Phone:
+44 75 48 48 00 00
Address:
63 St. Mary Axe
London EC3A 8AA
Privacy Policy
Last updated: 18 June 2025
1. Introduction
Welcome to the privacy policy of tourguide.systems, a trading name of Demapal Ltd (“we”, “us”, or “our”). We specialise in hiring professional wireless tour-guide (“whisper”) audio systems—transmitters with microphones and receivers with headphones—for tours, museums, conferences and interpretation events across the UK. We respect your privacy and are committed to protecting your personal data. This notice explains how we collect and process your personal data when you engage with us and informs you of your rights and how the law protects you.
Please refer to the Glossary for definitions of key terms used in this notice.
2. Important information and who we are
2.1 Purpose of this privacy notice
This notice explains how Demapal Ltd collects and processes your personal data when you enter into, or take steps to enter into, a contractual relationship with us. It supplements any other notices we may provide and is not intended to override them.
2.2 Controller
Demapal Ltd is the controller responsible for your personal data.
2.3 Contact details
- Legal entity: Demapal Ltd
- Data-protection manager: Ivan Zharikov
- Address: 63 St Mary Axe, London, EC3A 8AA, United Kingdom
- Email: ivan@demapal.com
- Telephone: +44 (0) 20 7183 6090
You may complain at any time to the UK Information Commissioner’s Office (ICO) (ico.org.uk), but we would appreciate the chance to deal with your concerns first.
2.4 Changes to this notice
This version is dated 03 June 2025. We may update it periodically to reflect legal or operational changes.
2.5 Your duty to inform us of changes
Please keep us informed if your personal data changes during your relationship with us.
3. The data we collect about you
“Personal data” means any information about an individual from which that person can be identified. It does not include anonymised data.
| Category | Description |
|---|---|
| Identity Data | First and last names of clients or their representatives; company name (if applicable). |
| Contact Data | Billing address, email address, telephone number. |
| Phone Call Data | Recordings of inbound and outbound telephone calls between you and us. |
| Personal Data | Any information you disclose to us during our contractual relationship. |
| Financial Data | Bank-account and payment-card details. |
| Transaction Data | Payments to and from you and details of products or services purchased. |
| Usage Data | Information about how you use our services and website. |
| Marketing & Communications Data | Your preferences in receiving marketing from us and third parties. |
| Logistics & Booking Data | Equipment quantities, hire duration, delivery/collection addresses & times, return arrangements and any comments you provide. |
4. If you fail to provide personal data
If we need personal data by law or under a contract and you fail to supply it, we may be unable to perform the contract (e.g. provide services) and may have to cancel the service.
5. How is your personal data collected?
- Direct interactions – data you give us in forms, emails, calls, etc.
- Automated technologies – Usage Data collected via cookies (see Cookies).
6. How we use your personal data
We rely on:
- Performance of a contract
- Legitimate interests (balanced against your rights)
- Compliance with a legal obligation
- Consent (you may withdraw at any time)
6.1 Purposes for which we use your data
| Purpose / Activity | Data Types | Lawful basis |
|---|---|---|
| Register you as a new customer | a Identity b Contact c Personal d Financial e Phone Call | Contract; Consent (recording) |
| Process and deliver services | a Identity b Contact c Transaction d Financial e Personal f Phone Call | Contract; Legitimate interest (recover debt); Consent (recording) |
| Manage our relationship | a Identity b Contact c Phone Call d Financial | Contract; Legitimate interest (record-keeping) |
| Surveys / partner updates | Marketing & Comms | Consent |
| Run and protect our business | a Identity b Contact | Legitimate interest; Legal obligation |
| Improve services (analytics) | Usage | Legitimate interest |
| Training & quality (call recordings) | a Identity b Contact c Personal d Phone Call | Legitimate interest; Consent (recording) |
We do not engage in automated decision-making that produces legal or similarly significant effects.
7. Marketing
You will receive marketing communications if you have opted in. You may opt out at any time.
8. Change of purpose
We will only use your data for the original purpose unless we reasonably consider a related, compatible purpose exists, or we notify you and explain the new legal basis.
9. Disclosures of your personal data
- Internal third parties: other Demapal Ltd entities.
- External third parties: professional advisers, HMRC/regulators, IT providers, and third parties you instruct.
All third parties must respect data security and act only on our instructions.
Where we enter an NDA, its confidentiality terms apply; personal data also remains governed by this Policy.
10. International transfers
We primarily process data in the UK/EEA. When using providers outside these areas we rely on UK-approved SCCs, adequacy decisions, and contractual/technical safeguards.
- pCloud (Switzerland) – cloud storage
- Synology NAS – encrypted local storage/back-ups
- Microsoft 365 – email/collaboration
- Xero – accounting
- GoCardless – direct-debit processing
- Barclays Bank UK – client banking
- Wise Payments – international payments
- Stripe – card-payment processing
- Hostinger VPS – website hosting
- Fluent Forms – web-form data
- OpenAI (ChatGPT) – limited content generation; no storage of client data
11. Data security
We implement appropriate security (including encryption in transit and at rest) and restrict access to staff with a business need. Breach procedures are in place.
12. Data retention
- Core records kept up to six years after relationship ends.
- ⚠ We do not accept blanket deletion requests originating from external Terms & Conditions or procurement systems unless we are legally obliged to do so under UK law (e.g. GDPR Article 17).
- Phone-call recordings kept 1 month – 6 years depending on need.
- Marketing preferences retained until you withdraw consent.
- Anonymised analytics may be kept indefinitely.
13. Your legal rights
You have the right to access, correct, erase, restrict, transfer, object to processing, and withdraw consent at any time. We respond within one month to Subject Access Requests.
14. Cookies
We use cookies grouped as functional (always active), statistics, and marketing. Non-essential cookies operate only with your consent via the Complianz banner.
15. Children’s data
Our services target professional users. We do not knowingly collect data from children under 13. Contact us if you believe we hold such data.
17. Glossary
Legitimate Interest – our business interest, balanced against your rights.
Performance of Contract – processing necessary to fulfil a contract with you.
Comply with a legal obligation – processing required by law.
Internal Third Parties – Demapal Ltd entities acting as joint controllers.
External Third Parties – advisers, regulators, IT providers (including GoCardless, Stripe, Barclays Bank UK and Wise Payments for payment processing), and any third party you instruct.
18. Non-Disclosure Agreements (NDA)
NDAs cover confidential business information for specific projects. Where that information is also personal data, it is processed in line with this Privacy Policy. NDAs do not prevent us from:
- Sharing data with authorised staff or processors (e.g. Xero, pCloud, Microsoft 365) to perform services.
- Disclosing information required by HMRC, regulators or a court.
The higher standard of protection between an NDA and this Policy will always prevail.
⛔ We do not accept automatic confidentiality or data-handling obligations embedded within external vendor platforms, onboarding systems, or procurement portals unless explicitly reviewed and agreed in writing. Our legal obligations under UK law and this Privacy Policy prevail in all cases.