PRIVACY POLICY

Last updated: 2025-06-26

At Hang Loose Ibiza ("we", "us", "our"), we value and respect your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services. We are committed to protecting your privacy and complying with all applicable laws and regulations, including the General Data Protection Regulation (GDPR).

This policy applies to information we collect:

• On our website www.hanglooseibiza.com
• Through email, text, and other electronic communications
• When you book services through our platform

For the purposes of the GDPR, Hang Loose Ibiza is the data controller responsible for your personal data. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at:

Email: info@hanglooseibiza.com Address: [Company Address]

We may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows:

3.1 Information You Provide to Us

• **Identity Data**: First name, last name, username, title, date of birth
• **Contact Data**: Billing address, delivery address, email address, telephone numbers
• **Financial Data**: Payment card details (processed securely through our payment providers)
• **Transaction Data**: Details about payments to and from you and other details of services you have purchased from us
• **Profile Data**: Your username and password, bookings made by you, your preferences, feedback and survey responses
• **License Information**: Navigation license, driving license, or other qualification documents required for specific rentals
• **Marketing and Communications Data**: Your preferences in receiving marketing from us and our third parties and your communication preferences

3.2 Information We Collect Automatically

When you visit our website, we may automatically collect:

• **Technical Data**: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
• **Usage Data**: Information about how you use our website and services

3.3 Information from Third Parties

We may receive personal data about you from various third parties such as:

• Analytics providers
• Advertising networks
• Search information providers
• Our service providers (boat/vehicle owners, activity providers)
• Payment service providers

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• **Contract Performance**: Where we need to perform the contract we are about to enter into or have entered into with you
• **Legitimate Interests**: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• **Legal Obligation**: Where we need to comply with a legal obligation
• **Consent**: Where you have given us consent to process your personal data for specific purposes

Here is how we use different types of data and our legal basis for doing so:

| Purpose/Activity | Type of data | Legal basis for processing | |------------------|--------------|----------------------------| | To register you as a new customer | Identity, Contact | Performance of a contract with you | | To process and deliver your booking | Identity, Contact, Financial, Transaction, License Information | Performance of a contract with you | | To manage payments, fees and charges | Identity, Contact, Financial, Transaction | Performance of a contract with you | | To collect and recover money owed to us | Identity, Contact, Financial, Transaction | Legitimate interests | | To manage our relationship with you | Identity, Contact, Profile, Marketing and Communications | Performance of a contract with you; Legal obligation; Legitimate interests | | To enable you to participate in surveys or reviews | Identity, Contact, Profile, Marketing and Communications | Consent | | To administer and protect our business and website | Technical | Legitimate interests; Legal obligation | | To deliver relevant website content and advertisements | Identity, Contact, Profile, Usage, Technical, Marketing and Communications | Legitimate interests | | To use data analytics to improve our website | Technical, Usage | Legitimate interests |

5.1 Service Providers

We share your personal information with the Service Providers (boat owners, activity providers, etc.) to the extent necessary to fulfill your booking. This includes:

• Your name and contact details
• Specific requirements related to your booking
• License information where required for the service

5.2 Third-Party Service Providers

We may share your personal data with the following categories of third parties:

• Payment processors who process your payments
• IT service providers who provide system administration services
• Professional advisers including lawyers, bankers, auditors and insurers
• Government authorities who require reporting of processing activities in certain circumstances

5.3 International Transfers

Some of our external third parties are based outside the European Economic Area (EEA), so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transfer to countries that have been deemed to provide an adequate level of protection by the European Commission
• Use of specific contracts approved by the European Commission
• Transfer to providers in the US who are part of the Privacy Shield

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure of your personal data
• The purposes for which we process your personal data
• Whether we can achieve those purposes through other means
• The applicable legal requirements

Specific retention periods:

• Booking information: 7 years from the date of the booking (to comply with tax and accounting regulations)
• Marketing preferences: Until you opt out or request deletion
• Website usage data: 26 months

Under the GDPR, you have the following rights:

• **Right of access**: You can request copies of your personal data.
• **Right to rectification**: You can request correction of inaccurate or incomplete data.
• **Right to erasure**: You can request deletion of your personal data in certain circumstances.
• **Right to restrict processing**: You can request we suspend processing of your personal data.
• **Right to data portability**: You can request transfer of your personal data to you or a third party.
• **Right to object**: You can object to our processing of your personal data.
• **Rights related to automated decision making**: You can contest any automated decision-making that has a legal or significant effect on you.

You can exercise any of these rights by contacting us at info@hanglooseibiza.com. You will not have to pay a fee to access your personal data or exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Our website uses cookies to enhance your browsing experience. Cookies are small text files that are placed on your device when you visit our website.

8.1 Types of Cookies We Use

• **Essential cookies**: Necessary for the website to function properly
• **Analytical/performance cookies**: Allow us to recognize and count visitors and analyze website usage
• **Functionality cookies**: Enable the website to remember your preferences
• **Targeting cookies**: Record your visit to our website, the pages you visit, and the links you follow

For detailed information about the specific cookies we use, their purposes and how to manage them, please refer to our Cookie Policy.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way.

We limit access to your personal data to employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us if you have requested information from us, purchased services from us, or if you provided us with your details when registering for a promotion and, in each case, you have not opted out of receiving marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new Privacy Policy on this page and, where appropriate, sending you a notification.

If you have any questions about this Privacy Policy, please contact us at info@hanglooseibiza.com.

If you are not satisfied with our response to any privacy-related concern you may have, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) or the data protection authority in your country of residence.