Legal
Privacy Policy
Last updated: 21 May 2026
Canary.Hikes sells digital travel and hiking guides online. This Privacy Policy explains how we collect and use personal data when you visit our website, contact us, subscribe to updates or buy a digital guide.
1. Who is responsible for your data
The data controller is Canary.Hikes, an online business operated from Spain / the European Union.
For privacy questions or to exercise your rights, contact us through Instagram @Canary.Hikes. A dedicated privacy email and full billing identity should be added here before checkout/payment collection goes live.
2. Personal data we may collect
Depending on how you use the website, we may collect:
- identity details, such as first name and last name;
- contact details, such as email address and social media username if you contact us there;
- billing details, such as billing address, country, tax/VAT information and invoice data;
- order details, such as the guide purchased, purchase date, delivery status and customer support messages;
- payment-related data processed by a payment provider. We do not intend to store full card numbers on this website;
- technical data, such as IP address, device/browser information, approximate location, pages visited and cookie preferences;
- marketing preferences, if you ask to receive updates or opt in to communications.
3. Why we use personal data
We use personal data for the following purposes:
- to answer questions and communicate with you;
- to process orders, deliver digital guides and provide customer support;
- to prepare invoices, accounting records and tax documentation;
- to comply with legal obligations in Spain and the EU;
- to protect the website, prevent fraud and keep basic records of transactions;
- to understand website performance through analytics, only where consent is required and given;
- to send marketing updates only when you have opted in or where the law allows it.
4. Legal bases under GDPR
We rely on the following legal bases: performance of a contract for orders and guide delivery; legal obligation for tax, accounting and invoicing records; legitimate interests for security, service improvement and basic business administration; consent for analytics cookies and optional marketing where required.
5. Service providers and international transfers
We may use third-party providers for hosting, analytics, payment processing, email, file delivery, customer communication and accounting. These providers process data only as needed to provide their services.
Some providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.
6. How long we keep data
We keep personal data only as long as needed for the purpose collected. Order, invoice and tax records may be kept for the period required by Spanish accounting and tax law. Support messages are kept while needed to resolve the request and maintain business records. Analytics data is kept according to the analytics provider settings and cookie choices.
7. Your rights
Under GDPR, you may have the right to access, correct, delete, restrict or object to processing of your personal data. You may also request data portability and withdraw consent at any time where processing is based on consent.
You also have the right to lodge a complaint with a data protection authority. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD).
8. Cookies
We use essential local storage to remember your language and cookie choices. We use analytics cookies only if you accept them. See the Cookie Policy for details and to change your choices.
9. Changes to this policy
We may update this Privacy Policy when our website, checkout process, providers or legal obligations change. The latest version will always be published on this page.