Last Updated: March 2026
Effective Date: 1 April 2026

Aurora Ibiza, operated by Private Yacht Group Ltd, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, make a booking, or communicate with us.

We comply with the General Data Protection Regulation (EU GDPR), the UK Data Protection Act 2018, and the Spanish Ley Orgánica de Protección de Datos (LOPDGDD).

1. Data Controller

The data controller responsible for your personal data is:

Private Yacht Group Ltd
2 Ampress Lane, Ampress Park
Lymington, United Kingdom
Email: info@auroraofibiza.com
Phone: +34 652 11 89 84

2. Information We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Full name, email address, phone number, and country of residence (when you make a booking or submit a contact form)
  • Payment information (processed securely by Stripe — we do not store card details)
  • Charter preferences, itinerary choices, and special requests
  • Medical conditions or dietary requirements relevant to your charter
  • Communication records (emails, WhatsApp messages, phone calls)

2.2 Information Collected Automatically

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, and referral source
  • Cookie data (see our Cookie Policy for details)

2.3 Information from Third Parties

  • Payment confirmation data from Stripe
  • Booking platform data (QuanticaLabs Boat Charter system)

3. How We Use Your Information

We process your personal data for the following purposes:

  • Contract performance: to process your booking, manage your charter, communicate with you about your reservation, and process payments
  • Legitimate interest: to respond to your enquiries, improve our services, manage our business operations, and ensure safety on board
  • Legal obligation: to comply with Spanish maritime regulations, tax reporting (IVA), and other applicable laws
  • Consent: to send you marketing communications about our services, special offers, and events (only with your explicit consent, which you may withdraw at any time)

4. Payment Processing

All payments are processed securely by Stripe, a PCI DSS Level 1 certified payment processor. We do not have access to, store, or process your full credit or debit card details. Stripe’s privacy policy governs the handling of your payment data. For more information, visit stripe.com/privacy.

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients, solely for the purposes described in this policy:

  • Payment processor: Stripe, for secure payment processing
  • Charter crew: your name, group size, and any relevant medical or dietary information necessary for the safe operation of the charter
  • IT service providers: hosting (Hostinger), website maintenance, and email services (Google Workspace), who process data on our behalf under appropriate data processing agreements
  • Legal and regulatory authorities: where required by law, including Spanish tax authorities

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom, including the United States (Stripe, Google). Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Booking and charter data: retained for 6 years after the charter date for accounting, tax, and legal compliance purposes
  • Contact form enquiries: retained for 2 years from the date of your last communication
  • Marketing consent records: retained until consent is withdrawn
  • Website analytics data: retained in accordance with Google Analytics data retention settings (currently 14 months)

8. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of your data, subject to legal retention requirements
  • Right to restriction: to request that we limit the processing of your data in certain circumstances
  • Right to data portability: to receive your data in a structured, commonly used format
  • Right to object: to object to processing based on legitimate interest or for direct marketing purposes
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@auroraofibiza.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The relevant authorities are the Agencia Española de Protección de Datos (AEPD) in Spain or the Information Commissioner’s Office (ICO) in the United Kingdom.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption on our website, secure payment processing via Stripe, and restricted access to personal data within our organisation.

10. Third-Party Links

Our website may contain links to third-party websites, including social media platforms (Instagram, WhatsApp) and payment services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party website you visit.

11. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. Bookings must be made by an adult (18 years or older) on behalf of their party.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated “Last Updated” date. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: info@auroraofibiza.com
Phone (Spain): +34 652 11 89 84
Phone (UK): +44 7534 158990
WhatsApp: +34 652 11 89 84

This Privacy Policy was last reviewed and updated in March 2026.

-e