Phone:
+44 75 48 48 00 00
Address:
63 St. Mary Axe
London EC3A 8AA
Last updated: 18 June 2025
Welcome to the privacy policy of tourguide.systems, a trading name of Demapal Ltd (“we”, “us”, or “our”). We specialise in hiring professional wireless tour-guide (“whisper”) audio systems—transmitters with microphones and receivers with headphones—for tours, museums, conferences and interpretation events across the UK. We respect your privacy and are committed to protecting your personal data. This notice explains how we collect and process your personal data when you engage with us and informs you of your rights and how the law protects you.
Please refer to the Glossary for definitions of key terms used in this notice.
This notice explains how Demapal Ltd collects and processes your personal data when you enter into, or take steps to enter into, a contractual relationship with us. It supplements any other notices we may provide and is not intended to override them.
Demapal Ltd is the controller responsible for your personal data.
You may complain at any time to the UK Information Commissioner’s Office (ICO) (ico.org.uk), but we would appreciate the chance to deal with your concerns first.
This version is dated 03 June 2025. We may update it periodically to reflect legal or operational changes.
Please keep us informed if your personal data changes during your relationship with us.
“Personal data” means any information about an individual from which that person can be identified. It does not include anonymised data.
Category | Description |
---|---|
Identity Data | First and last names of clients or their representatives; company name (if applicable). |
Contact Data | Billing address, email address, telephone number. |
Phone Call Data | Recordings of inbound and outbound telephone calls between you and us. |
Personal Data | Any information you disclose to us during our contractual relationship. |
Financial Data | Bank-account and payment-card details. |
Transaction Data | Payments to and from you and details of products or services purchased. |
Usage Data | Information about how you use our services and website. |
Marketing & Communications Data | Your preferences in receiving marketing from us and third parties. |
Logistics & Booking Data | Equipment quantities, hire duration, delivery/collection addresses & times, return arrangements and any comments you provide. |
If we need personal data by law or under a contract and you fail to supply it, we may be unable to perform the contract (e.g. provide services) and may have to cancel the service.
We rely on:
Purpose / Activity | Data Types | Lawful basis |
---|---|---|
Register you as a new customer | a Identity b Contact c Personal d Financial e Phone Call | Contract; Consent (recording) |
Process and deliver services | a Identity b Contact c Transaction d Financial e Personal f Phone Call | Contract; Legitimate interest (recover debt); Consent (recording) |
Manage our relationship | a Identity b Contact c Phone Call d Financial | Contract; Legitimate interest (record-keeping) |
Surveys / partner updates | Marketing & Comms | Consent |
Run and protect our business | a Identity b Contact | Legitimate interest; Legal obligation |
Improve services (analytics) | Usage | Legitimate interest |
Training & quality (call recordings) | a Identity b Contact c Personal d Phone Call | Legitimate interest; Consent (recording) |
We do not engage in automated decision-making that produces legal or similarly significant effects.
You will receive marketing communications if you have opted in. You may opt out at any time.
We will only use your data for the original purpose unless we reasonably consider a related, compatible purpose exists, or we notify you and explain the new legal basis.
All third parties must respect data security and act only on our instructions.
Where we enter an NDA, its confidentiality terms apply; personal data also remains governed by this Policy.
We primarily process data in the UK/EEA. When using providers outside these areas we rely on UK-approved SCCs, adequacy decisions, and contractual/technical safeguards.
We implement appropriate security (including encryption in transit and at rest) and restrict access to staff with a business need. Breach procedures are in place.
You have the right to access, correct, erase, restrict, transfer, object to processing, and withdraw consent at any time. We respond within one month to Subject Access Requests.
We use cookies grouped as functional (always active), statistics, and marketing. Non-essential cookies operate only with your consent via the Complianz banner.
Our services target professional users. We do not knowingly collect data from children under 13. Contact us if you believe we hold such data.
Legitimate Interest – our business interest, balanced against your rights.
Performance of Contract – processing necessary to fulfil a contract with you.
Comply with a legal obligation – processing required by law.
Internal Third Parties – Demapal Ltd entities acting as joint controllers.
External Third Parties – advisers, regulators, IT providers (including GoCardless, Stripe, Barclays Bank UK and Wise Payments for payment processing), and any third party you instruct.
NDAs cover confidential business information for specific projects. Where that information is also personal data, it is processed in line with this Privacy Policy. NDAs do not prevent us from:
The higher standard of protection between an NDA and this Policy will always prevail.
⛔ We do not accept automatic confidentiality or data-handling obligations embedded within external vendor platforms, onboarding systems, or procurement portals unless explicitly reviewed and agreed in writing. Our legal obligations under UK law and this Privacy Policy prevail in all cases.