BOOKING

This Privacy Policy explains how personal data is collected, used, and protected when users browse this website or request information or reservations for Free Walking Tours.

This website is intended to provide tourist information and manage bookings for Free Walking Tours, ensuring transparency, security, and compliance with applicable data protection regulations.

Personal Data Collected

When using this website, personal data may be collected through booking forms, contact forms, or direct email communications. The data collected may include:

  • Full name

  • Email address

  • Telephone number

  • Tour date

  • Number of participants

  • Messages or comments voluntarily provided by the user

No payment, banking, or financial data is collected, as all tours offered are free of charge.

Purpose of Data Use

Personal data is used exclusively for the following purposes:

  • Managing and organizing Free Walking Tour bookings

  • Communicating with users regarding confirmations, changes, or cancellations

  • Providing essential tour information such as meeting points, schedules, or last-minute updates

  • Responding to inquiries or requests made by users

Personal data will never be used for commercial profiling or marketing purposes, nor shared for advertising activities.

Data Sharing

Personal data is not sold or shared with third parties for commercial purposes. Data may only be accessed by technical or service providers strictly necessary for the operation of the website and booking management, under appropriate data processing agreements.

Data Security

Appropriate technical and organizational measures are implemented to protect personal data and ensure its confidentiality, integrity, and availability.

Third-Party Links

This website may contain links to third-party websites related to tourism or other services. This Privacy Policy does not apply to those external sites, and the website owner is not responsible for their content or privacy practices.

This Data Protection Policy regulates the processing of personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and the guarantee of digital rights (LOPDGDD).

1. Data Controller

The data controller responsible for the processing of personal data is:

Owner: [Company name / Self-employed professional]
Tax ID: [To be completed]
Registered address: [To be completed]
Contact email: [To be completed]

2. Legal Basis for Processing

Personal data is processed based on:

  • The execution of pre-contractual measures when requesting a tour reservation

  • The explicit consent granted by the user when submitting forms and accepting this policy

  • Compliance with legal obligations applicable to the data controller

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

3. Data Retention

Personal data will be retained for the time necessary to manage the requested tour and, subsequently, for legally required periods to address potential liabilities. Once these periods have expired, the data will be securely deleted.

4. International Data Transfers

If service providers located outside the European Economic Area are used, data transfers will be carried out in compliance with GDPR requirements, using appropriate safeguards such as standard contractual clauses.

5. User Rights

Users have the right to:

  • Access their personal data

  • Request rectification of inaccurate data

  • Request erasure of their data

  • Request restriction of processing

  • Object to data processing

  • Request data portability

Requests must be submitted in writing, together with proof of identity, to the contact email indicated above.

Users may also lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD).

6. Accuracy of Data

Users guarantee that the data provided is accurate and up to date and agree to notify any changes. The data controller is not responsible for issues arising from inaccurate or incomplete data.

7. Security Measures

The data controller applies appropriate technical and organizational measures to ensure compliance with data protection regulations and to prevent unauthorized access, loss, or misuse of personal data.

8. Policy Updates

This Data Protection Policy may be updated to reflect legal or regulatory changes. Any updates will be published on this page and will be effective upon publication.

9. Acceptance

Submitting personal data through this website implies acceptance of this Data Protection Policy.