top of page

Secrets of Northern Spain Privacy Policy


Secrets of Northern Spain is a privately owned and operated business. We provide highly personalised local guided tours in Northern Spain for people who come to us, largely through word of mouth recommendation, who want to share our love of Spain and its unique experiences.

We are a people business and we care very much about our fellow travellers and their privacy.

This privacy notice explains:

  • what personal information we collect

  • how we use personal information

  • when we share personal information

  • how we store and process personal information

  • how we keep personal information secure

  • how long we keep personal information

  • your rights in relation to your personal information

  • how you can contact us

This notice applies to your dealing with us through our website and to any other communications with us via email, phone or in person. You should read the notice carefully and contact us if you have any questions or concerns about our privacy practices.

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram


Secrets of Northern Spain is a privately owned and operated company based in Melbourne, Australia. We offer small local guided tours to Northern Spain. We are always looking to make our travellers experiences

 authentic and unforgettable.


In order to be able to provide our services to you we need to collect a limited amount of personal information about you.

That information is your name, your email address, your phone number, your address, your location, your passport number & details, your date of birth, your emergency contacts, details about your dietary requirements, any known medical conditions, travel insurer & policy number. We collect and use sensitive information about your dietary requirements and known medical conditions solely to assess your ability to undertake the tour you wish to book and to help you manage dietary requirements and any medical conditions during the course of the tour.

We generally collect this information from you when you book a tour through our website but we may also collect it during our other oral and written communications with you about your booking or potential booking, including when you complete an expression of interest form on our website or contact us through our website.


We also collect Aggregated Information. Aggregated Information is anonymous data websites use to analyse trends, track user movements administer the website, diagnose problems on the site and networks and gather broad demographic information for aggregated use an to help improve the quality of web pages. It may be your IP address, mobile phone network provider or domain name. None of this information is "personal information" which identifies you or enables your to be identified.



We use your personal information principally to enable us to provide you with the services you have booked with us. We also use it to enable us to:

  • process your expression of interest in making a future booking

  • respond to you when you contact us through our website or other means

  • personalise the content of information we send out and the user experience

  • set up and administer your account

  • deliver marketing and events communication

  • carry out polls and surveys

  • undertake internal research and product development

  • comply with legal obligations(e.g. migration compliance, our duty of care in relation to travellers wellbeing, our obligations under our terms and conditions)

  • meet internal audit and compliance requirements

What legal basis do we have for processing your personal data?

Our legal basis for processing your personal information is the consent we obtain from you at the time you book your tour or when you complete an expression of interest form on our website or contact us through our website and the contract which exists between us for the supply of the services you book, as constituted by our terms and conditions, which you should read, and will need to agree to as part of the booking process.

When do we share personal data?

We will only share your personal information with third parties as necessary to provide the services you have booked and to conduct our business operations, as outlined above (see above: How do we use personal information?)

We will share your name, passport number and information about your dietary needs with accommodation providers. We will share information about your dietary needs and medical conditions with medical personnel and others as needed to attend to your medical needs.

If or when personally identifiable information is provided

to any of these third parties, we will require that such information be maintained by them in strictest confidence.

We will not sell or rent your personal information to anyone for any reason.

Where do we store and process personal data?

Your personal information will be stored on:

  • our information systems (manual and automated) in Australia

  • in hard copy records we compile so that it is at hand as needed on tour in Spain

How do we secure personal data?

Our information systems feature good industry practice standard data security products. Login access is password protected.

We take reasonable precautions to protect your security. We use encryption technology to protect information being sent over the Internet. Unfortunately, there is always a risk involved in sending information through any channel including the Internet and yo do so entirely at your own risk.

Authorised employees and contractors will have limited access to your personal information where it is necessary to enable them to perform relevant functions. Our web designer and their hosting service provider are obliged to respect the confidentiality of an personal information held for us, to take all reasonable steps to ensure its security and to use it solely as we direct.

How long we do keep your personal data?

We retain personal information for 7 years to make sure that we are in a position to deal with any claim which might be made in relation to a tour within normal limitation periods. After that we permanently delete the information from our information systems.


We comply with the EU General Data Protection Regulation (GDPR)under which you have the right to:

  • Access your personal information we hold,. We won't normally charge for such a  request, although we may impose a charge to cover our administrative expenses if additional requests are made for the same information.

  • Have your personal information corrected and require the deletion of your personal information.

  • Withdraw your consent for us to process your personal information.

  • Ask us for an electronic copy of your personal information and we will provide the data to you, or the person you've nominated, in a structured, commonly used and machine readable form.

  • Object to further processing of your personal information if grounds exist relating to your particular situation. You can make such an objection online or you can contact us as provided for below.

  • Lodge a complaint with relevant privacy regulatory agencies.

Before we can process your request you will need to provide us with a copy of any two of the following forms of identification:

  • drivers licence.

  • passport.

  • identity card issued by a government agency.

In some circumstances your rights as detailed in this section may be limited, e.g. fulfilling your request would expose personal information about another person, or if we're asked to delete data er are required to keep by law.

Additional information


We do not use your personal information for any form of automated decision-making or profiling.


In circumstance where there is an opportunity, if you leave a comment on our site you may opt-in to saving your nme, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will seta a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, and additional cookies will b saved in your browser. This cookie includes no personal data and simply indicates the post ID.


Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

The websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content if you have an account and are logged in to that website.


we reserve the right to update this policy from time to time to reflect  changes in law, technology, our operations and practices.


If you have any questions or concerns about our privacy practices, your personal information we hold, or if you wish to make a complaint you can contact us as follows:

bottom of page