Privacy Policy
BAGS&GO – DELIVERY WAREHOUSE, SL
Last Updated: June 19, 2025
1. INTRODUCTION
Delivery Warehouse, SL (trading as “Bags&Go”) is committed to protecting your privacy and ensuring the secure handling of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our luggage storage and delivery services.
Data Controller:
- Company: Delivery Warehouse, SL
- Address: Muelle de Sant Bertràn, S/N 08039 – Barcelona, Spain
- Tax ID: ESB64817646
- Contact: info@bagsandgo.com
- Phone: +34 93 443 72 65
2. LEGAL BASIS
This Privacy Policy complies with:
- General Data Protection Regulation (GDPR) – EU Regulation 2016/679
- Spanish Data Protection Law (LOPDGDD) – Organic Law 3/2018
- Law 34/2002 on Information Society Services and Electronic Commerce
- Law 9/2014 on Telecommunications
3. WHAT PERSONAL DATA WE COLLECT
3.1 Information You Provide Directly
When you use our services, we collect:
Booking Information:
- Full name and contact details
- Email address and phone number
- Pickup and delivery addresses
- Travel itinerary (flight numbers, cruise details, accommodation)
- Number of luggage pieces
- Special service requests
Payment Information:
- Billing address
- Payment method (processed securely through our payment providers)
- Transaction history and receipts
Account Information:
- Login credentials (if you create an account)
- Communication preferences
- Previous booking history
3.2 Information Collected Automatically
When you visit our website or use our services:
Technical Data:
- IP address and location data
- Browser type and version
- Device information (mobile, tablet, desktop)
- Operating system
- Language preferences
Usage Data:
- Pages visited and time spent
- Click patterns and navigation paths
- Booking funnel interactions
- Search queries within our system
Cookies and Similar Technologies:
- Session cookies for booking functionality
- Preference cookies for language/settings
- Analytics cookies (with your consent)
- Marketing cookies (with your consent)
3.3 Location Data
Google Maps Integration:
- Address verification for pickup/delivery
- Route optimization
- Service area validation
- Postal code verification
GPS Data (Mobile App):
- Current location for nearby service points
- Real-time delivery tracking
- Service area determination
4. HOW WE USE YOUR PERSONAL DATA
4.1 Service Provision
Primary Purposes:
- Process and fulfill your booking requests
- Coordinate luggage pickup and delivery
- Communicate service updates and confirmations
- Provide customer support
- Process payments and issue receipts
Operational Purposes:
- Route planning and logistics optimization
- Quality assurance and service improvement
- Inventory and luggage tracking
- Security and fraud prevention
4.2 Legal and Compliance
Regulatory Requirements:
- Tax and accounting obligations
- Anti-money laundering compliance
- Customs and security reporting
- Insurance and liability management
Safety and Security:
- Identity verification
- Suspicious activity monitoring
- Compliance with law enforcement requests
- Emergency contact procedures
4.3 Marketing and Communications (With Consent)
Direct Marketing:
- Service updates and promotions
- Seasonal offers and discounts
- New service announcements
- Customer satisfaction surveys
Analytics and Improvement:
- Website performance optimization
- Service enhancement based on usage patterns
- Customer behavior analysis
- Booking conversion improvement
5. LEGAL BASIS FOR PROCESSING
We process your personal data based on the following legal grounds:
5.1 Contract Performance
- Article 6(1)(b) GDPR: Processing necessary for contract execution
- Booking fulfillment and service delivery
- Payment processing and receipt issuance
- Customer support and communication
5.2 Legal Obligation
- Article 6(1)(c) GDPR: Compliance with legal requirements
- Tax and accounting records
- Anti-fraud and security measures
- Regulatory reporting obligations
5.3 Legitimate Interest
- Article 6(1)(f) GDPR: Our legitimate business interests
- Service improvement and optimization
- Fraud prevention and security
- Direct marketing to existing customers
5.4 Consent
- Article 6(1)(a) GDPR: Your explicit consent
- Marketing communications
- Non-essential cookies
- Location tracking (when optional)
6. DATA SHARING AND TRANSFERS
6.1 Service Providers
We share data with trusted third parties who help us provide our services:
Payment Processors:
- Secure payment gateway providers
- Credit card processing companies
- Fraud detection services
- Invoice and accounting systems
Technology Partners:
- Google Maps for location services
- WPML for multilingual support
- WooCommerce for e-commerce functionality
- Cloud hosting providers
Logistics Partners:
- Delivery and transport companies
- Warehouse and storage facilities
- Port and airport authorities (when required)
- Insurance providers
6.2 Legal Disclosures
We may disclose your data when required by law:
- Court orders and legal proceedings
- Law enforcement investigations
- Customs and security authorities
- Tax and regulatory audits
6.3 International Transfers
Within EU/EEA:
- Data primarily processed within the European Economic Area
- Adequate protection under GDPR standards
Outside EU/EEA:
- Only to countries with adequacy decisions
- Or with appropriate safeguards (Standard Contractual Clauses)
- Or with your explicit consent
7. DATA RETENTION
7.1 Active Customer Data
During Service Relationship:
- Account information: Until account closure + 1 year
- Booking history: 7 years (for tax and legal purposes)
- Communication records: 3 years after last contact
7.2 Transaction Records
Financial Data:
- Payment records: 7 years (legal requirement)
- Invoice and receipt data: 7 years
- Tax-related information: As required by Spanish law
7.3 Marketing Data
Consent-Based Processing:
- Marketing lists: Until consent withdrawn + 6 months
- Analytics data: 24 months maximum
- Preference settings: Until updated or account closure
7.4 Legal Hold
Extended Retention:
- Data subject to legal proceedings: Until resolution
- Regulatory investigations: As required by authorities
- Insurance claims: Until claim resolution + 7 years
8. YOUR RIGHTS UNDER GDPR
8.1 Access Rights
Right to Access (Article 15)
- Request a copy of your personal data
- Information about how we process your data
- Details of data sharing and retention periods
8.2 Correction Rights
Right to Rectification (Article 16)
- Correct inaccurate personal data
- Complete incomplete information
- Update outdated details
8.3 Deletion Rights
Right to Erasure (Article 17)
- Request deletion of your personal data
- When processing is no longer necessary
- When you withdraw consent
- Subject to legal retention requirements
8.4 Restriction Rights
Right to Restrict Processing (Article 18)
- Limit how we use your data
- While accuracy is being verified
- During legal proceedings
- For legitimate interest balancing
8.5 Portability Rights
Right to Data Portability (Article 20)
- Receive your data in a machine-readable format
- Transfer data to another service provider
- Applies to consent-based and contract-based processing
8.6 Objection Rights
Right to Object (Article 21)
- Object to processing based on legitimate interests
- Object to direct marketing (absolute right)
- Object to profiling and automated decision-making
9. HOW TO EXERCISE YOUR RIGHTS
9.1 Contact Methods
Email: privacy@bagsandgo.com (dedicated privacy contact) Post:
Data Protection Officer
Delivery Warehouse, SL
Muelle de Sant Bertràn, S/N
08039 Barcelona, Spain
Phone: +34 93 443 72 65 (mention “data protection request”)
9.2 Identity Verification
For security purposes, we require:
- Clear copy of official ID (passport, national ID, driving license)
- Proof of address (if requesting address-related data)
- Specific description of your request
9.3 Response Times
- Initial response: Within 72 hours
- Full response: Within 30 days (may be extended to 60 days for complex requests)
- Free of charge: First request per year
- Reasonable fees: May apply for excessive or repetitive requests
9.4 Appeals Process
If you’re not satisfied with our response:
- Contact our Data Protection Officer directly
- File a complaint with Spanish Data Protection Authority (AEPD)
- Seek judicial remedy through Spanish courts
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Essential Cookies
Always Active (no consent required):
- Session management for booking process
- Security and fraud prevention
- Language and region preferences
- Shopping cart functionality
10.2 Functional Cookies
With Your Consent:
- Remember your preferences and settings
- Auto-fill forms with previous information
- Customized user interface
- Accessibility enhancements
10.3 Analytics Cookies
With Your Consent:
- Google Analytics for website usage
- Booking funnel optimization
- Performance monitoring
- User behavior analysis
10.4 Marketing Cookies
With Your Consent:
- Personalized advertisements
- Social media integration
- Retargeting campaigns
- Cross-platform tracking
10.5 Cookie Management
Your Control Options:
- Cookie consent banner on first visit
- Cookie preference center (accessible anytime)
- Browser settings for cookie blocking
- Opt-out tools for specific services
11. DATA SECURITY
11.1 Technical Measures
Encryption:
- SSL/TLS encryption for all data transmission
- AES-256 encryption for stored data
- End-to-end encryption for sensitive communications
- Encrypted backups and archives
Access Controls:
- Multi-factor authentication for staff
- Role-based access permissions
- Regular access reviews and updates
- Secure password policies
11.2 Organizational Measures
Staff Training:
- Regular data protection training
- Privacy awareness programs
- Incident response procedures
- Confidentiality agreements
Physical Security:
- Secured data centers with restricted access
- CCTV monitoring and access logs
- Environmental controls and redundancy
- Secure disposal of hardware
11.3 Incident Response
Data Breach Procedures:
- 72-hour notification to supervisory authority
- Immediate customer notification (if high risk)
- Forensic investigation and containment
- Remediation and prevention measures
12. THIRD-PARTY SERVICES
12.1 Integrated Services
Google Services:
- Google Maps for location services
- reCAPTCHA for spam prevention
- Google Analytics (with consent)
- Privacy Policy: https://policies.google.com/privacy
Payment Providers:
- Secure payment processing
- PCI DSS compliant systems
- Tokenization of payment data
- Fraud detection services
Email Services:
- Transactional email delivery
- Marketing automation (with consent)
- Bounce and delivery tracking
- Unsubscribe management
12.2 Data Processing Agreements
All third-party processors are bound by:
- Data Processing Agreements (DPAs)
- GDPR compliance requirements
- Security and confidentiality obligations
- Data breach notification procedures
13. CHILDREN’S PRIVACY
13.1 Age Restrictions
- Our services are not directed to children under 16
- We do not knowingly collect data from children under 16
- Parental consent required for users under 18
- Special protection for vulnerable individuals
13.2 Discovery of Child Data
If we become aware that we have collected data from a child under 16:
- Immediate cessation of processing
- Deletion of data within 72 hours
- Notification to parents/guardians
- Review of collection procedures
14. AUTOMATED DECISION-MAKING
14.1 Automated Processing
We use automated systems for:
- Fraud detection: Risk scoring for transactions
- Pricing: Dynamic pricing based on demand
- Route optimization: Efficient delivery planning
- Customer service: Automated response systems
14.2 Your Rights
Regarding Automated Decisions:
- Right to human review of automated decisions
- Right to challenge automated outcomes
- Right to provide additional information
- Right to request manual processing
15. INTERNATIONAL CUSTOMERS
15.1 Cross-Border Services
For customers outside Spain/EU:
- Local data protection laws may apply
- Additional consent may be required
- Extended retention periods possible
- Different rights and remedies available
15.2 Brexit Considerations
For UK customers:
- UK GDPR compliance maintained
- Adequacy arrangements respected
- Standard Contractual Clauses where needed
- Continued data protection standards
16. POLICY UPDATES
16.1 Change Notifications
How We Inform You:
- Email notification to registered users
- Website banner for 30 days after changes
- Updated “Last Modified” date clearly displayed
- Summary of material changes provided
16.2 Continued Use
- Continued use constitutes acceptance of changes
- Right to object to material changes
- Option to close account if unsatisfied
- No retroactive application to previous data
17. CONTACT INFORMATION
17.1 Data Protection Contacts
General Inquiries:
- Email: info@bagsandgo.com
- Phone: +34 93 443 72 65
Privacy Specific:
- Email: privacy@bagsandgo.com
- Subject Line: “Privacy Policy Inquiry” or “Data Subject Request”
Postal Address:
Data Protection Officer
Delivery Warehouse, SL
Muelle de Sant Bertràn, S/N
08039 Barcelona, Spain
17.2 Supervisory Authority
Spanish Data Protection Authority (AEPD):
- Website: https://www.aepd.es
- Phone: +34 901 100 099
- Address: Calle Jorge Juan, 6, 28001 Madrid, Spain
18. FINAL PROVISIONS
18.1 Language
- This Privacy Policy is originally written in English
- Spanish translation available upon request
- In case of discrepancy, English version prevails
- Local language versions may be provided for specific jurisdictions
18.2 Severability
If any provision of this Privacy Policy is deemed invalid or unenforceable, the remaining provisions shall continue in full force and effect.
18.3 Entire Agreement
This Privacy Policy, together with our Terms and Conditions, constitutes the complete privacy agreement between you and Delivery Warehouse, SL.
Effective Date: June 19, 2025 Version: 2.0
We are committed to protecting your privacy and handling your personal data responsibly. If you have any questions about this Privacy Policy, please don’t hesitate to contact us.
