PRIVACY POLICY — BOOKING DATA COLLECTION
Last updated: April 2026
1. Identity of the Data Controller
The data controller responsible for the processing of your personal data is:
Extra Ibiza, Sociedad Limitada
NIF: B22647002
Calle Zenete, 10 — 29013 Málaga (Málaga), Spain
Operating under the brand Extra Ibiza
Contact: info@extra.travel
For all matters relating to the processing of your personal data, you may contact us at the above email address.
2. Scope and Purpose of this Policy
This Privacy Policy governs the collection and processing of personal data submitted through our booking inquiry and reservation form. It applies exclusively to information provided voluntarily by individuals seeking to book yacht or villa services offered under the Extra Ibiza brand.
We are committed to processing your personal data in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "General Data Protection Regulation" or "GDPR"), and with Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales ("LOPDGDD").
3. Data We Collect
Through our booking form, we collect the following categories of personal data:
CategoryData PointsIdentity dataFirst name, last name, identity document numberContact dataEmail address, telephone number
We do not collect sensitive personal data as defined under Article 9 GDPR (including, but not limited to, health data, biometric data, or data revealing racial or ethnic origin). We do not collect payment card or financial account data through this form.
4. Legal Basis for Processing
The processing of your personal data is grounded in the following legal bases under Article 6 GDPR:
(a) Performance of a contract (Article 6(1)(b) GDPR)
The primary legal basis for processing your data is the necessity to take pre-contractual steps at your request and, subsequently, to perform the booking contract between you and Extra Ibiza, Sociedad Limitada. Without the data requested, we are unable to process your reservation or issue a booking confirmation.
(b) Compliance with a legal obligation (Article 6(1)(c) GDPR)
To the extent required by applicable Spanish or European Union law — including obligations relating to the identification of guests under Spanish tourism and maritime regulations — we may process certain data, including identity document numbers, to comply with such mandatory requirements.
5. Purposes of Processing
Your personal data is collected and processed exclusively for the following purposes:
To receive, assess, and process your booking request;
To communicate with you in relation to your inquiry or reservation;
To issue and transmit a booking confirmation;
To fulfil any legal obligations arising in connection with the provision of our services.
Your data will not be used for automated decision-making or profiling within the meaning of Article 22 GDPR.
6. Data Sharing and Third-Party Disclosure
Extra Ibiza, Sociedad Limitada does not sell, rent, or otherwise disclose your personal data to third parties for commercial, marketing, or any other purposes unrelated to the execution of your booking.
Your data will only be disclosed to third parties where strictly required by law or by an enforceable order of a competent public authority, in which case we will notify you to the extent permitted by applicable law.
7. Data Retention
Your personal data will be retained for no longer than is necessary for the purposes for which it was collected, subject to any mandatory retention periods imposed by applicable law.
As a general rule:
Booking inquiries that do not result in a confirmed reservation will be retained for a period not exceeding 12 months from the date of collection.
Data associated with a confirmed booking will be retained for a period of 5 years from the date of the booking, in accordance with applicable Spanish commercial and fiscal retention obligations under the Código de Comercio and the Ley General Tributaria.
Upon expiry of the applicable retention period, your data will be securely deleted or anonymised.
8. Your Rights as a Data Subject
Under the GDPR and the LOPDGDD, you are entitled to exercise the following rights in relation to your personal data:
Right of access (Article 15 GDPR): You may request confirmation of whether we process your personal data and, if so, obtain a copy thereof.
Right to rectification (Article 16 GDPR): You may request the correction of inaccurate or incomplete personal data.
Right to erasure (Article 17 GDPR): You may request the deletion of your data, subject to any overriding legal obligations that require continued retention.
Right to restriction of processing (Article 18 GDPR): You may request that we limit the processing of your data in certain circumstances.
Right to data portability (Article 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request receipt of your data in a structured, commonly used, machine-readable format.
Right to object (Article 21 GDPR): You may object to processing carried out on the basis of legitimate interests.
To exercise any of the above rights, please submit a written request to: info@extra.travel
We will respond to your request within one month of receipt, in accordance with Article 12(3) GDPR. This period may be extended by a further two months where the complexity or volume of requests warrants it, subject to prior notification.
9. Right to Lodge a Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data infringes the GDPR or the LOPDGDD.
The competent supervisory authority in Spain is:
Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es
C/ Jorge Juan, 6 — 28001 Madrid, Spain
10. Data Security
Extra Ibiza, Sociedad Limitada implements appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 GDPR. Access to personal data is restricted to personnel who require it for the purposes described in this Policy.
11. Amendments to this Policy
We reserve the right to amend this Privacy Policy at any time in response to changes in applicable law or our data processing practices. Any material changes will be communicated to you prior to their entry into force where practicable. The most current version will always be made available upon request at info@extra.travel.
12. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the European Union and the Kingdom of Spain, in particular the GDPR and the LOPDGDD, without prejudice to the mandatory consumer protection provisions applicable in the country of residence of the data subject.
Extra Ibiza, Sociedad Limitada — NIF B22647002