PRIVACY POLICY

1. USER INFORMATION

Who is responsible for the processing of your personal data?

MISS MUFFET, SLU is responsible for the processing of the user's personal data and informs you that this data will be processed in accordance with the provisions of Regulation (EU) 2016/679, of 27 April (GDPR), and Organic Law 3/2018, of 5 December (LOPDGDD).

What type of data do we request and process?

Depending on the form or method of obtaining your data, we always ask for the minimum necessary to comply with the purposes detailed in each case.

What do we process your personal data for and why do we do it?

Depending on the form where we have obtained your personal data, we will treat them confidentially to achieve the following purposes:

In the Contact form

  • - Respond to queries or any type of request made by the user through any of the contact forms made available on the website of the data controller. (for the legitimate interest of the controller, art. 6.1.f GDPR)
  • - To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications. These communications will be made by the controller and will be related to its products and services, or to its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. (by the consent of the data subject, 6.1.a GDPR)
  • - Perform statistical analysis and market research. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Newsletter form

  • - To send newsletters, news, offers and online promotions. (by the consent of the data subject, 6.1.a GDPR)

In the Request a quote form

  • - Send commercial quotes on products and services. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications. These communications will be made by the controller and will be related to its products and services, or to its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. (by the consent of the data subject, 6.1.a GDPR)

In the Online Forum form

  • - Participate in the online forums proposed by the manager. (by the consent of the data subject, 6.1.a GDPR)

In the Curriculum Vitae form

  • - Involve the interested party in the personnel selection processes and analyse the applicant's profile with the aim of selecting a candidate for the vacant position of the person in charge. (by the consent of the data subject, 6.1.a GDPR)

On the Testimonial form

  • - Moderate and publish on the website the user's experiences, opinions and suggestions about a product or service. (by the consent of the data subject, 6.1.a GDPR)

In the Comments form

  • - Moderate and publish on the website the opinions about a publication. (by the consent of the data subject, 6.1.a GDPR)

In the Ethics or whistleblowing channel form

  • - Properly manage the ethics channel, processing the corresponding irregularities reported through it, and deciding on the appropriateness of initiating an investigation, in order to detect possible crimes and prevent the imposition of any type of liability, as well as to avoid any type of conduct contrary to the internal or external regulations of the entity. (for compliance with a legal obligation, 6.1.c GDPR)

In the User Registration form

  • - To manage the user's account to provide them with personalised access to the website and the interactive services it offers. (by the consent of the data subject, 6.1.a GDPR)

In the E-commerce form

  • - Manage your online purchase or order, process the payment and proceed with the shipment or activation of the same, based on the general terms and conditions of contract. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - To manage, maintain, improve or develop the services provided. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - Conduct satisfaction and quality surveys. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Loyalty card form

  • - Manage the loyalty card if requested. (by the consent of the data subject, 6.1.a GDPR)
  • - To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications. These communications will be made by the controller and will be related to its products and services, or to its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. (by the consent of the data subject, 6.1.a GDPR)
  • - Perform statistical analysis and market research. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Sweepstakes and promotions form

  • - Participate in sweepstakes, contests, promotions or other services offered by the controller. (by the consent of the data subject, 6.1.a GDPR)
  • - To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications. These communications will be made by the controller and will be related to its products and services, or to its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. (by the consent of the data subject, 6.1.a GDPR)

In the Reservations form

  • - Formalise bookings at the establishment of the person in charge. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - Sending commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, to customers, which makes it possible to make commercial communications referring to products or services that are similar to those that were initially contracted with the customer (art. 21.2 LSSI). (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Appointments form

  • - Schedule appointments and meetings with the person in charge. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Social Media form

  • - Contact through Social Networks in order to maintain a relationship between the User and the Data Controller, which may include the following operations: - Processing your requests and queries. - Informing about activities and events. - Informing about products and/or services. - Interacting through official profiles. The user has a profile on the same social network and has decided to join the social network of the Data Controller, thus showing their interest in the information published on it, therefore at the time of requesting to follow our official page, they provide us with their consent for the processing of their data. The User can access the privacy policies of the social network itself at any time, as well as configure their profile to guarantee their privacy. Once the User is a follower or has joined the Controller's social network, they may publish comments, links, images, photographs or any other type of content supported by it. The User, in all cases, must be the owner of the published content, enjoy the copyright and intellectual property rights or have the consent of the affected third parties. - Sending commercial communications relating to the activities of the Group's companies, as well as companies external to it, with which commercial collaboration or intermediation agreements have been established. (by the consent of the data subject, 6.1.a GDPR)

In the Instant Messaging form

  • - Schedule appointments and meetings with the person in charge. (for the legitimate interest of the controller, art. 6.1.f GDPR)
  • - Sending commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, to customers, which makes it possible to make commercial communications referring to products or services that are similar to those that were initially contracted with the customer (art. 21.2 LSSI). (for the legitimate interest of the controller, art. 6.1.f GDPR)
  • - To manage, maintain, improve or develop the services provided. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - Manage your online purchase or order, process the payment and proceed with the shipment or activation of the same, based on the general terms and conditions of contract. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - Send commercial quotes on products and services. (for the performance of a contract or pre-contract, 6.1.b GDPR)
  • - To send commercial advertising communications by e-mail, fax, SMS, MMS, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications. These communications will be made by the controller and will be related to its products and services, or to its collaborators or suppliers, with whom it has reached a promotional agreement. In this case, third parties will never have access to the personal data. (by the consent of the data subject, 6.1.a GDPR)
  • - Respond to queries or any type of request made by the user through any of the contact forms made available on the website of the data controller. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Video Surveillance form

  • - Purpose Security and access control, labour and internal activity control Legitimacy Public interest in security and access control and Legitimate interest of the Data Controller based on Art. 20.3 of the Workers' Statute Conservation A maximum of 30 days (with the consent of the interested party, 6.1.a GDPR)

In the Images and recordings form

  • - File with static and/or dynamic images. It includes publication in the media of the data controller or third parties. (by the consent of the data subject, 6.1.a GDPR)

In the Customers and vendors form

  • - Commercial management with customers and suppliers (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Ad Exclusion form

  • - Data management to prevent the sending of commercial communications to those who have expressed their refusal or opposition to receive them. (for compliance with a legal obligation, 6.1.c GDPR)

In the Commercial advertising form

  • - Advertising management and commercial prospecting. Includes data from legitimate, publicly accessible sources. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Data Subject Entitlement form

  • - Respond to requests from citizens in the exercise of the rights established by the GDPR (for compliance with a legal obligation, 6.1.c GDPR)

In the Web , app and other platform users form of the responsa

  • - Identification data of users who access the corporate website. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Training, courses, workshops, activities or similar form

  • - Management of access and use conditions. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Connection to the Wi-Fi network form

  • - Perform statistical analysis and market research. (for the legitimate interest of the controller, art. 6.1.f)
  • - Carry out satisfaction and quality surveys. (for the legitimate interest of the controller, art. 6.1.f GDPR) (by the consent of the data subject, 6.1.a GDPR)

In the Data of minors or vulnerable form

  • - The responsible party will not collect or process personal data of minors under fourteen years of age, without fully complying with the requirements established in the applicable data protection regulations, in relation to compliance with the duty to inform and obtaining those consents that may be necessary. The data collected will be processed for the management of the purposes informed. The controller has the appropriate security measures in place for the security of this data. (by the consent of the data subject, 6.1.a GDPR)

In the Legal representatives and contact persons form

  • - In the event that you are a legal representative or contact person of any of the entities or persons with whom the Foundation is related, the responsible party will process your data to control the development of the intended relationship. (by the consent of the data subject, 6.1.a GDPR)

How long will we keep your personal data?

They will be kept for no longer than necessary to maintain the purpose of the processing or there are legal prescriptions that dictate their custody and when it is no longer necessary for this, they will be deleted with appropriate security measures to guarantee the anonymization of the data or the total destruction of the same.

To whom do we provide your personal data?

No communication of personal data to third parties is foreseen, except if necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the controller has signed the confidentiality and data processor contracts required by current privacy regulations.

Data Booking Management Software: Instant Ticketing Group SL, B01610849, Av. From the beach 8, 6, Paguera 07160.

Data of third parties provided by the User

In the event that the USER provides personal data of third parties for any purpose, he/she guarantees that he/she has previously informed the affected parties and has obtained their consent for the communication of their data to the Data Controller.

The USER guarantees that those affected are of legal age and that the information provided is accurate and truthful.

The Data Controller may verify the consent of these affected parties through a first email with non-commercial content in which the verification of the consent granted on their behalf by the USER will be requested.

In the event that liability arises from a breach of these conditions by the USER, he/she must be responsible for the consequences of such non-compliance.

Do we make international transfers?

In accordance with Article 44 of the GDPR, authorisation for the international transfer of data to a country that has not been declared as a country with an adequate level of protection may only be granted if sufficient guarantees are obtained. Thus, it may be granted if the data controller provides a written contract, entered into between the exporter and the importer of data, which sets out the necessary guarantees of respect for the protection of the data subjects and guarantees the exercise of their rights.

It is possible that the controller has services from suppliers who have servers or headquarters in other locations and, therefore, these transfers are made. To consult the updated list of suppliers, consult with the person in charge or through hr@majorcafamilytickets.co.uk

What are your rights?

The rights that assist the user are:

  • - Right to withdraw consent at any time.
  • - Right of access, rectification, portability, deletion of your data, limitation or opposition to its processing.
  • - The right to lodge a complaint with the supervisory authority (www.aepd.es) if you consider that the processing does not comply with current regulations.

Contact details to exercise your rights:

MISS MUFFET, SLU C/ Joaquín Sorolla, Nº 17 Bjos 07181 Calviá (Illes Balears). E-mail: hr@majorcafamilytickets.co.uk

2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

Users, by ticking the corresponding boxes and entering data in the fields, marked with an asterisk (*) in the contact form or presented in download forms, expressly, freely and unequivocally, accept that their data is necessary to respond to their request, on the part of the provider, the inclusion of data in the remaining fields being voluntary. The user guarantees that the personal data provided to the controller is true and is responsible for communicating any modification thereof.

The controller informs that all data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the user. In the event that not all data is provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

If by any type of means, you provide us with personal data of other people, the responsible party warns that you must do so with their consent and have previously informed them of the points contained in this Privacy Policy. Likewise, the controller undertakes to provide any third party whose data provides us with the relevant information, in accordance with the provisions of Article 14 of the General Regulation.

3. SECURITY MEASURES

That in accordance with the provisions of the current regulations on the protection of personal data, the responsible party is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of the personal data for which it is responsible, and manifestly with the principles described in article 5 of the GDPR, by which they are processed in a lawful manner, fair and transparent in relation to the data subject and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The controller guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of users and has communicated to them the appropriate information so that they can exercise them.

For more information on privacy guarantees, you can contact the data controller through MISS MUFFET, SLU C/ Joaquín Sorolla, Nº 17 Bjos 07181 Calviá (Illes Balears). E-mail: hr@majorcafamilytickets.co.uk

4. VALIDITY

This privacy policy is effective as of 11/03/2025

The Data Controller reserves the right to modify this policy to adapt it to future legislative or jurisprudential updates that may be applicable, or for other technical, operational, commercial, corporate reasons, etc. If as a result of the changes, the rights of users are affected, the controller undertakes to inform them of the reasons.

MISS MUFFET SL - B75422709

C\Joaquin Sorolla n17 bajos

07181 - Magaluf - Calvià