Policy Privacy Policy
Version 03/12/2023
Privacy Policy
The protection of your personal data is important to us. With this privacy policy, we would like to explain to you in more detail what personal data we collect and for what purposes this data is processed. U.S. residents should refer to our supplemental CCPA here.
The person responsible for the processing of your personal data is the following:
MuseumMate, s.l.u
Arlabán Street, 7-8th floor
28014 Madrid
Spain
If you have any questions or suggestions regarding data protection or if you wish to exercise your rights, please do not hesitate to contact us through the following link: https://howtovisitsevilla.com/contact.
You may contact the data protection officer at:
The object of data protection is personal data, i.e. all information relating to an identified or identifiable natural person. Hereinafter, personal data is also referred to simply as “data”.
When accessing our website, your terminal device automatically transmits data for technical reasons. The following data is stored separately from other data you may transmit to us:
We store this data for the following purposes:
Your IP address is only stored for a period of 30 days.
In this case, the data processing takes place to ensure the security of the processing in accordance with art. 32 of the GDPR, as well as on the basis of our legitimate interest in protecting us against misuse of our service (art. 6, para. 1, letter f, of the GDPR).
4.1. Registration
Alternatively, you can log in with your Facebook, Google or Apple account. In this case, we will receive the following personal data from Facebook or Google or Apple in order to create a user account for you:
Your registration data is required to set up and manage your user account. In this case, you will enter into a (free) user agreement with us, on the basis of which we will collect this data (Art. 6 para. 1 letter b GDPR).
To conclude the agreement, you must provide us with these data. However, you are not contractually or legally obligated to enter into the agreement or, therefore, to provide the data.
4.2. Favorites lists
After you have created a customer account, you have the option to create favorite lists with activities and tours and to share these favorite lists with other users. Your data is processed for these purposes in order to provide you with the corresponding functions (art. 6, para. 1, letter b, of the GDPR).
Our website offers the possibility to rate and comment tours or activities. After you have completed a tour booked through our website, we may ask you to rate it. Naturally, the submission of ratings is voluntary. When you submit a rating, we will collect the data you enter and process it according to the function you use and publish it on our website. You can request to have any of your ratings removed at any time by contacting our customer service.
You may opt out of receiving requests to rate activities at any time by clicking on the unsubscribe link in each email requesting a rating. If you have an account, you can also do this from the Settings section -> Notifications in your profile. You can also send us a message through the following link
https://howtovisitsevilla.com/contact/
.
The processing of your data for these purposes takes place to protect our legitimate interest in providing our users with as much information as possible about the tours we offer. In addition, user ratings are of interest to all users. Consequently, the processing is based on art. 6, para. 1, letter f, of the GDPR.
6.1. Processing of applications
Your request will be handled by our data processor, MuseumMate, s.l.u.
For the processing of requests, we use systems provided by Arsys, based in Spain (“Arsys”). Accordingly, your requests are stored on Arsys servers.
6.2. Improved customer service
In order to continuously improve our customer service, we analyze the requests we receive based on certain parameters and keywords. Although, as a matter of principle, no analysis is performed on the basis of personal data, it cannot be ruled out that, in individual cases, personal data may also be processed in this context. The processing required in this context is based on our legitimate interest, as well as that of our customers, in the continuous improvement of our customer service (art. 6 para. 1 letter f of the GDPR).
6.3. Translations
In certain cases, it is necessary for us to translate incoming requests into a specific language. This may require the processing of personal data that is necessary to protect our legitimate interest in providing international customer service pursuant to Art. 6, para. 1, letter f of the GDPR.
6.4. Storage and evaluation of telephone calls
Telephone calls will only be stored and analyzed if you have given us your prior consent. We will only use this data to improve our customer service. Records will be deleted after three months. The legal basis is art. 6, para. 1, letter a, of the GDPR. You may revoke your consent at any time by contacting us through one of the contact channels mentioned in this privacy policy. This will not affect the legality of the processing that we have carried out until your revocation.
We use technical service providers for hosting and some of the services required for the website. Consequently, data processing takes place on the servers of these service providers. These service providers process data exclusively in accordance with our explicit instructions and are obliged to ensure sufficient technical and organizational measures for data protection. Accordingly, our service providers act for us as so-called “processors” within the meaning of Art. 28 of the GDPR.
7.1. Web site hosting
For the hosting of our website, we use the services of Arsys Internet SLU. (“ARSYS”), headquartered in Spain. Consequently, when you interact with our website or provide personal data, these are processed on ARSYS servers. We only use servers located in the European Union.
For sending e-mails, we use the Microsoft 365 service of Microsoft Corp. based in the USA.
Our website offers you the possibility to register for our newsletter. With our newsletter we would like to send you as much personalized information as possible about offers, tours, activities or special promotions. By registering to receive our newsletter, you consent to us processing your e-mail address for the purpose of sending you the newsletter. The legal basis for this data processing is art. 6, para. 1, letter a, of the GDPR. You may revoke your consent at any time by unsubscribing from our newsletter. To do so, you can either use the unsubscribe link included in each email or send us a message via the link
https://www.howtovisitsevilla/contact/
. To verify your e-mail address, you will first receive a registration e-mail, which you will need to confirm via a link (“double opt-in”). When you register to receive the newsletter, we store the IP address and the date and time of registration. The processing of this data is necessary to prove that you have given your consent. The legal basis derives from our legal obligation to demonstrate your consent (Art. 6, para. 1, letter c, in conjunction with Art. 7, para. 1, GDPR).
If you have booked a tour through our website or if you have created a Howtovisitsevilla account, we will send you our newsletter on the basis of our legitimate interest in promoting services similar to your bookings or account, unless you have objected to this use. If cookies are used for personalization purposes, we will ask for your consent separately.
You can object to this at any time, including during registration, by deselecting the relevant check box or by clicking on the unsubscribe link in the respective e-mails. In addition, if you have an account, you can subscribe or unsubscribe to various types of communication from the Settings section -> Notifications in your profile.
9.1. Reservations
When you book a ticket or service on our website, we collect the data necessary for you to perform that ticket or service. This usually includes the following information: first and last name, billing address, email address, telephone number, number of participants, ID or passport number, age range, date and time.
Depending on the ticket booked, we may need to collect more information, such as your ID or passport number or the age of the participants. The data processing that takes place in connection therewith is based on art. 6, para. 1, letter b, of the GDPR. To the extent necessary, we will transfer your data to the supplier responsible for your tour or activity who will process your personal data as set out in their privacy policy as an independent data controller. If a transfer to a third country outside the European Economic Area is necessary, it will be based on Art. 49, para. 2, letters b and c of the GDPR.
If you make reservations through partner websites, you will be redirected to provide your personal data and complete the booking process on the Howtovisitsevilla website as described above. On some partner websites, your data is collected by the partner as an independent data controller in accordance with its privacy policy. Howtovisitsevilla will receive the necessary data to make the reservation from the partner.
On other websites that have partnered with us to integrate booking offers directly into their own website, both the partner and Howtovisitsevilla act as independent data controllers for the processing of your personal data.
9.2. Reservation confirmations
In order to inform you about your bookings, we will send you booking confirmations, as well as reminders and updates for your upcoming bookings (e.g. schedule or meeting point changes) to ensure that you have all the information you need to attend the booked services. Booking confirmations are sent to your email and/or via SMS to the phone number you provide during the booking process, as well as via push notification from the HTVS app. If you have an account, you can choose in more detail how you want to receive notifications through the Settings -> Notifications section of your profile.
We process your personal data in order to provide you with these functions of our service (art. 6 para. 1 letter b GDPR).
9.3. Payments
You have several options to pay for your reservation. For this purpose, we will process the data required in each case depending on the selected payment method.
In this context, your personal data will be processed as described below, on the basis of Art. 6 para. 1 letter b of the GDPR, in order to implement the payment method you have selected.
9.3.1. Credit card payments
For credit card payment processing, we use the service provider Stripe. The data provided during your payment will be forwarded by Stripe to the respective banks or financial institutions in order to process the payment. In the case of credit card payments, we only receive information on whether or not a payment has been made, along with the last 4 digits of your credit card. Therefore, your full credit card number does not come to our knowledge.
9.3.2. Payments through PayPal
If you have a PayPal account, you can also process your payment through PayPal. In this case, we receive from PayPal not only the information that a payment has been made, but also the e-mail address and the address you have registered with PayPal.
To protect ourselves and HTVS users against fraudulent bookings, we evaluate the information provided by our customers during the booking process, including data technically transmitted by their device, to the extent necessary to protect our legitimate interest and that of the activity providers in the reliability of the bookings (Art. 6, para. 1, letter f, GDPR).
To protect ourselves from bots and similar technologies, we use the Cheq service provided by CHEQ AI Technologies Ltd., based in Israel (“Cheq”). Cheq uses the data transmitted automatically by your device to determine whether the request was most likely issued by a human being. No additional data storage is performed. The data processing takes place to ensure the security of the processing in accordance with art. 32 of the GDPR and on the basis of our legitimate interest in protecting ourselves against misuse of our service (art. 6, para. 1, letter f, of the GDPR). For Israel, there is an adequacy decision of the European Commission in accordance with art. 45 of the GDPR.
We use so-called “cookies” to provide certain functions of our website and to optimize the use of our website. Cookies are small files that are stored on your device with the help of your web browser.
Specifically, we use the following cookies (unless other cookies are specified elsewhere in this privacy policy or in our cookie consent):
13.1. Customer surveys and market research
Howtovisitsevilla or the research agencies we collaborate with may invite you to participate in moderated or unmoderated market research. It can be a client of Howtovisitsevilla or an external participant recruited independently by the agency. Participation and video recordings of these sessions are always based on your express consent, which we collect in writing prior to each study. The research agencies with which we could collaborate are:
Marketing and remarketing services
14.1. Evaluation of advertising on the web and social media platforms
With respect to our social media advertising, we use a service provided by Smartly.io Solutions Oy, based in Finland, to analyze the success of our ads.
14.2. Google Services
We use the services of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, USA (“Google”) described below. There is no European Commission adequacy decision for the USA. Therefore, we have signed the standard contractual clauses approved by the European Commission with Google in accordance with art. 46, para. 2, letter c, of the GDPR.
You can find basic information about the processing of your personal data by Google at the following link: https://policies.google.com/privacy?hl=en.
You also have the following configuration options with Google:
You can disable customized advertising by browser:(http://optout.networkadvertising.org/?c=1)
14.2.1 Google Analytics 360
We use Google Analytics 360, a web analytics service, provided that you have consented to this. Google Analytics 360 collects pseudonymized data about your use of our website, including your abbreviated IP address, and uses cookies. This data is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf.
Google Analytics stores your data for a period of 14 months. After this period, the data is deleted and only aggregated statistics are kept.
The use of Google Analytics is based on your consent (art. 6, para. 1, letter a, of the GDPR).
You can revoke your consent at any time and deactivate Google Analytics using a browser add-on. You can download it here: http://tools.google.com/dlpage/gaoptout. Alternatively, you may revoke your consent as described in the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out. You can also revoke your consent through our Change Preferences. This does not affect the legality of the treatment carried out until its revocation.
14.2.2. Google advertising personalization and remarketing in the Google network.
We use Google’s remarketing services, provided that you have consented to this. Google uses cookies to track your usage behavior on our website in order to display interest-based advertising for our products on other pages within the Google advertising network across all devices. This includes Google search and other sites operated by Google and its affiliates, as well as sites operated by Google’s advertising partners. The information is transmitted accordingly to Google and Google’s partners. Further data processing only takes place if you have given your consent for Google to link your browsing history to your Google account and to use the information from your Google account to personalize the advertisements you see on the website. In this case, Google will use your data together with Google Analytics data to create and define target group lists for remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data in order to form target groups.
The use of these services is based on your consent (art. 6, para. 1, letter a, of the GDPR).
You can revoke your consent through our Change Preferences. This does not affect the legality of the treatment carried out until its revocation. In addition, the remarketing cookie is automatically deleted as soon as it is no longer needed for the purposes for which we collect or use it in accordance with the preceding paragraphs.
14.2.3. YouTube Pixel
We use the YouTube pixel, provided that you have given your consent to do so. This is a tracking code that is loaded when you access our website and certain subpages and when you perform certain actions to track your behavior on our website. The pixel also collects usage data (such as URL, referrer URL, IP address, device and browser properties, and timestamp). We send this information to Google so that Google can display ads on YouTube according to your behavior on our website.
We use the YouTube pixel on the basis of your consent (art. 6, para. 1, letter a, of the GDPR). You can revoke your consent at any time through our Change Preferences. This does not affect the legality of the treatment carried out until its revocation.
14.2.4. Improved Google conversions
This technology does not rely on cookies or pixels. When you use our website and are redirected by a Google ad, we send a hash identifier and information about possible purchases to Google. Google uses this information only to learn which ad you clicked on, to measure the success of certain ads, and to provide this information to us in aggregate form. In particular, Google will not use the data to serve ads to you or other users, nor will Google store or use the data for any other purpose. We transmit this data on the basis of our legitimate interest in monitoring our marketing activities (art. 6, para. 1, letter f, of the GDPR).
14.2.5. Retargeting and audience segmentation
If you give us your consent, we use the services provided by Google Ireland Limited to show you personalized ads on Google and reach audiences similar to yours. In this case, we transfer your encrypted (encoded) e-mail address together with information about your behavior on the website to Google. Google will then match your encrypted data against its database and, if you have a Google account with personalized ads enabled, will identify you in order to show you ads from Howtovisitsevilla. The processing is based on your consent (art. 6, para. 1, letter a, of the GDPR). You may withdraw your consent at any time with future effect by declining the Advertising Technologies option in our consent manager. Google may process your personal data in the USA. There is no European Commission adequacy decision for the USA. Therefore, we have signed the standard contractual clauses approved by the European Commission with Google in accordance with art. 46, para. 2, letter c, of the GDPR.
14.3. Facebook Services
We use the services of Facebook Ireland Limited (“Facebook”) described below. Please note that this may also involve data processing by Facebook Inc. based in the U.S. There is no adequacy decision of the European Commission for the U.S. In this case, Facebook will use the standard contractual clauses approved by the European Commission, which constitute an adequate safeguard within the meaning of Art. 46 para. 2 letter c of the GDPR for the transfer to third countries.
In Facebook’s privacy policy at https://www.facebook.com/privacy/explanation, you will find basic information about Facebook’s processing and use of your data, as well as your settings options for protecting your privacy with Facebook.
14.3.1. Facebook Pixel
The Facebook pixel is used on our website, provided that you have given your consent to this. This is a Javascript code. The Facebook pixel records whether you perform certain actions on our website or visit certain areas of our website. The Facebook pixel also collects usage data (such as URL, referrer URL, IP address, device and browser characteristics and timestamp). The Facebook pixel generates a checksum or “hash value” from this information and transmits this hash value to Facebook. If available, the Facebook cookie is also processed and your Facebook ID is transmitted. If you have a Facebook profile and log in with it, you may be shown targeted personalized advertising on Facebook based on the data transmitted by the pixel. The data of users who do not have a Facebook profile are discarded by Facebook without being used.
We use the Facebook pixel on the basis of your consent (Art. 6 para. 1 letter a of the GDPR). You can revoke your consent at any time through our Change Preferences. This does not affect the legality of the treatment carried out until its revocation.
14.3.2. Facebook’s “Server-to-server”
This technology does not rely on cookies or pixels. When you use our website and are redirected by Facebook, we send Facebook your Facebook click ID and information about possible purchases and other actions on our website. Facebook uses this information to learn which ad you clicked on, to measure the success of certain ads, and to provide this information to us in aggregate form. Facebook will not use the data to serve targeted ads to you or other users. We transmit this data on the basis of our legitimate interest in monitoring our marketing activities (art. 6, para. 1, letter f, of the GDPR).
14.3.3. Retargeting and audience segmentation
If you give us your consent, we use the services provided by Meta Platforms, Inc. (USA) to show you personalized ads on Facebook and reach audiences similar to yours. In this case, we transfer to Facebook your encrypted (encoded) e-mail address together with information about your behavior on the website. Facebook will then match your encrypted data against its database and, if you have a Facebook account with personalized ads enabled, will identify you in order to show you ads from Howtovisitsevilla.
We are jointly responsible with Meta Platforms, Inc. in such data transfer to Facebook. You can find the agreement of this collaboration here: https://www.facebook.com/legal/controller_addendum.El processing is based on your consent (art. 6, para. 1, letter a, of the GDPR). You may withdraw your consent at any time with future effect by declining the Advertising Technologies option in our consent manager. There is no European Commission adequacy decision for the USA. We have therefore signed the standard contractual clauses approved by the European Commission with Facebook in accordance with Art. 46 para. 2 letter c of the GDPR.
14.4. Other remarketing services
Provided that you have consented to this, we also use the remarketing services described below on our website. In each case, your usage behavior on our website is analyzed using cookies. Vendors use this information to display customized advertising on third-party sites.
We use these services on the basis of your consent (art. 6, para. 1, letter a, of the GDPR). You can revoke your consent at any time through our Change Preferences. This does not affect the legality of the treatment carried out until its revocation.
We have also integrated third-party content on our website. This content is loaded from the respective provider’s servers, whereby your end device transmits certain technically necessary data to the third-party provider. In particular, it cannot be ruled out that these providers may take note of the IP address assigned to you. To the extent that personal data is processed, this will be done on the basis of the privacy policies of the respective third party providers. The integration carried out by us is based on our legitimate interests in being able to provide our users with the corresponding content and functions and to be able to operate our website in a cost-effective manner, pursuant to Art. 6 para. 1 letter f of the GDPR. Specifically, we integrate the following third-party content:
We have integrated content from the Contentstack content distribution network of U.S.-based Contentstack LLC. Please note that there is no European Commission adequacy decision for the USA. Therefore, we have signed the standard contractual clauses approved by the European Commission with Contentstack LLC in accordance with art. 46, para. 2, letter c, of the GDPR. For more information on data protection at Contentstack LLC, please visit the following website: https://www.contentstack.com/privacy.
16.1 Facebook
Facebook is a service operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). If you visit or “Like” our Facebook page as a registered Facebook user, Facebook will collect personal data from you. Even if you are not registered with Facebook and visit our Facebook page, Facebook may collect pseudonymized usage data from you. For more information, see Facebook’s data policy at https://www.facebook.com/about/privacy/ and at https://www.facebook.com/legal/terms/information_about_page_insights_data. In the data policy you will also find information on the settings options for your Facebook account.
Your personal data may also be provided to other Facebook companies. This may involve the transfer of personal data to the U.S. and other third countries for which there is no adequacy decision by the European Commission. In this case, Facebook will use the standard contractual clauses approved by the European Commission. More information can also be found in Facebook’s data policy.
In addition, as part of the operation of our Facebook page, we are jointly responsible with Facebook for the processing of so-called “insights” from the page. With the help of these page insights, Facebook analyzes the behavior on our Facebook page and provides us with this information on a non-personal basis. To this end, we have entered into a joint data protection liability agreement with Facebook Ireland, which you can view at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. In this agreement, Facebook agrees, among other things, to assume primary responsibility under the GDPR for the processing of page insights and to comply with all obligations relating to the processing of page insights under the GDPR.
16.2 Instagram
Find our Instagram page at https://www.instagram.com/howtovisitsevilla/
Instagram is a service operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). Instagram’s privacy policy can be found at https://help.instagram.com/519522125107875. There you will also find information about your account configuration options.
Your personal data may also be made available to other Facebook or Instagram companies. This may involve the transfer of personal data to the U.S. and other third countries for which there is no adequacy decision by the European Commission. In this case, Facebook will use the standard contractual clauses approved by the European Commission. More information can also be found in Instagram’s data policy.
In addition, as part of the operation of our Instagram page, we are jointly responsible with Facebook for the processing of so-called Instagram insights. With the help of these Instagram insights, Facebook analyzes the behavior on our Instagram page and provides us with this information in a non-personal way. To this end, we have entered into a joint data protection liability agreement with Facebook, which you can view at the following link: https://facebook.com/legal/terms/page_controller_addendum. In this agreement, Facebook agrees, among other things, to assume primary responsibility under the GDPR for the processing of Instagram insights and to comply with all obligations relating to the processing of page insights under the GDPR.
16.3 Twitter
You will find our Twitter account at https://twitter.com/howtovisitsevilla/
For users located outside the U.S., Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (“Twitter International”). Twitter’s privacy policy can be found at https://twitter.com/en/privacy. There you will also find information about your Twitter account settings.
Please note that Twitter International also transfers personal data to third countries outside the European Economic Area for which there is no adequacy decision by the European Commission. To the extent of such transfer, Twitter will use the standard contractual clauses approved by the European Commission.
We also use the Twitter Analytics feature. As part of this feature, we receive non-personal information from Twitter International about our account usage. This information allows us to analyze and optimize the effectiveness of our Twitter activities. The processing that takes place in this context is based on our legitimate interest in optimizing our Twitter activities (art. 6, para. 1, letter f, of the GDPR).
16.4 Pinterest
You will find our Pinterest page at https://www.pinterest.com/howtovisitsevilla/
Pinterest is a service operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Pinterest’s privacy policy can be found at https://policy.pinterest.com/en/privacy-policy.
Please note that Pinterest also transfers personal data to third countries outside the European Economic Area for which there is no European Commission adequacy decision. To the extent of any such transfer, Pinterest will take appropriate data protection measures, such as signing standard contractual clauses approved by the European Commission. For more information, please see Pinterest’s privacy policy.
Finally, we receive non-personal information and analytics from Pinterest about our account usage. This information allows us to analyze and optimize the effectiveness of our activities on Pinterest. The processing that takes place in this context is based on our legitimate interest in optimizing our Pinterest activities (art. 6, para. 1, letter f, of the GDPR).
16.5 YouTube
You will find our YouTube page at https://www.youtube.com/howtovisitsevilla/
YouTube is a service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). You will find Google Ireland’s privacy policy at https://policies.google.com/privacy?hl=en. There you will also find information about your Google account settings. Please note that your Google Account may be used for various Google services (e.g. Gmail, YouTube or Google Search) and that Google Ireland may merge personal data related to the Google services you use in accordance with your Google Account settings.
Please note that Google also transfers personal data to Google LLC, based in the USA, and that there is no adequacy decision from the European Commission for the USA.
Finally, we receive non-personal information and analytics from Google about our account usage or interactions with our videos. This information allows us to analyze and optimize the effectiveness of our YouTube activities. The processing that takes place in this context is based on our legitimate interest in optimizing our YouTube activities (art. 6, para. 1, letter f, of the GDPR).
16.6 LinkedIn
You can find our LinkedIn account at https://www.linkedin.com/company/howtovisitsevilla/
For users located in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). You will find LinkedIn’s data protection guidelines at https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. There you will also find information about your LinkedIn profile settings.
Please note that LinkedIn also transfers personal data to third countries outside the European Economic Area for which there is no European Commission adequacy decision. To the extent of such transfer, LinkedIn will use the standard contractual clauses approved by the European Commission. You will find the corresponding information at https://www.linkedin.com/help/linkedin/answer/62533….
Finally, we receive non-personal information and analytics from LinkedIn about our account usage or interactions with our posts. This information allows us to analyze and optimize the effectiveness of our LinkedIn activities. The processing that takes place in this context is based on our legitimate interest in optimizing our LinkedIn activities (art. 6, para. 1, letter f, of the GDPR).
16.7. WhatsApp
You can also contact us to send us requests via WhatsApp. WhatsApp is a service operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). You will find WhatsApp’s privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea?lang=en. There you will also find information about your account configuration options.
Your personal data may also be provided to other Facebook companies. This may involve the transfer of personal data to the U.S. and other third countries for which there is no adequacy decision by the European Commission. In this case, Facebook will use the standard contractual clauses approved by the European Commission. More information can also be found in Facebook’s data policy.
The data processing is carried out in order to process the requests you send us (art. 6, para. 1, letter b, of the GDPR). The additional storage of the data transmitted in the context of your request is based on our legitimate interest in the proper documentation of our business operations and the protection of our legal positions (Art. 6 para. 1 letter f GDPR) and, if applicable, the fulfillment of legal obligations (Art. 6 para. 1 letter c GDPR).
16.8. Contests
Occasionally, we also organize contests through our social networking sites. To participate, you must, for example, comment on certain content, “Like” us or tag us. We process the data you provide in this context to carry out the contest and notify the winners (art. 6, para. 1, letter b, GDPR).
16.9. Social media management
To measure the success of our social media activities, we also record when we are tagged on social networks. In this context, we also process information about the people who tag us. The processing that takes place in this context is based on our legitimate interest in optimizing our activities on social networks (art. 6, para. 1, letter f, of the GDPR).
For this purpose, we use the Curalate tool provided by Curalate, Inc. based in the U.S. Please note that there is no European Commission adequacy decision for the U.S. Therefore, we have signed the standard contractual clauses approved by the European Commission with Curalate Inc. in accordance with Art. 46 para. 2 letter c of the GDPR.
16.10. Analysis of our activities in social networks
We also evaluate the success of our social media posts. We analyze how often each post is clicked on. For this purpose, we use the services of Looker Data Sciences, Inc. based in the U.S. The data processing is based on our legitimate interest in analyzing our reach and the success of our social media activities. There is no adequacy decision of the European Commission for the U.S. Therefore, we have signed the standard contractual clauses approved by the European Commission with Looker Data Sciences, Inc. in accordance with Art. 46 para. 2 letter c of the GDPR. Furthermore, we use Google Analytics for these purposes (see separate section on Google Analytics).
To manage our customer relationships, we store your personal data in our CRM system. This allows us to respond to any requests in a targeted manner and to send you contextual advertising within the permitted framework. The processing that takes place in this context is based on our legitimate interest in managing our customer relationships (art. 6, para. 1, letter f, GDPR). For this purpose, we use the services of the US-based provider Braze, Inc. (“Braze”). There is no adequacy decision of the European Commission for the USA. Therefore, we have signed the standard contractual clauses approved by the European Commission with Braze in accordance with Art. 46 para. 2 letter c of the GDPR.
We also process your data to display personalized content on our website. The legal basis for this is our legitimate interest in showing you tours and activities that are relevant to you (art. 6, para. 1, letter f, GDPR).
Beyond the cases described above, your personal data will only be transmitted without your prior express consent in the following cases:
This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting crimes and securing, asserting and enforcing claims, provided that this does not violate your rights and interests in the protection of your personal data pursuant to Art. 6 para. 1 letter f GDPR or on the basis of a legal obligation pursuant to Art. 6 para. 1 letter c GDPR.
The transfer of data to processors is carried out on the basis of art. 28, para. 1, of the GDPR.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to economic and legal circumstances as necessary (art. 6, para. 1, letter f, GDPR).
We do not use any automated processing to make a decision or create a profile.
We delete or anonymize your personal data as soon as it is no longer needed for the purposes for which we have collected or used it in accordance with the above paragraphs. We will continue to retain your data if we are required to do so for legal reasons or if the data is needed for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.
If you delete your user account, your profile will be completely and permanently deleted. However, we will retain backup copies of your data to the extent and for as long as this data is necessary for legal reasons, for criminal prosecution or to secure, assert or enforce legal claims.
If the data must be retained for legal reasons, its processing will be restricted. In such a case, the data will no longer be available for further use.
Storage beyond the contractual relationship is based on our aforementioned legitimate interests in accordance with Art. 6 para. 1 letter f of the GDPR.
You have the rights described below with respect to the processing of your personal data. To exercise your rights, you can make a request here, by mail or by e-mail to the address indicated above.
22.1. Right of access to information
You have the right to receive information from us at any time, upon request, about the personal data we process concerning you, to the extent and in accordance with the provisions of § 15 GDPR and § 34 BDSG (German Federal Data Protection Act).
22.2. Right to rectify incorrect data
You have the right to request that we correct personal data concerning you without delay if it is inaccurate.
22.3. Right to suppression
You have the right to demand that we delete personal data concerning you under the conditions described in § 17 GDPR and § 35 of the German Federal Data Protection Act (BDSG). These conditions provide, in particular, for the right of erasure if the personal data are no longer necessary for the purposes for which they were collected or processed, as well as in cases of unlawful processing, existence of an objection or existence of an obligation of erasure under the legislation of the European Union or the Member State to which we are subject.
22.4. Right to restrict processing
You have the right to demand that we restrict the processing of your data in accordance with art. 18 of the GDPR. In particular, this right exists in the event that the user and we dispute about the accuracy of the personal data, for the time required to verify the accuracy, as well as in the event that the data subject requests restricted processing instead of deletion of his or her data where a right of erasure exists; furthermore, in the event that the data is no longer necessary for the purposes we pursue, but the user requires it to assert, exercise or defend legal claims, or if the user and we are still disputing about the successful exercise of an objection.
22.5. Right to transfer data
You have the right to receive from us personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 of the GDPR.
22.6. Right of opposition
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out, inter alia, on the basis of Art. 6 para. 1 letters e or f of the GDPR, in accordance with Art. 21 of the GDPR. In such a case, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
22.7. Right of recourse
You have the right to contact the supervisory authority of your choice in case of complaints.
22.8. Data processing in the exercise of your rights
Finally, we would like to point out that we will process the personal data you provide to us when exercising your rights in accordance with arts. 15 to 22 of the GDPR in order to implement these rights and to be able to provide evidence of this. This data processing has as its legal basis art. 6, para. 1, letter c, of the RGPD, together with arts. 15 to 22 of the GDPR and § 34 para. 2 of the German Federal Data Protection Act (BDSG).
The current version of this privacy policy can be viewed at any time at
https://www.howtovisitsevilla/politica_privacidad_
.
We help you get the best from museums, tours, activities and destinations by providing a great choice of local tours and attractions.
