Privacy Policy

CHARTER EASY EOOD (the "Company") is the data controller for the yacht charter booking platform. We are committed to complying with the EU General Data Protection Regulation (GDPR).

Our registered office is at {Address}.

You can contact our Data Protection Officer or customer privacy team at booking@charter-easy.com or by telephone at +359 87 693 8320.

Any questions or requests regarding your personal data should be sent to these contact details.

When you use our booking platform, we collect and process the following categories of personal data about you:

All personal data collected is relevant and necessary for the purposes described below. We do not collect special categories of personal data (such as health or religious information) in connection with a standard yacht charter booking.

• Identity and Contact Data: Your full name, residential address, telephone number, and email address (to confirm bookings and communicate with you).
• Transaction and Payment Data: Your payment and billing information (for example, credit card or bank details) needed to complete the charter booking and process refunds or invoices.
• Identification Documents: Passport or government-issued ID data (such as passport number, expiry date, nationality) when required by maritime authorities or providers for identity verification or regulatory compliance.
• Booking and Usage Data: Details of the yacht charter (dates, destination, number of passengers), correspondence history, and customer preferences or requests.
• Technical Data: IP address and device identifiers (collected via cookies and similar technologies) when you browse our site or use our app.

We process your personal data only on lawful grounds as required by GDPR Article 6. In particular:

• Contract Performance (GDPR Art. 6(1)(b)) - Processing is necessary to perform our contract with you. For example, we need your name, contact, and payment data to confirm and fulfill your yacht charter reservation. Without this data, we cannot provide the charter booking service.
• Consent (GDPR Art. 6(1)(a)) - Where you have given consent, we process data for marketing and analytical purposes. For example, we will only send you promotional offers or newsletters if you opt in. We also obtain consent before using non-essential cookies or tracking for personalized advertising. You are free to withdraw any consent at any time, and withdrawal will not affect the lawfulness of prior processing.
• Legitimate Interests (GDPR Art. 6(1)(f)) - We rely on our legitimate business interests to process your data where permitted. For instance, we process data to improve our services and website (using analytics to optimize site performance) and to prevent fraud or misuse of our platform. Preventing fraud is specifically recognized as a legitimate interest: GDPR Recital 47 notes that "processing of personal data strictly necessary for the purposes of preventing fraud may constitute a legitimate interest of the controller". In each case we balance our interests against your rights, as required by law.

We may share your personal data with certain trusted third parties to carry out the services you request. These include:

All third-party processors we engage are GDPR-compliant: they are bound by data-processing agreements and may only act on our instructions. We use only processors that provide sufficient guarantees to implement appropriate technical and organizational measures to protect your data.

Under Article 28 GDPR, processing by any processor is governed by a binding contract setting out their obligations.

• Email Marketing Platforms: We use services like MailChimp or Constant Contact to send marketing newsletters or confirmations (processing is performed as our processors).
• Payment Processors: We use payment service providers (for example, Stripe, PayPal) to handle credit card transactions and billing.
• Cloud Hosting Providers: Your data is stored and processed on secure servers (for example, AWS, Azure, Google Cloud) under strict security.
• Customer Relationship Management (CRM) Systems: We use CRM software to manage bookings and customer communications.
• Yacht Booking Providers: We share necessary booking details with boat owners or affiliate charter companies to fulfill your reservation.
• Analytics and Advertising Services: We may use Google Analytics and other tools to analyze website usage and serve relevant ads.
• IT Service Providers: Technical support and development vendors who maintain our platform.

Our website uses cookies and similar tracking tools (web beacons, pixel tags) to improve functionality and analyze usage. These include:

You can manage your cookie preferences at any time (for example, via the cookie settings link in the website footer). Declining non-essential cookies will not affect core site functionality but will disable analytics and targeted ads. For more detail, see our Cookie Policy.

• Strictly Necessary Cookies: Essential for site operation (for example, to keep items in a cart or maintain login status). We do not require consent for these, but we explain their purpose to users.
• Functional Cookies: Remember your preferences (language, currency, and similar settings) to improve user experience.
• Analytics Cookies: We collect aggregated usage data (pages visited, navigation patterns) via services like Google Analytics. This helps us understand how visitors use the site and improve it. Because analytics cookies can be considered personal data (as they track user behavior), we use them only with your consent.
• Marketing Cookies and Behavioral Tracking: We and our advertising partners may use cookies or device identifiers to track your activity across sites and show you relevant advertisements. We obtain your explicit consent before using any cookies or tracking for marketing purposes, as required by EU cookie laws.

The Company and its third-party processors may transfer your personal data to countries outside the EU/EEA (for example, if a vendor or cloud server is located abroad). Some of those countries may not have data protection laws equivalent to the EU. In such cases, we implement appropriate safeguards to protect your data. Specifically:

We will not transfer your personal data internationally without implementing these measures.

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal safeguard for transfers. These clauses obligate the recipient to protect data to EU standards and are expressly permitted by Article 46 GDPR as appropriate safeguards for transfers.
• Where possible, we only work with processors that have received an EU Commission adequacy decision or comparable protections (for example, the recipient is certified under an EU-approved framework).
• If we plan to transfer your data to a country without an adequacy decision or suitable safeguards, we will (where required by law) obtain your explicit consent to the transfer. You will be informed of any transfer risk and can refuse consent.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law.

In practice, data related to your bookings and account may be kept until you request deletion. You are free to delete your account or contact us to erase your data at any time, and we will then remove your personal information promptly.

Notwithstanding the above, GDPR storage limitation principles require us to review data periodically and delete what is no longer needed. If we hold any data solely for marketing or analytics without an ongoing business need, we will delete or anonymize it unless you have expressly opted in. You can also use our website tools or settings to delete your profile data or revoke consents.

Under the GDPR you have the following rights with respect to your personal data:

To exercise any of these rights, you may contact us using the details above or use any user account settings provided on the platform. We will verify your identity before complying with requests to ensure data is not disclosed to the wrong person. We will respond to your request without undue delay and in any event within one month, as required by GDPR.

• Right of Access: You can ask us whether we process your data and obtain a copy of that data, as well as related information (processing purposes, categories, recipients, retention, and similar details).
• Right to Rectification: You may request that we correct inaccurate or incomplete data we hold about you. For example, if your email or address changes, we will update our records.
• Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data when it is no longer needed for its original purpose, or if you withdraw consent, or if processing is unlawful. There are exceptions, such as legal obligations or legal claims.
• Right to Restrict Processing: You may ask us to limit how we use your data, for example by keeping it stored but not actively processing it further. We will honor such requests where required by law.
• Right to Data Portability: Where processing is based on consent or contract and done by automated means, you have the right to receive your data in a structured, commonly used format so you can transfer it to another controller.
• Right to Object: You can object to processing of your data for direct marketing (including profiling for marketing) at any time. You can also object on grounds relating to your particular situation if processing is based on legitimate interests. If you object, we will stop processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
• Right to Withdraw Consent: If you have given consent (for example, to receive marketing emails or to set cookies), you can withdraw that consent at any time. It will be as easy to withdraw as it was to give consent. Doing so will not affect the lawfulness of any processing we conducted before withdrawal.

If you believe our processing of your personal data infringes the GDPR or your data protection rights, you have the right to lodge a complaint with a data protection supervisory authority. This is without prejudice to any other administrative or judicial remedies.

In particular, you may complain to the supervisory authority in the EU Member State where you reside, work, or where the alleged infringement occurred. For example, the UK Information Commissioner's Office (ICO) or the Data Protection Authority in your own country (for example, CNIL in France or BfDI in Germany).

The supervisory authority will inform you about the progress and outcome of the complaint.

Where our processing is based on your consent (such as for marketing communications, cookies, or profiling), you have full control. You can withdraw consent at any time by:

We will implement your withdrawal promptly and will not continue to use your data for the purposes you have revoked. As noted above, GDPR requires that it be as easy to withdraw consent as to give it.

• Unsubscribing via the "unsubscribe" link in any marketing email or newsletter.
• Adjusting your cookie or privacy settings on our website or app.
• Contacting us at booking@charter-easy.com to withdraw consent or request deletion.

We may update this Privacy Policy from time to time, for example to reflect new regulations or changes in our services. If we make significant changes, we will notify users by prominent announcement or email.

The "Last Updated" date at the top of this document will indicate the latest revision.

For any questions about this Privacy Policy or our data practices, please contact CHARTER EASY EOOD at the email or phone number above. We are committed to addressing your privacy concerns and helping you exercise your GDPR rights.