You are important to us – your data too
Our data protection
Thank you for your interest in our company. Data protection has a particularly high priority for our company. A use of our internet pages is basically possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary, we will generally obtain the consent of the person concerned.
The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the RGPD/DS-GVO and in accordance with the country-specific data protection regulations applicable to our company. By means of this data protection declaration, our company wishes to inform data subjects of their rights.
As the person responsible for the processing, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website, as well as our e-mail traffic. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.
We use the following terms, among others, in this privacy statement:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Person concerned
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
d) Processing restriction
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures designed to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Data controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his designation may be laid down in accordance with Union law or in the law of the Member States.
h) Contract processor
Processor shall mean any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a particular investigation mandate under Union law or the law of the Member States shall not be regarded as recipients.
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in a particular case, in the form of a statement or other unequivocal affirmative act, indicating that he or she consents to the processing of his or her personal data.
- Privacy officer
the person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
Mallorca Weddings, S.L.
Jutta Birfelder & Katja Hadler
c/ Sallent, 20
Tel.: +34 971 16 66 47
We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process within the scope of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. RGPD/DS-GVO, Art. 6 para. 1 lit. f. RGPD/DS-GVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information about suppliers, organizers and other business partners on the basis of our business interests, e.g. for the purpose of establishing contact at a later date. This data, which is mainly company-related, is stored permanently until revoked.
- User’s rights – Rights of our customers
You can exercise the following rights at any time using the contact details provided by our data protection officer:
- Information about your data stored by us and its processing,
- Correction of incorrect personal data,
- Deletion of your data stored with us,
- Limitation of data processing, if we are not yet allowed to delete your data due to legal obligations,
- Contradiction against the processing of your data by us and
- data transferability if you have consented to data processing or concluded a contract with us.
If you have given us your consent, you can revoke it at any time with effect for the future.
- Legal basis of the processing
Art. 6 I lit. a RGPD/DS-GVO serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the person concerned is a party, as is the case, for example, with processing operations which are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b RGPD/DS-GVO. The same shall apply to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c RGPD/DS-GVO. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our site were injured and his name, age, health insurance information or other vital information would have to be disclosed to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d RGPD/DS-GVO.
Finally, processing operations could be based on Art. 6 I lit. f RGPD/DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 RGPD/DS-GVO).
- Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective legal retention period. After this period has expired, the corresponding data will be routinely deleted unless they are no longer required for the fulfilment or initiation of the contract.
- Legal or contractual regulations
We inform you that the provision of personal data is partly prescribed by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner).
It may sometimes be necessary for a contract to be concluded that a person concerned provides us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject.
- Agency services
We process the data of our customers within the scope of our contractual services which include conceptual and strategic consulting, planning of your wedding or event, implementation of events.
We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., within the scope of evaluating and measuring the success of marketing measures). We do not process any special categories of personal data, unless they are part of a commissioned processing. Affected parties include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis of the processing results from art. 6 para. 1 lit. b RGPD/DS-GVO (contractual services), art. 6 para. 1 lit. f RGPD/DS-GVO (analysis, statistics, optimisation, security measures). We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their specification. Disclosure to external parties shall only take place if it is necessary within the framework of an order. When processing the data provided to us within the framework of an order, we shall act in accordance with the instructions of the customer and the statutory requirements for order processing pursuant to Art. 28 RGPD/DS-GVO and shall not process the data for purposes other than those specified in the order.
We delete the data after legal warranty and comparable obligations have expired. the necessity of storing the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiration. In the case of data which have been disclosed to us by the client within the scope of an order, we delete the data in accordance with the specifications of the order, in principle after the end of the order.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the purpose of operating this online service.
In this process, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 lit. f RGPD/DS-GVO i.V.m. Art. 28 RGPD/DS-GVO (conclusion of order processing contract).
- Server log files
In server log files, our website provider collects and stores information that your browser automatically transmits to our website. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- host name of the accessing computer
- Time of the server request
- IP address
There is no merging of this data with other data sources. The data processing is based on Art. 6 Para. 1 lit. b RGPD/DS-GVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
- SSL or TLS encryption
To protect your transmitted data in the best possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix “https://” in the page link in the address bar of your browser. Unencrypted pages are identified by “http://”.
All data that you transmit to this website – e.g. when making inquiries or logging in – cannot be read by third parties thanks to SSL encryption.
All e-mail traffic between you and our company is realized from our side via an encrypted connection (TLS).
- Contact form
Per contact form transmitted data are stored including your contact data, in order to be able to work on your inquiry or to stand ready for follow-up questions. A passing on of these data does not take place without your consent.
The processing of the data entered in the contact form takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a RGPD/DS-GVO). User data can be stored in a customer relationship management system (“CRM system”) or comparable software. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory legal provisions – in particular retention periods – remain unaffected.
If you do not want cookies to be stored on your end device for range measurement, you may object to the use of these files here:
- Cookie deactivation page of the network advertising initiative: http://optout.networkadvertising.org/?c=1#!/
- Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Common browsers offer the option not to accept cookies. Note: It is not guaranteed that you can access all functions of this website without restrictions if you make the appropriate settings.
- Google Analytics
The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behaviour of visitors to websites. A web analysis service collects data on, among other things, from which website a person concerned came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of Internet advertising.
operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller uses the addition “_gat._anonymizeIp” for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the person concerned if the access to our Internet pages is from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. When the cookie is set, Google is able to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements.
The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, under certain circumstances, pass on the personal data collected via the technical process to third parties.
The person concerned can prevent the setting of cookies by our website at any time, as described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
- Google Fonts
In order to present our contents correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a standard font and the display may differ from the actual display.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently also unclear whether and for what purposes – for the operators of such libraries to collect data.
- Google Maps
This website uses Google Maps API to visually display geographic information. When Google Maps is used, Google also collects, processes and uses data relating to the use of map functions by visitors. For more information about data processing by Google, please refer to the Google Privacy Notice (https://www.google.com/policies/privacy/). There you can also change your personal data protection settings in the data protection centre.
For detailed instructions on how to manage your own data related to Google products, click here: http://www.dataliberation.org/
- Online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
As a responsible company, we refrain from automatic decision-making or profiling.
We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.