Here at Creative Catalonia we take your privacy seriously – collecting only the data we need to be able to provide you with our services. We do not share your data with any other organisations, and make every effort to ensure that the data we hold is kept secure.
What personal data we collect and why we collect it
Enquiring About Our Tours
When you submit an enquiry about one of our tours, we collect your enquiry details, and any other contact details or information that you provide us with. This information is collected solely for the purposes of responding to your enquiry and, if requested, creating and arranging your tour.
We do not collect or hold any card details. All payments are processed externally to our site, by either PayPal or via the La Caixa Bank RedSys payment gateway – their privacy policies are available on their own sites at the point of payment.
If you use a contact form on our website, your name, email address and message are sent directly to us in the form of an email from the website. We will then hold this information for the purposes of replying to your message, and for any continuing correspondence.
Following Our Blog by Email
Mailing List Sign-Up
If you add tours to your enquiry list, we will set three cookies to help manage your browsing experience. The first two cookies contain information about the list as a whole and help the site know when there have been changes to the items in the list. The final cookie contains a unique code for each customer so that it knows where to find your list data in the database. No personal information is stored within these cookies.
When you visit our site, Google Analytics sets a cookie to enable it to distinguish individual users, which expires after 2 years. It also sets a temporary cookie, which expires after 1 minute, to control the rate of exchange of data with its servers. The cookies do not contain any personally identifiable data.
We use Google Analytics to collect information about the number of visits to our site. We use a standard implementation of Google Analytics, which does not store any personally identifiable information. Visitors’ IP addresses are used, where possible, to determine the area in which their device is located but the IP address itself is not data that can be accessed through Google Analytics. All data in Google Analytics is aggregated and anonymised.
We do not directly set any marketing cookies. However, Third Party content embedded within our site may set additional cookies for their own marketing purposes. Pages on this site may include embedded content (such as Google Maps, YouTube videos, Trip Advisor Reviews and Facebook feeds). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Security and Spam Protection
This site employs software to protect against unauthorised login, spam and other malicious activity. Where malicious activity is detected, the IP address from which it originated will be stored.
How long we retain your data
If you provide us with your contact details or other information, we will retain it indefinitely, unless you have specifically requested otherwise or until such time as you request that it is removed. During the time that we retain your details, we will use them only for the purpose(s) for which you gave your consent – such as corresponding over a question or request, receiving news updates, or for processing orders from our shop.
What rights you have over your data
You can request full details of any information that we hold about you. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
This site is hosted on a secure server situated within the EU.
Information provided when you sign up to the email blog subscription service may be held by Automattic on servers outside the EU, where it is safeguarded to the same standards as if the data were held within the EU – see: https://automattic.com/privacy/.
Information provided when you sign up to our mailing list may be held by MailChimp on servers outside the EU, where it is safeguarded to the same standards as if the data were held within the EU – see: https://mailchimp.com/legal/privacy/
Your contact information, and information for processing your orders may also be held securely in our own computer and paper records systems.
How we protect your data
This site employs a secure (https) connection and, as such, any data you exchange with the site is transmitted over a secure, encrypted connection – details of our security certificate can be viewed by clicking on the symbol to the left of our website address in your browser address bar. Access to data held within the site, within our own computer systems and cloud storage, or within our accounts with Automattic and MailChimp (the providers of the email subscription services), is password-protected and subject to additional layers of security.
What data breach procedures we have in place
If we suspect that there has been any unauthorised access to, or disclosure of, the personal data we hold, we will immediately inform anyone who we believe may have been affected.
Our contact information
For any matter related to privacy or the storage and processing of personal data, please contact us at: firstname.lastname@example.org