Tax ID: B88253265
Address: Av. de las Flores, 35, Humanes de Madrid
Contact email: info@yimailife.es
Phone: +34 655 54 15 20
2. Purposes and legal basis for processing
We process your personal data for the following purposes and legal bases:
2.1 Managing quotation requests and enquiries
When you fill in our quotation request or contact form, we process your data to respond to your request, prepare the relevant quote and maintain commercial communication with you regarding the order.
- Data processed: name, company, email address, phone number, and description of your needs.
- Legal basis: execution of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR).
2.2 Managing the commercial relationship
If we formalise a contract or commercial relationship, we process the data necessary to manage the order, invoicing, delivery and after-sales support.
- Data processed: company identification data, VAT number, billing and delivery address, contact details of the person responsible for the order.
- Legal basis: performance of a contract (Art. 6.1.b GDPR) and compliance with legal accounting and tax obligations (Art. 6.1.c GDPR).
2.3 Sending commercial communications
If you give your express consent, we will use your email address to send you our newsletter, product updates and commercial offers.
- Data processed: name and email address.
- Legal basis: consent of the data subject (Art. 6.1.a GDPR). You may withdraw your consent at any time without affecting the lawfulness of prior processing.
2.4 Statistical analysis of the website (not currently active)
In the future we may use analytics tools to improve the visitor experience and website performance. If implemented, we will update this policy and explicitly request your prior consent before activating any analytical cookies.
- Data processed: pseudonymised browsing data (e.g. session identifiers, pages visited, time spent).
- Legal basis: consent of the data subject (Art. 6.1.a GDPR).
3. Retention periods
We retain your data for the following periods:
- Quotation requests not converted into a contract: 2 years from the last communication.
- Client data with a contractual relationship: for the duration of the relationship and, thereafter, for the periods legally required by applicable tax, commercial and accounting regulations.
- Commercial communications: until you withdraw your consent or request to unsubscribe.
- Browsing data: 26 months from collection.
4. Data processors and recipients
YIMAILIFE does not sell or transfer your data to third parties for commercial purposes. To provide the service, we work with the following data processors and recipients:
4.1 Data processors
Data processors are providers who process personal data on our behalf and under our instructions, pursuant to a data processing agreement in accordance with Art. 28 GDPR:
| Processor | Services used | Purpose | Safeguards |
|---|---|---|---|
| Google LLC (Firebase) | Firebase Firestore, Firebase Auth, Firebase Storage | Storage of contact and quotation requests (Firestore); authentication of internal staff for the admin panel, not site users (Auth); storage of catalogue files (Storage). | Firebase Data Processing Addendum (Standard Contractual Clauses — Art. 46.2.c GDPR) |
| Vercel Inc. | Web hosting, content delivery network (CDN) and edge network | Serving the website to visitors. Vercel may temporarily process the visitor's IP address on its edge servers for technical routing and anti-abuse protection purposes; such logs are retained for a limited period and are not used to profile users. | Vercel Data Processing Agreement (Standard Contractual Clauses — Art. 46.2.c GDPR) |
4.2 Other recipients
- Transport and logistics companies: only when an order is formalised, to manage delivery.
- Public authorities and competent authorities: when required by law.
4.3 International transfers
Google LLC and Vercel Inc. are established in the United States. Data transfers to these processors are carried out with the appropriate safeguards provided for in Art. 46 GDPR by means of Standard Contractual Clauses approved by the European Commission, pursuant to the processing agreements indicated in the table above.
5. Your rights
As a data subject, you have the right to:
- Access: find out what data of yours we process.
- Rectification: correct inaccurate or incomplete data.
- Erasure ('right to be forgotten'): request the deletion of your data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
- Objection: object to the processing of your data, including processing based on legitimate interest.
- Restriction of processing: request that we suspend processing in certain circumstances.
- Portability: receive your data in a structured, commonly used and machine-readable format.
- Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.
6. How to exercise your rights
To exercise any of the above rights, send your request in writing, accompanied by a copy of your ID or other identity document, through any of the following means:
Email: info@yimailife.es
Postal address: YIMAILIFE, S.L. — Av. de las Flores, 35, Humanes de Madrid, Spain (Attn: Privacy Officer)
We will respond to your request within a maximum of 30 days of receipt.
7. Complaints to the supervisory authority
If you believe that the processing of your data does not comply with applicable regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the competent supervisory authority in Spain:
- Address: C/ Jorge Juan 6, 28001 Madrid
- Website: www.aepd.es
- Electronic office: sedeagpd.gob.es
8. Data security
YIMAILIFE implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, including encryption of communications (HTTPS), access control to systems, and staff training on data protection.