Privacy Policy

This legal text gives you details on how we collect and process your personal data through the use of our website, including any information that you may provide to us through the website when you register for our newsletter or provide your contact details using the form provided for this purpose.

In providing us with your personal data, we inform you that our services are not possible for those people for whom the regulations prevent them from giving their consent, so when you send us the forms you guarantee to us that you have sufficient capacity to grant consent.

Below we inform you about the data protection policy of: Museo Ralli, S.L.

  1. Party responsible for data processing

Contact details of the responsible party: MUSEO RALLI, S.L. with company ID no.: CIF-92.008.218 and address at: Paseo de Reding, número 47, Planta 4, Puerta 3. 29016-Málaga. Email:

Mercantile Register of Malaga under the following: Volume 1.419, page 71, inscription 1, with sheet MA-34181

MUSEO RALLI, S.L. is the party responsible for your data. (Hereinafter we, us or our).

  1. What data do we collect?

The General Data Protection Regulation tells us that personal data is any information about an identified or identifiable natural person, that is, all the information that makes it possible to identify a person. This would not include anonymous or percentage data.

On our website we can process certain types of personal data, which may include:

  • Identity data: name.
  • Contact information: email.

We do not collect any data related to special categories of personal data (those that reveal your ethnic or racial origin, political opinions, religious or philosophical convictions, union affiliation and information about your health and genetic or biometric data).

In the event that you are asked to collect personal data by law or according to the terms of contract between us and you refuse to provide them, we may not be able to perform the said contract or provide the service, and we must inform you in advance.

  1. How do we collect your personal data?

We use the following means to collect personal data:

  • Through the form on our website, through our contact emails, by phone or post, when:
    • Request information about our services
    • Hire the provision of our services
    • Subscribe to any of our services or publications
    • Send your comments

To ensure the quality of our website, we have to reserve the right to refuse any registration request or to suspend or cancel a previously accepted registration if we understand that it does not meet these requirements or any other law or regulation. If this happens, we will try to explain the reasons for our decision, but we cannot commit to doing so in all cases.

  • Through technology or automated interactions: on our website we can automatically collect technical data about your equipment, navigation actions and usage patterns. This data is collected through cookies or similar technology. If you want to expand the information, you can consult our cookies policy here
  • Through third parties:
    • Google: analytical data or search data. Outside the European Union.
  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • To form a contract between MUSEO RALLI, S.L. and yourself
  • When you give your consent to process your data
  • When we need them to comply with a legal or regulatory obligation
  • When it is necessary for our legitimate interest or that of a third party.

he User may revoke the consent given at any time by sending an email to or by consulting the section on exercising rights below.

Below we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for their use, as well as knowing what kind of personal data we are going to process. We can process certain personal data for any additional legal reason, so if you need details about this you can send an email to

FormPurposeData type Legitimacy for processing
ContactThe purpose is the management of contacts and requests for information received via the website– Name
– Email
– Telephone

Consent of the interested party (art. 6.1.a GDPR)

Pre-contractual measures (art. 6.1.b GDPR)
Processing necessary for the satisfaction of legitimate interests pursued by the controller (art. 6.1f GDPR)

NewsletterThe purpose is the management of the data provided to send information about our services and promotions– Email
– Name

Consent of the interested party (art. 6.1.a GDPR)
Pre-contractual measures (art. 6.1.b GDPR)
Processing necessary for the satisfaction of legitimate interests pursued by the controller (art. 6.1f GDPR)

BookingsThe purpose is the management of bookings– Name
– Email
– Telephone

Consent of the interested party (art. 6.1.a GDPR)

Processing necessary to comply with a legal obligation applicable to the controller (art. 6.1.c GDPR)
Processing necessary for the execution of a contract in which the interested party is a party or for the application at their request of pre-contractual measures (art. 6.1b GDPR)
Processing necessary for the satisfaction of legitimate interests pursued by the controller (art. 6.1f GDPR)

Commercial communications: you will only receive communications if

  • You requested information or made a contract with us for a product or service.
  • If you provided us with your information, accepting the box enabled in this respect on our form.
  • As long as you have not expressed your wish to stop receiving such communications.

We obtain your express consent before sending you any communication, with you being able to request at any time that we stop sending you communications via the email

When you choose to stop receiving our communications, your personal data will be stored as a result of the contract made by you to comply with legal requirements.

Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably believe that we should use it for another reason, notifying you in advance so that you are informed of the legal reason for processing it and provided the purpose is compatible with the original purpose.

  1. How long will we keep your data?

    It will be kept for the time necessary to fulfil the purpose for which it was collected and to determine the possible responsibilities that may arise from said purpose and the processing of the data. The provisions of the different regulations regarding the conservation period will apply, in what is applicable to this processing.

    Data of the subscribers by e-mail or form: From the moment the user subscribes until they unsubscribe.

  1. Minors.

    Museo Ralli, S.L. does not authorise minors under 14 years of age to provide their personal data through the means enabled on this website (filling in the web forms for requesting services, contact or by sending emails ). Therefore, people who provide personal data using such means formally state that they are over 14 years of age, leaving Museo Ralli, S.L exempt from any liability for non-compliance with this requirement.

    If your child under the established age limit has provided personal information to Museo Ralli, S.L., please contact us to request the exercising of your applicable rights.

    In those cases in which the services offered by Museo Ralli, S.L. are intended for children under 14 years of age, means will be enabled to obtain the authorisation of the minor’s parents or legal guardians.

  1. Exercising of Data Protection Rights:

We have implemented the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, modified or disclosed. In addition, we limit the access to your personal data to those employees, contractors and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspicion of a breach of your personal data and we will notify you and the Control Authority in this event, as regulated in the GDPR in its articles 33 and 34, a security breach.

Update: Version 1.4

March 2019