The English language versions (and/or other available languages) of all the information you will find on this website is translation of the original Spanish version. The English language version (and/or other available languages) is a courtesy and unofficial translation, for purely informative purposes, therefore, no rights can be extracted from the translation. In the event of conflicts, contradictions or discrepancies between the Spanish version and other versions in other languages, the Spanish version of these terms prevails and is conclusive to the extent permitted by law. You can check the Spanish version on our website (by selecting the language) or ask us in writing to send it to you.

: “ITINERARIUS. EXPERIENCES FOR RESTLESS TRAVELERS, S.L.” (hereinafter referred to as“ITINERARIUS”), Holder’s CIF: B-19701077

, as the owner and responsible for this portal, informs users of the Internet portal you own (hereinafter, the “Users” and the “Portal”) about their personal data protection policy (hereinafter, “Personal Data”) so that Users freely and voluntarily determine whether they wish to provide ITINERARIUS Personal Data that may be required of them or that may be obtained from Users on the occasion of the visit to the corporate website

ITINERARIUS reserves the right to amend this policy to adapt it to new legislation or jurisprudence as well as industry/consumer practices. In such cases, ITINERARIUS announce on this page the changes made reasonably in advance of their implementation. Certain leisure/tourism services offered on our ITINERARIUS platform may contain particular conditions with specific forecasts regarding the protection of Personal Data.

ITINERARIUS, as Responsible for the processing of the personal data of ITS CUSTOMERS AND USERS, informs you that this data will be processed in accordance with the provisions of the Regulation (EU) 2016/679 of April 27, 2016 (GDPR) protection of natural persons with regard to the processing of personal data and the current LOPD-GDD 3/2018 of December 5 (LOPD-GDD) protection of personal data.



identification (first name + last name) and contact details where applicable (address, telephone number and email address). Details of payment method and other data required to complete the purchase process.

responsible for the treatments:


  • CIF del Titular: B-19701077

  • Domicilio Social: Calle Muntasil, Nº 13, casa 3, CP: 18193 – Monachil – Granada

  • Contact Email :

  • Website:

  • Contact Phone: (+34) 633 72 46 77

Planned treatment purposes

MAINTENANCE OF THE existing contractual RELATIONSHIP and the commercial relationship with customers and suppliers, job staff, candidates in selection processes, followers in RRSS, users registered on our website, and interested in


In this sense, the operations planned to carry out the processing are:


When filling out any of our forms, depending on each case:


      (When making a purchase, the user data already entered gives you the option to register as a user on the platform).

In these forms, you are allowed to provide, among others, the following personal data:

  • Your first and last name and contact details (address, phone numbers and email address).

  • Other contact details and preferences.

  • We collect your data if you contact us through the Site.

  • When you visit our leisure platform we will collect your data, if you fill out any of our customer registration forms, request quotes, promotions or subscription to offers or loyalty campaigns.

  • If the personal data have been provided by the users, they must be truthful, and ITINERARIUS must be notified of any changes that occur therein, responding in any case to the veracity and accuracy of the data provided at any time.

  • The data subject who provides his/her personal data to ITINERARIUS declares to be of legal age being entirely responsible for such statement.

  • Sending commercial advertising communications by email, SMS, WhatsApp, social networks or any other electronic or physical means, present or future, that makes it possible to make commercial communications. These electronic commercial communications will be made by the RESPONSIBLE and related to the leisure and tourism services offered by ITINERARIUS, its collaborating companies or suppliers with which it has reached a promotional agreement. In this case, third parties will never have access to personal data, unless it is strictly necessary to manage the leisure service or formalize the contracted product/pack.

  • Actions requested by the User: Process requests or any type of request that, on the services/ leisure/tourism products offered by ITINERARIUS, is made by the user through any of the forms of contact that are made available to him, delivery of computer media with images of the client for the development of the contracted services, of which the client responds about its ownership and legitimacy.

  • DATA STORED DURING YOUR VISIT: When you visit our website, our web servers generally store, among other data, information about the browser and operating system you use, the website from which you visit us, the pages you visit on our website and the date of your visit. For security reasons — for example, in order to detect possible attacks on our website — the IP address assigned to you by your Internet service provider is also stored for a period of seven days. With the exception of the IP address, personal data is only stored if you provide us with such information, for example, on the occasion of an registration, a survey, table reservation request, user registration, commercial promotion. ITINERARIUS it uses its personal data for the technical administration of the web pages, the management of customers, the conduct of surveys on the leisure services enjoyed, and for marketing tasks, only to the extent necessary, and always informing the User and owner of the data in advance.

  • NEWSLETTER/NEWSLETTERS SUBSCRIPTION: In the case of subscription to any of our Newsletters (, present or future, as reported, consents to the use of your personal data for the sending of advertising or the performance of other marketing actions, these will be stored and used for such uses, such as sending newsletters already mentioned, news in our leisure and tourism offer, through communication channels such as e-mail, postal mail or any other channel authorized by you. We may use your data to create and keep your user profile up-to-date so that we can send you personalized information about advertising actions or promotions. Likewise, we may use the data you provide us to analyze and improve the effectiveness of our website services, advertising, marketing, market prospecting and business activities.

  • SENDING C. VITAE BY CANDIDATES: In case of submission of C. Vitae by the candidate, through our form “WORK WITH US” (, or to the company’s email address (, the applicant authorizes ITINERARIUS to analyze the documents you send you, all the content that is directly accessible through search engines (Google), the profiles you keep on professional social networks, such as Linkedin or similar, the data obtained in the access tests and the information you reveal in the job interview, in order to assess your candidacy and power, if any , offer you a position. In the event that the candidate is not selected, ITINERARIUS


    may keep your C. VITAE stored for future calls, unless the candidate shows up to the contrary, through any of the channels referred to.


DATA CONSERVATION CRITERIA: The data provided, in general, will be kept as long as there is a mutual interest to maintain the purpose of the processing and when it is no longer necessary for this purpose, it will be deleted with appropriate security measures to ensure the pseudonymization of the data or the total destruction thereof.

In the face of this general rule, the question arises possible variations: () Disaggregated Data: shall be kept without a period of deletion, () Customer Data ITINERARIUS: period of conservation of 4 years (Art. 66 and following of the General Tax Law), the period of conservation of 6 years old Article 30 of the Trade Code on Ledgers and Invoices), () Data provided in connection with the subscription to our newsletter: from the time the User gives his/her consent, until he/she withdraws it, () Documentation of an employment or social security-related nature: 4 years Article 21 of Royal Legislative Decree 5/2000 of 4 August approving the consolidated text of the Law on Infringements and Sanctions in the Social Order, () data provided by candidates through the submission of their C. Vitae: the C. Vitae may be kept for a maximum of two years for future selection processes unless the candidate states otherwise, (Saw) Images obtained by company-owned video surveillance systems: 30 days, AEPD’s instruction.

Communication of data: Your personal data may be communicated to:

  • Companies and entities and other organizations to which the provision of services have been contracted, such as: hosting, marketing services, market analysis and information society services.

  • Companies that make up the range of leisure and tourism services represented by the ITINERARIUS offer, present and future.

  • Companies or other organizations to which you have requested or accepted us to share your personal data.

  • Hosting companies and web-associated services: Woocommerce (

    ), WordPress(


  • The purpose of the communication of the data to the companies concerned, which compose and integrate with the controller, will be the same as those already announced previously.

  • Professional service providers, such as lawyers, solicitors, notaries, registrars, or other similar professionals in certain cases.

  • Public bodies, courts, regulators and other administrative authorities, when we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect us from claims against us or third parties, or the safety of individuals, as well as to prevent, or otherwise fight, fraud or for security or protection reasons.

  • Any third party you purchase, or transfer to, all or a substantial portion of our assets and businesses. In the event of such a sale or transfer, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in accordance with this Privacy Policy.

In such cases, we will ensure that your data is used for appropriate purposes in accordance with this Privacy Policy and the corresponding contracts or clauses for the processing of data (Standard Clauses) will be signed, applying the same or similar security measures to which



As a general rule, prior to the processing of personal data, ITINERARIUS obtains express and unequivocal consent from the owner of the same by incorporating informed consent clauses in the different information collection systems, and based on a legitimate interest of the User.

Notwithstanding the above, the foundations of standing are as follows:

  • Where processing is necessary for the performance of a contract to which it is a party or the data is necessary in the context of a pre-contractual relationship.

  • Where the use of your personal data is necessary for the satisfaction of our legitimate interests or those of the companies with which we have shared your personal data.

  • Where the processing of data is necessary to to be able to comply with the legislation/regulation governing the legal obligations of the sector, in force at all times, including those relating to the marketing of products and services, defense of consumers and users, management of retail trade, and other applicable regulations.

  • As planned applicable Information Society Services (LSSI) regulations, if there is a prior relationship in the context of the sale of a leisure/tourism service product, the data may be used for the sending of electronic commercial communications regarding our updated offer of leisure and tourism, unless you object to it in the manner provided for in this purpose.

  • When we believe that it is necessary to process your personal data in order to comply with a legal or regulatory obligation, or a vital interest.

  • Where we have your consent, to, for example, collect technical information such as cookie data and similar technologies as described in: “Information on the Use of Cookies”.

  • Acceptance of a contractual relationship in the appropriate social network environment, and in accordance with its Privacy policies in each case, when you visit any of our social profiles, detailed below:

  • Facebook:


  • YouTube:


  • Instagram:

  • Twitter:


  • LinkedIn :


  • Right to withdraw the consent provided at any time.

  • Right of access and rectification of your data.

  • Right to deletion (right to be forgotten) of your data.

  • Right to limitation or opposition to its processing.

  • Right to the portability of your data: understood as the right to receive your data in a structured, commonly used and mechanically readable format, and to transmit it to another controller (Art. 20 GDPR)

  • Right to lodge a complaint with the supervisory authority ( if it considers that the processing does not comply with current regulations.

Contact details to exercise your rights: ITINERARIUS, in application of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR), and recent LOPD-GDD 3/2018 of 5 December, has a designated internal responsible for data protection management and whose contact details are detailed below:

  • Domicilio Social: Calle Muntasil, Nº 13, casa 3, CP: 18193 – Monachil – Granada

  • Contact Email :

  • Contact Phone: (+34) 633 72 46 77


The data collected by any of the contact forms enabled on this Website, or the data provided by the Users in connection with their participation in activities/events, presentations, promotions, etc.. developed by ITINERARIUS

, will be incorporated, depending on their purpose, into the Register of Internal Processing Activities (Article 30 of

Regulation (EU) 2016/679 of 27 April 2016).

The Register of Processing Activities

is available to the Supervisory Authority.

Users, by checking the corresponding boxes and entering data in the different fields, marked with an asterisk (*) on contact forms or presented on paper forms, expressly and freely and unequivocally accept that their data is necessary to meet their request, by ITINERARIUS, with the inclusion of data in the remaining fields being voluntary. The User guarantees that the personal data provided are truthful and is responsible for communicating any modification thereof.

ITINERARIUS it informs and expressly guarantees users that their personal data will not be transferred in any case to third parties and that, provided that it plans to make any transfer in the future, the express, informed and unequivocal consent of the Users will be requested in advance, informing about the transferee’s data, and the purpose of the transfer. All data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the User. In the event that not all data is provided, it is not guaranteed that the information and services provided will be completely adjusted to your needs.


In accordance with the provisions of the current regulations on the protection of personal data, and in particular Regulation

(EU) 2016/679 of 27 April 2016 and recent LOPD-GDD 3/2018 of 5 December,


it is complying with all the provisions of the regulations for the processing of personal data of its responsibility, and manifestly with the principles described, by which they are treated in a lawful, fair and transparent manner in relation to the data subject and appropriate, relevant and limited to what is necessary in relation to the purposes for which they are treated.

In any case, ITINERARIUS has implemented sufficient mechanisms to:

  1. Ensure the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  2. Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  3. Check, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the treatment.
  4. Pseudonymize and encrypt personal data, if applicable.


ensures that it has implemented appropriate technical and organisational policies to implement

the security measures set out in Regulation (EU) 2016/679 of 27 April 2016 and the recent LOPD-GDD 3/2018 of 5 December

in order to protect the rights and freedoms of Users and has communicated to them the appropriate information so that they can exercise them. The company has installed all the means and technical measures at its disposal to prevent the loss, misuse, alteration,

unauthorized access and theft of the Personal Data provided by the owner to ITINERARIUS

. However, the User must be aware that the security measures on the Internet are not impregnable.

The personal data that are incorporated into the Register of Internal Processing Activities, will be treated with the utmost confidentiality and security, the Indicated File Holder may send you commercial information regarding NEWS AND PROMOTIONS MADE IN OUR ESTABLISHMENT AND OFFERED BY ITINERARIUS, in this case, the sender undertakes to indicate its advertising purpose when sending, and to coordinate a simple, clear and free system for the case in which you wish to stop receiving them.



contained on the website are intended exclusively for adults, in

the case in which the company offer any product/service, promotional activity, event or similar, in which the collection of Personal Data of minors may occur, ITINERARIUS will always request parental compliance so that minors can access them and their Personal Data can be subject to automated processing as provided in this notice on the Data Protection Policy.

As previously reported, the automated collection and processing of Personal Data is intended to maintain

the commercial relationship where appropriate established with ITINERARIUS

, the management, administration, provision, extension and improvement of the services that the User decides to contract, discharge, or use the adequacy of such services to the preferences and tastes of the Users, the study of the use of the services by the Users, the design of new sports services related to such services, the sending of updates of the services , the sending, by traditional and electronic means, of commercial information about the company today and in the future.

For what purposes will we process your personal data?

  • Answer your queries, requests or requests.

  • Manage the requested service, answer your request, or process your request.

  • Relate to you and a community of followers.

What is the legitimacy for the processing of your data?

Acceptance of a contractual relationship in the appropriate social network environment, and in accordance with its Privacy policies:

Knowing ITINERARIUS in all cases responsible for the processing of the data of its followers, fans, subscribers, commentators and other user profiles (hereinafter, followers). The treatment ITINERARIUS will carry out with such data will be, at most, the one that the social network allows to corporate profiles. So, ITINERARIUS you can inform your followers by any means that the social network allows about your news, activities, promotions. Under no circumstances ITINERARIUS extract data from social networks, unless the user’s consent to do so is obtained on time and expressly. Where, due to the very nature of social networks, the effective exercise of the rights of the follower is subject to the modification of the follower’s personal profile, ITINERARIUS

will help and advise you to this end to the extent possible.

Right to Information.

After the corresponding request,



you will immediately notify you in writing, in accordance with applicable law, if we have stored personal data of yours, and what these are. In the event that you are registered as a user, we offer you the possibility to personally consult your data, and, where appropriate, proceed to its deletion, modification and / or update.

Please, if you have any questions about this Privacy Policy, please contact us through:

  • Domicilio Social: Calle Muntasil, Nº 13, casa 3, CP: 18193 – Monachil – Granada

  • Contact Email :

  • Contact Phone: (+34) 633 72 46 77

In case you need any clarification about this Privacy Policy,

you wish to make any questions or claims, or exercise of rights, please contact our

Internal Data Protection Security Officer in writing at the following email address:

stating in the subject line: “Data Protection”