Privacy Policy
Last updated: July 2026
TourCierge s. r. o. ("we", "us") operates vivaespanatickets.com to sell timed entry tickets for Sagrada Família, Alhambra, Guggenheim Bilbao, and Royal Palace Madrid. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.
1. Data controller
The data controller is TourCierge s. r. o., IČO 57383898, DIČ 2122693199, Karpatské námestie 10A, 831 06 Bratislava - mestská časť Rača, Slovakia. For privacy enquiries, contact us at privacy@vivaespanatickets.com.
2. What we collect
- Identity and contact details: name, email address, phone number
- Booking details: ticket type, visit date and time, number of guests
- Payment data: processed securely by Stripe — we do not store full card numbers
- Technical data: IP address, browser type, device information (via cookies, with consent)
3. How we use your data
- To process and confirm your ticket booking
- To send your mobile ticket and booking confirmation by email
- To respond to customer support requests
- To prevent fraud and comply with legal obligations
- With your consent: analytics and advertising measurement (Google Ads)
4. Legal basis (GDPR)
- Contract performance — fulfilling your ticket purchase
- Legitimate interests — fraud prevention, service improvement
- Consent — analytics and marketing cookies
- Legal obligation — tax and accounting records
5. Third-party processors
- Stripe — payment processing (Stripe Privacy Policy)
- Supabase — secure database hosting for bookings
- Google — conversion tracking (only with cookie consent)
6. Retention
We retain booking records for as long as necessary to fulfil the contract and meet legal requirements (typically 7 years for financial records). Marketing data is kept until you withdraw consent.
7. Your rights
If you are in the EEA or UK, you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. Contact us to exercise these rights. You may also lodge a complaint with your local data protection authority.
8. International transfers
Some processors (e.g. Stripe, Supabase) may process data outside the EEA under appropriate safeguards such as Standard Contractual Clauses.
9. Changes
We may update this policy from time to time. Material changes will be posted on this page with an updated date.