📜 Privacy Policy

Last updated: November 13, 2025

Identity of Data Controller:

The party legally responsible for the processing of your personal data is:
Owner (Titular): Sefora Villa Camacho
Trade Name: MOVE SPAIN VISA
Legal Status: Sole Proprietorship (Autónoma)
Tax ID (NIF/CIF): 48738745C
Registered Address: Camino Viejo de Monteagudo, 11, 30007, Murcia, Spain.
Email Contact: info@movespainvisa.com

At Move Spain Visa, we are fully committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, share, and protect your data in compliance with the EU General Data Protection Regulation (GDPR – EU 2016/679), which governs our processing activities under Spanish law.

Legal Basis for Processing

We process your personal data primarily under the legal basis of the Execution of a Contract (Art. 6.1.b of the GDPR) in order to provide and manage the immigration advisory services you contract. For sending marketing communications, we rely on your Explicit Consent (Art. 6.1.a).

What personal data do we collect?

  • Identification and contact details: name, email, phone number.
  • Special Categories of Data (Sensitive Information): passport, criminal records, marital status, health certificates, etc.
  • Information shared during consultations, forms, or video calls.

Legal Basis for Sensitive Data: The processing of this sensitive data is strictly necessary for the management of applications in the public interest (visas) and is based on your Explicit Consent for us to prepare your immigration file before the Spanish authorities.

Financial Data:

When you purchase our services, payment information (such as the last four digits of your card, billing address, and transaction details) is collected and processed by our third-party payment processor, Stripe. We do not store or have direct access to your full credit card number.

How do we use your data?

  • To assess your visa eligibility and advise on strategy.
  • To review, prepare, and organize documentation.
  • To provide referrals to third-party providers (insurance, sworn translators, legal advisors, etc.).

Important: We are not lawyers or tax professionals. Any guidance on tax implications is based on general information only. Definitive legal or fiscal advice is provided by referred, certified professionals.

Data storage and security

We implement appropriate technical and organizational measures (such as encryption and access control) to protect your data. We use a secure environment through Google Workspace and our Client Portal for document management and communication. These platforms meet international security standards.

Client Responsibility: While we use a secure Client Portal for sensitive documents, the responsibility of protecting your Client Portal credentials and avoiding the submission of sensitive documents via unencrypted channels (such as standard email) rests with the user. We are not liable for any data breaches resulting from misuse of email or client portal credentials.

All sensitive financial information is handled directly by Stripe and is subject to their advanced security protocols, ensuring that your data is protected against unauthorized access.

Sharing your data (Third-Party Data Processors)

Your data is shared only when:

  • You explicitly authorize it
  • It is necessary to complete a task you requested (e.g., contacting a translator or insurance company).

Third-Party Data Processors: All our Data Processors (e.g., sworn translators, insurance agencies) are contractually obligated to comply with the GDPR through formal agreements. We do not perform international data transfers outside the European Economic Area (EEA) unless the client explicitly requests it and a protective data agreement is signed. We do not sell, rent, or commercially distribute your personal data under any circumstances.

For Payment Processing: We share transaction data and billing information with our payment processor, Stripe, Inc., to successfully process your payments. Stripe acts as an independent Data Controller for the information it processes and is responsible for the security of your payment details. You can review Stripe’s Privacy Policy here: https://stripe.com/privacy

Data retention and deletion

We adhere strictly to the principle of data minimization.

Once this legal period has concluded, your data will be permanently deleted.

Sensitive Data Deletion: Sensitive immigration documentation (passports, criminal records, etc.) will be deleted from our Client Portal within a maximum of 30 days after the service is completed or cancelled.

Mandatory Retention (Fiscal and Service Records): We will retain contact data, invoices, and communication records related to the service provision for a period of 4 years to comply with our tax, legal, and auditing obligations under Spanish law.

This minimum retention period is necessary to comply with Spanish fiscal and auditing requirements. After this period, any remaining data not subject to other legal hold requirements will be permanently erased.

Your GDPR rights

Regardless of your nationality or country of residence, you have the right to:

  • Access, correct, or delete your personal data.
  • Request data portability.
  • Restrict or object to the processing of your data.
  • File a complaint with a data protection authority (AEPD in Spain).

Please Note: Your right to deletion is subject to legal and fiscal limitations. We cannot delete data (such as invoices and records of service provision) that we are legally required to retain under Spanish law (minimum 4 years).

You can exercise any of these rights by contacting us at info@movespainvisa.com.