Data Deletion

Data Deletion Instructions

How to request the deletion of your personal data from the Taplany platform.

Last updated: April 29, 2026

1. Overview

This page explains how to request the deletion of personal information held by Albert Sabaté Martínez @ Taplany ("Taplany") in connection with the Taplany platform (the "Service"). It implements the right to erasure under Article 17 of the General Data Protection Regulation ("GDPR") and the data-deletion-instructions requirement of the Meta Platform (Facebook, WhatsApp, Instagram) for apps that connect to Meta services.

If you reached this page after using "Login with Facebook" or because your travel agency uses Taplany's WhatsApp Business integration, you are in the right place.

2. Who Holds Your Data

Two distinct cases apply:

2.1 You are an account holder of Taplany

You signed up directly at taplany.com or were invited by your organization. Taplany is the data controller for your account data, and you can request deletion directly from us (see section 3).

2.2 You are an end traveler of a customer organization

A travel agency uses Taplany to manage its bookings and customer relationships, and your data was provided to that agency in connection with a trip or quote.

In this case, the agency is the data controller and Taplany is only the data processor. Your deletion request must be addressed to that travel agency. We will assist the agency in fulfilling your request, but we cannot delete that data on our own initiative.

If you are not sure which case applies to you, write to us anyway and we will route the request appropriately.

3. How to Request Deletion

You can request deletion through any of the following channels.

3.1 By email (recommended)

Send an email to hello@taplany.com from the email address associated with your account, with the subject line:

Data Deletion Request

Please include:

  • Your full name
  • The email address used for the account
  • A short statement that you wish to delete your personal data
  • If applicable, the name of the travel agency you signed up with
  • If you used Facebook, WhatsApp, or another third party to access the Service, mention which one

3.2 By post

Albert Sabaté Martínez @ Taplany Carrer Gretel Ammann Martinez, 12 08020 Barcelona, Spain

Please mark the envelope "Data Deletion Request" and include the same information as in the email channel.

3.3 If you used "Login with Facebook"

In addition to (or instead of) the channels above, you can revoke Taplany's access to your Facebook account at any time:

  1. Open Facebook and go to Settings & Privacy → Settings
  2. Open Apps and Websites
  3. Find Taplany in the list of connected apps
  4. Click Remove

Removing the app revokes Taplany's access to your Facebook profile information for future processing. To delete the data we have already received, you still need to submit a deletion request through one of the channels above.

3.4 If you reached us through WhatsApp

WhatsApp Business message data is processed by Taplany as a processor on behalf of the travel agency you contacted. To delete the message history and contact data:

  • Contact the travel agency directly and ask them to delete your record from their Taplany workspace, or
  • Send a deletion request through section 3.1 and we will forward it to the relevant agency, who will instruct us as data controller

4. What We Delete

Upon a valid deletion request, we will delete or irreversibly anonymize:

  • Your account profile (name, email, phone, avatar, role, preferences)
  • Your authentication credentials and federated-identity links (e.g. Facebook, Google)
  • Communications you have exchanged with us through email, contact forms, and support
  • Marketing-list memberships and consent records (we keep a record that you opted out, as required by Article 21 GDPR)
  • Push-notification subscriptions, device sessions, and active access tokens
  • Behavioral analytics events linked to your user identifier

For end-traveler data held on behalf of a customer organization, the customer organization controls the deletion. Once it instructs us, we delete the corresponding records, files, and message history from our database, our backups (within the backup-rotation cycle defined in section 6), and our integrated sub-processors.

5. What We May Keep

In some cases we are required by law to retain certain information even after a deletion request, and erasure can be lawfully refused or delayed under Article 17(3) GDPR. We may retain:

  • Billing, tax, and accounting records — 6 years, in accordance with the Spanish General Tax Law (Ley 58/2003) and the Commercial Code
  • Records needed to defend or exercise legal claims — for the duration of the applicable limitation periods
  • Anonymized statistical data — irreversibly disconnected from any identifier
  • Information required to demonstrate prior compliance — minimal records of consent, opt-outs, and identity-verification of the request

When we keep information under one of these exceptions, we restrict it to the minimum necessary, store it under access controls, and use it only for the legal purpose that justified its retention.

6. Timeline

We will:

  • Acknowledge your request within 7 calendar days
  • Verify your identity to prevent unauthorized deletion (we may ask you to confirm your email address or to provide reasonable proof of identity)
  • Complete the deletion within 30 calendar days from receipt of a verified request, with a possible extension of up to two further months for complex requests, in accordance with Article 12(3) GDPR
  • Confirm the deletion to you in writing once it is complete

Operational deletion happens immediately. Backups are rotated on a defined schedule, and any residual data in encrypted backups is overwritten within 90 days.

7. Identity Verification

To protect you against unauthorized deletion of your data, we may need to verify that you are the account holder. We will limit verification to what is strictly necessary and proportionate (typically a confirmation email sent to the address on record). If we cannot verify your identity with reasonable confidence, we may decline the request and explain why, in line with Article 12(6) GDPR.

8. Right to Complain

If you believe we have not handled your deletion request correctly, you can lodge a complaint with the Spanish Data Protection Agency:

Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan, 6 28001 Madrid, Spain Website: www.aepd.es

If you reside in another EEA country, you may also lodge a complaint with the supervisory authority in your country of residence.

9. Contact

Albert Sabaté Martínez @ Taplany Carrer Gretel Ammann Martinez, 12 08020 Barcelona, Spain Email: hello@taplany.com

This page is provided to comply with Meta's data-deletion-instructions requirement and Article 17 GDPR. It is reviewed periodically and updated where our practices or applicable law change.