1. Who We Are

Balearic Collection S.L. is the data controller responsible for your personal data.

Company name: Balearic Collection S.L.

NIF: B24933566

Establishment type: Virtual (online)

Address (Postbox): Carrer de la Lluna 25, 07181 Portals Nous (Calvià), Illes Balears, Spain

Commercial Registry: Inscrita en el Registro Mercantil de Palma de Mallorca, Hoja PM-105549, Inscripción 1ª

Travel Agency Licence: AVBAL/885

Email: contact@baleariccollection.com

We are committed to protecting your personal data and handling it responsibly, transparently, and in full compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

2. Data We Collect

2.1 Data You Provide Directly

We collect personal data that you voluntarily share with us when you contact us, submit an enquiry, or engage our services. This may include:

- Full name

- Email address

- Phone number (including WhatsApp)

- Travel preferences, desired dates, destinations, and number of travellers

- Dietary requirements, medical needs, or accessibility requirements relevant to travel planning

- Billing name and address where required for invoicing

- Passport details and nationality where required by suppliers or by law

- Any other information you choose to share with us during the planning process

2.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically, including your IP address, browser type, operating system, pages visited, and session duration. This data is collected via cookies and analytics tools and is used in anonymised or pseudonymised form for statistical purposes only. Please refer to our Cookie Policy for full details.

2.3 Data from Third Parties

In some cases we may receive personal data about you from third parties — such as a personal assistant, executive assistant, or family office — who contact us on your behalf. We process your data on the basis that the person contacting us has your authority to share it.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

- Responding to your enquiries and consultations — legal basis: consent (Art. 6.1.a GDPR)

- Delivering contracted travel planning and concierge services — legal basis: contract performance (Art. 6.1.b GDPR)

- Complying with Spanish traveller registration law under Royal Decree 933/2021 — legal basis: legal obligation (Art. 6.1.c GDPR)

- Invoicing, accounting, and tax compliance — legal basis: legal obligation (Art. 6.1.c GDPR)

- Sending service-related communications — legal basis: contract performance (Art. 6.1.b GDPR)

- Sending marketing communications, only where you have given explicit consent — legal basis: consent (Art. 6.1.a GDPR)

- Website analytics and improvement — legal basis: legitimate interest (Art. 6.1.f GDPR) and consent via cookie preferences

- Compliance with obligations under Balearic Islands Tourism Law 8/2012 and other applicable sectoral legislation — legal basis: legal obligation (Art. 6.1.c GDPR)

4. How Long We Keep Your Data

We retain your personal data only for as long as necessary:

- Client and booking records: minimum 5 years from end of contract (Spanish Commercial Code and tax law)

- Traveller registration data: 3 years under Royal Decree 933/2021

- Enquiries that did not result in a booking: 12 months from last communication

- Marketing consent records: until consent is withdrawn, plus 2 years for audit purposes

- Accounting and invoice records: 6 years under Spanish tax law (Ley General Tributaria)

On expiry of the applicable period, data is securely deleted or irreversibly anonymised.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share it in the following circumstances:

- Travel suppliers — hotels, villa owners, transport operators, yacht charter companies, experience providers, and airlines — to the extent necessary to deliver your booked services

- Technology and software providers who process data on our behalf under formal Data Processing Agreements with appropriate GDPR safeguards

- The Spanish Ministry of the Interior via SES.HOSPEDAJES, where required by Royal Decree 933/2021

- Legal and professional advisors where necessary for compliance or dispute resolution, subject to professional confidentiality obligations

- Law enforcement, regulatory, or administrative authorities where required by applicable law, including the Balearic Islands Tourism Administration

We share only the minimum data necessary for each purpose.

6. International Transfers 

Some of our technology providers may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including European Commission Standard Contractual Clauses (SCCs) or applicable adequacy decisions. Details are available on request.

7. Your Rights

Under GDPR and LOPDGDD you have the following rights in relation to your personal data: 

- Right of access: to obtain a copy of the personal data we hold about you

- Right to rectification: to request correction of inaccurate or incomplete data

- Right to erasure (right to be forgotten): to request deletion of your data in certain circumstances

- Right to restriction of processing: to request that we limit how we use your data in certain circumstances

- Right to data portability: to receive your data in a structured, machine-readable format

- Right to object: to object to processing based on legitimate interest, or to direct marketing at any time

- Right not to be subject to automated decision-making: not to be subject to decisions based solely on automated processing that produce significant legal effects

- Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email us at contact@baleariccollection.com, including your full name, a copy of your identification document, and the right you wish to exercise. We will respond within one calendar month of receipt.

If you believe our processing of your data does not comply with applicable law, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es. 

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 GDPR. These measures are reviewed and updated regularly. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

9. Minors 

Our services and website are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18 without verified parental or guardian consent, we will delete it without delay.

10. Updates to This Policy

We may update this Privacy Policy at any time to reflect changes in law, regulation, or our processing activities. The current version will always be available on this page with the date of last update.