Privacy Policy

1. INTRODUCTION
Tenerife Travel Advisor and FINESTPASS™ (hereinafter collectively referred to as “FINESTPASS™”) are committed to protecting personal data and to full compliance with the General Data Protection Regulation of the European Union (GDPR – Regulation (EU) 2016/679), Spanish data protection legislation, and all other applicable laws.

The purpose of this Privacy Policy is to provide information about what data we collect, for what purposes we process it, how long we retain it, who may access it, and what rights Users are entitled to.

By using the website, registering, making a booking, or making a purchase, the User acknowledges the contents of this Privacy Policy.

2. DATA CONTROLLER DETAILS

Data Controller
Business name: Bulcsu Attila Bogar
Legal form: Self-employed professional (Autónomo)
Registered address: Spain (Santa Cruz de Tenerife), 38670 Adeje, Av. Viera y Clavijo 1.
VAT number (NIF): Y9958753C
Community VAT number (EORI): ESY9958753C
Tourism identification code (C.I. Turística): I-XXXXXXX.X

Contact person: Bulcsu Attila Bogar

Website: www.tenerifetraveladvisor.com
E-mail: tickets.tenerifetraveladvisor@gmail.com
Phone: +34 683 443 561 WhatsApp (text messages only)

3. DATA PROCESSORS
FINESTPASS™ engages data processors for the provision of certain services.

Website developer and technical operator
Business name: Igor Corner Internet Kft.
Office address: Hungary, 9730 Koszeg, Rajnis utca 7.
Postal address: Hungary, 9730 Koszeg, Tancsics Mihaly utca 13.
Company registration number: 18-09-113299
VAT number: 14817964-2-18
Community VAT number: HU14817964

Website: www.igorcorner.hu
E-mail: info@igorcorner.hu
Phone: +36 94 950 762

The data processor shall act solely on the instructions of the Data Controller.

Payment Service Providers
FINESTPASS™ does not store complete payment card details.

Online payments may be processed by the following providers:

Stripe Payments Europe Ltd.
Banco Santander S.A.

The processing of payment data is governed by the respective privacy policies of these providers.

Newsletter Service / Mailchimp
The newsletter service provider acts as a data processor.

The User’s email address and related marketing preferences may be stored within the Mailchimp system.

Analytics and Marketing Services

The website may use the following systems:
• Google Analytics
• Google Ads
• Meta Pixel
• Hotjar

These providers maintain their own privacy and cookie policies.

4. CATEGORIES OF PERSONAL DATA PROCESSED
FINESTPASS™ processes only the data necessary for the provision of its services.

The data processed may include, in particular:
• full name as shown on official identification documents
• date of birth
• identity card or passport number
• contact details
• email address
• telephone number
• billing name and address
• booked activities
• booking details
• dates and times
• number of participants
• language preferences
• meeting points
• accommodation details
• special requests
• payment-related information
• transaction identifiers
• payment status

FINESTPASS™ does not store:
• the full payment card number
• the CVV/CVC security code
• the payment card PIN code

5. SPECIAL CATEGORIES OF PERSONAL DATA
For certain activities, FINESTPASS™ may process health-related personal data.

Such data may include:
• body weight
• food allergies / food intolerances
• special dietary requirements
• health-related restrictions

Such data shall only be processed where necessary for the safe or proper provision of the relevant activity.

The processing of special category data shall always be based on the User’s explicit consent.

Such data shall only be shared with those service provider partners who strictly require it for the provision of the relevant service.

6. PURPOSES OF DATA PROCESSING

We process personal data for the following purposes:
• creating user accounts
• managing bookings
• sending tickets and confirmations
• customer service communication
• providing digital travel guides
• processing payments
• fraud prevention
• prevention of misuse
• invoicing
• fulfilling accounting obligations
• complying with legal obligations
• sending newsletters
• marketing communications
• statistical analysis
• improving the website and enhancing its security

7. LEGAL BASES FOR DATA PROCESSING

Personal data may be processed on the following GDPR legal bases:
• Performance of a contract
• Data processing necessary for the fulfilment of bookings, purchases, and registrations.
• Legal obligation
• Compliance with invoicing, accounting, taxation, and other legal obligations.
• Legitimate interest
• Fraud prevention, service security, customer relationship management, and operation of the system.
• Consent

In particular:
• sending newsletters
• marketing communications
• processing special categories of personal data
• use of optional cookies

Consent may be withdrawn at any time.

8. NEWSLETTERS AND MARKETING COMMUNICATIONS
FINESTPASS™ may provide Users with the opportunity to subscribe to newsletters.

The purpose of newsletters may include:
• presenting new activities;
• communicating special offers;
• informing users about seasonal events;
• sharing travel-related information;
• providing information about FINESTPASS™ services.

Newsletters are sent solely on the basis of the User’s prior consent.

Consent may be withdrawn at any time:
• by using the unsubscribe link included in newsletters;
• by email;
• by written request.

Unsubscribing is free of charge and will take effect no later than within 48 hours.

9. COOKIES AND SIMILAR TECHNOLOGIES
The website uses cookies and other technologies to ensure proper operation, improve the user experience, and perform statistical analyses.

A cookie is a small data file stored on the User’s device.

Cookies may be used, among other things, to:
• remember preferences and settings;
• maintain logged-in sessions;
• improve website performance;
• measure website traffic;
• optimize marketing activities.

The User may modify cookie settings at any time through their browser settings or via the website’s cookie management interface.

Disabling certain cookies may result in some website functions not operating correctly.

10. GOOGLE ANALYTICS
The website may use the Google Analytics service.

The purposes of Google Analytics include:
• analysing visitor traffic data;
• understanding how the website is used;
• improving services.

Google Analytics may process, among other things, the following data:
• IP address (in a partially anonymised form);
• device type;
• browser type;
• time of visit;
• pages viewed;
• user activity.

The processing of such data is also subject to Google's own Privacy Policy.

11. GOOGLE ADS
FINESTPASS™ may use the Google Ads service.

The system may be used to measure:
• the effectiveness of advertising campaigns;
• the number of conversions;
• advertising performance.

Google Ads may use cookies and other tracking technologies.

Users may limit or disable personalised advertising through Google's advertising settings.

12. META PIXEL
The website may use Meta Pixel technology.

The purpose of Meta Pixel includes:
• measuring Facebook and Instagram campaigns;
• creating remarketing audiences;
• optimising advertisements.

Through Meta Pixel, Meta Platforms Ireland Limited may process data in accordance with its own Privacy Policy.

FINESTPASS™ does not have access to Users’ Meta accounts.

13. HOTJAR
The website may use the Hotjar analytics platform.

The purposes of Hotjar include:
• understanding user behaviour;
• improving website usability;
• identifying technical issues.

Hotjar may collect, among other things:
• clicks;
• scrolling patterns;
• session recordings;
• device information;
• general usage statistics.

Hotjar is not intended to monitor payment card details or passwords.

14. DIGITAL TRAVEL GUIDES AND WATERMARKING
FINESTPASS™ may sell its own digital travel guides and other digital content.

To prevent the unauthorised distribution of digital products, the system may apply a unique watermark to documents.

The watermark may include, in particular:
• the purchaser’s name;
• email address;
• telephone number;
• date and time of purchase;
• a unique identification number.

The purpose of the watermark is:
• protection of copyright;
• prevention of unauthorised resale;
• prevention of misuse.

By purchasing a digital product, the User acknowledges and accepts the use of a personalised watermark.

15. DATA SHARING WITH LOCAL SERVICE PROVIDERS
For the purpose of fulfilling bookings, FINESTPASS™ is entitled to transfer the necessary data to the actual provider of the relevant activity.

Depending on the nature of the activity, the transferred data may include, in particular:
• name;
• telephone number;
• email address;
• number of participants;
• language preference;
• accommodation details;
• special requirements;
• health-related information (only where necessary);
• identification data (only where necessary).

Service providers are authorised to process such data solely to the extent necessary for the provision of the relevant service.

16. INTERNATIONAL DATA TRANSFERS
Certain data processors may operate outside the European Economic Area.

This may include, in particular:
• Mailchimp
• Google
• Meta
• Stripe

Such data transfers shall always be carried out subject to appropriate safeguards approved by the European Commission.

FINESTPASS™ engages only those service providers that provide adequate data protection guarantees.

17. DATA RETENTION PERIODS
Personal data is retained only for as long as necessary.

General retention periods:
• Registration data
• Until the user account is deleted or a deletion request is fulfilled.
• Booking data
• For the period required by applicable laws following completion of the booking.
• Billing data
• Until the expiry of the retention period required by Spanish tax and accounting legislation.
• Newsletter data
• Until consent is withdrawn.
• Customer service communications
• For the period necessary for administration and legal purposes.
• Health-related data

Only for as long as necessary for the provision of the relevant activity, after which such data will be deleted.

FINESTPASS™ regularly reviews stored data and deletes or anonymises data that is no longer required.

18. RIGHTS OF DATA SUBJECTS
Under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Users are entitled to the following rights.

Requests may be submitted to the following email address:
tickets.tenerifetraveladvisor@gmail.com

The Data Controller shall respond to the request without undue delay and no later than within 30 days.

18.1 Right of Access

The User has the right to request information regarding:
• what personal data we process;
• the purposes for which the data is processed;
• how long the data is retained;
• who may access the data;
• whether any data transfers have taken place.

The User may also request a copy of the personal data relating to them.

18.2 Right to Rectification

The User may request:
• the correction of inaccurate personal data;
• the completion of incomplete personal data.

The Data Controller strives to ensure that all processed data remains accurate and up to date.

18.3 Right to Erasure

The User may request the deletion of their personal data if:
• the data is no longer necessary;
• consent is withdrawn;
• the User objects to the processing;
• the processing is unlawful;
• deletion is required by law.

The right to erasure shall not apply where the Data Controller is legally required to retain the data.

18.4 Right to Restriction of Processing

The User may request the restriction of data processing, particularly where:
• the accuracy of the data is contested;
• the processing is unlawful;
• the data is required for the establishment, exercise, or defence of legal claims.

18.5 Right to Data Portability

The User has the right to:
• receive the personal data concerning them in a structured format;
• transmit such data to another data controller.

Where technically feasible, the transfer of data may be carried out directly between controllers.

18.6 Right to Object

The User has the right to object to the processing of their personal data where the legal basis for processing is the legitimate interest of the Data Controller.

In the case of processing for direct marketing purposes, the right to object may be exercised without restriction.

18.7 Withdrawal of Consent

Where processing is based on consent, the User may withdraw their consent at any time.

The withdrawal of consent shall not affect the lawfulness of processing carried out prior to the withdrawal.

19. DATA SECURITY

FINESTPASS™ implements appropriate technical and organisational measures to protect personal data.

In particular:
• use of SSL encryption;
• secure server environment;
• regular security updates;
• restriction of access rights;
• strong password management policies;
• use of two-factor authentication where possible;
• creation of backup copies;
• protection against unauthorised access.

The Data Controller takes all reasonable measures to protect personal data; however, the complete security of data transmission over the internet cannot be guaranteed.

20. DATA BREACHES

A data breach is any event that may result in:
• unauthorized access to personal data;
• loss of personal data;
• destruction of personal data;
• alteration of personal data;
• disclosure of personal data.

In the event of a data breach, the Data Controller shall act in accordance with the requirements of the GDPR.

Where necessary, the Data Controller shall:
• notify the competent supervisory authority;
• inform the affected individuals;
• take the necessary measures to mitigate any adverse effects.

21. RIGHT TO LODGE A COMPLAINT

If the User believes that the processing of their personal data violates applicable laws, they have the right to lodge a complaint.

As a first step, Users are encouraged to contact the Data Controller directly:

E-mail: tickets.tenerifetraveladvisor@gmail.com

The User also has the right to lodge a complaint with the competent data protection supervisory authority.

Competent authority in Spain:
Spanish Data Protection Agency (AEPD)

Website: www.aepd.es

22. EXTERNAL WEBSITES
The website may contain links to websites operated by third parties.

FINESTPASS™ accepts no responsibility for:
• the content of such external websites;
• their operation;
• their data processing practices;
• their privacy policies.

Users are responsible for reviewing the privacy documentation of the respective websites.

23. PROCESSING OF MINORS' PERSONAL DATA
FINESTPASS™ services are generally intended for persons who have reached the age of 18.

Where a booking involves the participation of a minor, the required personal data may only be provided by a parent or legal guardian.

The personal data of minors shall be processed only to the extent necessary for the provision of the relevant service.

24. AMENDMENTS TO THE PRIVACY POLICY
FINESTPASS™ reserves the right to amend this Privacy Policy.

The amended version shall enter into force on the date of its publication on the website.

Users may be appropriately informed of any material changes.

25. FINAL PROVISIONS

This Privacy Policy shall enter into force on the date of its publication.

By using the website, registering, making a booking, or making a purchase, the User declares that they have read and acknowledged the contents of this Privacy Policy.

For matters not regulated by this document, the following legislation shall apply in particular:
The Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
Spanish legislation relating to the right to informational self-determination and data protection
Applicable legislation governing electronic commerce


© Tenerife Travel Advisor / FINESTPASS™
All rights reserved.

© 2026 Tenerife Travel Advisor. All rights reserved.
Website development: Igor Corner Internet
Booking system powered by: Hotelizátor