Privacy Policy

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), please be informed that personal data provided through this website will be processed by:

  • Responsible Party: Agisitges SL
  • NIF: B61747911
  • Registered office: Carrer Lope de Vega, no. 9, 2nd floor, 2nd door, 08870 Sitges (Barcelona), Catalonia, Spain
  • Phone: +34 619 793 199
  • Correu electrònic de contacte: info@agisitges.com

2. Data We Process, Origin, and Purpose

2.1. Data Collected

Through this website’s contact form, we may collect the following personal data:

  • Name
  • Phone number
  • Email address
  • Message content (information you wish to provide us regarding your query or request)

For the organization of routes and activities for schools, educational centers, or groups, we may also process:

  • Contact details of teachers, school administrators, or coordinators (name, surname, phone number, email address, educational institution, etc.).
  • If strictly necessary for the organization of the activity, we may process basic student data (for example, total number of students, age ranges, and, only if necessary, lists with names and surnames or special needs related to the safety or adaptation of the activity). In these cases, data is usually provided by the educational institution or by families/legal guardians, in accordance with current regulations.

We may also process data that you send us through other channels (for example, email or phone) when you contact us directly.

2.2. Purposes of Processing

The data will be processed for the following purposes:

  • a) To attend to and manage queries sent through the contact form, email, or phone.
  • b) To organize and manage tourist and cultural routes and activities, including cultural, literary routes and other activities for schools, educational centers, and groups, with students over and under 14 years of age.
  • c) Management of requests for booking meetings and tours, both for individuals and educational centers, as well as the management of possible requested services (pre-contractual measures and, where applicable, contracting).
  • d) Administrative, accounting, and tax management derived from contracted services, if the commercial relationship is finally formalized.
  • e) Coordination with educational centers and group leaders for organizational matters (schedules, meeting points, group characteristics, special needs, etc.).
  • f) Prevention of abuse and fraud, and website security management.

If in the future you decide to receive commercial information (for example, news about tours or services), this purpose would be collected clearly and specifically, and would be based on your prior consent.

The legal bases that allow us to process your data are:

  • Execution of pre-contractual measures and/or a contract (Art. 6.1.b GDPR): to manage your information request, the booking of a meeting, or the provision of the requested tourist and educational services (cultural routes, literary routes, activities for schools, and other tours).
  • Consent (Art. 6.1.a GDPR):
    • When you voluntarily provide us with your data through the form or other channels to make inquiries.
    • When, where applicable, you authorize us to send you informative or commercial communications.
  • Legitimate interest (Art. 6.1.f GDPR): for internal website management, security, and the prevention of abuse or illicit acts.

In the case of activities with minor students, the legal basis may derive from:

  • The contractual or pre-contractual relationship with the educational institution or with the legal representatives.
  • The consent of parents or legal guardians, when necessary according to regulations.

You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal.

4. Data Retention Period

Personal data will be retained:

  • For the time necessary to attend to and manage your query or request.
  • If a contractual relationship is formalized, for the duration of the relationship and, subsequently, for the periods necessary to comply with legal obligations (for example, in tax or accounting matters).
  • In the case of activities with schools and educational centers, data will be retained for the time necessary to manage and document the activity and, subsequently, for the limitation periods of potential liabilities.
  • The data will remain duly blocked while legal, administrative, or contractual liabilities may arise.

Once the legal retention periods have expired, the data will be securely deleted.

5. Recipients of the Data

In general, we will not transfer your data to third parties except:

  • When necessary to comply with legal obligations.
  • When essential to provide the contracted service (for example, providers related to technical website management, ICT services, hosting, or communication applications), acting as data processors, with the corresponding contracts that guarantee confidentiality and data protection.
  • In specific activities, it may be necessary to communicate certain data to other tourism or service providers (for example, transport, visited sites, or other collaborators involved in the route or activity), always to the extent strictly necessary for the execution of the service.

No international data transfers outside the European Economic Area (EEA) are foreseen. Should it be necessary to use providers located outside the EEA, Agisitges SL will ensure the existence of adequate safeguards (for example, standard contractual clauses of the EU).

6. Rights of Data Subjects

As a user, you have the right to:

  • Access your personal data.
  • Request the rectification of inaccurate or incomplete data.
  • Request the erasure of data when they are no longer necessary for the purposes for which they were collected, or in other cases provided for by regulations.
  • Request the restriction of processing of your data in certain circumstances.
  • Object to the processing of your data in certain cases (especially when processing is based on legitimate interest).
  • Request the portability of your data when processing is based on consent or a contract and is carried out by automated means.
  • Withdraw consent, at any time, when this is the legal basis for processing.

Exercise of Rights

You can exercise your rights at any time by means of a written request, accompanied by a document proving your identity, addressed to Agisitges SL:

  • By email: info@agisitges.com
    Indicating in the subject line: “Data Protection”.

In the case of data of minors, rights may be exercised by their parents, legal guardians or, where applicable, by the educational institution acting as the data provider.

7. Right to Lodge a Complaint with the Supervisory Authority

If you believe that we have not processed your personal data appropriately or that we have not correctly addressed the exercise of your rights, you may lodge a complaint with the competent supervisory authority:

  • Spanish Data Protection Agency (AEPD)
    Web: www.aepd.es

Before resorting to the supervisory authority, we invite you to contact us to try to resolve any issue amicably.

8. Third-Party Data (including students)

If you provide us with personal data of third parties (for example, companions on a tour, other group members, or students from an educational institution), you guarantee that:

  • You have previously informed these individuals (or their families/legal guardians, in the case of minors).
  • You have obtained their consent, when necessary, to provide us with their data in accordance with this Privacy Policy, or that another valid legal basis exists (for example, obligations arising from the organization of educational activities by the institution).

In the specific case of activities with schools and students, the educational institution must guarantee that it is authorized to communicate the data to Agisitges SL, in accordance with data protection regulations and applicable educational regulations.

Agisitges SL is not responsible for the improper use of third-party data that are provided to us without their knowledge or authorization.

9. Data of Minors

Agisitges’ services include routes and activities aimed at school groups in which students over and under 14 years of age may participate.

  • The website and its contact form are primarily aimed at adults (families, teachers, group leaders, or educational institutions).
  • In general, the contracting and organization of activities for schools is done through the educational institution or responsible adults, who provide the necessary data.

We do not seek to collect personal data of children under 14 directly through the website. If we detect that data of children under 14 has been collected without the consent of their parents or legal guardians, we will proceed to delete them as soon as we become aware of it.

In specific activities, and always exceptionally, strictly necessary data of minors may be processed (for example, basic identification or essential information to ensure their safety during the activity), provided by their legal representatives or the educational institution.

10. Security Measures

Agisitges SL applies the necessary technical and organizational measures to ensure a level of security appropriate to the risk of personal data processing, in accordance with the GDPR.

These measures aim to prevent the loss, misuse, alteration, unauthorized access, and other possible risks to personal data, including, where applicable, data of minors.

11. Automated Decisions

No automated decisions are made, nor are profiles created that produce legal effects or similarly significantly affect you.

12. Modifications to the Privacy Policy

Agisitges SL reserves the right to modify this Privacy Policy to adapt it to legislative changes, jurisprudential criteria, or changes in the provision of its services, including new types of activities or routes.

In case of modification, the date of the last update will be indicated. It is recommended to periodically review this page to be informed of possible changes.