— Legal information

Privacy policy

Last updated:

1. Data controller

In compliance with the EU General Data Protection Regulation 2016/679 (GDPR) and the Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we inform you that the data controller of your personal data is:

  • Owner: David Javier Pintado Laruelo (individual self-employed)
  • NIF (Spanish Tax ID): 09394016B
  • Trading name: Aventuraenelsella.es
  • Registered address: Bermudo I el Diácono 3 Bajo, 33012 Oviedo, Asturias
  • Activity address: Calle Juan Carlos I, 18, Bajo II (access via Aipol), 33540 Arriondas, Asturias
  • Phone: +34 681 09 36 73
  • Contact email: info@aventuraenelsella.es

2. What data we collect

The personal data we process comes directly from you when you:

  • Make a booking online, by phone or WhatsApp.
  • Fill in the contact form on the website.
  • Write to us by email or messaging (WhatsApp, social networks).
  • Browse our website (technical and browsing data via cookies).

The data we may process includes, depending on the case:

  • First and last name.
  • Email address.
  • Contact phone number.
  • Booking details (date, route, number of people, ages of minors where applicable).
  • Payment information (always processed through certified external payment gateways — we do not store card data).
  • Browsing data: IP address, device type, browser, pages visited (via technical and analytics cookies).

3. Purposes of processing

We use your personal data exclusively to:

  • Manage your booking of the Sella descent and provide the contracted service.
  • Respond to your enquiries and communicate with you before, during and after the activity.
  • Issue the corresponding invoice and meet our accounting and tax obligations.
  • Send commercial communications related to our services, only if you have given express consent.
  • Improve the website through aggregated statistical analysis of browsing (if you accept analytics cookies).

5. Retention periods

  • Booking and invoicing data: for the duration of the commercial relationship and the legally required periods (up to 6 years under the Spanish Commercial Code and tax regulations).
  • Enquiry data (form, email, WhatsApp): for the time needed to handle your enquiry, and a maximum of 1 year afterwards if no booking is made.
  • Commercial communications data: until you withdraw your consent.
  • Browsing data: according to the periods set out in the Cookie Policy.

After these periods, the data is blocked and kept only for the time strictly necessary to address possible legal liabilities, then securely deleted.

6. Recipients

We do not transfer or sell your personal data to third parties. Only service providers necessary to deliver the activity may access it, all of whom we have a data processor agreement with in accordance with the GDPR:

  • Payment gateway (to process card payments).
  • Hosting and email provider.
  • Messaging platforms (WhatsApp Business) and web analytics (if you accept analytics cookies).
  • Accounting and tax advisory firm to meet fiscal and labour obligations.
  • Insurance company (minimum data necessary for activity coverage).
  • Competent authorities, where there is a legal obligation.

7. International transfers

Some providers (for example Google Analytics, Meta or email services) may process data outside the European Economic Area. In such cases, these international transfers take place with the appropriate safeguards provided for in the GDPR: Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Your rights

As the data subject, you have the right to:

  • Access: know which of your data we process.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request the deletion of your data when it is no longer necessary or you have withdrawn consent.
  • Objection: object to processing on grounds related to your particular situation.
  • Restriction: request that processing be restricted while a rectification or objection request is resolved.
  • Portability: receive your data in a structured, commonly used and machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to info@aventuraenelsella.es stating the right you wish to exercise and attaching, where necessary, a copy of an identification document. We will reply within a maximum of one month.

If you believe that the processing of your data does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan 6, 28001 Madrid, or through its electronic office: www.aepd.es.

9. Security measures

We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the processing, including: encrypted communications (HTTPS), strong passwords, regular software updates, backups and access restricted to authorized personnel only.

10. Minors

For bookings that include minors, their data is processed at the request of those holding parental authority or guardianship, and is used exclusively to properly deliver the activity (life jacket size, equipment, insurance). We do not carry out any commercial processing with minors' data.

11. Changes to this policy

We may update this Privacy Policy to adapt it to legislative, case-law or technical changes. The version in force will always be the one published on this website, with the last update date shown at the top of the document.

For any question about the processing of your data, you can write to us at info@aventuraenelsella.es or call +34 681 09 36 73.