Privacy Policy

1. Data controller

In accordance with EU Regulation 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), the user is informed of the identity of the controller of the personal data collected through this website:

• Company name: SEA TRAVEL MENORCA SL
• Tax ID (CIF): B57956161
• Address: Carretera Sant Climent, 60 — 07712 Mahón, Balearic Islands, Spain
• Phone: +34 641 420 634
• Email: info@seatravelmenorca.es

2. Data we collect and purposes

We process the personal data that the user voluntarily provides for the following purposes:

2.1 Excursion booking

We collect: full name, email, phone, language, number of passengers (adults and children) and excursion date. Purpose: managing the booking, communicating with the customer and providing the contracted service.

2.2 Payment processing

Card payments are processed through Stripe Payments Europe Ltd.. Sea Travel Menorca does not store card data on its systems; we only retain the transaction identifier (Payment Intent) and the amount for accounting purposes. Bank transfers and Bizum payments involve the processing of the originator's name by the corresponding banking institution.

2.3 Charter contract signing

In order to formalise the boat charter contract we collect: full name, ID or passport number, address, digitised handwritten signature, IP address and signing date and time. These data are mandatory under Spanish nautical regulations and are kept as proof of the contract.

2.4 Communications

Email, phone and, where applicable, WhatsApp to send booking confirmations, reminders, boarding instructions, payment links, contracts for signing and operational notifications related to the contracted excursion.

3. Legal basis for processing

• Performance of the contract (Art. 6.1.b GDPR): to manage the booking, formalise the charter contract and provide the excursion.
• Compliance with legal obligations (Art. 6.1.c GDPR): to retain invoices, signed contracts and respond to requirements from maritime or tax authorities.
• Legitimate interest (Art. 6.1.f GDPR): to respond to enquiries initiated by the user and prevent fraud.
• Consent (Art. 6.1.a GDPR): for sending commercial communications and the use of non-essential cookies, where applicable.

4. Retention periods

• Booking and communications data: for the duration of the contractual relationship and up to 1 year afterwards.
• Signed contracts, invoices and accounting data: 6 years, in accordance with Article 30 of the Spanish Commercial Code and tax regulations.
• Stripe transaction identifiers: the period established by anti-fraud and anti-money-laundering regulations (minimum 10 years for transactions subject to tax retention obligations).
• IP data and electronic signature of the contract: for as long as liability arising from the contract may exist, in accordance with the limitation period for civil actions.

5. Recipients and data transfers

Data is not transferred to third parties except for legal obligation or when strictly necessary to provide the service. In particular, we share data with the following processors, all selected for their level of security and GDPR compliance:

• Stripe Payments Europe Ltd. (Ireland) — card payment processing. Information: stripe.com/privacy
• Resend, Inc. (USA) — sending transactional emails (confirmations, contracts, reminders).
• WhatsApp Business — sending operational notifications via WhatsApp when the customer provides their number.
• Hosting provider — hosting of the website and database on our own servers or those of European providers.
• Public authorities (Maritime Authority, Tax Agency, security forces) where there is a legal obligation.

6. International transfers

Some of the processors indicated (in particular Stripe and Resend) may process data outside the European Economic Area. These transfers are carried out under the Standard Contractual Clauses approved by the European Commission or on the basis of adequacy decisions, ensuring a level of protection equivalent to that required by the GDPR.

7. User rights

The user may at any time exercise the following rights over their personal data:

• Access: to know which personal data we process.
• Rectification: to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): to request the deletion of data when no longer necessary.
• Objection: to object to the processing of data for reasons related to the user's particular situation.
• Restriction: to request the restriction of processing in the cases provided for by law.
• Portability: to receive data in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
• Withdrawal of consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, the user may send a written request to info@seatravelmenorca.es or by post to the address indicated in section 1, attaching a copy of their identity document.

In addition, the user has the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) (www.aepd.es) if they consider that the processing of their data does not comply with the regulations.

8. Security measures

Sea Travel Menorca SL adopts the technical and organisational measures necessary to guarantee the security, integrity and confidentiality of personal data, in accordance with Article 32 of the GDPR. In particular: encryption of communications (HTTPS/TLS), database access control, periodic backups and payment processing exclusively on PCI-DSS certified platforms.

9. Minors

The personal data of minors under 14 years of age may only be provided with the consent of their parents or legal guardians. Sea Travel Menorca does not intentionally collect data from minors without this authorisation.

10. Cookies

The website uses technical cookies strictly necessary for its operation. For more information on the use of cookies, see our Cookie Policy.

11. Modifications to this policy

Sea Travel Menorca reserves the right to modify this Privacy Policy to adapt it to legislative changes or to changes in its services. Any modification will be published on this same page with the update date.