Privacy Policy

This legal text gives you details on how we collect and process your personal data through the use of our website, including any information that you may provide to us through the website when you register for our newsletter or provide your contact details using the form provided for this purpose.

In providing us with your personal data, we inform you that our services are not possible for those people for whom the regulations prevent them from giving their consent, so when you send us the forms you guarantee to us that you have sufficient capacity to grant consent.

  1. Party responsible for data processing

Contact details of the responsible party: MUSEO RALLI, S.L. with company ID no.: CIF-92.008.218 and address at: Plaza de la Iglesia 3-3, A-B, San Pedro de Alcántara, Marbella, Málaga, C.P. 29.670. Email:

Mercantile Register of Malaga under the following: Volume 1.419, page 71, inscription 1, with sheet MA-34181

MUSEO RALLI, S.L. is the party responsible for your data. (Hereinafter we, us or our).

  1. What data do we collect?

The General Data Protection Regulation tells us that personal data is any information about an identified or identifiable natural person, that is, all the information that makes it possible to identify a person. This would not include anonymous or percentage data.

On our website we can process certain types of personal data, which may include:

  • Identity data: name.
  • Contact information: email.

We do not collect any data related to special categories of personal data (those that reveal your ethnic or racial origin, political opinions, religious or philosophical convictions, union affiliation and information about your health and genetic or biometric data).

In the event that you are asked to collect personal data by law or according to the terms of contract between us and you refuse to provide them, we may not be able to perform the said contract or provide the service, and we must inform you in advance.  

  1. How do we collect your personal data?

We use the following means to collect personal data:

  • Through the form on our website, through our contact emails, by phone or post, when:
    • Solicita información de nuestros productos o servicios
    • Se suscribe a alguno de nuestros servicios o publicaciones

To ensure the quality of our website, we have to reserve the right to refuse any registration request or to suspend or cancel a previously accepted registration if we understand that it does not meet these requirements or any other law or regulation. If this happens, we will try to explain the reasons for our decision, but we cannot commit to doing so in all cases.

  • Through technology or automated interactions: on our website we can automatically collect technical data about your equipment, navigation actions and usage patterns. This data is collected through cookies or similar technology. If you want to expand the information, you can consult our cookies policy here
  • Through third parties:
    • Google: analytical data or search data. Outside the European Union.
  1. Purpose and legitimacy for the use of your data.

The most common uses of your personal data are:

  • To form a contract between MUSEO RALLI, S.L. and yourself
  • When you give your consent to process your data
  • When we need them to comply with a legal or regulatory obligation
  • When it is necessary for our legitimate interest or that of a third party.

he User may revoke the consent given at any time by sending an email to or by consulting the section on exercising rights below.

Below we attach a table in which you can consult the ways in which we will use your personal data and the legitimacy for their use, as well as knowing what kind of personal data we are going to process. We can process certain personal data for any additional legal reason, so if you need details about this you can send an email to

PurposeData type Legitimacy for processing
To request information through the contact form

–       Name

–       Email

Consent of the interested party
To subscribe to our Agenda–       EmailConsent of the interested party

Commercial communications: you will only receive communications if

  • You requested information or made a contract with us for a product or service.
  • If you provided us with your information, accepting the box enabled in this respect on our form.
  • As long as you have not expressed your wish to stop receiving such communications.

We obtain your express consent before sending you any communication, with you being able to request at any time that we stop sending you communications via the email

When you choose to stop receiving our communications, your personal data will be stored as a result of the contract made by you to comply with legal requirements.

Purpose: we will only use your data for the purposes for which we collect it, unless we reasonably believe that we should use it for another reason, notifying you in advance so that you are informed of the legal reason for processing it and provided the purpose is compatible with the original purpose.

Time held: The data will be held for the time needed to fulfil the purpose for which they were collected and to determine the possible responsibilities that could derive from said purpose and their processing. The provisions of the different regulations regarding the time held shall be applicable, as far as is applicable to this processing.

Subscriber data by email or form: From the moment the user subscribes until he or she unsubscribes.

  1. Your Data Protection Rights

How can you exercise these rights? Users may send a communication to the registered office of MUSEO RALLI, S.L. or email address, including in both cases a photocopy of their Spanish identity document or other similar document as proof of ID, to request that the following rights are exercised:

  • Access to your personal data: you may ask MUSEO RALLI, S.L. if your personal data are being used.
  • To request their rectification, if they were not correct, or to exercise the right to be forgotten with respect to them.
  • To request the limitation of processing, in this case they will only be conserved by MUSEO RALLI, S.L. to make or defend claims
  • To oppose their processing: MUSEO RALLI, S.L. will stop processing the data in the manner indicated by you, except when they must continue to be processed for legitimate reasons or to make or defend any claims.
  • Regarding portability of data: if you want your data to be processed by another firm, MUSEO RALLI, S.L. will facilitate the portability of your data to the new responsible party.

You can use the models placed at your disposal by the Spanish Data Protection Agency (AEPD) in order to exercise your aforementioned rights: Here

Claim before the AEPD: if you consider that there is a problem with the way in which MUSEO RALLI, S.L. is processing your data, you can direct your claims to the corresponding authority, with the following being considered competent to do so in Spain: Spanish Data Protection Agency.

We may have to request specific information to help us confirm your identity and guarantee your right to access your personal data (or exercise any of the other rights mentioned above). This is a security measure to ensure that personal data are not disclosed to any person who does not have the right to receive them.

We will resolve all requests within the legal indicated period of 1 month. However, this can take us over a month if your request is particularly complex, or if you have already performed a series of actions previously. In this case, we will notify you and keep you updated.

  1. Access to personal data for the provision of services

It is possible that we need the help of third parties (in charge of processing) to do our work, who will only process the data to provide the contracted service, and with whom we have taken corresponding measures to guarantee your rights:

  • Service providers that provide systems management and information technology services.
  • Professional advisors that include lawyers, auditors and insurers that provide banking, legal, insurance and accounting consultancy services.

All those responsible for processing to whom we transfer your data will respect the security of your personal data and will process them according to the GDPR.

We only allow these responsible parties to process your data for certain purposes and in accordance with our instructions. However, you may request from us a list of the companies that provide services to us, in compliance with transparency standards, at the email address:

  1. Data Security

We have implemented the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, modified or disclosed. In addition, we limit the access to your personal data to those employees, contractors and other third parties who have a commercial need to know such data. They will only process your personal data according to our instructions and will be subject to a duty of confidentiality.

We have implemented procedures to deal with any suspicion of a breach of your personal data and we will notify you and the Control Authority in this event, as regulated in the GDPR in its articles 33 and 34, a security breach.

Update: Version 1.4

March 2019