Your Privacy Matters: Slow City Travel SL is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
1. Data Controller
Company Name: Slow City Travel SL
Tax ID (CIF): B-87654321
Address: Calle de Alcalá 44, 28014 Madrid, Spain
Email: privacy@tealeafsteep.com
Phone: +34 91 123 4567
Data Protection Officer: dpo@tealeafsteep.com
2. Personal Data We Collect
2.1 Information You Provide Directly
- Contact Information: Name, email address, phone number, postal address
- Booking Information: Travel dates, destination preferences, program selection, special requirements
- Payment Information: Billing address, payment method (processed securely through third-party payment processors)
- Account Information: Username, password (encrypted), preferences, travel history
- Communication Data: Correspondence via email, contact forms, phone calls, or chat
- Identity Verification: Passport or ID number (only when legally required for bookings)
2.2 Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs
- Location Data: Approximate location based on IP address (precise location only with your consent)
- Cookies and Tracking Technologies: See our Cookie Policy for details
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contractual Necessity: To fulfill travel bookings and provide services you've requested
- Consent: For marketing communications, cookies (non-essential), and optional data collection
- Legitimate Interest: For fraud prevention, website improvement, and business analytics
- Legal Obligation: To comply with tax, accounting, and legal requirements in Spain and the EU
4. How We Use Your Data
4.1 Primary Purposes
- Processing and managing your travel bookings and reservations
- Communicating about your trips (confirmations, updates, changes)
- Providing customer support and responding to inquiries
- Processing payments and preventing fraud
- Sending booking confirmations and travel documents
4.2 Secondary Purposes (With Consent)
- Sending newsletters and marketing communications about slow travel programs
- Personalizing your experience based on preferences and history
- Conducting surveys and requesting reviews
- Analyzing website usage to improve our services
5. Data Sharing and Disclosure
We do not sell your personal data. We share data only in the following circumstances:
5.1 Service Providers
- Accommodation Partners: Hotels and lodgings (name, contact details, special requests)
- Payment Processors: Stripe, PayPal (payment and billing information)
- Email Services: Mailchimp, SendGrid (email address for communications)
- Analytics: Google Analytics (anonymized usage data)
- Customer Support: Zendesk (support ticket information)
All service providers are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance.
5.2 Legal Requirements
We may disclose data when required by Spanish or EU law, court orders, or to protect our legal rights and safety.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.
6. International Data Transfers
Your data is primarily stored within the European Union. When we transfer data outside the EU/EEA, we ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework (for US-based processors)
- Adequacy decisions by the European Commission
7. Your Rights Under GDPR
As a data subject in the EU, you have the following rights:
Your Data Rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: File a complaint with the Spanish Data Protection Authority (AEPD)
To exercise your rights: Email privacy@tealeafsteep.com or write to our address above. We will respond within 30 days.
8. Data Retention
We retain your data only as long as necessary:
- Active Customers: For the duration of your relationship with us plus 6 years (Spanish tax law requirement)
- Marketing Data: Until you unsubscribe or 2 years of inactivity
- Website Usage Data: 26 months (per Google Analytics default)
- Legal Claims: Until the statute of limitations expires (typically 5 years in Spain)
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for data transmission
- Encrypted storage of sensitive data
- Regular security audits and penetration testing
- Access controls and employee training
- Secure backups and disaster recovery procedures
- Compliance with PCI-DSS for payment card data
10. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Cookies and Tracking
We use cookies and similar technologies. For detailed information, please see our Cookie Policy.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.
13. Marketing Communications
With your consent, we send newsletters and promotional emails. You can:
Unsubscribing from marketing does not affect transactional emails (booking confirmations, etc.).
14. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. We will notify you of material changes via email or website notice. The "Last Updated" date indicates when changes were made.
16. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@tealeafsteep.com
Data Protection Officer: dpo@tealeafsteep.com
Mail: Slow City Travel SL, Privacy Department, Calle de Alcalá 44, 28014 Madrid, Spain
17. Supervisory Authority
You have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD):
Website: www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099
Questions? If anything in this Privacy Policy is unclear, please contact us at privacy@tealeafsteep.com. We're here to help.