Slow Travel & Mindful Journeys is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Our Commitment: We process your personal data lawfully, fairly, and transparently. We collect only what we need, keep it secure, and respect your rights.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union. It gives individuals greater control over their personal data and imposes strict obligations on organizations that process such data.
2. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You can request a copy of the personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete data.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten").
Right to Restriction
You can request that we limit how we process your data.
Right to Portability
You can receive your data in a structured, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
You can withdraw consent for data processing at any time.
Right to Lodge a Complaint
You can file a complaint with your national data protection authority.
3. How We Comply with GDPR
3.1 Lawful Basis for Processing
We only process your personal data when we have a lawful basis:
- Consent: You have given clear consent for specific purposes
- Contract: Processing is necessary to fulfill our contract with you
- Legal Obligation: We must process your data to comply with the law
- Legitimate Interest: Processing serves our legitimate business interests while respecting your rights
3.2 Data Minimization
We collect only the minimum personal data necessary to provide our services and achieve specific purposes. We don't collect data "just in case" we might need it later.
3.3 Data Security
We implement appropriate technical and organizational security measures:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments and updates
- Employee training on data protection
- Incident response procedures
3.4 Data Retention
We retain personal data only as long as necessary for the purposes stated or as required by law:
- Active customer data: During relationship plus 3 years
- Financial records: 7 years (legal requirement)
- Marketing data: Until you unsubscribe or request deletion
- Anonymous analytics: 26 months
3.5 International Data Transfers
When we transfer data outside the EU/EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework participation (for US transfers)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
4. How to Exercise Your Rights
4.1 Making a Request
To exercise any of your GDPR rights, please contact us:
Data Protection Officer
Email: dpo@freshingredientrecipes.com
Address: Passeig de Gràcia 21, 08007 Barcelona, Spain
4.2 What We Need From You
To verify your identity and process your request, we may need:
- Full name and email address
- Booking reference number (if applicable)
- Description of your request
- Proof of identity (for data access requests)
4.3 Response Time
We will respond to your request within one month of receipt. If your request is complex, we may extend this period by two additional months and will inform you of the extension.
4.4 Free of Charge
We handle GDPR requests free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
5. Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Describe the nature of the breach and its likely consequences
- Outline measures taken to address the breach and mitigate harm
6. Children's Privacy
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children without verifiable parental consent, as required by GDPR Article 8.
7. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any personalization on our website is based on your explicit preferences and can be controlled by you.
8. Third-Party Processors
We work with carefully selected third-party processors who help us provide our services. All processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance.
Our main processors include:
- Payment processors (PCI-DSS compliant)
- Email service providers
- Cloud hosting services
- Analytics providers
- Customer relationship management platforms
9. Your Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.
Spanish Data Protection Authority (AEPD)
Agencia Española de Protección de Datos
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
You can also contact your local data protection authority in your EU/EEA country.
10. Updates to Our GDPR Compliance
We regularly review and update our GDPR compliance practices. Changes to this page will be posted with an updated "Last Updated" date. Significant changes will be communicated via email to registered users.
11. Contact Information
For any questions about GDPR compliance or data protection:
Data Protection Officer
Slow Travel & Mindful Journeys
Passeig de Gràcia 21
08007 Barcelona, Spain
Email: dpo@freshingredientrecipes.com
General Inquiries: privacy@freshingredientrecipes.com
12. Additional Resources
We are committed to maintaining the highest standards of data protection and continuously improving our GDPR compliance practices.