Privacy Policy
We keep this simple because our data practices are simple. We collect only what we need to run our service, we do not sell your data, and we do not share it with advertisers. This policy explains exactly what we hold, why we hold it, and what your rights are.
Who We Are
Easy to Spain operates the websites easytospain.com, spanieneinfach.de, and makkelijknaarspanje.nl. These sites provide step-by-step guides and modules to help people manage their move to Spain.
For the purposes of GDPR and other applicable data protection laws, Easy to Spain is the data controller responsible for your personal data.
What Data We Collect and Why
We collect only the minimum data necessary to provide our service. The table below sets out exactly what we hold.
Data | Purpose | Stored by us? |
|---|---|---|
Username | To identify your account within the platform | Yes |
Email address | Account login, transactional emails (receipts, password resets) | Yes |
Password | Account authentication — stored as a one-way hash only; we cannot read it | Hashed only |
Payment data | Processing purchases — handled entirely by Stripe; we never see or store your card details | Stripe only |
Analytics data | Understanding site usage — collected anonymously via Google Analytics (IP anonymisation enabled, no cross-site tracking) | Anonymous |
We do not collect your name, address, phone number, nationality, or any information about your immigration status. You choose what to include in your module progress — that content stays in your account and is not used for any other purpose.
Legal Basis for Processing
Account data (username, email, hashed password): processed on the basis of contractual necessity — we need this information to provide the service you signed up for.
Payment processing: processed on the basis of contractual necessity and legal obligation. Stripe processes your payment data under their own privacy policy and as a regulated payment processor.
Analytics: processed on the basis of our legitimate interest in understanding how visitors use our website, so we can improve it. Because we use IP anonymisation and do not enable advertising features, no personal data is transmitted to Google.
Third-Party Services
Stripe processes all payments. When you purchase a module, you are redirected to or interact with Stripe's secure payment interface. Stripe is PCI-DSS compliant. We receive a transaction confirmation and a customer reference number — nothing else. Stripe's privacy policy is available at stripe.com/privacy.
Google Analytics is used in anonymous mode only. We have enabled IP anonymisation, disabled advertising personalisation features, and do not use cross-site or cross-device tracking. The data Google receives contains no information that can identify you individually. Google's privacy policy is available at policies.google.com/privacy.
We do not use any other third-party tracking, advertising, or data-sharing services. We do not sell, rent, or otherwise share your data with any third party for marketing purposes.
How Long We Keep Your Data
We retain your account data (username, email, hashed password) for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law — for example, Stripe transaction records, which we retain for 7 years to comply with financial and tax regulations.
Anonymous analytics data has no identifiable retention limit, as it cannot be linked to any individual.
Cookies
We use a small number of cookies:
Essential cookies are required for the site to function — for example, keeping you logged in between pages. These cannot be disabled.
Analytics cookies are set by Google Analytics in anonymous mode. You can decline these via our cookie banner without affecting your use of the site.
We do not use advertising cookies, tracking pixels, or any cookies set by social media platforms.
Your Rights
Under GDPR and applicable national data protection laws, you have the following rights:
→ Access — request a copy of the personal data we hold about you
→ Rectification — ask us to correct inaccurate data
→ Erasure — request deletion of your personal data ("right to be forgotten")
→ Restriction — ask us to limit how we process your data in certain circumstances
→ Portability — receive your data in a structured, machine-readable format
→ Objection — object to processing based on legitimate interests
→ Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority if you believe we have handled your data unlawfully.
Security
All data transmitted between your browser and our servers is encrypted via HTTPS/TLS. Passwords are hashed using a secure one-way algorithm before storage — this means neither we nor anyone with access to our database can read your password.
We do not store payment card details at any point. All payment data is handled exclusively by Stripe within their PCI-DSS certified environment.
Changes to This Policy
If we make material changes to this privacy policy, we will notify registered users by email before the changes take effect and update the "Last updated" date at the top of this page. Continued use of the service after that date constitutes acceptance of the updated policy.
Contact
For any questions about this privacy policy, or to exercise your data rights, please contact us at: hello@easytospain.com We aim to respond to all data-related requests within 30 days.
Ready to start your Spanish adventure?
Get the paperwork out of the way so you can get to the tapas, sunshine, and siestas.
No credit card required to sign up.