Privacy Policy

Last updated: February 25, 2026

1. Data Controller

The entity responsible for processing your personal data is:

  • Company: TUUR Adventure Experts
  • Address: C. San Javier Nº 16 4-B, San Pedro de Alcántara, Málaga, Spain
  • Email: tuurcanyoning@gmail.com
  • Phone: +34 699 199 158
  • Active Tourism Registry: RTA AT/MA00141

2. What Personal Data We Collect

We may collect the following personal data when you interact with our website or book an activity:

  • Identity data: full name, age, nationality
  • Contact data: email address, phone number
  • Booking data: activity preferences, group size, preferred dates
  • Health data: medical conditions, allergies, or relevant medication that you voluntarily declare for safety purposes
  • Technical data: IP address, browser type, and browsing behaviour collected through cookies
  • Images: photographs and videos taken during activities

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Managing bookings and providing our adventure servicesPerformance of a contract (Art. 6.1.b)
Responding to enquiries via our contact form, email, phone, or WhatsAppLegitimate interest (Art. 6.1.f)
Ensuring participant safety (processing health data)Explicit consent & vital interests (Art. 9.2.a / 9.2.c)
Sending promotional communications and offersConsent (Art. 6.1.a)
Sharing activity photos via WhatsAppConsent (Art. 6.1.a)
Complying with legal and tax obligationsLegal obligation (Art. 6.1.c)

4. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients only when necessary:

  • Insurance providers: to manage civil liability and accident insurance policies
  • Transport companies: when transfer services are included in your booking
  • Public authorities: when required by law (e.g., tax authorities, emergency services)
  • Technology providers: hosting, email, and analytics services that process data on our behalf under data processing agreements

5. International Data Transfers

Some of the third-party services we use (such as hosting or analytics) may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain your personal data for the following periods:

  • Booking and contract data: for the duration of the contractual relationship and up to 5 years after, in accordance with Spanish tax obligations
  • Contact form enquiries: up to 12 months from your last communication
  • Marketing communications: until you withdraw your consent
  • Activity photos: up to 12 months after the activity date

7. Your Rights

Under the General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD), you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at tuurcanyoning@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

8. Cookies

Our website uses cookies to improve your browsing experience and analyse site traffic. You can manage your cookie preferences at any time through your browser settings. For more details, please see our Cookies Policy.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted communications (SSL/TLS), access controls, and regular security reviews.

10. Data of Minors

Some of our activities are available for children from 6 years of age. In such cases, we require the consent of a parent or legal guardian for the processing of the minor's personal data, including any health information necessary for safe participation.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on this page with a new "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: