PRIVACY AND DATA PROTECTION POLICY
1. Introduction
In accordance with applicable data protection legislation, users of the website www.blueoceanmaldives.com (the “Website”) are hereby informed about the processing of their personal data.
This Privacy Policy explains how personal data are collected, used, stored and protected by Blue Ocean Tours S.L., trading as Blue Ocean Maldives.
2. Applicable Legislation
This Privacy Policy is governed by the following regulations, as applicable:
-
Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
-
UK GDPR and the Data Protection Act 2018 (where applicable)
-
Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
-
Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE)
3. Data Controller
Data Controller: Blue Ocean Tours S.L.
Trading name: Blue Ocean Maldives
Tax Identification Number: B05491568
Registered office: Avda. Diagonal, 449, 4º T, 08036 – Barcelona, Spain
Email: info@blueoceanmaldives.com
Telephone: +34 626 714 406
4. Categories of Personal Data
The Company may process the following categories of personal data:
-
Identification data (first name, last name)
-
Contact details (email address, telephone number)
-
Booking and service-related information (dates, preferences, special requests)
-
Communications sent via contact forms, email or WhatsApp
-
Technical data, including IP address and browsing data collected through cookies
The Company does not process special categories of personal data within the meaning of Article 9 GDPR.
5. Source of Personal Data
Personal data are collected directly from users through:
-
Website contact forms
-
Online booking and reservation forms
-
Newsletter subscription forms
-
Communications via WhatsApp Business
-
Cookies and similar tracking technologies
-
Direct communications by email or telephone
6. Purposes of Processing
Personal data are processed for the following purposes:
a) Enquiries and contact requests
To manage and respond to enquiries, requests for information and quotations submitted by users.
b) Bookings and contractual services
To manage booking requests, confirm reservations, process payments, provide contracted services and deliver customer support.
To send operational communications related to bookings.
c) Marketing communications (newsletter)
To send marketing communications, promotions and updates relating to Blue Ocean Maldives, where the user has provided consent.
Users may withdraw their consent at any time.
d) Customer communications and CRM systems
To provide customer service and commercial follow-up.
To manage customer relationships and communications through CRM systems.
e) Website analytics and improvement
To analyse website usage and navigation behaviour.
To improve website performance, functionality and user experience.
7. Lawful Basis for Processing
The lawful bases for processing personal data are:
-
Consent of the data subject (contact forms, newsletters, cookies, WhatsApp communications);
-
Performance of a contract or pre-contractual steps at the request of the data subject (bookings and reservations);
-
Legitimate interests pursued by the Company, including customer service, service improvement, fraud prevention and website security, provided that such interests do not override the rights and freedoms of the data subject.
8. Data Retention
Personal data shall be retained only for as long as necessary to fulfil the purposes for which they were collected, and in particular:
-
For the duration of the contractual or commercial relationship;
-
Until the data subject requests erasure, where applicable;
-
For the periods required by applicable tax, accounting and consumer protection legislation;
-
For marketing communications, until consent is withdrawn or the user unsubscribes.
9. Data Recipients and Processors
Personal data may be disclosed to the following categories of recipients:
-
IT and technology service providers (hosting, email services, CRM platforms, marketing tools);
-
Payment service providers and booking management platforms;
-
Communication and messaging service providers (including WhatsApp Business);
-
Public authorities and regulatory bodies, where disclosure is required by law.
All third parties process personal data as data processors under written agreements in compliance with Article 28 GDPR.
10. International Data Transfers
Certain service providers may be located outside the European Economic Area or the United Kingdom.
Where personal data are transferred internationally, such transfers are carried out in accordance with applicable data protection laws and are safeguarded by:
-
Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, as applicable;
-
Other appropriate safeguards recognised under GDPR and UK GDPR.
11. Cookies and Consent Mode
The Website uses its own and third-party cookies for the following purposes:
-
Strictly necessary and technical cookies;
-
Analytical cookies (Google Analytics);
-
Advertising and measurement cookies (Google Ads, Meta).
Google Consent Mode
The Website implements Google Consent Mode, which adjusts the behaviour of cookies and tracking technologies in accordance with the user’s consent preferences.
Non-essential cookies are activated only after the user has provided explicit consent via the cookie banner.
Further information is available in the Cookie Policy.
12. Minors
The Website is intended for users aged 14 years or over.
Personal data of users under the age of 14 may only be processed with the consent of a parent or legal guardian.
13. Data Security
The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The Website uses SSL encryption to protect data transmitted through the Website.
14. Data Subject Rights
Data subjects have the right to:
-
Access their personal data;
-
Request rectification of inaccurate data;
-
Request erasure of their data;
-
Object to processing;
-
Request restriction of processing;
-
Request data portability;
-
Not to be subject to decisions based solely on automated processing.
These rights may be exercised by contacting:
📧 info@blueoceanmaldives.com
📬 Avda. Diagonal, 449, 4º T, 08036 – Barcelona, Spain
15. Complaints
If a data subject considers that the processing of their personal data infringes applicable data protection legislation, they have the right to lodge a complaint with the relevant supervisory authority.
In Spain, the competent authority is the Spanish Data Protection Agency (AEPD):
👉 https://www.aepd.es
16. Amendments to this Policy
Blue Ocean Maldives reserves the right to amend this Privacy Policy at any time in order to reflect changes in legislation, regulatory guidance or technical developments.