Our Privacy Policy

Here at Creative Catalonia we take your privacy seriously – collecting only the data we need to be able to provide you with our services. We do not share your data with any other organisations, and make every effort to ensure that the data we hold is kept secure.

What personal data we collect and why we collect it

Enquiring About Our Tours

When you submit an enquiry about one of our tours, we collect your enquiry details, and any other contact details or information that you provide us with. This information is collected solely for the purposes of responding to your enquiry and, if requested, creating and arranging your tour.

Payment Details

We do not collect or hold any card details. All payments are processed externally to our site, by either PayPal or via the La Caixa Bank RedSys payment gateway – their privacy policies are available on their own sites at the point of payment.

Contact forms

If you use a contact form on our website, your name, email address and message are sent directly to us in the form of an email from the website. We will then hold this information for the purposes of replying to your message, and for any continuing correspondence.

Following Our Blog by Email

The email Blog Subscription service on this site is provided by Automattic, whose privacy policy can be found here: https://automattic.com/privacy/. To set up and process subscriptions, they use the subscriber’s email address, as well as the ID of the post or comment (if you subscribe by ticking one of the boxes at the bottom of a particular post). In the event of a new subscription being initiated, they also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URL which was given in order to access the page. This server data is used for the exclusive purpose of monitoring and preventing abuse and spam.

Mailing List Sign-Up

If you sign up for our mailing list, we will hold your email address for the purposes of sending you newsletters and news items from our website. The service involves a “double opt-in”, so that email addresses entered on the site are verified through the sending of a confirmation email – if the email address is not confirmed, then we do not retain it. You can opt out of the service at any time, by clicking on the “Unsubscribe” link, or by contacting us. The service is provided by MailChimp – their privacy policy is available at: https://mailchimp.com/legal/privacy/

Cookies

Functional Cookies

If you add tours to your enquiry list, we will set three cookies to help manage your browsing experience. The first two cookies contain information about the list as a whole and help the site know when there have been changes to the items in the list. The final cookie contains a unique code for each customer so that it knows where to find your list data in the database. No personal information is stored within these cookies.

Analytics Cookies

When you visit our site, Google Analytics sets a cookie to enable it to distinguish individual users, which expires after 2 years. It also sets a temporary cookie, which expires after 1 minute, to control the rate of exchange of data with its servers. The cookies do not contain any personally identifiable data.

We use Google Analytics to collect information about the number of visits to our site. We use a standard implementation of Google Analytics, which does not store any personally identifiable information. Visitors’ IP addresses are used, where possible, to determine the area in which their device is located but the IP address itself is not data that can be accessed through Google Analytics. All data in Google Analytics is aggregated and anonymised.

Marketing Cookies

We do not directly set any marketing cookies. However, Third Party content embedded within our site may set additional cookies for their own marketing purposes. Pages on this site may include embedded content (such as Google Maps, YouTube videos, Trip Advisor Reviews and Facebook feeds). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account (such as a Google, Trip Advisor or Facebook  account) and are currently logged in to that account in your web browser. Third Party cookies can be disabled in your web browser in the privacy section of the browser’s settings – for instructions on how to do this in the most popular browsers, visit the providers’ support sites: Google Chrome, Apple Safari, Mozilla Firefox or Microsoft Edge.

Security and Spam Protection

This site employs software to protect against unauthorised login, spam and other malicious activity. Where malicious activity is detected, the IP address from which it originated will be stored.


How long we retain your data

If you provide us with your contact details or other information, we will retain it indefinitely, unless you have specifically requested otherwise or until such time as you request that it is removed. During the time that we retain your details, we will use them only for the purpose(s) for which you gave your consent – such as corresponding over a question or request, receiving news updates, or for processing orders from our shop.


What rights you have over your data

You can request full details of any information that we hold about you. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


Where we send your data

This site is hosted on a secure server situated within the EU.

Information provided when you sign up to the email blog subscription service may be held by Automattic on servers outside the EU, where it is safeguarded to the same standards as if the data were held within the EU – see: https://automattic.com/privacy/.

Information provided when you sign up to our mailing list may be held by MailChimp on servers outside the EU, where it is safeguarded to the same standards as if the data were held within the EU – see: https://mailchimp.com/legal/privacy/

Your contact information, and information for processing your orders may also be held securely in our own computer and paper records systems.


How we protect your data

This site employs a secure (https) connection and, as such, any data you exchange with the site is transmitted over a secure, encrypted connection – details of our security certificate can be viewed by clicking on the symbol to the left of our website address in your browser address bar. Access to data held within the site, within our own computer systems and cloud storage, or within our accounts with Automattic and MailChimp (the providers of the email subscription services), is password-protected and subject to additional layers of security.


What data breach procedures we have in place

If we suspect that there has been any unauthorised access to, or disclosure of, the personal data we hold, we will immediately inform anyone who we believe may have been affected.


Our contact information

For any matter related to privacy or the storage and processing of personal data, please contact us at: info@creativecatalonia.com