Privacy Policy

Effective Date: November, 2025.

At The Wandrly Way, your privacy and trust matter deeply to us. We're committed to protecting your personal information and being transparent about how we use it.

This policy explains how we collect, use, and safeguard your information when you visit our website or book one of our cultural immersion experiences.

1. Introduction

We have this policy in place to safeguard and protect your information by adhering to and acting in accordance with all applicable legislation specific to the countries and regions in which we operate, including the United States (including California, Nevada, and other states with privacy laws), the European Union, and Spain.

By using our website or booking our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our website or book our services.

This Privacy Policy applies to anyone who visits thewandrlyway.com, anyone who books or inquires about our travel experiences, anyone who subscribes to our newsletter or communications, and anyone who interacts with us through social media or other channels.

2. Information We Collect

We collect personal information that you voluntarily provide when you express interest in our services, book a trip, subscribe to our newsletter, contact us, submit content from your trip, complete surveys, or participate in contests, if applicable. We collect your full name, email address, phone number, mailing address, date of birth, and passport information (number, issue date, expiration date, nationality). We also collect your country of residence and visa information when applicable. As well as credit card details (number, expiration, CVV), billing address, bank account information for transfers, and your complete payment and transaction history. We process payments through secure third-party processors and do not store complete credit card numbers on our servers.

We may collect medical conditions, illnesses, or injuries that may affect your participation in activities, current medications, allergies (food, environmental, medication), dietary restrictions and preferences (vegetarian, vegan, gluten-free, kosher, halal, etc.), physical fitness level and limitations, mobility issues or accessibility needs, and pre-existing conditions relevant to travel safety. We collect name, relationship to you, phone number(s), email address, and physical address of your emergency contact person. Additionally, we collect insurance provider name, policy number, coverage details, and proof of insurance documentation.

We collect trip preferences information such as accommodation preferences (single room, shared room, roommate matching), activity interests, previous travel history, special requests or needs, flight information (arrival and departure details), and airport transfer requirements. Trip evaluations and reviews, survey responses, testimonials, customer service inquiries and all correspondence, and any other information you choose to share with us. If you create an account, we collect your username, password (encrypted and stored securely), profile information, and saved preferences.

When you visit our website, we automatically collect device and browser information (IP address, browser type, operating system, device type, unique identifiers), usage data (pages visited, time on pages, links clicked, referring websites, date and time of visits), general location based on IP address (city, state, country—not precise geolocation), and information through cookies, web beacons, and similar tracking technologies.

We may receive information from payment processors (transaction confirmation, payment status, fraud detection), social media platforms (if you connect your account or interact with our content on Instagram, Facebook, TikTok), travel service providers (feedback from hotels, transportation, activity providers), business partners (our trip co-creators and instructors including Xianix Barrera and other cultural programming partners based in Spain), and marketing and analytics providers (aggregated analytics data, demographic information, behavioral insights).

We don't collect Social Security numbers, driver's license numbers (unless specifically required for an activity), detailed medical records beyond what's relevant to travel participation, or information from anyone under 18 years old.

Important: If you don't provide requested information, we may not be able to deliver the services you've requested, which may mean you can't participate in trips, book services, or subscribe to communications.

3. How We Collect Information

We collect information through various methods including website contact and booking forms, email correspondence, phone calls, text messages (SMS), in-person consultations, pre-trip questionnaires, health and fitness disclosure forms, and post-trip evaluation surveys. Automated collection occurs through cookies and tracking technologies when you visit our website, analytics tools like Google Analytics, and server logs that record website activity.

Third-party collection happens through information you provide to our payment processors, information shared by social media platforms when you interact with our content, and information provided by our travel service providers and partners. We obtain written consent through online booking forms and agreements, email confirmation and acceptance, signed documents (booking agreements, liability waivers, media releases, health forms), and electronic signature platforms.

During phone conversations (we may record calls for quality assurance with advance notice). Through your continued use of our website after being informed of this Privacy Policy, submitting information through contact forms, and subscribing to our newsletter. When someone books on your behalf (travel agent, friend, family member) to whom you have provided your personal information for such purpose.

You have the right to withdraw your consent at any time by contacting us at hello@thewandrlyway.com. However, withdrawing consent may affect our ability to provide services to you.

4. How We Use Your Information

We use your information to process and confirm bookings and reservations, coordinate with trip co-creators, instructors, and local partners in Spain and other destinations, arrange accommodations, transportation, meals, and activities, provide trip itineraries and updates, communicate important information (meeting locations, time changes, weather updates), facilitate airport transfers and ground transportation, accommodate dietary restrictions and special needs, and manage roommate assignments and room preferences.

We use payment information to charge deposits and final payments, process refunds or credits when applicable, maintain payment records for accounting, verify payment information and prevent fraud, and issue receipts and invoices.

We assess your fitness and ability to participate in activities, prepare for medical situations or emergencies, share relevant health information with trip leaders, instructors, or medical professionals if necessary, contact you and/or your emergency contact in case of emergency, provide information to insurers and medical staff if needed, coordinate emergency response and evacuation if required, and comply with health and safety regulations.

We respond to your inquiries, questions, and requests, send booking confirmations and payment receipts, provide pre-trip information and preparation materials, send trip updates and itinerary changes, share post-trip follow-up and thank you messages, and solicit feedback through surveys and evaluations.

We send newsletters about upcoming trips and experiences, share travel tips and cultural insights, notify you of special offers and early bird pricing, provide information about new trips or services, and send promotional materials about our experiences.

We monitor and analyze website usage and trends, understand how visitors interact with our website, develop new trips and offerings, conduct research and testing to improve user experience, evaluate trip quality through feedback and reviews, and troubleshoot technical issues.

We maintain internal accounting and business operations, manage contracts with suppliers and service providers, process complaints and resolve disputes, maintain records for tax and legal compliance, protect our rights and property, and enforce our Terms and Conditions.

We comply with legal obligations (tax laws, immigration requirements, customs), respond to legal requests from government authorities and law enforcement, protect against fraud and security breaches, investigate and prevent activities that violate our policies or laws, and defend our legal rights in disputes.

For users in the European Economic Area, UK, or Switzerland, we process your information based on consent (marketing, photography), contract performance (providing your booked trip), legal obligation (tax reporting, immigration), legitimate interests (fraud prevention, business operations), and vital interests(medical emergencies).

5. How We Share Your Information

The Wandrly Way does not sell, rent, or trade your personal information to third parties. Period.

We share your information with third-party service providers in Spain and other destinations who help deliver your trip experience. These include hotels and accommodations (for reservations and special requests), transportation companies (airlines, trains, buses, car services, airport transfers), dance instructors and studios (including our co-creators and dance studios in Sevilla for instruction coordination), activity providers (tour guides, cultural venues, museums, performance spaces, restaurants, wineries), and emergency services (medical facilities, doctors, emergency responders if needed during your trip).

We work with website and technology providers including our website host Squarespace, payment processors e.g., Stripe, PayPal, Venmo, email service provider Google, Squarespace, etc., and analytics tools (Google Analytics to understand website usage). We also share information with professional services including insurance providers, legal counsel, accountants, and business consultants (all under confidentiality agreements).

We may disclose your information to government authorities when required by law including court orders and subpoenas, law enforcement agencies, immigration and customs officials, tax authorities, and regulatory agencies. We also share information to protect rights and safety (investigate fraud, prevent illegal activities, enforce our terms, defend legal claims) and in business transfers (if The Wandrly Way is sold, your data transfers to the new owner under equal or stronger privacy protections).

If you share photos, videos, or other content from your trip on social media using our hashtags (e.g., #TheWandrlWay) or tag us, you grant us permission to repost, share, or feature your content on our website and social media platforms, use your content for marketing and promotional purposes, and include your content in newsletters and communications. We'll credit you when possible but aren't obligated to. If you don't want us using your content, don't use our hashtags or tags. Contact hello@thewandrlyway.com to request removal of specific content. We have no control over and are not responsible for photos or content posted by other trip participants.

6. International Data Transfers

The Wandrly Way is based in New York, USA, but our travel services are delivered primarily in Spain. When you book a trip, your information is transferred to and processed in the United States, Spain and other European Union countries, and any other country where our service providers or partners are located. These countries may have data protection laws different from your country of residence.

When you book a trip to Spain, we transfer your information to hotels and accommodations in Spain, our trip co-creators and dance instructors in Spain, studios, restaurants, tour guides, and activity providers in Spain, and transportation companies operating in Spain.

We ensure your information receives adequate protection through data processing agreements with service providers that include standard contractual clauses approved by the European Commission, working only with partners who commit to protecting personal data in accordance with applicable laws, and ensuring service providers implement appropriate security measures.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Booking and Financial Records: 7 years from your trip date (required for tax reporting, accounting, and IRS regulations). This includes payment records, invoices, receipts, and transaction history.

Health and Medical Information: 3 years after your trip completion, then securely deleted unless required for legal claims.

Marketing and Communication Data: Until you unsubscribe or request deletion. Deleted within 30 days of unsubscribe request.

Account Information: While your account is active plus 2 years after closure, unless you request earlier deletion.

Trip Feedback and Reviews: Indefinitely unless you request deletion (used for marketing and service improvement).

Photos and Videos (with consent): Indefinitely unless you revoke consent. You may request removal at any time.

Legal Claims: Duration of legal proceedings plus 7 years for information relevant to disputes or investigations.

We securely delete or anonymize information when the retention period expires, you request deletion (subject to legal obligations), it's no longer necessary, or we no longer have a legal basis to retain it. We may retain certain information beyond standard periods if required by law, necessary to resolve disputes, needed to protect our legal rights, or you've consented to extended retention.

8. Security Of Your Information

We take the security of your personal information seriously and use administrative, technical, and physical measures to protect it from unauthorized access, use, disclosure, alteration, and destruction.

We use SSL/TLS encryption for all data transmitted between your browser and our website (https), encrypt sensitive data stored in our databases, process payments through PCI-DSS compliant third-party processors (we don't store complete credit card numbers), implement password protection and multi-factor authentication for administrative access, maintain firewalls to protect our servers and networks, conduct regular security monitoring and logging, and maintain secure backup systems with encryption.

We provide data protection and privacy training for all employees and contractors, require confidentiality agreements, conduct background checks where appropriate, implement written security policies and procedures, maintain an incident response plan for data breaches, and conduct regular policy reviews and audits.

We securely store physical documents containing personal information with restricted office access, shred documents for secure disposal, and minimize physical document retention (preferring digital storage).

Protect your account by keeping your password confidential and secure, using a strong unique password, not sharing login credentials, and logging out when using shared computers. Be cautious of phishing emails or suspicious requests for information, verify the authenticity of communications claiming to be from us, and don't send sensitive information via unencrypted email. Keep your contact information current and report any security concerns immediately to hello@thewandrlyway.com.

No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially acceptable means to protect your information, we cannot guarantee absolute security. We're not responsible for security breaches from circumstances beyond our reasonable control, your failure to protect account credentials, third-party website vulnerabilities, or data interception over public networks.

In the event of a breach compromising your information, we will promptly investigate the nature and scope, determine what data was affected, assess risk to individuals, notify affected individuals within 72 hours of becoming aware (as required by GDPR), notify regulatory authorities as required, provide information about the breach and steps we're taking, and implement additional security measures to prevent future breaches.

9. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information. Contact us at hello@thewandrlyway.com to exercise any of these rights.

Right to Access: Request confirmation that we're processing your information, a copy of your personal information, and details about how we use and share it. We'll respond within 30 days.

Right to Correction: Request correction of inaccurate or incomplete information. You may also update certain information directly through your account settings.

Right to Deletion: Request deletion of your information in certain circumstances. We'll delete information if it's no longer necessary, you withdraw consent, you object to processing with no overriding grounds, processing was unlawful, or deletion is required by law. We may refuse deletion if needed to comply with legal obligations (e.g., tax records kept 7 years), establish or defend legal claims, fulfill our contract with you, or exercise freedom of expression rights.

Right to Restrict Processing: Request that we limit how we use your information while we verify accuracy of disputed information, when processing is unlawful but you don't want deletion, when we no longer need the data but you need it for legal claims, or while we verify whether our legitimate interests override your objection.

Right to Data Portability: Receive your information in a structured, commonly used, machine-readable format (CSV, JSON, PDF) and transmit it to another service provider. This applies to information you provided with consent or for contract performance that's processed by automated means.

Right to Object: Object to processing based on legitimate interests (including profiling) or direct marketing purposes. If you object to direct marketing, we'll stop immediately.

Right to Withdraw Consent: Where we rely on consent (marketing, photography, optional data collection), you can withdraw it at any time. This doesn't affect lawfulness of processing before withdrawal or processing based on other legal grounds. Click "unsubscribe" in emails or contact us at hello@thewandrlyway.com.

Right to Lodge a Complaint: If you believe we've violated your privacy rights, you can complain to a data protection authority. In the US, contact the Federal Trade Commission (ftc.gov) or your State Attorney General. In the EU, contact your local supervisory authority (edpb.europa.eu/about-edpb/board/members_en). We encourage you to contact us first so we can address concerns directly.

How to Exercise Rights: Email hello@thewandrlyway.com with the type of request in the subject line. Include your full name, email associated with your booking, description of your request, and any information to help us locate your data. For your protection, we may verify your identity before responding (booking confirmation number, date of birth, last four digits of credit card). We respond within 30 days and don't charge a fee for most requests unless the request is manifestly unfounded, excessive, or repetitive.

10. California Privacy Rights (CCPA/CPRA)

If you're a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

You have the right to request disclosure of the categories of personal information we collected, categories of sources, business purposes for collection, categories of third parties we share with, and specific pieces of information we collected about you. We'll provide information covering the 12 months prior to your request.

We collect identifiers (name, email, phone, address, IP address, passport number), California customer records (name, address, phone, credit card), protected classification characteristics (age, date of birth, nationality), commercial information (booking records, payment history), internet activity (website browsing, interaction with our site), geolocation data (general location based on IP, not precise location), sensory data (photos, videos with consent), and inferences (profiles about preferences and behavior). We collect sensitive personal information including health information for trip safety only, not for profiling or advertising.

We collect sources of information directly from you (forms, emails, phone), automatically from your device (cookies, analytics), third parties (payment processors, social media, travel providers), and business partners (trip co-creators, instructors). We provide travel services and fulfilling bookings, processing payments, communicating about trips, marketing (with consent), ensuring safety and managing emergencies, complying with legal obligations, protecting against fraud, improving services, and internal business operations.

The Wandrly Way does not sell your personal information as defined by CCPA. We do not share your information for cross-context behavioral advertising. If our practices change, we'll update this policy and provide a "Do Not Sell or Share My Personal Information" link. You have the right to request deletion of your information, subject to exceptions (see Section 9).

We only use sensitive information (health data) for purposes allowed under CPRA—providing services you request and ensuring safety. We don't use it for profiling or targeted advertising. You have the right to request correction of inaccurate information (see Section 9).

We will not discriminate against you for exercising CCPA rights. We won't deny services, charge different prices, provide different quality of services, or suggest you'll receive different treatment.

How to Exercise California Rights: Email hello@thewandrlyway.com with "California Privacy Rights Request" in the subject line. Include your name, email, California residence confirmation, specific right you wish to exercise, and details to help locate your information. We'll verify your identity and respond within 45 days (up to 90 days if needed with notification).

11. Nevada Privacy Rights

If you're a Nevada resident, you have the right under Nevada law (SB 220) to opt out of the sale of your personal information. The Wandrly Way does not sell your personal information as defined by Nevada law. If our practices change, we'll notify you and provide opt-out options.

12. European Privacy Rights (GDPR)

If you're in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). See Section 9 for detailed rights (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint). The Wandrly Way LLC is the data controller for your personal information. We process your data based on consent, contract performance, legal obligation, legitimate interests, and vital interests (see Section 4). When you book trips to Spain, your information transfers from the US to Spain and EU. We use standard contractual clauses approved by the European Commission and ensure adequate protection (see Section 6).

For GDPR-related inquiries, contact hello@thewandrlyway.com. You have the right to lodge a complaint with your local supervisory authority if you believe we've violated GDPR. Find yours at edpb.europa.eu/about-edpb/board/members_en.

13. Children’s Privacy

Our website and services are not intended for anyone under 18 years old. We do not knowingly collect personal information from anyone under 18. If you're under 18, don't use this website or provide any information. If we learn we've collected information from someone under 18 without parental consent, we'll delete it promptly. If you believe we have information from someone under 18, contact us at hello@thewandrlyway.com.

14. Cookies and Tracking Technologies

We use cookies and similar technologies to track activity on our website and hold certain information. Cookies are small data files that may include anonymous unique identifiers.

Essential cookies are necessary for the website to function (sessions, security). Analytics cookies help us understand visitor interaction (Google Analytics). Functional cookies remember your preferences and choices. Marketing cookies track browsing habits for targeted advertising (if used). You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you don't accept cookies, you may not be able to use some website features. Most browsers allow you to view, delete, block, or receive notifications about cookies through privacy settings.

We use Google Analytics to understand website usage and improve user experience. Google's privacy policy: policies.google.com/privacy. Opt-out: tools.google.com/dlpage/gaoptout. We may use social media platforms (Facebook, Instagram, TikTok) for advertising and analytics if you interact with our ads or content. Some browsers have a "Do Not Track" feature. Our website does not currently respond to DNT signals.

For detailed information about cookies, see our separate Cookie Policy.

15. Email And Marketing Communications

With your consent, we may send marketing emails about our services, travel experiences, promotions, and events. You can opt out of marketing emails anytime by clicking "unsubscribe" in any email, adjusting email preferences in your account settings, or contacting hello@thewandrlyway.com.

Even if you opt out of marketing, we'll still send transactional emails related to booking confirmations, trip updates and itinerary changes, account notifications, customer service responses, and legal notices. These can't be opted out of as they're necessary for the services you've requested. If you provide your phone number and consent to texts, we may send booking confirmations and updates, trip reminders and notifications, customer service messages, and marketing messages (with explicit consent). Opt out anytime by replying "STOP" to any text or contacting hello@thewandrlyway.com. Standard message and data rates may apply.

16. Social Media And Third-Party Websites

We maintain pages on social media platforms like Instagram, Facebook, and TikTok. When you interact with our social pages, the platform's privacy policy governs. We may receive information from social platforms per their policies and your privacy settings. Information you post publicly on our social pages may be viewed by others. Exercise caution when sharing personal information. Our website may contain links to third-party websites, services, or social media that aren't operated by us. We have no control over and assume no responsibility for their content, privacy policies, or practices. We're not responsible for third-party privacy practices and strongly advise you to review their privacy policies before providing information.

17. Changes To This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. When we make changes, we'll update the "Last Updated" date at the top, post the revised policy on our website, and notify you via email or prominent website notice if changes are material.

Your continued use of our website after the effective date of the revised Privacy Policy constitutes acceptance of the changes. We encourage you to review this policy periodically to stay informed of updates.

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us:

The Wandrly Way LLC
Attention: Privacy Policy

Email: hello@thewandrlyway.com

Response Time: We will respond to your inquiry within 30 days.