Privacy Policy

1. Data controller

The data controller for personal data processed through this website is Sea Society Ibiza, a trading name of Ibimar Charter S.L. ("Sea Society", "we", "us").

Registered address: Botafoc Marina, 07800 Ibiza Town, Balearic Islands, Spain.

Contact for data-protection matters: hello@seasocietyibiza.com.

2. Personal data we collect

We collect only the data we need to respond to enquiries and operate the website.

• Enquiry form: name, email, optional phone, and any information you choose to include in the message field.
• WhatsApp interactions: when you click any Book here button you are taken to WhatsApp and may choose to send us a message. We process the contents of that message.
• Technical data: IP address (truncated for analytics), device + browser type, pages visited, referring URL.
• Cookie + consent data: which cookie categories you have allowed (necessary / analytics / marketing).

3. Lawful bases (GDPR Article 6)

We process your data only on at least one of the following legal grounds:

• Legitimate interest (Art. 6.1.f): replying to enquiries, qualifying leads, securing the site against abuse, internal record-keeping. Our legitimate interest is always balanced against your rights.
• Consent (Art. 6.1.a): analytics cookies and any marketing cookies. You can withdraw consent at any time without affecting prior processing.
• Legal obligation (Art. 6.1.c): retention required by applicable law, responding to lawful authority requests.

4. Third-party processors

We share data only with the service providers we need to operate this website. Each is bound by a data-processing agreement that meets GDPR requirements.

• Supabase Inc. — database hosting + admin authentication. EU regions used where possible.
• Vercel Inc. — hosting + edge serving. EU-region edges serve EU traffic.
• Google LLC — Google Analytics 4 for anonymised site analytics, only with your consent.
• Meta Platforms Ireland Ltd. — marketing pixels if enabled, only with your consent.
• Resend Inc. — transactional email delivery for replies to enquiries.
• WhatsApp (Meta Platforms Ireland Ltd.) — only when you click a Book here button and choose to send a message. The message is governed by WhatsApp's own privacy policy.
• Ibimar Charter S.L. — our operating partner; receives enquiry data so we can follow up on a charter request.

5. International transfers

Some of our processors are based in or transfer data to countries outside the European Economic Area. For those transfers we rely on the European Commission's Standard Contractual Clauses and, where applicable, recognised adequacy mechanisms such as the EU–US Data Privacy Framework.

You can request a copy of the safeguards in place by emailing hello@seasocietyibiza.com.

6. Retention

We keep your personal data only for as long as is necessary to fulfil the purpose for which it was collected and to comply with applicable legal obligations. After that, the data is deleted or anonymised.

If you would like specific retention information for a category of data we hold about you, please contact us.

7. Your rights under GDPR

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data, subject to legal retention obligations.
• Restriction — ask us to pause processing while a dispute is being resolved.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest, including direct marketing.
• Withdraw consent — at any time, without affecting prior processing.
• Complain — lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, www.aepd.es) or the supervisory authority in your country of residence.

8. How to exercise your rights

Send an email to hello@seasocietyibiza.com from the address on file with us. We will respond within the period required by GDPR (Art. 12.3).

We may ask for proof of identity before disclosing personal data.

9. Cookies

We use cookies that are strictly necessary for the site to function (session, authentication, consent storage) and, with your separate consent, optional cookies for analytics + marketing.

You can change your cookie preferences at any time through the banner that appears on first visit and via the "Preferences" link in the footer. Withdrawing consent does not erase past events; it stops new ones being collected.

10. Children

This site is intended for adults. We do not knowingly collect personal data from children below the age of digital consent set by Spanish law (LOPDGDD Art. 7). If you believe we hold such data, contact us and we will delete it.

11. Security

We apply industry-standard organisational and technical measures to protect personal data: encryption in transit (TLS), encryption at rest, role-based admin access, restricted credentials and audit logs.

No system is fully secure. In the event of a personal-data breach that affects your rights, we will notify the AEPD and, where required, the individuals affected, in accordance with GDPR Articles 33–34.

12. Changes to this policy

We may update this Privacy Policy when our practices change or to reflect legal developments. The effective date at the top of this page changes when we do. Material changes are announced on the site for a reasonable period before they take effect.

13. Contact + complaints

For any data-protection question or to exercise a right: hello@seasocietyibiza.com.

To complain to the supervisory authority directly: Agencia Española de Protección de Datos, C/ Jorge Juan 6, 28001 Madrid — www.aepd.es.