Privacy policy in force until 31-12-2023

Iberia Privacy Policy for Customers and Passengers

Our Privacy Commitment

Iberia is committed to respecting your privacy and protecting your personal information.

We will be transparent about the information we are collecting and what we will do with it.
We will use the information you give us for the purposes described in our Privacy Policy, which include providing you with services you have requested and enhancing your experience with IBERIA.
We will also use the information to help us understand you better and so that we can give you relevant offers.
If you tell us you don’t want to receive marketing messages we will stop sending them. We will, of course, continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.
We will put in place measures to protect your information and keep it secure.
We will respect your data protection rights and aim to give you control over your own information.

You can access our full Privacy Policy below to help you to understand better how we use your personal information. In it, we explain in more detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with.

Within our full Privacy Policy you can find some specific examples of why and how we use your personal information. If you have further questions please get in touch with us at our Data Protection Office by email at OficinaDPO@iberia.es.

Without prejudice of your rights under the relevant applicable laws, this Privacy Policy and the information above have no contractual nature and are not a part of your contract with us.

Controller of Personal Information

Any personal information processed by Iberia in connection with this Privacy Policy is controlled by Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal, holder of Spanish VAT no. ES-A85850394 (hereinafter “IBERIA”), which is considered the “data controller” under European Union data protection law. Our contact address for this purpose is “Data Protection Office of Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal” at Calle Martínez Villergas numero 49, 28027 – Madrid (SPAIN) or by email at OficinaDPO@iberia.es.

If you made a booking with us but one or more flights are operated by other air carriers, then each of these carriers will also be, independently, a data controller under European Union data protection law.

IBERIA is a legal entity pertaining to IAG Group, the parent company of which is the Spanish legal entity International Consolidated Airlines Group, S.A.. You may learn more about what companies are part of IAG Group below.

IBERIA es una entidad perteneciente al Grupo IAG cuya sociedad de cabecera es la entidad de nacionalidad española International Consolidated Airlines Group, S.A.. Más abajo encontrarás información adicional sobre las sociedades que conforman el Grupo IAG.

In addition, if you are a member of our loyalty scheme IBERIA PLUS then the company Avios Group Limited (AGL) –which is an IAG Group company, as well- will also be a “data controller” together with IBERIA of your personal information being processed within Iberia Plus Loyalty Program. Avios Group Limited’s address is Astral Towers, Betts Way, Crawley RH10 9XY – United Kingdom. Its webpage is at www.aviosgroup.com and its Data Protecction Office may be reached by ordinary mail to the aforementioned address or by email at data.protection@avios.com .

What do we mean by personal information?

Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

When does this policy apply?

This Privacy Policy applies to personal information about you that we collect, use and otherwise process in connection with your relationship with us as a customer or as a potential customer or as a member of our loyalty schemes IBERIA PLUS or ON BUSINESS, including when you travel with us or use our other services –such as our auction website or our gift cards service- , use our websites or mobile apps, contact our service agents or call centres and book to use our services through third parties -such as travel agents and other airlines.

When we refer to other entities being data controllers within Sections “Data Controller” or “Who do we share your personal information with?”, you should consult their own privacy policies for further information.

If you decide to hire additional services with us, such as making an on board purchase or using our in-flight entertainment devices or taking part in one of our contests organised by Iberia together with third party collaborators, please take into account that further terms and conditions may apply.

How can you protect your personal information?

We make serious efforts to care for and protect your personal information when you share it with us. Below you can find some recommendations on how to keep your personal data safe.

Do not share your booking code or locator

When you make a booking you will be furnished with a reservation code –also known as PNR or Passenger Record. This reference will be included in your booking confirmation email or within the ticket of each passenger within that reservation.

Please always keep your reservation code confidential. If you share it with a third person he/she may access your booking data in our systems.

If you travel with others and you do not want them to have access to your booking data it might be advisable that you carry out your reservation separately.

Do not share your Iberia Plus, Iberia Joven or On Business personal area log-in data

To make sure that access to your personal area in our webpage and mobile application is safe please do not share your Iberia Plus; Iberia Joven or On Business –the specialised companies for companies we sponsor together with British Airways Plc- log-in data with anyone. When you finish using our website, online services or mobile applications please make sure to end your session if someone else may access your computer or device. This is particularly relevant in the case that you are using a public access computer or device.

Be cautious and protect yourself from internet fraud and “Phishing”

There is a broadly spread type of internet fraud practice known as “Phishing” aimed to illegally obtaining your personal information by deception. Unsolicited emails are sent to individuals from a list that has been illegally obtained, and recipients are requested to insert or confirm their passwords or bank details in a false or cloned website.

When do we collect personal information about you?

We collect personal information about you whenever you use our services -whether these services are provided by us or by other companies or agents acting on our behalf- including when you travel with us, when you use our website, or interact with us via email or mobile applications or use our contact centres.

Here are some examples of when and how information is collected:

When you book or search for a flight or other products or services on our website or app.
When you book a flight or other products through our other sales channels, such as a travel agent.
If you join any of our loyalty schemes Iberia Plus, Iberia Joven, On Business, or when you register in our ticket auctions website or when you decide to purchase one of our gift cards.
When you call our contact centres or service agents.
When you complete a customer survey to provide us with feedback.
When you enter a contest or register for a promotion or if you choose to interact with us via social media such as Facebook or Twitter.
When you travel with us and use our VIP lounge facilities and airports where we operate.
If you use our in-flight entertainment and communication services.
When you click on one of our emails or navigate around our website. We may also gather information about how you found us on the internet and the sites you previously visited.

To learn more please refer to Section “What types of personal information do we collect and retain?” below.

In addition, we may receive personal information about you from third parties, such as:

Companies contracted by us to provide services to you.
Companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
Companies who provide details to us that you have agreed can be shared with Iberia.

What types of personal information do we collect and retain?

When you use our services you will need to provide us with your personal details or the details of those individual(s) who will be travelling.

We collect the following categories of personal information:

Information you provide in order for Iberia to complete and manage a booking you have made with us or a service you have requested from us.
Examples: Your name, address, email, contact details, date of birth, gender, passport or other national ID number, your account details and payment information.
If you buy tickets for someone else we may collect your billing information but may communicate with the passengers directly about their flight.
We will know whether you have made your booking at iberia.com or in any other sales channel such as a travel agency or our contact centres.
Information collected during your travel with us
Examples: We may collect information such as your interactions with our personnel and cabin crew before and during the flight.
We may track location data from your devices where you have permitted us to use it.
We collect information about your use of our services during travel, such as your use of our inflight entertainment system or our VIP lounge facilities.
Information about your travel arrangements
Example: Details of your booking, travel itinerary, details of any additional assistance you require and other information related to your travel with us such as meal preferences or dietary requirements.
Information about the services we have provided to you in the past
Example: Details of your previous travel arrangements, such as your previous flights and travel-related issues, including upgrades received, your baggage requirements, airport disruption, luggage incidents and your customer feedback.
Information about your online logins and other interactions.
Examples We will retain your data to guarantee our correct interaction with you when you have joined our loyalty schemes Iberia Plus or Ob Business or when you have identified yourself as a member of our schemes or any other loyalty scheme we accept.
We will retain your information when you have taken part in any of our contests or promotional initiatives, or when you have interacted with us through social networks such as Facebook or Twitter.
Information about your use of our websites, contact centres and mobile applications
Examples: To help us customise your personal information and to improve our website we use “cookies” and other similar technologies and collect information about your searches and the contents you have visited on our website, such as what website you are surfing from, or the banner advertisements or links appearing in our marketing partners’ websites.
We will use the information gathered in the cookie to better understand you as our customer. This information may include, if you have fed it into our website, information on a flight booking or a passenger name in the case these data were linked to your personal profile in Iberia Plus.
From your use data we may learn that you have visited iberia.com and searched for a flight, but you have not made your reservation yet. We might use this information to contact you and offer you further information on this booking or the destination you might be interested in.

When and why do we collect ‘sensitive personal data’?

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexual orientation or biometric data are considered “sensitive personal data” requiring an additional level of protection under European Union data protection law. In Iberia we generally try to limit the circumstances where we collect and process sensitive personal data. These are examples on circumstances where we might need to collect and process sensitive personal data:

You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
You have otherwise chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through which you made your booking.

It may also happen that you have requested a particular type of special meal –such as a certain menu- which may imply or suggest you hold particular religious beliefs or have a particular health or medical condition.

What do we use your personal information for and under what legal basis do we use it?

The main purposes for which we use your personal information are:

Based on our contractual relationship with you, to fulfil your travel arrangements and deliver the services you have asked for
Example: We will need to use your name, address, email, contact details, date of birth, gender passport or national ID information, and payment data and information so that we can process your bookings, fulfil your travel arrangements, collect consideration for our services, provide information required by relevant authorities –such as tax, custom or immigration authorities- and so that Iberia knows who is booked on a flight.
Based on our contractual relationship with you, to manage the boarding process and to facilitate flight connections at the airport.
Example: If you have not arrived at the gate to board your flight we may need to check whether you have passed through airport security or whether you were on a connecting flight in order to understand how to contact you about boarding the flight.

Please also be aware that in some airports where we operate, facial recognition is used –although the use of this technology is voluntary unless mandated by law.
Based on our contractual relationship with you, to send status update and operational and servicing communications to you, no matter the channel you may have booked our services through –whether direct sales or through an agency or other airline, online or face to face.
Example: You may receive a notice from us to inform you that check-in is already open, or that your flight is delayed or cancelled, or on any changes affecting the services you hired with Iberia or with other airlines that Iberia may have any type of transport agreement with.
We may also use your contact information to transmit other kind of operational communications.
If for example you have used your boarding pass to enter any of your VIP lounges we may offer you information and warnings about your flight such as changes in your boarding gate and/or time.
Based on the fulfilment of our legal obligations, to deal with migration and entry/exit requirements with a State territory and to help keep you safe when you fly with us and to meet certain legal and regulatory requirements which apply to Iberia as an airline.
Example: As an airline there are regulatory obligations on Iberia to maintain a record of the names of passengers on our aircraft.
The laws of certain countries, such as the EU and USA, require airlines to provide certain passenger information to the border and immigration authorities.
Finally, fighting against fraud and major crimes such as terrorism or Arms, drugs, smuggling of people require that airlines respond to information requirements from the competent law enforcement and security corps within each State where we operate.
Based on our legitimate business interest, to provide services tailored to your requirements and to treat you in a more personal way.
Example: We may personalise the experience you have while flying with us. For example, a member of our cabin crew may welcome you back on board an Iberia flight.
Based on our legitimate business interest, to carry out analysis and market research
Example: We will analyse the way in which our sales channels, products and services are being used by customers so that we can understand how to improve the service we offer.
Based on our legitimate business interest, to carry out direct marketing and keep you informed of Iberia’s products and services that better suit your needs and preferences, in our understanding
Example: We may send to you information on our products and services by email, push messages from our app or text messages.
We may adapt our apps, websites, emails and other communications to guarantee they are of your highest interest –including, for example, promotions or services related to your recent or historic destinations or similar ones.
To better understand your flying preferences and your needs when you travel with us and to offer information on special offers such as seat selection, additional luggage or class upgrades.
If you are a member of the IBERIA PLUS loyalty program, and based on your consent previously granted for such a purpose to carry out direct marketing by electronic means and to keep you informed on Iberia’s products and services that better suit your needs and preferences, in our understanding, as well as to send to you tailored electronic marketing communications on products and services from other IAG Group companies and/or from our Iberia Plus partner companies.
Based on your consent previously granted for such a purpose we may record telematic communications and instructions whenever you are using any customer centre or sales service from Iberia, Iberia Express or Iberia Regional/Air Nostrum, and in such cases we will process your personal information, including your voice when you address us through these channels, to provide evidence of the transactions performed for any relevant legal purposes.
Based on your consent previously granted for such a purpose by explicitly consenting on hiring such services, to transmit your data to other IAG Group companies or to third companies we work with –such as, for example, third party companies whose products and services are offered or may be hired through our webpage, or our partners from Iberia Plus loyalty program-, in the cases where you are hiring such products and services. The information we transmit in these cases will be exclusively limited to that personal information you have made available to us and is strictly required to hire the product or service in question.
You may acces the full list of Iberia Plus partners at this url address: https://www.iberia.com/es/iberiaplus/search-partner/
Based on our contractual relationship with you, to send updated information and operational communications to you
Example: Even if you have opted-out of receiving marketing information from us, we may still send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from the services we provide and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
Based on our legitimate business interest, to improve our website, products and services
Examples: We may monitor how you and other clients browse our website so that we may identify ways to improve your browsing experience with us.
We may also invite you to take part in surveys to learn more about your level of satisfaction with our service, your flying experience with Iberia and the use of our services.
If you are a member of the IBERIA PLUS loyalty program, and based on your consent previously granted for such a purpose we may also send to you surveys to learn about your satisfaction with the program, its offers and promotions and/or the services and products offered by our partners.
Based on our contractual relationship with you, to manage transactions, operations, hiring or products and services by any means or channels, or to solve any type of query, complaint, claim or recommendation you may have posed.
Based on the fulfilment of our legal obligations, as applicable, we may use your personal information for management and administrative purposes
Example: We may use and retain your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches, crosschecking information with financial entities and other electronic payment entities, and payment card validation checks) and systems testing, maintenance and development.
Based on the fulfilment of our legal obligations, to properly manage emergency, wreck or force majeure situations we may need to transmit your personal information to different kind of people, companies or entities whose help is essential for Iberia in such cases.

When will we send marketing to you?

When we collect information directly from you we will ask you if you are happy to receive our marketing communications or to join our Iberia Plus loyalty program. Please note that these communications may refer to our own products and services and, sometimes, they may refer to products and services from other IAG Group companies or even from third party entities –such as, in the case of Iberia Plus, from our partners in this loyalty program where our avios currency may be obtained or redeemed.

Should our intention not be based on your consent previously granted for such a purpose, but on our legitimate business interest, we will inform you on this in a clear way and you will be granted the right to opt-out from receiving such communications.

How can you change what marketing communications you receive and how you receive them?

If you decide you would no longer like to receive marketing communications you can change your mind at any time. The ways to withdraw your consent are described below:

IF YOU ARE AN IBERIA PLUS MEMBER, you can change your marketing preferences at any time by amending your communication preferences on your membership profile online at www.iberia.com, accessing your Iberia Plus private area, section “My Profile / Preferences”; or by using online application form for Data Protection Individuals Rights Requests available at https://www.iberia.com/es/management-of-personal-data/
IF YOU ARE AN ON BUSINESS MEMBER, you can change your marketing preferences at any time by amending your communications preferences on your membership profile online at https://onbusiness.iberia.com and accessing your On Business private area; or by using online applicable form for Data Protection Individual Right Requests available at https://www.iberia.com/gb/management-of-personal-data/
IF YOU ARE NOT A MEMBER EITHER OFN IBERIA PLUS OR OF ON BUSINESS LOYALTY SCHEMES, then you may oppose to receiving these communications by using online application form for Data Protection Individual Right Requests available at https://www.iberia.com/es/management-of-personal-data/

In addition, each marketing communication we send by email will also have an “unsubscribe” or an “amend my contact preferences” option which will allow you to stop you receiving further marketing emails or customise the way you receive such communications.

We will respect your decision on what communications you want to receive and the means or channels you prefer that we use for such purposes, as long as we are able to provide options for you to personalise our communications to you.

You may also stop any further SMS/MMS messages by replying with the word “STOP”.

We will do our best to manage your unsubscribe or customise requests as soon as feasible within a maximum term of 30 calendar days.

Please note that if you tell us that you do not wish to receive further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update you on its status. If you are an Iberia Plus or an On Business member, we will continue to keep you informed about your membership and other important service information relating to the loyalty program such as, for example, a new partner joining the program.

How long do we keep personal information?

We will keep your information for as long as we need it for the purpose it was collected, unless you request us to delete it and in such a case provided that the Iberia has no longer the need to keep your information for other reasons.

For example, where you book a flight with us we will keep the information related to your booking so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with Iberia and to ensure that you receive any loyalty rewards which are due to you.

We will actively review the information we hold and either delete it securely when there is no longer a legal, business or customer need for it to be retained; or in some cases anonymise it in order to keep using it for administrative or statistic purposes or to develop generic profiles and segmentations that help us learn more about our types of customers in general and their relevant needs and preferences.

Please note that when we have collected the personal information based on your consent and you withdraw such consent, or in the cases where you exercise your right to supress your personal information we may still to keep the information blocked and available to courts, tribunals and other relevant authorities for the minimum term established by law in each particular case and in order for Iberia to meet its responsibilities arising from processing your data.

Who do we share your personal information with?

We might share your personal information with other companies within the IAG Group which includes International Consolidated Airlines Group, S.A. (“IAG”), British Airways plc, Compañía Operadora De Corto Y Medio Radio Iberia Express, S.A.U, Vueling Airlines SA, Aer Lingus Limited, OpenSkies, British Airways Holidays Limited, Avios Group Ltd (AGL), BA CityFlyer Limited, IAG Connect or IAG GBS. For more details about IAG and its subsidiaries please visit our parent company website at www.iairgroup.com.

We share information with these companies so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the other airlines in the IAG Group or you belong to the loyalty program of any of them we may use this information to understand more about the sorts of travel services you are likely to be interested in.

You will only receive marketing from other IAG Group Companies where you have provided your consent to each of these companies to do so.

We may also disclose your personal information to the following third parties for the purpose described here:

Custom or migration authorities in any country included in your travel schedule or in countries your flights may overfly. Iberia and the rest of airlines are mandated by the laws of the EU, USA and other countries to provide access to information on bookings and travel to their relevant border control and custom authorities not only in the cases where a flight has origin or destination in such countries, but also for intermediate stops in and overflights over their territories.
Example: If your flight implies flying to the USA, your information will be provided to the relevant US authorities.
Other airlines and service suppliers which are necessary to deliver the services you have asked for where, for instance, part of your travel itinerary involves a flight operated by a different airline or when your request include services delivered by third parties. Such airlines and service providers shall be identified the moment you are performing your booking and you will be informed on the data transfer it requires before or at the same time such data transfer needs to take place. In such conditions, your will to hire such services will be taken as an explicit consent for such data transfer.
Iberia follows strict requirements for hiring suppliers in order to fulfil its obligations on data protection and commits itself to subscribing with each of its suppliers a personal data processing agreement under which each supplier will commit to the following, amongst other matters: to apply adequate technical and organisation measures; to process personal data for the agreed purposed exclusively and to observe Iberia’s documented instructions; and to either delete or give back personal information to Iberia as soon as the services have been completed.
Example: If your destination implies a change to another flight operated by a different airline, whether it belongs to the IAG Group or not.
If you book a ticket in our website to carry out any transport service requiring advanced booking, we will transmit your name and email to the transport company so that your booking can be done and your ticket can be issued.
If you hire your baggage home-collection and check-in service with “Bag On Board” (“BOB”), available for certain Iberia flights, we will have to provide BOB with the necessary information to deliver the service you have requested for.
Our partner and/or franchised airlines –such as, for example, Air Nostrum Líneas Aéreas del Mediterráneo, S.A., “Air Nostrum”-, in order to facilitate your flight transfers or to administer benefits because of cooperation between frequent-flyer and loyalty programmes. Likewise we may need to share your personal information with travel agencies and other entities you may have booked your flights through.
If you are a member of On Business or Iberia Plus program or of any other related loyalty program such as, for example, those of any other airline pertaining to the OneWorld Alliance, then we will share your information with our partner airlines to manager your benefits arising from cooperation among such airlines. You may learn more about who the members of OneWorld are at OneWorld official website https://es.oneworld.com.
Credit and charge card companies, credit reference agencies and anti-fraud screening service providers in order to process payments and (where necessary) to carry out fraud-screening
In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities, or security forces in charge of fighting against fraud and major crimes. Please bear in mind that, for control and safeguard of public security reasons and for such purposes, Iberia may transmit your data as a passenger to the Homeland Authorities of the country of origin, destination or transit at any time. The USA also requires that such information be delivered for the planes overflying the US airspace, and other countries may likely require this information be delivered for flights overflying their national airspace.
Third party service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf.
Third parties, such as law firms and law courts, in order to enforce or apply any contract with you.
Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
If necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises as a result of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision)

We do not sell or release personal information to third parties, and we only allow third parties outside Iberia to send you marketing information where we have your permission to do so.

What countries will your personal information be sent to?

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located and in particular outside the European Economic Area.

The nature of Iberia’s business means it is often necessary for us to send your personal information outside the European Economic Area in order to fulfil your travel arrangements, in order to either fulfil our contractual relationship with you or to fulfil our legal obligations as an airline, in accordance to what we have explained in section “What do we use your personal information for and under what legal basis do we use it?” above.

This occurs in the course of providing your travel arrangements and the services you have requested because our business and the third parties identified in “Who do we share your personal information with?” have operations in countries across the world. For example, where you are flying outside of the European Economic Area, your personal information will be transferred to border control and immigration outside of these territories.

Likewise we may have to transfer your personal information to third parties located outside your country in order to allow such third parties deliver services and products you have requested us for.

Example: we will need to provide access to our booking and check-in systems to agents of our handling companies that provide these services to us outside Spain.

Legal statement for flights operated by OpenSkies

In accordance with Article L232-6 of French Internal Security Code, please be informed that air carriers may transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N°2014-1095 dated 26/09/2014.

What are your legal rights in relation to the personal information we hold about you and how can you exercise them?

You may exercise, at your convenience, the rights to access, amend and delete your personal information; to limit processing carried out with your data or to oppose to such processing; to request portability of your personal information as well as to request not to be affected by automated decisions by any of the following means:

If you are a MEMBER OF IBERIA PLUS then you may exercise most of the aforementioned rights in your own personal membership area at www.iberia.com, accessing your personal Iberia Plus area, section “My Profile / Preferences”.
If you are a MEMBER OF ON BUSINESS then you may likewise exercise most of the aforementioned rights in your own personal membership area at https://onbusiness.iberia.com, accessing your On Business personal area.
To exercise any other right or if you are NOT A MEMBER OF EITHER IBERIA PLUS OR ON BUSINESS then you may exercise your rights through our online webform for personal data rights request available at https://www.iberia.com/es/management-of-personal-data/.

In order to answer your request we will ask you to provide personal information and documentation:

Full name of the requestor
ID number
Contact details (at least, a contact email)
Details of your request
Any information that may help us locate the data you are requesting for like, for example, your flight locator, or your flight number and/or date/s.
A copy of your ID card or passport so that we may verify who you are.
If you are requesting information on behalf of someone else then we will ask you to provide a signed authorisation from such individual and a copy of his/her ID card or passport.

What Data Protection Authority should I address in order to defend or exercise my rights?

You may always address the Spanish Data Protection Authority (“Agencia Española de Protección de Datos”) and submit a claim, especially in the cases where you deem that we have not satisfied your individual rights regarding how we process your personal information. To learn more please visit www.agpd.es.