At Tourism 360 we are committed to protecting your privacy. This policy explains how we collect, use and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 on Data Protection and Digital Rights Guarantee (LOPDGDD).
1. Data Controller
Tourism 360, with registered address in Murcia, Spain, and contact email info@tourism360.es, is the data controller for personal data collected through the website tourism360.es.
2. Data We Collect
We collect the following personal data when you complete the contact or demo request form: full name, email address, name of entity or organisation, and message content. Additionally, our system may log technical browsing data (IP address, browser type, pages visited) for statistical and security purposes.
3. Purpose and Legal Basis
Your data is used exclusively for: (a) responding to your enquiry or demo request — legal basis: data subject's consent (Art. 6.1.a GDPR); (b) managing the pre-contractual or contractual relationship with your entity — legal basis: performance of a contract (Art. 6.1.b GDPR); (c) complying with applicable legal obligations — legal basis: legal obligation (Art. 6.1.c GDPR).
4. Retention Period
Data will be retained for as long as necessary to handle your request and, in the case of a contractual relationship, for the duration of the contract plus applicable legal limitation periods (generally 5 years). Contact data without a subsequent contractual relationship will be deleted 2 years after collection.
5. Recipients and Sub-processors
Tourism 360 uses the following sub-processors: (i) Supabase Inc., for secure data storage on servers located in the European Union (eu-west region); (ii) Google LLC (Gemini API), for the AI assistant service, covered by Standard Contractual Clauses approved by the European Commission. We do not share data with third parties for commercial purposes.
6. International Transfers
Form and lead data is stored exclusively on European servers (EU/EEA). Use of the Gemini API may involve processing data on Google servers outside the EU, covered by Standard Contractual Clauses (Implementing Decision EU 2021/914).
7. Data Subject Rights
You may exercise the following rights by emailing info@tourism360.es with your identification: Access (to know what data we process), Rectification (to correct inaccurate data), Erasure (to request deletion), Objection, Portability (to receive your data in electronic format) and Restriction of processing. You have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
8. Security Measures
We apply appropriate technical and organisational measures: TLS encryption in transit, encryption at rest, role-based access control and periodic audits. Our servers are hosted in ISO 27001-certified data centres within the European Union.
9. Changes to This Policy
We reserve the right to update this policy to adapt to legislative or service changes. The date of the last update always appears at the top of this document. For further enquiries, contact us at info@tourism360.es.
See also: