Effective Date: 1/10/2025
Last Updated: 27/9/2025

1. Introduction

Dvine Routes (hereinafter, “the Company”, “we”, “our”, or “us”) places the utmost importance on the protection of your personal data and your fundamental rights and freedoms, particularly with regard to your privacy. This Privacy Policy outlines the principles and procedures by which we collect, process, store, and protect the personal data of users (hereinafter, “you”, “your”, or “the data subject”) who access our website, www.dvineroutes.com, and/or contract our tourism-related services.

This policy is issued in strict accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, or GDPR), as well as Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

2. Data Controller Identification

In compliance with Article 13 of the GDPR, the Data Controller is identified as follows:

Corporate Name: DVINE ROUTES S.COOP.AND
Registered Address: Málaga, Spain
CIF/NIF: F22716476
Contact Email: info@dvineroutes.com
Telephone: +34 631 64 24 95

3. Categories of Personal Data Processed

The personal data that may be collected through our website or other communication channels includes, but is not limited to:

  • Identification Data: Full name, nationality, and identification/passport number (when required for travel documentation).
  • Contact Data: Email address, telephone number, and postal address.
  • Booking and Travel Information: Travel preferences, destination details, travel companions, dietary or accessibility needs, special requests.
  • Financial Data: Payment details (processed securely through third-party platforms).
  • Usage Data: Information concerning your interaction with our website, including IP address, browser type, and access logs.
  • Marketing Preferences: Data related to your choices concerning promotional communications.

We do not collect sensitive data unless it is strictly necessary to provide a requested service (e.g., dietary restrictions or mobility information required for logistics arrangements), in which case we request your explicit consent in accordance with Article 9 of the GDPR.

4. Purposes and Legal Bases for Data Processing

Your personal data are processed for the following purposes, under the corresponding legal bases:

PurposeLegal Basis
Execution of tour bookings and travel-related servicesArticle 6(1)(b) GDPR – Performance of a contract
Customer service and user supportArticle 6(1)(b) GDPR – Performance of a contract
Compliance with legal obligations (e.g. invoicing, taxes)Article 6(1)(c) GDPR – Legal obligation
Sending commercial or promotional communicationsArticle 6(1)(a) GDPR – Consent
Analytical and statistical purposesArticle 6(1)(f) GDPR – Legitimate interest
Fraud prevention and security monitoringArticle 6(1)(f) GDPR – Legitimate interest

5. Disclosure of Data to Third Parties

Your personal data may be communicated to third parties strictly and exclusively for the fulfilment of the aforementioned purposes:

a. Service Providers and Operational Partners

We may share your data with hotels, airlines, local tour operators, transportation services, and similar collaborators to execute travel services contracted by you.

b. Technology and Infrastructure Providers

We engage the services of IT hosting companies, CRM platforms, and email marketing tools, which process data on our behalf under strict confidentiality and data protection clauses.

c. Marketing and Analytics Providers

With your consent, we may use third-party services such as Google Analytics, Meta (Facebook) Pixel, and newsletter platforms (e.g., Mailchimp) to personalize and optimize our promotional strategies.

d. Public Authorities

In accordance with applicable legal obligations, your data may be disclosed to administrative, tax, customs, or judicial authorities.

In all cases, we ensure that data is only shared with recipients offering adequate levels of protection in compliance with GDPR Articles 44–49.

6. International Data Transfers

Should your data be transferred to entities located outside the European Economic Area (EEA), such transfers will be subject to:

  • An adequacy decision by the European Commission, or
  • Standard Contractual Clauses (SCCs) approved by the Commission; or
  • Any other safeguard mechanism recognized by the GDPR.

7. Data Retention Period

We retain personal data only for the period strictly necessary to fulfil the intended purpose:

  • Booking and contractual data: 6 years (for accounting, tax, and legal obligations)
  • Marketing data: Until consent is withdrawn or the data subject objects
  • Website analytics data: Retained in anonymized or pseudonymized form for 26 months, unless otherwise specified

Upon the expiration of these periods, the data will be securely deleted or anonymized.

8. Data Subject Rights

Pursuant to Chapter III of the GDPR, you are entitled to exercise the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of the above rights, please submit a written request to info@dvineroutes.com, including a copy of your national ID or equivalent identification document.

You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) via www.aepd.es.

9. Cookie Policy

We inform you that our website uses cookies and similar tracking technologies.

a. Definition and Purpose

Cookies are small data files stored on your device when visiting a website. They allow the site to recognize your browser and enhance the user experience, perform analytics, and deliver personalized content or advertisements.

b. Types of Cookies Used

Type of CookiePurpose
Strictly NecessaryEnable basic website functionality and secure user sessions.
AnalyticalCollect statistical data to analyze site performance.
FunctionalRemember user preferences, such as language or region.
MarketingTrack browsing behaviour for advertising and remarketing purposes.

c. Consent and Cookie Settings

Upon first visiting our website, you will be presented with a cookie banner requesting your consent for non-essential cookies. You may accept, reject, or customize your cookie preferences at any time by visiting the [Cookie Settings] section.

Additionally, you may configure your browser to refuse or delete cookies; however, doing so may impair certain functionalities of the website.

For more detailed information, we invite you to review our Comprehensive Cookie Policy.

10. Third-Party Websites and Affiliates

Our website may contain links to third-party websites or services, including but not limited to affiliated travel partners, insurance providers, or accommodation platforms.

Please note that these third parties operate independently from us and maintain their own privacy policies. We accept no responsibility or liability for the processing of personal data carried out by such entities. We strongly encourage users to review the privacy policies of any third-party sites they access via our platform.

11. Data Security Measures

We adopt appropriate technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data, including:

  • Secure Socket Layer (SSL) encryption
  • Role-based access controls
  • Regular vulnerability assessments
  • Employee confidentiality agreements and data protection training

In the event of a personal data breach, we will notify affected data subjects and the competent supervisory authority, where required, in accordance with Articles 33 and 34 of the GDPR.

12. Modifications to This Privacy Policy

This Privacy Policy may be updated or amended periodically to reflect changes in applicable legislation, technological developments, or our data processing activities. Any modifications will be duly published on this website, with an updated effective date. We recommend reviewing this Policy on a regular basis.

13. Contact Information

For any inquiries, requests, or concerns regarding this Privacy Policy or the processing of your personal data, you may contact us at:

Dvine Routes
Málaga, Spain
Email: info@dvineroutes.com
Telephone: +34 631 64 24 95