PRIVACY POLICY AND PERSONAL DATA PROTECTION
In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), we inform you in detail about how we process your personal data when you make a reservation with us.
1. WHO IS THE DATA CONTROLLER?
- • Identity: ALHAMBRA VALPARAISO OCIO Y CULTURA S.L. (hereinafter, "The Agency")
- • NIF (Tax ID): B18609719
- • Postal Address: C/ San Antón 72, Ed. Real Center, 1º Izq - Local 39, 18005 Granada (Spain).
- • Telephone: 958 918 029
- • Data Protection Email: oficina@bookyourtour.info
2. FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
At The Agency, we process the information provided by interested individuals for the following specific purposes:
1. Reservation and Service Management (Main): To process your request, manage the payment, issue invoices, and send you the vouchers/tickets for the contracted activities.
2. Management of Nominal Tickets (Mandatory): For visits to monuments with identity control (such as the Alhambra and Generalife or the Real Alcázar of Seville), we use your data to issue the mandatory nominal tickets required by the regulations of those monuments.
3. Customer Service: To resolve your questions, incidents, or requests for information through our contact channels.
4. Commercial Communications (Optional): Only if you give us your express consent (by checking the corresponding box), we will send you information about offers and news regarding our tourist services.
3. WHY IS IT LAWFUL TO PROCESS YOUR DATA? (Legitimacy)
The legal basis that allows us to process your data depends on the purpose:
• Execution of the contract (Art. 6.1.b GDPR): This is the main basis. We need to process your data (including ID/Passport) to provide you with the service you have purchased. Without this data, we cannot formalize the reservation or issue the nominal tickets.
• Compliance with a legal obligation (Art. 6.1.c GDPR): We are obliged by tax laws (invoicing) and tourism and security regulations to keep a record of operations and travelers.
• Consent (Art. 6.1.a GDPR): For sending advertising. This consent is voluntary and you can withdraw it at any time without affecting your reservation.
4. TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?
To correctly provide the service, it is strictly necessary to transfer your data to the following third parties:
• Monument Managing Entities: Your identifying data (Name, Surnames, ID/Passport, Nationality, Age, and Gender) will be mandatorily communicated to the Patronato of the Alhambra and Generalife or the Patronato of the Real Alcázar of Seville for the issuance of nominal tickets and security control at the accesses. This transfer is an essential requirement for the visit.
• Tax Administration: For compliance with tax obligations.
• Service Providers (Data Processors): Companies that provide us with IT services (booking platform, hosting, management services), who access the data under strict confidentiality agreements and only to provide us with technical support.
No international data transfers will be made nor will your data be sold to third parties for commercial purposes unrelated to our company.
5. HOW LONG DO WE KEEP YOUR DATA?
• Reservation Data: They will be kept for the duration of the service provision and, subsequently, will remain blocked for 5 years to address potential legal and tax liabilities (General Tax Law). After that period, they will be securely deleted.
• Data for advertising: If you agreed to receive offers, we will keep them until you request to unsubscribe or revoke your consent.
6. WHAT ARE YOUR RIGHTS?
As the data subject, you have the right to:
• Access: Know if we are processing your data and what data we have.
• Rectify: Correct inaccurate data (e.g., an error in the ID).
• Erase: Request that we delete your data when they are no longer necessary (respecting legal retention periods).
• Object: Request that we stop sending you advertising.
• Restrict processing: Request that we halt processing in certain cases.
• Data Portability: Receive your data in a compatible digital format.
How to exercise them? Send an email to oficina@bookyourtour.info attaching a copy of your ID or identification document.
If you believe we have not processed your data correctly, you have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).
Consent to the use of cookies.
For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst's server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).
Data processing agreement
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or the withdrawal of consent
- Your anonymised IP address
- Information about your Browser
- Information about your Device
- The date and time you have visited our website
- The webpage url where you saved or updated your consent preferences
- The approximate location of the user that saved their consent preference
- A universally unique identifier (UUID) of the website visitor that clicked the cookie banner