Skip to content
Alpaca WalksBook your walk

Privacy Policy

Last updated:

This Privacy Policy explains how Alpaca Walks (“we”, “us”, “our”) collects, uses and protects your personal data when you visit alpacawalks.ie, send us an enquiry, or book a visit. We follow the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

1. Who is the controller of your data

Alpaca Walks is the data controller responsible for the personal data collected on this website. You can reach us by email at hello@alpacawalks.ie or by post at [CONFIRM EXACT ADDRESS], Loughglynn, Co. Roscommon, Ireland [CONFIRM EIRCODE].

2. What data we collect

We only collect data we genuinely need to answer your questions and run your booking:

  • Booking enquiries — your name, email, optional phone number, requested date, party size (adults and children), chosen alpaca, chosen experience, and any free-text notes you provide.
  • Contact form messages — your name, email and the text of your message.
  • Consent records — a timestamp, version number, and cookie-category choices when you make a selection on our cookie banner. We do not log your IP address with this record.
  • Hosting logs — short-lived technical request logs handled by our hosting provider (Vercel). These may temporarily include IP addresses for abuse-prevention and are not used for marketing.

We do not currently use website analytics or marketing tags. If we add them in future, this policy and the cookie banner will be updated first.

3. How we use your data (and the legal basis)

  • To respond to your enquiry or confirm your booking — performance of a contract (Article 6(1)(b) GDPR).
  • To send you seasonal updates by email — only if you tick the optional opt-in checkbox; legal basis is your consent (Article 6(1)(a) GDPR). You can withdraw at any time.
  • To keep our site running securely — legitimate interests (Article 6(1)(f) GDPR), balanced against your rights.
  • To comply with our legal obligations — for example, retaining booking records for tax purposes (Article 6(1)(c) GDPR).

4. How long we keep your data

  • Booking and contact enquiries: up to 24 months from your last interaction with us, then deleted.
  • Confirmed bookings: up to 7 years to comply with Irish Revenue tax record-keeping requirements.
  • Consent records: while your consent choice is in force, plus 12 months for audit purposes.
  • Marketing opt-in list (if you join): until you unsubscribe.

5. Who we share your data with

We do not sell your data. We rely on a small number of trusted service providers (data processors) to deliver the website and handle your enquiry. Each is contractually bound to act only on our instructions:

  • ClarityWeb — website developer and technical support provider (Ireland). May access this site for maintenance. clarityweb.ie.
  • Vercel Inc. — hosting and content delivery (United States, with EU edge locations). Vercel privacy policy.
  • Supabase Inc. — database for booking enquiries, once enabled (United States, with EU regions available). Supabase privacy policy.
  • Transactional email provider — once we connect a provider (such as Brevo or Resend) we will list it here and in the cookie table.

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (subject to legal retention obligations);
  • restrict or object to how we use your data;
  • data portability where applicable;
  • withdraw your consent at any time, without affecting processing done before withdrawal.

To exercise any of these rights, email hello@alpacawalks.ie. We respond within one month.

7. Complaints to the Data Protection Commission

If you believe we have not handled your data properly, you can lodge a complaint with the Irish Data Protection Commission (DPC):

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
https://www.dataprotection.ie

8. International transfers

Some of our providers (Vercel, Supabase, future email service) are based outside the European Economic Area. Where data is transferred outside the EEA, transfers are protected by Standard Contractual Clauses approved by the European Commission, or by an equivalent safeguard, in line with Chapter V GDPR.

9. Cookies and similar technologies

We use a single browser-side storage item (localStorage) to remember your cookie consent choice. We do not set any non-essential cookies until you give consent on our banner. Full details are in our Cookie Policy.

10. Changes to this policy

We may update this policy occasionally — for example, if we add a new third-party service. Material changes will be highlighted on the site and you'll see a new "last updated" date at the top.