Privacy Policy

Data Controller

The entity responsible for processing your personal data is:

• Name: GUILLERMO BERNAL PIKE (operating commercially as White Island Charter)
• DNI: 47254305T
• Address: Barrio Can Frigoles nº 27, Santa Eulalia del Río, Ibiza (Illes Balears)
• Email: info@whiteislandcharter.com
• Phone: +34 686 490 285
• Website: whiteislandcharter.com

Our Privacy Principles

At White Island Charter, we are committed to safeguarding the privacy of your personal data and providing you with clear and transparent information at all times. We encourage you to read this section carefully before sharing any personal information with us. If you are under fourteen years of age, please do not provide us with your data without parental consent. The guiding principles behind how we handle your data are:

• We only request personal information that is strictly necessary to provide you with the services you have asked for.
• We never share personal information with third parties unless legally obliged to do so or with your explicit authorisation.
• We will never use your personal data for purposes other than those set out in this privacy policy
• Your data will always be processed with a level of protection that meets the requirements of current data protection legislation, and we will not subject them to automated decision-making.

Applicable Legislation

This privacy policy has been drafted in accordance with the requirements of the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
• Ley Orgánica 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
• Royal Decree 1720/2007, of 21 December (RLOPD).

We reserve the right to update this policy at any time. Any modifications will be reflected in the “Last updated” date shown at the top of this document

Data Processing Activities

1. Contact Enquiries

Legal basis: Consent of the data subject. Purpose: To respond to your enquiries, provide you with requested information about our charter services, and follow up on your booking requests. Data collected: Full name, telephone number, email address, and any additional details you choose to include in your message. Recipients: No data will be disclosed to third parties International transfers: No international data transfers are planned. Retention period: Contact data will be retained indefinitely or until you request its deletion. Security measures: Adapted to the requirements of Regulation (EU) 2016/679 (GDPR).

2. Booking and Client Management

Legal basis: GDPR Art. 6.1.b) – Processing necessary for the performance of a contract to which the data subject is party, or in order to take steps at the data subject’s request prior to entering into a contract. Purpose: TTo manage bookings, process payments, issue invoices, and provide the charter services you have requested Data collected: Full name, identification document, telephone number, email address, postal address, payment information, and any preferences relevant to your charter experience. Recipients: Data may be shared with payment processors and, where legally required, with tax authorities (Agencia Estatal de Administración Tributaria). International transfers: No international data transfers are planned Retention period: Data will be retained for the period necessary to fulfil the purpose for which it was collected and to determine any liabilities arising therefrom. Financial data will be kept in accordance with Law 58/2003 (General Tax Law). Security measures: Adapted to the requirements of Regulation (EU) 2016/679 (GDPR).

3. Exercise of Data Subject Rights (ARCO)

Legal basis: GDPR Art. 6.1.c) – Processing necessary for compliance with a legal obligation. Purpose: To handle requests from individuals exercising their rights under the GDPR. Data collected: Full name, postal address, telephone number, and signature. Recipients: Data may be disclosed to the Spanish Data Protection Agency (AEPD) in the context of a rights-protection investigation initiated by the data subject. International transfers: No international data transfers are planned. Retention period: Five years from the date of the request. Security measures: Adapted to the requirements of Regulation (EU) 2016/679 (GDPR).

Your Rights

Under the GDPR you have the right to access, rectify, erase, restrict processing, object to processing, and request the portability of your personal data. You may exercise any of these rights by contacting us at:

• Email: info@whiteislandcharter.com
• Address: Barrio Can Frigoles nº 27, Santa Eulalia del Río, Ibiza (Illes Balears)

Please include a copy of your national identity document (or equivalent) with your request so that we can verify your identity. If you believe your rights have not been adequately addressed, you may file a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

Data Security

White Island Charter has implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated in line with industry best practices and the requirements of the GDPR.