Privacy Policy

 Credit car transactions

For credit card transactions on our website, the company informs the card holder that the company Alora turiadventur S.L. is responsible for safe transactions and that their data will be treated in the same way. We use our SLL data encryption system for greater security.

Cancellations: In the case of not showing up for the contracted service, the customer will not be entitled to a refund. In the event of closure of the “Caminito del Rey”, due to weather conditions, the customer will be entitled to a full refund or the option to rebook within a maximum period of 2 months from the date of the original booking. Applicable only due to closure for weather.

Rules of Caminito del Rey: The client accepts and agrees to comply with the rules of the “Caminito del Rey”. You can ckeck them here.

Personal data protection policy

1. In compliance with the provisions of Act 15/1999, of December 13, on the Personal Data Protection ( hereinafter PDPA) and in Royal Decree 1720/2007,of December 21, which enables the enactment of PDPA ( hereinafter RDPDPA)and makes Áloratur SLU,B93425239, responsible for the management and maintenance of this website, here in after the company, policies concerning the treatment and protection of personal data, which will apply to those who voluntarily communicate via email with the company, complete data collection forms, formalize a contractual relationship with the company or use any other service present on the website that implies data communication to the company or access data by the company for the provision of services. The use of the company´s services will imply the express acceptance of this policy. Likewise, these conditions will be of subsidiary application to others that are established on the same subject, with special character, and are communicated without limitation through the registration forms, contracts and /or conditions of the particular services, being the present policies as complimentary to the above in that not expressly provided and that is not contradicted.

2. The company informs the website user of the existence of various treaties and personal data files whose responsibility of which lies with Áloratur SLU, office registered at C/Alegrías 4, Álora, Málaga, where the personal data communicated to the company is collected and stored. Sending of an email to the company,

3. The sending of an email to the company ,or the communication to the company of any other personal data, implies the provision of free, unequivocal, specific, informed and express consent for the processing of personal data by the company, which will be carried out in order to meet the communications received. In the contracting of services offered by the company, the data will be treated in order to maintain the contractual relationship that is established, in accordance with the nature and characteristics of the service contracted and exclusively for that purpose, the company will contact the client through email, sms or other means indicated by the latter, as well as for the maintenance of historical business relations during the legally established deadlines. The company allows customers to choose, on the form they fill out when they register, whether or not they wish to receive commercial information. Regardless of the option they have chosen, they can modify it at any time, as many times as they wish, from the specific section for this purpose, available in their client area. In those cases in which the clients choose to receive commercial information, the company informs that their data will be processed for the sending of documentation and information related to the services, commercial and/or advertising communications about them, or other similar ones, by post, telephone, email, sms or any other means indicated by the client. In those cases in which the company must access and/or process personal data, responsibility and ownership for the client for the adequate provision of the contracted services, the latter will process the corresponding data as the person in charge of the treaty in accordance with the provisions of this Privacy Policy in which the obligations of the parties are regulated in the terms established in Aticle 12 of the PDPA and concordant of the RDPDPA.

4. The company uses “cookies” on its website, “Cookies” are small files that our computer equipment sends to users´ devices when they are on the website and that autimatically collects information about the visitors IP address, the day and time it begins and leaves the visit, as well as information on the different sections of the website consulted. Users can configure their browser so that it warns them on the screen if they are receiving cookies, this will not impede the access to information on the website

5. The user may at any time exercise their rights of access, rectification, cancellation and opposition, where possible, by sending a message from the “Contact” section, accessible from, if you are a customer. Also, these rights may be exercised by sending a communication to the following email address =, or by sending a written communication indicating the right or request you exercise, together with a copy of your ID or valid legal document that proves your identity, addressed to the company at C/Alegrías 4, Álora, Málaga, for the attention of the Commercial Information Department.

6. The company is sometimes required to carry out transfers or communications of data that, due to Article 11 of the PDPA, must meet its obligations to the Public Administrations and, where appropriate, also to other bodies, when required by current legislation. In this regard and in compliance with the provisions of Act 25/2007, of October 18 on the conservation of data related to electronic communications and and public networks, informs the user that the company must proceed to retain and conserve certain data generated during the development of the communications, as well as, where appropriate, communicate said data to the competent bodies, provided that the circumstances provided for in said Act concur. The company informs that it may transfer the personal data, exclusively for the purposes detailed throughout this Policy,to any companies that are part of the Group of Companies to which it is a part, understood in the sense of Article 4 of Act 24/1988, of July 28, on the Stock Market, whose activity is the marketing of services of an identical or analogous nature to those offered by the company, such as promotional, marketing and marketing services, services related to active tourism and services, for which the user and/or client gives their consent in advance.

7. The company warns that, except for the existence of a legally constituted representation, no user and/or client may use the identity of another person and communicate their personal data, so at all times you should keep in mind that you must communicate to the company personal data corresponding to your own identity and that are adequate, relevant, current, accurate and true. For this purpose, the user and/or client will be solely responsible for any damage, direct and /or indirect, caused to third parties or the company for the use of another person´s personal data, or their own personal data when they are false, erroneous, not current, inadequate or not pertinent. Likewise, the user and/or client that communicates that communicates the personal data of a third party, will respond to the third party with the obligation of information established in Article 5.4 of the PDPA for when the personal data has not been collected from the interested party, and/or the third party has not been informed.

8. The company informs that, in accordance with the provisions of the PDPA and the RPPDPA, it has adopted the necessary technical and organizational measures to guarantee the security of personal data in view of the state of the technology, the nature of the stored data and the risks to which they are exposed, and that will only record personal data in files that meet the conditions that are determined in current regulations regarding their integrity and safety and those of treatment centres, premises, equipment, systems and programs. Likewise, the company guarantees the fulfillment of the duty of professional secrecy regarding the personal data subject to processing and keeping them.

9. In conformance with Article 12 of the PDPA and concordant of the RDPDPA, will not be considered communication or the surrender of data access and / or processing of personal data that are the responsibility and ownership of the company´s customers when it is necessary for the adequate provision of the services that have been contracted. In such cases the company will act as the person in charge of the information and will carry out the access and /or treatment of the data in accordance with terms indicated below: The company will only process the data according to the instructions of the client with whom they are working and will not apply or use them for any other purpose other than those contained in the contractual conditions that apply, nor will it communicate them, even for their preservation, to other people, the company will not take responsibility when, upon express instructions of the client, the data is communicated to a third person designated by it as provided in the PDPA and in the RDPDPA. Once the provision of personal data processing services has been completed, they will be destroyed, as will any supporting documents that contain any personal data and any type of information that has been generated during, for and/or by the provision of the services subject to the corresponding conditions. Notwithstanding the above, the company may keep the aforementioned data blocked during a period in which use may be derived in relation to the client. In the event that the company allocates the data for another purpose, communicates them or uses them in breach of the corresponding Terms of Service, it will be considered responsible, responding to the infringements that it had personally incurred. The company undertakes , in accordance with Article 10 of the PDPA, to maintain due professional secrecy regarding the personal data that must be accessed and/or processed in order to comply, in each case, with the Conditions of Service that apply to the customer both during and after their termination, committing to use said information only for the purpose in each case and to demand the same level of commitment from any persons who participate in the organization and any phase of the processing of the clients personal data. In accordance with the provisions of the RDPDPA, the following rules will apply in relation to the form and modalities of access to the data for the provision of services: When the company must access the data processing resources located in the facilities of the client responsible for the action, he will be responsible for establishing and implementing the security policy and measures and communicating such policies and measures to the company, who undertakes to respect them and demand compliance with the people of his organization who participate in the provision of services. When the company remotely accesses the data processing resources that are the responsibility of the client, he will be responsible for establishing and implementing the security policies and measures in his remote treatment systems and the company will be responsible for establishing and implementing the security policies and measures in your local systems. When the service was provided by the company in its own premises, other than those of the client, it will collect in its security document the circumstances related to the data in the terms required by current legislation, incorporating the safety measures in relation to said action. In all cases, access to data by the company will be subject to the security measures laid down in the current regulations on security of personal data in accordance with the provisions of title VIII of the RDPDPA, which will have the minimum requirements, notwithstanding the specific legal or regulatory provisions in force that may be applicable in each case or those the company adopts on its own initiative. The client authorizes the company, as the person in charge of processing, to outsource, in the name of and of behalf of the client, with third parties for storage services, custody of the backup copies of data and security, in those cases where is necessary, respecting the obligations imposed by the PDPA and its development regulations. At any time the client responsible for the actions may contact the company to find out the identifying data of the entities that may be subcontracted by the company for the provision of the indicated services, which in any case will act in accordance with the terms provided in this document and prior formalization with the company of a data access contract for the provision of services in the terms provided in Article 12 of the PDPA and 20 of the RDPDPA. Likewise, the client responsible for the action authorizes the company to carry out the actions indicated below, provided that it is accredited that they are necessary for the execution of the provision of services. In any case, the authorization is limited to the action (s) that each service provision requires and with a maximum duration similar to the validity of the contractual Conditions that apply: to carry out the processing of the personal data in portable data processing devices to be undertaken only by users or user assigned to the provision of services; to carry out the action (s) outside of the premises of the client responsible for the action or of the company solely by the users or user assigned to the provision of services; the entry and exit of the media and documents containing personal data, including those included in and/or attached to the email, outside the premises under the control of the client responsible for the processing; the execution of the data recovery procedures that the company sees obligated to execute. The company is not responsible for the breach of the obligations arising from the PDPA and its development regulations on the part of the client responsible for the action in the part that corresponds to its activity and that is related to the execution of the contract or commercial relations that join the company. Each party must face responsibility arising from its own breach of contractual obligations, legislation and regulations,