The protection of your personal data is important to us. With this privacy policy, we would like to explain in more detail what personal data we collect and for what purposes it is processed within our app “Tellingstones”.

Object of data protection

The subject of protection is the data regarding your booking, goods and tickets purchased, stored within your personal account, and the information requested to access it. That is: your email address and your password.

Registration. You have the option of creating a customer account, e.g. to manage bookings or view bookings made. To do this, you must provide the following mandatory information:

  • E-mail address
  • Password.

Registration data are required to create and manage a user account. In this case, the user enters into a (free) contract of use with us, on the basis of which we collect this data (Art. 6 para. 1 lit. b GDPR).To conclude the contract, you must provide us with this data. However, you are neither contractually nor legally obliged to enter into the contract and thus to provide the data.

Storage and evaluation of e-mails. E-mails are only stored and evaluated if you have given us your consent. We will only use this data to improve our customer service. The records will be deleted after three months. The legal basis is Art. 6 para. 1 lit. a GDPR. You have the possibility to revoke your consent at any time by contacting one of the contact channels indicated in this privacy policy. This does not affect the lawfulness of the processing carried out by us until revocation.

Technical service providers. We use technical service providers for hosting and some of the services required for the Tellingstones App. Accordingly, data processing takes place on the servers of these service providers. These service providers only process data according to our explicit instructions and are obliged to ensure sufficient technical and organisational measures for data protection. Accordingly, our service providers act for us as so-called data controllers within the meaning of Art. 28 GDPR. 28 GDPR.

Data hosting. For data hosting we use the services of Amazon Web Services EMEA S.a.r.l. (“AWS”) based in Luxembourg. Accordingly, when you interact with our website or access content displayed by the App, the requested data is processed on AWS servers. We only use servers located in the European Union. To cover remote maintenance and similar constellations, we have entered into standard contractual clauses with AWS that have been approved by the EU Commission in accordance with Art. 46 para. 2 lit. c GDPR.

Bookings and payments. Bookings When you book a tour, activity or the like on our website, we collect the data required to carry out the tour. This is usually the following information: e-mail address, number of participants, date and time. Depending on the activity booked, it may be necessary to collect further information, such as the flight number or age of the participants. The processing that takes place in connection with this is based on Art. 6 para. 1 lit. b GDPR. To the extent necessary, we will transmit your data to the entity responsible for the tour or activity.

Payments. There are various possibilities to pay for the bookings provided. To this end, we process the data required in each case depending on the payment method selected. In this context, personal data will be processed as described below on the basis of Section 6 para. 6 para. 1 lit. b GDPR and is necessary to execute the selected payment method.
Credit card payments. For the processing of credit card payments, we use the service provider STRIPE PAYMENTS EUROPE LIMITED. Address: VIA PRIVATA MARIA TERESA 4 – 20123 – MILAN (MI) “Stripe”. The data provided during payment will be transmitted by Stripe to the respective banks or financial institutions for payment processing. In the case of credit card payments, we only receive information that the payment has or has not been made. We are therefore never aware of your credit card number or other data relating to your personal details relevant to privacy.

Cookies. We do not use so-called “cookies” to offer certain functions of our website and to optimise the use of our App “Tellingstones”.

Localisation. It is possible for the user to activate the location functions provided by mobile devices. This information is used by the device solely for the purpose of searching for any narrative content or the presence of tourist attractions in the vicinity. The user will only be notified of this information if the menu option ‘activate notifications’ has been selected. No personal nor location information is sent outside the device. All location information therefore remains within the device.

Data Protection Officer (DPO) e-mail address: privacy@espereal.com

Contact for further information


E-mail address: info@espereal.com
Telephone number: +39 011 19118961

Espereal Technologies Srls

Legal site: Corso Giuseppe Siccardi 11Bis 10122 Torino

P.I. 11677630011