Privacy
Policy

The controller responsible for the processing of your personal data within the meaning of the GDPR is:

If you have any questions about data protection, you may contact us at any time using the contact details above.

We collect and process personal data only to the extent necessary for the provision of our services. The following categories of data may be collected:

Contact and booking data

• First and last name
• Email address and phone number
• Delivery and accommodation address on Mallorca (villa, finca, resort etc.)
• Booked products, rental duration and requested delivery date
• Age of children where applicable (for selection of appropriate products)

Payment data

• Billing address
• Payment method (e.g. bank details for transfer, PayPal address)

Communication data

• Content of emails, messages or phone call notes in the context of booking processing

Website usage data (automatically collected when visiting our website)

• IP address (anonymised)
• Date and time of access
• Pages visited, browser and operating system used

We process your personal data for the following purposes:

• Contract fulfilment: receiving and confirming bookings, organising delivery and collection, invoicing and payment processing.
• Customer communication: responding to your enquiries, sending booking confirmations and relevant information about your order.
• Quality assurance: maintaining and improving our services and handling complaints.
• Legal obligations: retaining invoices and booking-related documents in accordance with statutory retention periods.
• Fraud prevention: protecting against abusive use of our services.

We do not use your data for automated decision-making or profiling.

The processing of your personal data is based on the following legal grounds under the GDPR:

• Art. 6(1)(b) GDPR – Processing for the performance of a contract or for pre-contractual measures (booking, delivery, payment).
• Art. 6(1)(c) GDPR – Processing to comply with a legal obligation (e.g. statutory tax retention requirements).
• Art. 6(1)(f) GDPR – Processing based on legitimate interests (e.g. fraud prevention, improvement of our services), provided your interests do not override ours.
• Art. 6(1)(a) GDPR – Processing based on your consent, where this has been obtained in an individual case (e.g. for newsletters or marketing).

We store your personal data only for as long as is necessary for the respective processing purposes or as required by statutory retention obligations.

• Booking and contract data is retained for the duration of the rental relationship and for an appropriate follow-up period of up to 3 years (limitation periods).
• Invoices and payment records are retained for up to 10 years in accordance with statutory retention requirements.
• Communication data (emails, messages) is deleted after completion of the process, unless longer retention is required for legal reasons.
• Website access data is anonymised or deleted within 30 days at the latest.

Your personal data will generally not be passed on to third parties unless this is necessary for the fulfilment of the contract or required by law.

Disclosure may occur in the following cases:

• Payment service providers (e.g. PayPal, banks) for processing payments — these process data under their own responsibility in accordance with their privacy policies.
• Tax authorities and accountants, to the extent required by law.
• Authorities, where we are legally obligated to do so.

Your data will generally not be transferred to third countries outside the EU/EEA. Should this be necessary in individual cases, it will only take place on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

Our website may use technically necessary cookies required for the operation of the site. These cookies do not store any personal data and are deleted at the end of the browser session.

We do not use tracking or advertising cookies, and we do not use analytics tools such as Google Analytics without your explicit consent.

Insofar as our website is operated via third-party providers such as a web hosting service, the data protection provisions of the respective provider apply in addition. When you visit our website, technical access data (server logs) is collected automatically; this is not linked to other personal data.

As a data subject, you have the following rights under the GDPR. You may exercise these at any time informally by email:

Where processing is based on your consent, you may revoke it at any time with effect for the future, without affecting the lawfulness of the processing that has already taken place.

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. Communication via our website is encrypted using the HTTPS protocol.

Email communication is generally not fully encrypted. We recommend not transmitting sensitive data via unencrypted email if you have particular requirements for confidentiality.

We reserve the right to update this Privacy Policy as necessary to reflect changes in the legal situation or in our services. The current version is always available on our website. In the event of significant changes, we will notify you by email if we hold your contact details.

This Privacy Policy was last updated: May 2025