Privacy Policy

Protection and Privacy of Your Personal Data

Last updated: November 12, 2025

1. General Information

Data Processing Responsibility

In compliance with the General Data Protection Regulation (GDPR) and the EU data protection laws, we inform you that:

Controller:

CargoPay Solutions S.L.
C/ Gran Vía 123, 28013 Madrid, Spain
Tax ID: B-12345678

Contact:

privacy@cargopay.com
DPO: dpo@cargopay.com

Data Protection Officer (DPO): We have designated a DPO to oversee data protection compliance. You can contact them at: dpo@cargopay.com

2. Personal Data We Collect

Registration Data

Full name and surname
Email address
Phone number
Company data (name, tax ID, address)
Position in the company
Encrypted password

Verification Data

Identity document (ID/Passport)
Utility bill (recent)
Updated tax certificate
Transport licenses
Insurance policies
Training certificates

Usage Data

Navigation information
IP address and location
Browser type and device
Pages visited and time spent
Transaction history

Communication Data

Support conversations
Complaints and claims
Information requests
Feedback and reviews
WhatsApp Business data

3. Processing Purposes

We use your personal data to provide and manage CargoPay services:

User registration: Identity verification and account creation
Payment processing: Logistics transaction management
Company verification: Compliance with legal requirements
Operational communication: Shipment status notifications
Customer support: Technical support and issue resolution

Service Improvement:

Usage and behavior analysis
Platform optimization
New feature development
Fraud prevention

Marketing and Communications:

Newsletter and informational bulletins
Personalized promotions and offers
Satisfaction surveys
Event invitations

Important: Direct marketing will only be carried out if you have given your explicit consent.

4. Legal Basis for Processing

Contract Execution

Art. 6.1.b GDPR

Processing necessary for the execution of the service contract between you and CargoPay.

Registration, payment management, shipment processing

Legitimate Interest

Art. 6.1.f GDPR

Processing necessary for our legitimate interests, such as fraud prevention.

Security, data analysis, commercial communications

Consent

Art. 6.1.a GDPR

You have given your explicit consent for the processing of your personal data.

Direct marketing, non-essential cookies, promotional communications

Legal Obligation

Art. 6.1.c GDPR

Processing necessary to comply with applicable legal obligations.

Anti-money laundering prevention, tax obligations

5. Your Data Protection Rights

Right of Access

You have the right to obtain information about the personal data we have about you and how we process it.

Request Information

Right of Rectification

You have the right to rectify inaccurate data and complete incomplete data.

Correct Data

Right of Erasure

You have the right to request the deletion of your personal data when it is no longer necessary.

Request Deletion

Right of Restriction

You have the right to restrict the processing of your data under certain circumstances.

Restrict Processing

Right of Portability

You have the right to receive your data in a structured format and transfer it to another controller.

Request Portability

Right of Objection

You have the right to object to the processing of your data for reasons related to your particular situation.

Object to Processing

How to Exercise Your Rights

To exercise any of these rights, you can contact us at:

Email: privacy@cargopay.com
DPO: dpo@cargopay.com
Mail: CargoPay Solutions S.L., C/ Gran Vía 123, 28013 Madrid, Spain

Response time: We will respond within a maximum of 1 month from the receipt of your request.

6. International Data Transfers

Transfer Protection

Your personal data may be transferred and processed in countries outside the European Economic Area (EEA). In these cases, we guarantee an adequate level of protection through:

Adequate Countries:

United Kingdom (post-Brexit)
United States (companies with Privacy Shield)
Switzerland
Japan

Protection Measures:

Standard Contractual Clauses (SCC)
Approved Codes of Conduct
Protection certifications
Binding Corporate Rules

7. Security Measures

Encryption

SSL/TLS 256-bit encryption for all communications

Infrastructure

Secure servers with banking-level certifications

Controlled Access

Only authorized personnel with multi-factor authentication

8. Data Retention

Data Type	Retention Period	Reason
User account	During contractual relationship + 5 years	Legal and accounting obligations
Verification data	During relationship + 7 years	Regulatory compliance and audit
Transaction data	7 years	Tax and accounting obligations
Marketing data	Until consent withdrawal	Consent legal basis
Security logs	2 years	Fraud prevention and security

9. Cookie Policy

Cookie Management

We use cookies and similar technologies to improve your experience on our platform. You can manage your cookie preferences at any time through:

Configuration panel: Available in your user profile
Browser configuration: By blocking or deleting cookies
Third-party tools: Opt-out of personalized advertising

Types of cookies used:

Essential: Necessary for site functionality
Analytical: To analyze usage and improve service
Functional: To personalize the experience
Advertising: To show relevant ads (with consent)

10. Minors Protection

Our services are exclusively aimed at persons over 18 years of age. We do not intentionally collect personal data from minors under 18 years of age.

If we become aware that we have collected data from a minor without verifiable parental consent, we will take the necessary steps to delete this information from our servers.

If you are a parent/guardian and discover that your child has provided us with personal data: Contact privacy@cargopay.com immediately so we can delete this information.

11. Modifications to this Policy

We may update this Privacy Policy occasionally to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Change Notification:

We will notify you by email if the changes are significant
We will publish the updated policy on our website
We will indicate the "last updated" date at the top
We will request consent for changes that require your approval

We recommend reviewing this policy periodically to stay informed about how we protect your information.

12. Right to Lodge a Complaint

If you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, place of work or place of the alleged infringement.

Supervisory Authority in Spain:

Spanish Data Protection Agency (AEPD)
C/ Jorge Juan, 6, 28001 Madrid
Phone: +34 918 663 601
Website: www.aepd.es
Email: consultas@aepd.es

Before lodging a complaint, we invite you to contact us so we can resolve any concerns.

Questions About Your Privacy?

Our data protection team is here to help you

Contact DPO Privacy Support