autóctonus autóctonus

Where

When

Who

Interests

Ideal for...

Duration

Price range

From

Until

Available languages

Upload your plan
+

Buscar planes

Where

When

Who

Interests

Ideal for...

Duration

Price range

From

Until

Available languages

Privacy policy

Update date: February 2026

At autóctonus we take your privacy and the protection of your personal data very seriously. We want you to know, clearly and transparently, what information we collect, how we use it, who we share it with and what your rights are.

This Privacy Policy is designed so that you can easily understand how we manage your data when you use our platform to discover authentic plans, connect with local hosts and enjoy unique plans.

We encourage you to read it carefully. If you have any questions or need more information, our team will be happy to help you. Also, do not forget to consult our Terms and conditions of use, where other aspects that may be important for you to know are detailed.

Thank you for trusting autóctonus.

1. Who is responsible for your data?

Cuando hablamos de “autóctonus”, “nosotros” o “nuestro”, nos referimos a la entidad responsable de tratar tus datos personales según esta Política de Privacidad. Puedes consultar los detalles específicos en el Anexo 1.

If you use payment, insurance or other third-party services through our platform, your data may be managed by the entities indicated for these purposes, always under the same protection principles.

2. What data do we collect?

2.1. Essential data to use our Platform:

  • Contact, account and profile information: name, surnames, email, postal address, phone, date of birth or profile photo.
  • Identity documents: when necessary, data from your national ID, passport or other official documents and associated data.
  • Payment details: bank card, account, IBAN, billing address or transaction information. These data will be exclusively accessible to and processed only by the collaborating payment entity, STRIPE, for the sole purpose of processing payments generated by the Platform. STRIPE has the strictest security measures.
  • Insurance information: if you take out an insurance policy through our platform, the additional data you must provide to manage it will be accessible exclusively and processed solely by the collaborating insurance entity, EUROP ASSISTANCE, for the exclusive purposes of the insured activity. EUROP ASSISTANCE has the strictest security measures. We will only retain a record of the coverage provided by EUROP ASSISTANCE or the entity you choose.

2.2. Data you voluntarily provide us:

  • Additional profile information: preferred language, gender, city or personal description.
  • Data of companions or other people: for example, if you book for third parties or provide their contact details (you must ensure you have their consent).
  • Content generated by you: photos, reviews, videos or other materials you upload to the platform.
  • Communications: messages, calls, emails or chats managed through autóctonus.
  • Data for surveys, promotions or forums.

2.3. Data we collect automatically:

  • Location information (if you authorise it).
  • Platform usage data: searches, bookings, interactions, pages visited, etc.
  • Device data: IP address, browser type, operating system.
  • Cookies and similar technologies, in accordance with our Cookie Policy.

2.4. Information from other sources:

  • External services: for example, if you link autóctonus with social media or third-party platforms.
  • Background check providers, financial institutions or corporate collaborators.
  • Data from invitations or complaints from other users.

3. How do we use your data?

We use your information for:

  • Manage your account, bookings, payments and customer service.
  • Verifying your identity, preventing fraud and ensuring community safety.
  • Resolving incidents, disputes or claims.
  • Personalising your experience and recommending activities.
  • Communicate with you to send you important notifications or relevant information.
  • Comply with our legal and tax obligations.
  • Carrying out internal analyses, surveys and market studies to improve our services.
  • Send you marketing communications, only if you give us your consent.

4. Who do we share your data with?

In some cases, we will share your personal data with third parties. These third parties may be:

  • Other users: when necessary to coordinate an experience).
  • Payment processing: We use third parties to process payments electronically, manage chargebacks or offer invoice collection services. Payment service providers may, in some cases, use your personal data for their own purposes, such as detecting and preventing fraud attempts and complying with relevant legal obligations. When a chargeback is requested for an Experience booking, either by you or by the credit card holder used to make the booking, we need to share some booking data with the payment service provider and the relevant financial services organisation so that they can manage said chargeback. This may include a copy of your booking confirmation or the IP address you used to make your booking. We may also share information with relevant financial institutions, if we consider it strictly necessary to detect or prevent fraud, for example, to avoid fraudulent use of a stolen credit card.
  • Marketing services: We may share some of your personal data (such as identifiers) with advertising partners, as part of marketing our services through third parties (to ensure that relevant advertisements reach the right audience). We use techniques such as hash encryption of specific personal data (for example, your email address or phone number) to be able to establish a correspondence between data from one or more of their databases. These techniques limit what the third-party company that receives the data can do with the personal data that we selectively share with them. When we share audience information with advertising partners and other third parties, we ensure that your personal data is aggregated and pseudonymised, so that advertising partners and other third parties cannot directly identify you (for example, through the use of verified data clean rooms). This pseudonymised data is used to develop tailored promotional proposals and pitches for media for our collaborators. Furthermore, as part of the account verification process, we may share with a third party some of your account data (such as your name, email address, phone number, passport number or physical address), your linked social media accounts, your passport or other identification documents. A third party may use a detection system to verify that you are a real person and not a robot. This process is automated and the data is not retained beyond what is necessary for verification.
  • Professionals: In some cases (such as legal claims or as part of an audit), we may need to share your personal data with representatives of professional services organisations. These representatives may be legal advisers from law firms and auditors. We only share your personal data when necessary and in accordance with applicable contractual and other obligations.
  • Insurance companies: if an insurance claim is made that affects you and a local or user, we may provide the necessary data (including personal data) to the insurance company and its designated representatives so that the process may continue.
  • Commercial or strategic partners: We may have commercial partners or strategic collaborators who distribute and advertise autóctonus services on their websites or applications, including the services and products of our Experience providers. In this case, some personal data that you provide to them, such as your name and email address, your address, payment information and other relevant information, will be sent to us so that we can finalise and manage your profile or booking. With these strategic collaborators, we may jointly manage the processing of specific personal data. When we act as joint controllers of processing, you will be informed, among other things, of which joint controller you should direct your specific request to exercise rights to. We may work with our joint controllers to ensure an appropriate response to your request. We will also exchange information about our users with our strategic collaborators with the aim of detecting and preventing fraudulent actions when strictly necessary.
  • Competent authorities, if required by law: We will follow specific protocols when law enforcement agencies and other government bodies request that we disclose personal data about one or more registered and/or users, in connection with a possible criminal matter. We may also disclose personal data to law enforcement agencies in connection with possible cases of fraud. We will follow similar protocols in cases where, for example, local and EU legislation also requires us to share personal data with a competent authority, such as a tax authority. We may be obliged to disclose personal data to comply with a legal obligation, or to protect and defend our rights or the rights and interests of our collaborating partners.

5. International transfers

If we work with providers or collaborators in other countries, we will ensure that your data is adequately protected through recognised legal mechanisms, applying appropriate measures to ensure that transfers of personal data between different countries comply with applicable legislation. Furthermore, our goal is to ensure that your data is protected in a similar manner.

6. How do we protect your personal data?

We combine people, processes and technology to protect your personal data and respect your privacy. To do this, we do the following:

  • We maintain a comprehensive framework of security policies, procedures and protocols
  • We hire specialist staff in cybersecurity and data protection
  • We keep staff alert to security risks through awareness activities and ongoing security training
  • We use up-to-date security technologies, such as encryption and data leak prevention, to avoid the unauthorised disclosure or destruction of data
  • We maintain inventories to monitor processes, systems and data assets
  • We use multiple systems to prevent and detect fraud and continuously monitor the system, including for security purposes
  • We use identity and access management and other logical and physical access restrictions to control that only authorised personnel can access personal data
  • We maintain and test protocols for responding to reports of potential incidents and data breaches
  • We periodically verify and improve our security systems, procedures and protocols
  • We impose equivalent measures on the third parties we work with.

We use retention practices to maintain and, where possible under applicable legislation, delete personal data. In general, we retain your personal data for as long as is necessary to:

  • Allowing you to use our Platform.
  • Preventing and detecting online fraud attempts and/or other illegal activities.
  • Comply with legal obligations such as those under accounting and tax legislation.
  • Resolving legal claims.

7. Social media policy

In accordance with the GDPR and Law 34/2002 (LSSI-CE), GSG Experience S.L. informs that it has created profiles on Instagram, TikTok, LinkedIn and other networks, with the main purpose of advertising its products and services.

By joining our page, you give us your consent to process the personal data published on your profile. You can access the privacy policies of each social network and configure your profile to ensure your privacy.

autóctonus only has access to public user information, such as their contact name. This data is only used within the social network itself. It is not incorporated into any file.

8. Your rights

You can access, rectify or erase your data, limit or object to its processing, or request its portability. You can also withdraw your consent at any time. To exercise them, write to us at the contact address in Annex 1.

  • The rights available to you in the area of data protection are as follows: Information
  • Access: Defined by the functionality of the social network and the ability to access profile information.
  • Rectification: Only with regard to information under the control of GSG Experience (e.g., deleting comments). For other modifications, you must go directly to the social network.
  • Cancellation and/or objection: Only applicable to information under our control (e.g., unfollowing the page or withdrawing content).
  • Limitation.

autóctonus may carry out:

  • Access to public profile information.
  • Publication on the user profile of content from the official page.
  • Sending personal messages through the enabled channels.
  • Page status updates, visible on your profile.

You can manage connections, delete content or configure privacy from the social network settings.

Contests and promotions: autóctonus may run contests and promotions through its social media profiles, in compliance with the GDPR, the LOPDGDD and the LSSI-CE, as well as other applicable regulations. Social networks do not sponsor or administer our promotions.

Advertising: We may use the social network to promote our products and services. If we use your contact details for direct commercial prospecting, it will always be in accordance with current legislation.

Recommending the page to other users is not considered advertising.

9. Changes to this policy

We may update this Privacy Policy to reflect legal changes or improvements to our services. If there are important changes, we will inform you and request your consent when necessary.

10. Contact

For privacy queries or to exercise your rights, contact us using the details in Annex 1.

Annex 1 – Data Controller Details

Main Data Controller:

  • Legal name: GSG Experience S.L.
  • NIF: B-21868831
  • Registered address: Calle Barria 3, ground floor, 48200 Durango, Vizcaya, Spain
  • Contact email: rgpd@autoctonus.com
  • Website domain: www.autoctonus.com

Payment Data Processing Controller:

  • Designated entity: STRIPE
  • Address: José Ortega y Gasset 22-24, 5th floor, Madrid 28006
  • Email: complaints@stipe.com

Insurance Management Controller:

If you take out insurance or protection services:

  • Name: Europ Assistance S.A., branch in Spain
  • Address: Paseo de la Castellana 130, Madrid, Spain
  • Email: delegadoprotdatos@europ-assistance.es

For queries related to the protection of your personal data or the exercise of your rights, write to us at any of the above email addresses, clearly stating the reason.

Cookie Policy

1. What are cookies?

Small text files that are stored on your device (computer, mobile, tablet) when you visit a website. They remember your preferences, facilitate navigation and collect information about your use of the platform.

2. Why do we use cookies?

  • Essential functionality: Remembering your session, preferred language and configuration options.
  • Analytics and performance: Analyse how you use the platform, detect errors and improve the user experience.
  • Personalisation: Adapting content and recommendations according to your interests.
  • Advertising and marketing: Showing relevant ads within and outside autóctonus, and measuring their effectiveness.

3. Types of cookies:

  • Own cookies: configured and managed by autóctonus.
  • Third-party cookies: managed by external providers (web analytics, payments, personalised ads). Examples: Google Analytics, Meta/Facebook Pixel, secure payment gateways.

Use of cookies on this website:

In accordance with art. 22.2 LSSI-CE, the following are used:

  • Technical cookies (own, persistent)
  • Personalisation cookies (own, persistent)
  • Analytics cookies (third-party, session and persistent)

Cookie management:

You can disable the use of cookies from your browser settings. When doing so, some services may not work correctly.

To manage cookies:

Third-party cookies used:

  • HubSpot: contact management and analytics. See their privacy policy.
  • Google Analytics: obtiene datos anónimos. Almacena cookies en EE. UU. bajo el marco Privacy Shield. Más información y complemento de inhabilitación disponible.
  • Stripe is the platform that provides security and manages all payments. Consult their privacy policy.

4. Retention period:

  • Session: deleted when the browser is closed.
  • Persistent: they remain for a set period or until manually deleted.

5. Updates:

We may modify this policy to adapt it to legal or technical changes. We will inform you of relevant changes.

6. Contact:

rgpd@autoctonus.com