Introduction
Slow City Travel S.L. is committed to protecting your personal data in compliance with the General Data Protection Regulation (EU 2016/679) and Spanish Organic Law 3/2018 (LOPDGDD). This page explains how we fulfill our GDPR obligations.
Data Controller Information
Entity: Slow City Travel S.L.
CIF: B-12345678
Address: Calle de Alcalá 44, 28014 Madrid, Spain
Email: privacy@tealeafsteep.com
DPO Contact: dpo@tealeafsteep.com
Your Rights Under GDPR
As a data subject, you have the following rights:
1. Right of Access (Article 15)
You have the right to obtain confirmation whether we process your personal data and, if so, access to that data and information about how it's processed.
2. Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
3. Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of your personal data under certain circumstances, including when data is no longer necessary for the purposes it was collected.
4. Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of data.
5. Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
6. Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
7. Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of your GDPR rights, contact us at:
- Email: privacy@tealeafsteep.com
- Post: Slow City Travel S.L., GDPR Rights Request, Calle de Alcalá 44, 28014 Madrid, Spain
We will respond to your request within one month. If your request is particularly complex, we may extend this by two additional months and will inform you of any such extension.
Data Protection Measures
We implement appropriate technical and organizational measures to ensure data security, including:
- Encryption of data in transit and at rest
- Regular security audits and assessments
- Access controls and authentication measures
- Staff training on data protection principles
- Data minimization - we only collect data necessary for stated purposes
- Regular review and deletion of outdated data
Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
International Data Transfers
We primarily store and process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware we have collected data from a child under 16 without parental consent, we will take steps to delete it.
Right to Lodge a Complaint
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD):
AEPD
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
Tel: +34 91 266 3517
Updates to This Page
We may update this GDPR compliance information as our practices evolve or regulations change. Check back regularly for updates.
Last updated: January 7, 2026