Privacy Policy

At SoulTripAdventure we are committed to protecting your privacy and ensuring lawful, fair and transparent processing of personal data. This policy explains how we collect, use and protect your information, in accordance with the GDPR (EU) 2016/679, Spanish LOPDGDD, LSSI and, where applicable, Taiwan's PDPA.

1. Data Controller

  • Owner: Pei Shan Huang
  • Trade name: SoulTripAdventure
  • Tax ID: Y8317182M
  • Address: Travesía Castriños N17, A Illa de Arousa, Spain
  • Email: info@soultripadventure.com
  • Phone: +34 684 323 103

2. Data We Collect

  • Identity & contact: name, email, phone.
  • Service/transaction data: data required to handle quotes, bookings or requests.
  • Usage & browsing: IP address, device identifiers, logs, cookies (see Cookie Policy).
  • User-generated content: comments, forms and uploaded files (e.g., images).
  • Preferences: language, declared interests.

3. Purposes & Legal Bases

  • Respond to inquiries (contact forms/emails). Legal basis: consent (Art. 6(1)(a) GDPR) or pre-contractual steps (6(1)(b)).
  • Provide services (quotes, registrations, bookings, invoicing). Basis: contract performance/pre-contractual steps (6(1)(b)), legal obligation (6(1)(c)).
  • Informational/marketing communications (if authorized). Basis: consent (6(1)(a)) — revocable at any time.
  • Security & anti-fraud/spam. Basis: legitimate interest (6(1)(f)).
  • Analytics & site improvement. Basis: legitimate interest for exempt cookies or consent for non-essential cookies.

4. Sources

Data is obtained from you (forms, comments, communications) and your use of the site (cookies/analytics). Where appropriate, from minimal public sources for verification/anti-fraud purposes.

5. Retention

  • Inquiries: up to 12 months after last interaction or while the relationship persists.
  • Contract/invoicing records: retained for legal periods (e.g., tax/commercial law in Spain).
  • Marketing: until consent is withdrawn.
  • Technical/security logs: proportionate periods (typically ≤ 12 months).
  • Comments: retained indefinitely to recognize and auto-approve follow-up comments.

6. Recipients & Processors

No personal data is shared with third parties except under legal obligation or to provide services. We use processors (hosting, CDN, email, analytics, anti-spam, page builder) under appropriate contracts. Usual categories include:

  • Hosting & cache/CDN providers.
  • Analytics (e.g., Google Analytics, subject to cookie consent).
  • Email/SMTP and form services.
  • Security & anti-spam services.
  • Embedded services (Google Maps, Google Fonts, social networks).

7. International Transfers

Where services involve transfers outside the EEA, we apply GDPR safeguards (e.g., SCCs, risk assessments as needed). For users in Taiwan, we observe PDPA notice and rights requirements.

8. Your Rights

You may exercise rights of access, rectification, erasure, restriction, objection and portability, and withdraw consent at any time by contacting info@soultripadventure.com. You can also lodge a complaint with the Spanish Data Protection Authority (AEPD).

9. Security

We implement appropriate technical and organizational measures to ensure data security and prevent unauthorized access, loss or alteration.

10. Cookies

We use first- and third-party cookies. Manage consent via the banner (Complianz) and see details in our Cookie Policy.

11. WordPress Specifics

Comments

When visitors leave comments, we collect data shown in the comments form, the IP address and browser user agent to help spam detection. An anonymized string (hash) from your email may be provided to Gravatar to check use of the service. After approval, your profile image is publicly visible in the context of your comment.

Media

If you upload images, avoid uploading images with embedded EXIF GPS data; visitors can download and extract location data.

Session & access cookies

  • Visiting the login page sets a temporary cookie to check cookie acceptance (deleted when you close the browser).
  • Upon login, cookies store your session and screen preferences; login cookies last 2 days (or 2 weeks if “remember me” is selected); they are removed on logout.
  • When editing/publishing, an additional cookie (no personal data) may be stored, expiring after one day.

Embedded content

Articles may include embedded content (videos, maps, posts, etc.) from other websites that may collect data, use cookies and embed third-party tracking.

Spam detection

Visitor comments may be checked through an automated spam detection service.

12. Changes

We may update this policy to reflect legal or service changes. The current version will always be available on this page.