LAUNCH PROMO: all routes in Lanzarote for €7

PRIVACY POLICY

pursuant to Regulation (EU) 2016/679 (GDPR)
Last update: 14 May 2025

 

1. Data Controller

World2Wander (hereinafter “W2W” or “we”), registered office at Calle Isla de Lobos 8 pt. 15 – 35508 Costa Teguise (Las Palmas), Spain.
Privacy officer: Serena Argentini (N.I.E. Y4528576‑M)
Contact: info@world2wander.com

This privacy notice describes how we process your personal data when you use our digital itinerary and audioguide e-commerce, subscribe to our newsletters, download free resources, or interact with our customer support and marketing channels.

2. Principles and Legal Bases for Processing

Data processing is carried out in accordance with the principles of Article 5 GDPR: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

We rely on the following legal bases:

  • Contract performance (Art. 6(1)(b)) for managing orders, payments, downloads, and support

  • Legal obligations (Art. 6(1)(c)) for tax, accounting, and anti-money laundering purposes

  • Consent (Art. 6(1)(a)) for sending newsletters, marketing campaigns, profiling, and remarketing

  • Legitimate interest (Art. 6(1)(f)) for aggregated statistics, fraud prevention, IT security, and user experience improvement

 

3. Purposes of Processing

  • Managing the sale of digital products, including ordering, invoicing, download link delivery, and customer support

  • Sending promotional communications, newsletters, post-purchase nurturing sequences, and abandoned cart messages (via MailerLite and WooCommerce Cart Abandonment Recovery)

  • Offering free lead magnets and related welcome sequences

  • Analysing traffic and performance via Google Analytics 4, Google Tag Manager, and LiteSpeed Cache (anonymisation applied where technically possible)

  • Behavioural advertising and remarketing via Meta Pixel (managed with PixelYourSite) and TikTok Ads, with audience creation for Facebook, Instagram, and TikTok campaigns

  • Website security and abuse prevention using Wordfence Security, WP Armour Honeypot Anti-Spam, and Query Monitor

  • Fulfilling legal obligations, including invoice and system log retention for fraud prevention and tax compliance

 

4. Categories of Personal Data Processed

  • Identification and contact data: name, surname, address, email, phone number

  • Billing data: VAT number or tax ID, business name, billing address

  • Transactional data: order ID, amount, tokenised payment method (we do not store full card numbers)

  • Browsing data: IP address, user-agent, cookie identifiers, events from Google Tag Manager, Meta Pixel, TikTok Pixel

  • Preference data: language, travel interests, purchase history, marketing segments via MailerLite

  • Communications: emails, chat messages, support notes created in WooCommerce

 

5. Processing Methods and Security

Processing is carried out using electronic systems protected by TLS, firewalls, and encrypted backups.
Data access is restricted to authorised personnel via two-factor authentication, following the principle of least privilege.
We conduct periodic vulnerability tests, secure server logging, and maintain a processing activity register.

 

6. Recipients and External Processors

Data may be processed by providers contractually bound as processors under Art. 28 GDPR or acting as autonomous controllers:

  • Hosting and infrastructure: Hostinger International Ltd. (EU)

  • Payments: Stripe Payments Europe Ltd., WooPayments, PayPal (Europe) S.à r.l.

  • E-commerce software: WooCommerce (self-hosted)

  • Email marketing: MailerLite UAB (LT)

  • Data analytics: Google Ireland Ltd. (GA4 and Tag Manager – EU/USA via SCC)

  • Advertising: Meta Platforms Ireland Ltd., TikTok UK Ltd. (SCC + data minimisation)

  • Plugins: PixelYourSite, LiteSpeed Cache

  • Security: Wordfence Security (Defiant Inc., USA – SCC)

  • Accounting

  •  

7. International Data Transfers

Data transfers to countries outside the EEA are carried out only if:

  • covered by an adequacy decision by the European Commission, or

  • subject to Standard Contractual Clauses (SCC) (Decision 2021/914), with additional safeguards to ensure protection

  •  

8. Data Retention Periods

  • Tax and accounting documents: 10 years

  • Orders and customer support records: 5 years from case closure

  • Marketing and newsletter data: until withdrawal of consent or 24 months of inactivity

  • Technical and security logs: 12 months

  • Emails and chat communications: 12 months after conversation closure

  •  

9. Data Subject Rights

You may exercise your rights of:

  • access (Art. 15)

  • rectification (Art. 16)

  • erasure (Art. 17)

  • restriction (Art. 18)

  • portability (Art. 20)

  • objection (Art. 21)

  • withdrawal of consent (Art. 7(3))

by writing to info@world2wander.com with subject “GDPR Rights Request”.
You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (www.aepd.es) or the competent supervisory authority in your country of residence.

 

10. Cookies and Tracking Technologies

This website uses:

  • essential technical cookies

  • anonymised analytics cookies (Google Analytics 4)

  • marketing cookies (Meta Pixel, TikTok Pixel) installed via Google Tag Manager

Upon first access, a cookie banner allows you to accept or refuse non-essential categories and update your preferences at any time.
Please refer to our Cookie Policy for further details.

 

11. Children under 16

Our services are not intended for users under the age of 16. If such data is accidentally collected, we will delete it without undue delay.

 

12. Changes to this Policy

Any updates will be published on this page, with the revision date.
Current version: 14 May 2025

 

 

© 2025 World2Wander – All rights reserved.