Privacy
Privacy policy.
How we collect, use and protect personal data when you visit our site or book a Tenerife experience. Drafted under the EU General Data Protection Regulation (Regulation 2016/679, "GDPR" / "RGPD") and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
Controller: Tommaso Morelli (autónomo), tax ID Z2871604J.
Address: Calle Zanata 10, 30630 Arona, Santa Cruz de Tenerife, Spain.
Contact: hola@bookingexcursion.com — +34 661 49 82 45.
2. What we collect
Booking and customer data: name, email, phone, reservation date and details, voucher delivery information, any notes you share with us.
Payment data: card data is processed by Stripe; we receive only the authorisation result, captured amount and a payment identifier — never the full card number.
Communications: messages you send us via the chat or by email, including dates and content of the exchanges.
Technical data: IP address, browser, device type, pages visited, referrer, time zone. These are collected automatically for security and analytics, in accordance with the Cookie policy.
3. Purposes and legal bases
Performing the contract (Art. 6.1.b GDPR): managing your reservation, processing payment, sending vouchers, dealing with cancellations and refunds, communicating with you and the operator.
Legal obligations (Art. 6.1.c GDPR): tax and accounting records (Spanish General Tax Law / LGT), consumer-protection records, invoicing.
Legitimate interest (Art. 6.1.f GDPR): customer-service quality, fraud prevention, IT security, anonymous analytics, improvement of our service. We balance our interest against your rights — if you object we respect that.
Consent (Art. 6.1.a GDPR): non-essential cookies, marketing emails when you have explicitly opted in. You can withdraw consent at any time without affecting prior processing.
4. Recipients
Excursion operators, ONLY to the extent needed to deliver the activity (name, group size, meeting-point requirements, pickup info, contact phone).
Payment processor: Stripe Payments Europe Ltd. (Ireland) — see Stripe’s own privacy policy.
Email delivery: Fastmail Pty Ltd (transactional email service used to send confirmations and vouchers).
Hosting and infrastructure providers used to run the site and back office.
Tax advisers, auditors, lawyers — where required by law.
5. International transfers
Some providers may process data outside the European Economic Area. In every case we use providers offering appropriate safeguards (Standard Contractual Clauses or equivalent recognised mechanism).
6. Retention
Reservation data: retained for the period necessary to provide the service and to handle warranties / complaints, generally 4 years from the activity date.
Accounting and tax records: 6 years from the financial year-end (Spanish Commercial Code).
Marketing data (if you opted in): until you withdraw consent.
Chat messages and customer-service logs: 2 years from the last interaction, unless needed for an active complaint or legal claim.
7. Your rights
You can request access to your data, correction of inaccurate data, deletion, restriction of processing, portability, and you can object to processing based on legitimate interest. You can also withdraw any consent at any time.
To exercise a right, write to hola@bookingexcursion.com with proof of identity. We reply within one month (extendable by two months for complex requests, with notice).
You can also file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD, https://www.aepd.es) if you believe your rights have not been respected.
8. Cookies
See our cookie policy at /cookies/ for the full list and how to manage consent.
9. Children
We do not knowingly collect personal data from people under 14 without consent of their parent or guardian. If you believe a minor has provided data to us, please contact us and we will delete it.
10. Updates
We may update this policy. The current version is the one published on this page, with the "Last updated" date below.