Last updated: 22/02/2025

At Guapa Experiences (legal name: Begoña Bagur Roca, NIF 41742486Q), we take the privacy of our customers and users very seriously. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Spanish regulations.

1. DATA CONTROLLER INFORMATION

Controller: Begoña Bagur Roca

Trading name: Guapa Experiences

NIF: 41742486Q

Contact email: hola@guapaexperiences.com

2. PERSONAL DATA WE COLLECT

The personal data we may collect includes:

Identification data: Full name.
Contact details: Telephone number and email address.
Service-related data: Food allergies or any other relevant information necessary to ensure customer safety.
Browsing data: IP address, device information, and cookies (please refer to our Cookie Policy).

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

We process users' personal data for the following purposes, based on the corresponding legal basis:

Managing bookings and providing contracted services – Processed under the legal basis of contract execution (Art. 6.1.b GDPR).

Contacting customers regarding their booking details – Processed under the legal basis of contract execution (Art. 6.1.b GDPR).

Ensuring the safety of participants during experiences – Processed under the legal basis of legitimate interest and explicit consent (Art. 6.1.f and Art. 9.2.a GDPR).

Sending informational or promotional communications – Processed under the legal basis of user consent (Art. 6.1.a GDPR).

Complying with legal and tax obligations – Processed under the legal basis of legal obligation (Art. 6.1.c GDPR).

Under no circumstances will we use your personal data for purposes other than those specified.

4. DATA RETENTION PERIODS

Personal data will be retained according to the following criteria:

Booking and customer data: Up to 5 years after the last interaction, in compliance with tax and accounting obligations.

Contact data for marketing communications: Until the user requests deletion or withdraws consent.

Sensitive data (allergies, medical conditions, etc.): Deleted after the completion of the activity.

Browsing and cookies data: As specified in the Cookie Policy.

5. USER RIGHTS

Users have the right to:

✔ Access their personal data.
✔ Rectify inaccurate data.
✔ Request the deletion of their data when it is no longer necessary.
✔ Object to data processing for marketing purposes.
✔ Request the portability of their data to another provider.
✔ Withdraw consent at any time.

📩 To exercise these rights, please email hola@guapaexperiences.com with the subject "Data Protection", attaching a copy of your ID or identification document.

📌 Additionally, users have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) if they believe their rights have been violated.

6. SECURITY MEASURES

At Guapa Experiences, we implement technical and organisational measures to protect your data against unauthorised access, alteration, loss, or misuse, in compliance with Article 32 of the GDPR.

7. DATA SHARING AND INTERNATIONAL TRANSFERS

We do not share personal data with third parties, except in the following cases:

Experience providers when necessary for service delivery.

Legal obligations (tax authorities, judicial or regulatory bodies).

Data processors providing payment management, hosting, and web analytics services, under agreements that ensure data security.

If international data transfers occur, we will ensure compliance with Chapter V of the GDPR, using Standard Contractual Clauses (SCCs) or other adequacy mechanisms approved by the European Commission.

8. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this policy to comply with legal changes or improve our processes. Users will be notified of any significant changes via our website or by email.

📅 Last updated: 22/02/2025
📧 For any privacy-related queries, please contact us at hola@guapaexperiences.com.