Christmas Discount Prices Now Applied! 🎅🏼
CanaryVIP Logo
Product has been added to your basket.

Privacy Policy

1. Introduction

Welcome to CanaryVIP.com. The protection of your personal data and your privacy are fundamental priorities for us. This Privacy Policy describes the categories of personal information we collect, the purposes for which we use it, how we share and store it, and the security measures we apply to keep it safe. All processing activities are carried out in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR).

2. Data Controller

Under the GDPR, the entity responsible for processing your personal data is:

CanaryVIP

3. Legal Basis for Processing

In accordance with Article 6 of the GDPR, CanaryVIP relies on the following legal grounds to process personal data:

3.1 Performance of a Contract (Art. 6.1.b)

We process personal data when it is necessary to fulfil a contract with you or to take steps at your request before entering into a contract. This covers:

  • Processing bookings and managing reservations.
  • Providing customer support in connection with booked services.
  • Handling cancellations, refunds, and itinerary changes.

3.2 Consent (Art. 6.1.a)

Where required by law, we obtain your explicit consent before processing personal data. This applies in particular to:

  • Sending promotional emails, newsletters, or other marketing communications.
  • Collecting additional information through optional forms on our website.

You may withdraw your consent at any time without affecting the lawfulness of any processing carried out before the withdrawal.

3.3 Legal Obligation (Art. 6.1.c)

We may process personal data to comply with legal obligations binding on CanaryVIP, including:

  • Tax and financial regulations related to invoicing and transactions.
  • Consumer protection legislation.
  • Responding to lawful requests from public authorities or law enforcement bodies.

3.4 Legitimate Interest (Art. 6.1.f)

We may process data on the basis of our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include:

  • Improving our services through analytics and customer feedback.
  • Fraud prevention and cybersecurity.
  • Responding to general inquiries and customer service requests.

You have the right to object to processing based on legitimate interest at any time. To exercise this right, contact us at [email protected].

4. Information We Collect and How We Use It

4.1 Categories of Personal Data

We may collect and process the following types of personal data:

  • Identity Data: Name, surname, date of birth.
  • Contact Data: Email address, phone number.
  • Booking Data: Excursion details, reservation information, and associated payments.
  • Communication Data: Emails, messages, and records of customer service interactions.
  • Transaction Data: Payment information processed securely through third-party payment providers.

4.2 Purposes of Processing

We use the personal data we collect for the following purposes:

  • Processing and managing bookings and reservations.
  • Providing customer support before, during, and after excursions.
  • Sending service-related communications (confirmations, reminders, updates).
  • Meeting legal and regulatory obligations.

5. Data Sharing and Retention

5.1 When We Share Data

We share personal data only when strictly necessary and always in compliance with GDPR. Recipients may include:

  • Payment Processors: To process transactions securely (e.g., Stripe, PayPal).
  • Regulatory Authorities: When disclosure is required by law.
  • Service Providers: For fraud prevention, security, and operational support.

For information about data shared through cookies and tracking technologies, please refer to our Cookie Policy.

5.2 International Data Transfers

In order to deliver our services, CanaryVIP may share personal data with third-party providers located outside the European Economic Area (EEA). When this occurs, we ensure compliance with Articles 44 to 50 of the GDPR through appropriate legal safeguards:

  • Certain providers, including Google, Meta (Facebook and Instagram), and TikTok, are based in the United States and participate in the EU-U.S. Data Privacy Framework (DPF).
  • For providers not covered by the DPF, such as Stripe and PayPal, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to guarantee an adequate level of data protection.

If you have questions about international data transfers, please contact us at [email protected].

5.3 How Long We Keep Your Data

  • Personal data is retained only for as long as necessary to fulfil the purposes described in this policy.
  • Booking records are kept for a minimum of 5 years to comply with legal and tax obligations.
  • You may request deletion of your data at any time, subject to any legal retention requirements that may apply.

6. Data Security

We apply technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include:

  • SSL/TLS encryption: All data transmitted through our website is encrypted in transit.
  • Cloudflare protection: We use Cloudflare’s security services, including DDoS mitigation, Web Application Firewall, and bot filtering.
  • Access controls: Only authorized personnel with a legitimate need can access sensitive data.
  • Data minimization: We collect and store only the personal data that is strictly necessary.

7. Your Rights Under GDPR

The General Data Protection Regulation grants you the following rights over your personal data:

  • Right of access: You may request confirmation of whether we process your data and obtain a copy of it.
  • Right to rectification: You may request correction of any inaccurate or incomplete data we hold about you.
  • Right to erasure: You may ask us to delete your personal data, subject to applicable legal retention obligations.
  • Right to restriction: You may request that we limit how we process your data in certain circumstances.
  • Right to object: You may object to processing carried out on the basis of legitimate interest.
  • Right to data portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, contact us at [email protected].

8. Changes to This Policy

By using our services, you consent to the collection and use of your personal data as described in this policy.

CanaryVIP reserves the right to update this Privacy Policy at any time. Any changes will be published on this page. We encourage you to review this policy periodically to stay informed.

This Privacy Policy does not cover the use of cookies or tracking technologies. Please refer to our Cookie Policy for details on those topics.

9. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, you can reach us at:

📧 Email: [email protected]
🌍 Website: www.canaryvip.com

CanaryVIP transforms your Canary Islands visit into an unforgettable adventure with exclusive excursions, immersive tours, and thrilling activities, all delivered with exceptional service, unbeatable prices, and a personalized touch.

Top Activities: