Basic Information on Data Protection
Joint data controllers
• Galaxia Estelar, S.L.; and
• The legal entity providing services
More details in the additional information.
• To provide the service of accessing, using and enjoying the Website;
• To manage the provision of the services with you as our customer; and,
• Subject to your consent, to send you personalized commercial communications based on your interests’ profile.
• Performance of the contract;
• Legitimate interest, particularly for the management of the company and provision of our services, so long as these rights are not overridden by your rights;
• Consent, whenever you have expressly ticked on a consent box when completing a form.
Other entities of our corporate group listed in the additional information, as well as certain service providers.
Access, rectify and delete data, as well as other rights, as explained in additional information.
Additional and detailed information on Data Protection can be found in our Privacy Notice
I. – Who processes your personal data?
In your relationship with us, we will process your personal data in our capacity as joint data controllers. The contact details of the entities which shall process your process your data are the following:
• Galaxia Estelar, S.L., with tax identification number B56418916, with registered office at calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears), with the following e-mail address email@example.com. The company is registered in the Mercantile Register of the province of Eivissa, Volume 400, book 398, folio 98, page IB-20.267, entry.
Depending on the website you are browsing or the venues you visit, one of the following entities will process your personal data jointly with Galaxia Estelar, as joint controllers:
• Lío Mallorca: LIO MALLORCA MARÍTIMO, S.L., with tax identification number B-06898332, with registered office at calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears) and with the following e-mail address firstname.lastname@example.org. The company is registered in the Mercantile Register of the province of Eivissa, Volume 388, folio 57, page IB-19345, entry.
• Lío Ibiza: LIO IBIZA, S.L., with tax identification number B-07921885, with registered office at calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears) and with the following e-mail address email@example.com. The company is registered in the Mercantile Register of the province of Eivissa, Volume 84, folio 216, page IB-4038, entry.
• Lío Mykonos: SYSTEMA LIO MYKONOS SINGLE-MEMBER S.A., with tax identification number EL801450625, with registered office at Leoforos Eirinis, 15 15121 PEFKI and with the following e-mail address firstname.lastname@example.org. The company is registered in the Mercantile Register of the province of Grecia (General Commercial Register (G.E.M.I.)) with registration number 157117701000.
• Lío London: LÍO LONDON LTD., with tax identification number 376333483, with registered office at 96 Brighton Road, Banstead, SM7 1BU, Inglaterra and with the following e-mail address email@example.com. The company is registered in the Mercantile Register of the province of Inglaterra and Gales (Companies House of England and Wales) with registration number 11551613.
• Discoteca Formentera: PLANETA FORMONTORIA, S.L., with tax identification number B-57504177, with registered office at calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears) and with the following e-mail address firstname.lastname@example.org. The company is registered in the Mercantile Register of the province of Eivissa, Volume 209, folio 134, page IB-8945, entry.
• Casa Formentera: CASA FORMENTERA S.L., with tax identification number B56419211, with registered office at calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears) and with the following e-mail address email@example.com. The company is registered in the Mercantile Register of the province of Eivissa, Volume 400, folio 108, page IB-20268, entry.
• Ftelia: SYSTEMA BEACH CLUB SINGLE-MEMBER S.A., with tax identification number EL801300186, with registered office at Leoforos Eirinis, 15 15121 PEFKI and with the following e-mail address firstname.lastname@example.org. The company is registered in the Mercantile Register of the province of Grecia (General Commercial Register (G.E.M.I.)) with registration number153867101000.
Given the corporate structure of our group, in order to provide you with the best possible service, from time to time we may have to share some of your personal data with other companies of our group. Click on the following link to access information about the entities that make up our corporate group.
We have appointed a data protection officer (“DPO”). If you want to contact our DPO directly, you may use the following contact details:
• Address: calle Canarias 35, Edificio CETIS, torre 4, piso 4 07, 07800, Eivissa (Illes Balears)
• Email address: email@example.com
II. – What kind of personal data do we process?
Depending on the specific services that you choose and consent to use, to and your device settings (e.g., cookies and other trackers), the personal data about you that we may process may include:
• Your first and last name,
• Date of birth,
• When required by laws on hospitality services and tourism, ID document information, particularly the type of identification document, its number and date of issue.
• Email address,
• Phone number,
• Postal address,
• Payment details (including bank account or credit card details),
• Prior booking details (e.g., your previously booked table, or accommodation),
• Subject to your explicit consent, we may process details regarding your lifestyle, interests, or your occupation.
While browsing through our website or hiring our services, we may request you to identify yourself by making a reservation, registering into a service or creating a user account. In such case, essential personal data required for providing the specific service will be clearly identified. Failure to provide this data may impact our ability to deliver those services effectively.
Please note that when you book a reservation through the services of a third-party, we may obtain the data detailed above directly from them (e.g., booking websites, travel agencies, concierges, etc.). Details regarding how they handle your personal data will be thoroughly explained in the respective privacy policies, although we cannot guarantee that they will fully comply with the applicable regulation.
III. – For what purposes do we process your personal data?
We collect and process your personal data based on the legal bases listed below, to fulfil the following goals:
• To meet our relevant contractual obligations and to offer you our services, in particular:
o To handle service-booking requests, including payment management, following our service terms and conditions.
o To oversee the service you have hired, along with any additional bookings, including payment management, following our service terms and conditions.
• To comply with applicable legal obligations, including, among others:
o If you stay at our hotels or accommodations, we will record your identity and stay details into our record of travelers, as required by applicable regulations. Although we will not gather a specific copy of your identification document, we will process certain mandatory information (e.g., type of identification document, issue date or its number).
o To comply with regulations preventing money laundering and the financing of illegal activities.
o To follow applicable tax regulations.
• To meet our legitimate interests (more information on the weighing of interests is available upon request), in particular:
o To address your inquiries submitted through online forms or fulfill any other requests as part of our commitment to delivering excellent customer care.
o To ensure the security of your online transactions, to prevent fraud and payment defaults, following our legitimate interest in preventing such incidents.
o To share your personal data with other entities within our group of companies, to fulfill your requests and deliver our services. This is done to maintain a consistent and comprehensive administration of our group's business activities, reflecting our legitimate interest in this operational approach. Please find a list of the entities that make up for our group in the previous section.
• Based on your prior and explicit consent, in particular: o In case you require so, we would process your personal data to send you personalized commercial communications about and from the companies of our group. We may reach out to you through various channels, such as email, phone, SMS, push notifications, and traditional mail, based on your profile. These communications may include information about offers, news, events, and relevant entities within our group.
o In order to personalize our commercial communications, we use your booking and purchase history – along with any preferences you have shared while using our services – to create a profile. This helps us tailor our services to your preferences and provide personalized advertising.
o Depending on your settings and on your choices when browsing through our services, your personal data may be shared with social media partners like Facebook, Google, or Amazon. This sharing allows us to create a profile based on your preferences, using a combination of external sources. This helps personalize your user experience and facilitates the delivery of more personalized advertising. Technical mechanisms like cookies are employed for this customization, and you can find more information in our cookie notice.
IV. – Do we share your personal data?
To achieve our goals, we might need to share your personal information with companies in our group. This is because some parts of our business are handled by specific companies within our group to make everything run smoothly. If you want to know more about these companies, you can check the link provided at the start of this Privacy Notice.
Sometimes, we might also need to share your information with outside parties who help us provide our services. These could include financial services, technology and security providers, and marketing partners. They will handle your data as instructed by us, following specific rules in our contracts and in line with privacy laws.
As described in the previous section, where you have given us your prior and explicit consent, we will share your data with certain social media partners to create a profile based on your preferences to deliver more personalized advertising.
V. – Do we transfer your personal data abroad?
Your personal data might be shared with entities located abroad, including outside the European Economic Area. If these transfers outside of the EEA occur, we will ensure that these are done securely, with the necessary safeguards, and in line with applicable privacy laws. In most cases, we will use standard contractual clauses pre-approved by the European Commission to provide the necessary protection.
To learn more about how we share your personal data with recipients abroad, please reach out to us using the contact information provided in at the start of this Privacy Notice. Feel free to reach out to us if you would like more details about the safeguards we have put in place to ensure the proper protection of your personal data during its transfer.
VI. – What are your rights when you provide us with your data?
Under the applicable data protection regulations, you may take various actions regarding your personal data. Particularly, you may exercise your rights of access, rectification, erasure, objection, restrict processing, and data portability, as well as your right to withdraw your consent to the processing of your personal data.
You may exercise your rights by simply contacting us through the contact information indicated at the start of this Privacy Notice. Please note that if we do not have sufficient information to identify you and handle your request, we may need to ask you for further information.
You have also the right to file a complaint with the relevant data protection authority in case you deem it necessary. Particularly, you may file a complaint with the:
• Spain: Spanish Data Protection Agency at https://www.aepd.es/
• UK: Information Commission Officer at https://ico.org.uk/
• Greece: Hellenic Data Protection Authority at https://www.dpa.gr/en
VII. – For how long will we process your personal data?
We will store your data as long as necessary to provide you with the services requested. Once your personal data is no longer needed to meet contractual or legal obligations, we will block it and store it in our systems in compliance with data protection laws requirements. This storage will only last as long as necessary for legal claims to be established, exercised or defender, up to the expiration of the relevant statutes of limitation.
Additionally, keep in mind that we might keep your personal data for various reasons, including meeting our tax, audit, or legal obligations. This retention will follow legally required timeframes.
Once this period has elapsed, the data will be either erased or fully anonymized.
VIII. – Considerations on sharing information about others
If you share personal data about third parties during your interactions with us (e.g., booking a reservation for a friend), you confirm that you have informed them about how we will use their personal data. You also acknowledge and represent that the personal data you provide us with is accurate and current, and you will notify us of any change to that data.
IX. –Changes to this Privacy Notice
We may update this Privacy Notice occasionally, and we will post the updated version on our website. If there are significant changes, we will let you know, but you can always check the latest version on our website. It is a good idea to review it from time to time to stay informed about our privacy practices.
X.- Specific information on video-surveillance (CCTV)
This section includes specific information about how we use our video-surveillance systems (CCTV).
We process personal data that has been collected through CCTV, focusing only on images (no audio). The purpose of this data processing is to ensure the safety of people, property and facilities and investigate any suspected illegal activity or other wrongdoing. This data processing based on public interests we seek to achieve, related with ensuring security and safety in our facilities and in line with applicable laws and regulations.
Recordings are kept for a maximum period of one (1) month, then deleted.
Usually, we do not share images with third parties, except within our security-related corporate group. Legal obligations may require sharing with entities like law enforcement, courts, and lawyers. As set under Section VI, you can exercise your data protection rights or file a complaint with the applicable data protection authority, using the contact info provided under Section I.