Privacy Policy and Data Protection
Processing on this site complies with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and digital rights (LOPDGDD). When you use the 'Viability Auditor' or contact us, you may provide data about your administrative or immigration situation and, where applicable, particularly sensitive information; this policy explains the purposes, legal bases and safeguards in a transparent way.
Controller: Jorge Francés Olivas (tax ID 48579057-K), address Calle Isidoro Sevilla, 24, 03009, Alicante (Spain). Contact for exercising rights and privacy queries: info@via2026.es.
Categories of data and sensitivity
Depending on what you voluntarily provide in the Auditor or in a pre-contractual/contractual relationship, we may process data about your regularisation situation, circumstances or background you mention in relation to regularisation options, and identifying and contact data. Some of this information may be sensitive given the purpose (viability assessment and file management). Processing is limited to what is necessary, with appropriate technical and organisational measures, and is not used for unrelated purposes.
Purpose of processing
Personal data are processed to: assess the legal viability of your case under the 2026 Extraordinary Regularisation; prepare quotes and service proposals; manage the file and contractual relationship if you instruct us; communicate by email, WhatsApp or other channels you use; and comply with legal obligations applicable to the legal services provider where relevant.
Legal basis
The main legal basis is your express consent, given via the acceptance checkbox (e.g. before generating the Auditor report or when submitting a form, if any). Processing necessary for pre-contractual or contractual measures at your request, and for compliance with legal obligations, may also rely on the bases provided for in Articles 6 and 9 GDPR where applicable.
Retention
Data are kept for as long as the relationship or enquiry lasts and thereafter for the periods needed to address possible claims and liabilities (typically until they are time-barred), unless you request erasure where applicable. Data from enquiries without a contract may be kept for a limited period (e.g. up to twenty-four months from last contact) unless a different legal obligation or justified need applies.
Recipients and transfers
Data will not be disclosed to third parties except where required by law or necessary for the contracted service (e.g. administrative or judicial bodies when you authorise this or the law requires it). For email, hosting, messaging (e.g. WhatsApp Business) or IT/CRM providers, processors act under contract; if transfers occur outside the EEA, GDPR safeguards (adequacy decisions, standard clauses or others) will apply.
Your rights
You may exercise rights of access, rectification, erasure, objection, restriction of processing, portability and, where applicable, not to be subject to decisions based solely on automated processing, by writing to info@via2026.es with subject "Data protection" and a copy of an identity document. If you consider processing unlawful, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
Data Protection Officer (DPO)
No DPO has been appointed as it is not mandatory under Article 37 GDPR and implementing rules. If this changes, the DPO’s contact details will be published here.
Supervisory authority
In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD), C/ Jorge Juan, 6, 28001 Madrid — https://www.aepd.es