+34 631 103 560
Book Now
Privacy Policy

Your privacy is important to us. Learn how Royal Ride Madrid collects, uses, and protects your personal data in compliance with GDPR and Spanish law.

  1. Home
  2. Privacy Policy

Last updated: September 2025

1. Introduction

1.1 Purpose

This Privacy Policy explains how Royal Ride Madrid (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website, booking system, and related services. It also explains your rights under applicable data protection laws and how to exercise them.

1.2 Scope

This Policy applies to:

  • Our website and booking flows available at royalridemadrid.com.
  • Communications you have with us by email, phone, WhatsApp, or contact forms.
  • Cookies and similar technologies used on our site (see Section 8).

This Policy does not apply to third-party websites or services we don’t control. For payment card processing, we use Stripe; see Section 4-5 for details.

1.3 Who we are

Royal Ride Madrid is a private hire/taxi service operating in Spain. We are the data controller for the processing described in this Policy. Full controller details are provided in Section 2.

1.4 Legal framework

We process personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR);
  • Ley Orgánica 3/2018 (LOPDGDD) on data protection and digital rights in Spain; and
  • Ley 34/2002 (LSSI-CE) regarding information society services and electronic communications.

1.5 Key principles

We handle personal data lawfully, fairly, and transparently; limit processing to the purposes stated in this Policy; minimize the data we collect; keep it accurate and up to date; store it only as long as necessary; and protect it with appropriate security measures (see Section 10).

1.6 Updates to this Policy

We may update this Policy to reflect legal, technical, or business changes. When we make material changes, we will post the updated version here and, where appropriate, notify you. The “Last updated” date will indicate the latest revision (see Section 12).

1.7 How to use this document

For what data we collect, see Section 3. For our purposes and legal bases, see Section 4. For data sharing (e.g., Stripe, hosting, analytics like Google Site Kit/Analytics), see Section 5. For your rights (access, deletion, portability, etc.), see Section 7. For cookies, see Section 8. For contact details, see Section 13.

2. Data Controller Information

In compliance with Regulation (EU) 2016/679 (GDPR) and Ley Orgánica 3/2018 (LOPDGDD), the data controller responsible for processing personal data collected through this website is:

  • Name: Zeeshan Bin Sadiq Fatima
  • Commercial Name: Royal Ride Madrid
  • Business Activity: Private taxi and chauffeur services in Madrid
  • NIF: 60732421R
  • Address: C. Cardenal Cisneros, 4, 28320 Pinto, Madrid
  • Email: info@royalridemadrid.com
  • Phone: +34 610 790 586
  • Website: https://royalridemadrid.com

For the purposes of this Privacy Policy, references to “we”, “our” or “us” refer to Royal Ride Madrid, operated by the autónomo identified above as the data controller. If you have questions about how your personal data is used, please contact us using the details above or see Section 13 (Contact Information).

3. Data We Collect

We only collect the personal data that is necessary for the purposes described in Section 4. This includes information you provide directly through our booking system, as well as data collected automatically when you interact with our website.

3.1 Personal Data from Bookings

When you make a reservation or contact us, we may collect the following information:

  • Identity data: First name, last name, and passenger details.
  • Contact data: Email address, phone number, and billing address.
  • Booking details: Pickup and drop-off locations, date and time of travel, flight number, luggage, and number of passengers.
  • Payment data: If you choose online payment, transactions are processed securely via Stripe. We do not store card numbers or CVV codes on our servers.
    If you choose to pay by cash or credit card on pickup, the payment is made directly to the assigned driver. In these cases, we only record that the booking has been paid, but we do not process or store your payment details.
  • Communication records: Emails, WhatsApp/JoinChat messages, or form submissions you send to us.

3.2 Automatically Collected Data (Cookies, Analytics)

When you visit our website, certain information is collected automatically through cookies and similar technologies (see Section 8), such as:

  • Technical data including IP address, browser type, device information, and operating system.
  • Usage data such as pages visited, time spent on site, and navigation patterns.
  • Analytics data collected via Google Site Kit/Analytics (only if you have given consent through our Cookie Banner).

This information is used to improve our services, ensure website security, and analyze performance. Non-essential cookies are only activated once you have provided consent.

4. Purpose and Legal Basis of Processing

We process personal data in accordance with the principles of lawfulness, fairness, and transparency established under the GDPR. The purposes for which we use your personal data, and the corresponding legal bases, are as follows:

  • Service provision and booking management To register and manage your reservations, allocate drivers, process payments, and provide customer support. Legal basis: Performance of a contract (Art. 6.1(b) GDPR).
  • Payment processing To process secure online payments through Stripe, or to register bookings paid directly to drivers by cash or card at pickup. Legal basis: Performance of a contract (Art. 6.1(b) GDPR) and compliance with legal obligations regarding invoicing and accounting (Art. 6.1(c) GDPR).
  • Communication To contact you regarding your booking, respond to inquiries, and send confirmation or reminder messages by email, phone, or WhatsApp. Legal basis: Performance of a contract (Art. 6.1(b) GDPR).
  • Analytics and website improvement To analyze website traffic, improve functionality, and optimize services using tools such as Google Site Kit/Analytics. Non-essential analytics cookies are only used if you provide consent. Legal basis: Consent (Art. 6.1(a) GDPR).
  • Legal compliance To comply with obligations under tax, accounting, and consumer protection laws, and to cooperate with competent authorities when legally required. Legal basis: Legal obligation (Art. 6.1(c) GDPR).
  • Marketing communications (if applicable) If you have opted in, we may send you occasional offers or updates about our services. You may withdraw consent at any time. Legal basis: Consent (Art. 6.1(a) GDPR).

We do not use your personal data for automated decision-making or profiling that produces legal or significant effects, unless explicitly stated and with your consent.

5. How We Share Data

We treat your personal data with strict confidentiality and do not sell it to third parties. However, we may share your data with trusted partners and service providers when necessary to deliver our services or comply with legal obligations:

  • Drivers To complete your booking, we share relevant details (such as name, pickup and drop-off locations, date/time of travel, flight number, and contact number) with the assigned driver. If you pay in cash or by card at pickup, the driver collects payment directly on our behalf. Drivers are instructed to handle personal data responsibly and only for the purpose of fulfilling the ride.
  • Payment processor (Stripe) Online card payments are processed securely through Stripe. Your card details are transmitted directly to Stripe and are never stored on our servers. Stripe acts as an independent data processor in this context. You can read Stripe’s privacy policy here: https://stripe.com/privacy.
  • Hosting provider (Hostinger) Our website and booking system are hosted by Hostinger, which may have technical access to data stored on our servers. A Data Processing Agreement (DPA) is in place to ensure compliance with GDPR.
  • Analytics and tracking tools (Google) We use Google Site Kit/Analytics to monitor website traffic and improve services. These tools may collect information such as your IP address or browsing behavior. Non-essential analytics only run if you have consented via our Cookie Banner (see Section 8). You can read Google’s privacy policy here: https://policies.google.com/privacy.
  • Authorities and legal compliance We may disclose personal data to public authorities, courts, regulators, or legal advisors if required by law, or if necessary to protect our rights, property, or safety, or that of our customers and partners.

All third-party providers engaged by us are carefully selected to ensure they meet GDPR standards and are contractually bound to use personal data only for the purposes specified in this Privacy Policy.

6. Data Retention Periods

We only keep personal data for as long as necessary to fulfill the purposes described in Section 4, unless a longer retention period is required by law. The retention criteria we apply are:

  • Booking and service data Retained for a period of 5 years in accordance with Spanish tax and accounting regulations, to meet legal and fiscal obligations.
  • Payment records Financial and invoicing information is stored for 5 years, as required under Spanish law. Card details processed via Stripe are never stored on our servers.
  • Communications and inquiries Emails, chat records, and form submissions are retained for up to 2 years to handle inquiries and resolve potential disputes.
  • Analytics data Data collected through Google Analytics is retained according to Google’s retention settings (typically 14–26 months) and anonymized where possible. This only applies if you have consented to analytics cookies (see Section 8).
  • Marketing data If you have consented to receive marketing communications, we retain your data until you withdraw your consent or request erasure.

Once the relevant retention period expires, we securely delete or anonymize the personal data, unless it must be kept for ongoing legal proceedings, audits, or regulatory requirements.

7. User Rights

In accordance with the General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD), you have the following rights regarding your personal data:

  • Right of access You may request confirmation as to whether we are processing your personal data and obtain a copy of the data we hold about you.
  • Right to rectification You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”) You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
  • Right to restriction of processing You may request that we temporarily suspend processing of your data if you contest its accuracy, object to processing, or require it for legal claims.
  • Right to data portability You may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller.
  • Right to object You may object at any time to the processing of your personal data for direct marketing purposes or for reasons related to your particular situation.
  • Right to withdraw consent If processing is based on your consent (e.g., for marketing or non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise your rights, please contact us using the details provided in Section 13 (Contact Information). Please include your name, contact information, and details of your request. We may ask for proof of identity to ensure the security of your personal data.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyze website performance, and deliver relevant content. Cookies are small files stored on your device when you visit our site.

8.1 Types of Cookies We Use

  • Strictly necessary cookies Essential for the operation of our website and booking system (e.g., session cookies, security tokens). These cannot be disabled.
  • Functional cookies Enable additional features such as remembering your preferences and language settings.
  • Analytics cookies Used by Google Site Kit/Analytics to measure traffic and usage patterns. These are only activated if you consent via our Cookie Banner.
  • Marketing cookies Used to deliver targeted advertising (if enabled in the future). These are only set with your explicit consent.

8.2 Consent Management

When you first visit our website, you are presented with a cookie banner powered by CookieYes. This banner allows you to:

  • Accept all cookies
  • Reject all non-essential cookies
  • Customize your cookie preferences by category

Non-essential cookies (analytics or marketing) will only be activated once you have provided consent. You may change or withdraw your consent at any time through the cookie settings available on our site.

8.3 Third-Party Cookies

Some cookies are set by third-party providers such as Google. We do not control these cookies, and they are subject to the privacy policies of the respective providers. For more details, see Google’s policy at: https://policies.google.com/privacy.

8.4 Managing Cookies

You can also manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our booking system and certain features of the site.

9. International Data Transfers

As part of providing our services, some of your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In particular, this may occur when using third-party providers such as Stripe and Google.

  • Stripe Stripe may process payment-related data on servers located outside the EEA, including in the United States. Stripe ensures compliance with GDPR through the use of Standard Contractual Clauses (SCCs) and other approved transfer mechanisms. You can read more at: https://stripe.com/privacy.
  • Google (Site Kit/Analytics) Google may process analytics data on servers located outside the EEA. Google also relies on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of personal data. More information is available at: https://policies.google.com/privacy/frameworks.

When such transfers occur, we take appropriate safeguards to ensure that your personal data remains protected in line with GDPR requirements. These include the use of Standard Contractual Clauses and ensuring that providers have adequate security measures in place.

By using our services, you acknowledge that your data may be transferred to these providers outside the EEA, subject to the safeguards described above.

10. Security Measures

We apply appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. While no system is completely secure, we work to safeguard your information in accordance with industry standards and legal requirements.

  • Secure connections: All communication with our website is encrypted using SSL/TLS (HTTPS).
  • Access control: Access to personal data is restricted to authorized personnel and drivers, limited to what is strictly necessary for fulfilling bookings.
  • Data minimization: We only collect and process data that is necessary for the purposes described in Section 4.
  • Hosting security: Our website is hosted by Hostinger, which provides server security, backups, and monitoring in compliance with GDPR.
  • Third-party compliance: We only use processors such as Stripe, Google, and CookieYes that provide GDPR-compliant services and safeguard data with appropriate contractual measures.
  • Monitoring: We regularly monitor our systems for vulnerabilities and ensure timely updates to maintain security.

Despite our efforts, no method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Agencia Española de Protección de Datos (AEPD) in accordance with GDPR requirements.

11. Children’s Data

Our services are intended for adults and are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a child without verifiable parental consent, we will take steps to delete such data as quickly as possible.

If you believe that a child under 16 has provided us with personal information, please contact us immediately using the details provided in Section 13 (Contact Information), so that we can investigate and take appropriate action.

Parents or legal guardians remain responsible for ensuring that children do not use our booking system or provide personal data without appropriate supervision.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. When significant changes are made, we will:

  • Publish the updated version on this page, indicating the new “Last updated” date.
  • Where appropriate, notify you by email or through a notice on our website.

We encourage you to review this page periodically to stay informed about how we handle your personal data. The continued use of our services after an update constitutes acceptance of the revised Privacy Policy.

13. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need further clarification on how we process your personal data, you can contact us at: info@royalridemadrid.com