Privacy Policy

1. Data Protection at a Glance

General Information

This privacy policy provides a comprehensive overview of what happens to your personal data when you visit this website.
Personal data refers to any data that can personally identify you – such as your name, email address, IP address, or browser settings.

For detailed information on data protection, please refer to the full policy outlined below.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator.
You can find the contact details in the section “Controller Information” below.

How do we collect your data?

Your data is collected in two ways:

  1. Direct input: You provide data yourself, for example via contact forms, WhatsApp messages, email, or newsletter sign-ups.

  2. Automatic collection: Technical data (e.g. browser type, operating system, time of visit) is automatically collected by our IT systems when you visit the website.

What do we use your data for?

Data is used to:

  • ensure proper functionality of the website,

  • communicate with you,

  • analyze usage to improve the user experience,

  • and, where applicable, to initiate or process contractual relationships.

What rights do you have regarding your data?

You have the right to:

  • request information about the origin, recipient, and purpose of your stored personal data at any time,

  • request correction, deletion, or restriction of your data,

  • withdraw consent for future processing,

  • request data portability,

  • and lodge a complaint with the relevant supervisory authority.

You may contact us at any time using the contact details provided under “Controller Information.”

Analytics and Third-Party Tools

Your browsing behavior may be statistically analyzed when you visit this website.
This is primarily done using analytics tools (e.g., Squarespace Analytics). Additional tools such as Google Analytics or reCAPTCHA may be added in the future and will be disclosed here once activated.

2. Hosting

Hosting via IONOS

Our website is hosted by the service provider:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Germany
Privacy policy: https://www.ionos.com/terms-gtc/terms-privacy

When you access our website, IONOS automatically collects various log files, including your IP address. These log files may contain:

  • IP address of the requesting device,

  • date and time of access,

  • referrer URL (the page previously visited),

  • browser type and version,

  • operating system used,

  • and other similar technical information.

Legal Basis

Data is processed on the basis of Art. 6(1)(f) GDPR.
We have a legitimate interest in a stable and secure presentation of our website.

If consent for the use of cookies or similar tracking technologies is required (e.g. under the EU ePrivacy Directive or the German TDDDG), processing will take place on the basis of Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG – provided such consent was given. Consent may be revoked at any time.

Data Processing Agreement (DPA)

We have concluded a legally required Data Processing Agreement (DPA) with IONOS in accordance with Art. 28 GDPR. This agreement ensures that IONOS processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

We take the protection of your personal data seriously.
We treat your personal information confidentially and in accordance with applicable data protection laws and this privacy policy.

Please note: Data transmission on the internet (e.g. communication via email) may involve security gaps. A complete protection of your data from access by third parties is not technically possible.

Controller Information

The data controller responsible for processing on this website is:

BHB Solutions UG (haftungsbeschränkt)
Weihenweg 8
21614 Buxtehude
Germany
Phone: +49 162 5899917
Email: info@boatoxibiza.com

The controller is the legal or natural person who determines the purposes and means of processing personal data (e.g. names, email addresses).

Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.
If you make a legitimate request for deletion or revoke your consent, your data will be deleted – unless we are legally obliged or entitled to retain it (e.g. due to tax or commercial law retention periods).

Legal Basis for Data Processing

Depending on the context, we process your data based on the following legal grounds:

  • Art. 6(1)(a) GDPR – if you have given consent

  • Art. 6(1)(b) GDPR – if processing is necessary for a contract or pre-contractual measures

  • Art. 6(1)(c) GDPR – to comply with legal obligations

  • Art. 6(1)(f) GDPR – for legitimate interests

  • Art. 9(2)(a) GDPR – if special categories of data are processed with your explicit consent

  • § 25(1) TDDDG – for accessing information on your device (e.g. cookies)

If data is transferred to third countries or third-party providers (e.g. US companies), this only happens on the basis of:

  • an adequacy decision (e.g. EU-US Data Privacy Framework),

  • standard contractual clauses (SCCs),

  • or your explicit consent under Art. 49(1)(a) GDPR.

Further details are listed under the individual third-party service providers in this privacy policy.

Data Sharing

We only share your personal data with external parties if:

  • it's required to fulfill a contract (e.g. shipping or payment service providers),

  • we are legally obligated to do so,

  • you have given consent,

  • or we have a legitimate interest under Art. 6(1)(f) GDPR.

Where we work with processors (under Art. 28 GDPR), we have entered into binding data processing agreements to ensure compliance.

Your Rights

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection to processing (Art. 21 GDPR)

  • Withdrawal of consent (Art. 7(3) GDPR)

  • Lodge a complaint with the relevant supervisory authority (Art. 77 GDPR)

SSL / TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content (e.g. contact forms).
You can recognize an encrypted connection by the “https://” in your browser’s address bar and the padlock symbol.

Objection to Promotional Emails

We object to the use of contact details published within the legal notice (Impressum) for sending unsolicited advertisements. We reserve the right to take legal action in the event of unauthorized promotional material (e.g. spam emails).

4. Data Collection on This Website

Cookies

Our website uses what are known as cookies. Cookies are small text files that are stored on your device and do not cause any harm. They serve different purposes and can be:

  • Session cookies: deleted automatically after your visit.

  • Persistent cookies: remain on your device until manually deleted or automatically removed by your browser.

  • First-party cookies: set directly by our website.

  • Third-party cookies: set by external services (e.g. payment providers, social media tools).

Functional cookies are technically required to provide basic website functions (e.g. navigation, shopping cart, video display).
Other cookies may be used for analytics, personalization, or marketing purposes.

Cookies required for the electronic communication process or to provide certain functions you request (e.g. shopping cart), or to optimize the website (e.g. measuring web audience), are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified.

If we ask for your consent to use cookies and similar recognition technologies, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may withdraw this consent at any time via our cookie banner or browser settings.

Important: You can configure your browser to notify you about cookies, allow cookies only in specific cases, block cookies altogether, or delete cookies automatically when the browser is closed. Disabling cookies may limit certain website functions.

Details about the cookies used on this site can be found in the cookie banner and our cookie settings.

Server Log Files

The hosting provider (IONOS) automatically collects and stores information in server log files, which your browser transmits to us. These include:

  • Browser type and version

  • Operating system used

  • Referrer URL (the page previously visited)

  • Hostname of the accessing device

  • Time of the server request

  • IP address

  • HTTP status code

This data is not combined with other data sources.

The collection of this data is technically necessary to display the website and ensure its stability and security.
It is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest).

Contact Form

When you submit inquiries via our contact form, we store the information you provide (including your contact details) to process your request and for potential follow-up questions. This data is not shared without your consent.

Depending on the context, processing is based on:

  • Art. 6(1)(b) GDPR – if your inquiry relates to a contract or pre-contractual measures

  • Art. 6(1)(f) GDPR – our legitimate interest in efficient customer communication

  • or Art. 6(1)(a) GDPR – if explicit consent was given (e.g. newsletter opt-in)

Your data remains with us until:

  • you request deletion,

  • withdraw your consent,

  • or the storage purpose no longer applies (e.g. request resolved).

Legal retention periods remain unaffected.

Communication via Email, Phone, WhatsApp

If you contact us by email, phone, or WhatsApp, your inquiry and the data you provide (e.g. name, contact info, message content) will be stored and processed for the purpose of handling your request.
We do not share this information without your consent.

Depending on the nature of your request, processing is based on:

  • Art. 6(1)(b) GDPR – if contract-related

  • Art. 6(1)(f) GDPR – legitimate interest in handling inquiries efficiently

  • Art. 6(1)(a) GDPR – if explicit consent is given

Data will be retained until you request deletion, revoke your consent, or the purpose for data storage no longer applies. Legal retention obligations remain unaffected.

Note: WhatsApp is a third-party service provided by WhatsApp Ireland Ltd. Their privacy policy applies:
https://www.whatsapp.com/legal/privacy-policy-eea

5. Social Media

Instagram

This website includes features from the Instagram social network. These features are provided by:

Meta Platforms Ireland Ltd.
Merrion Road, Dublin 4, D04 X2K5, Ireland

When the Instagram widget is active, a direct connection is established between your device and the Instagram servers. Instagram thereby receives information about your visit to this website, including your IP address and the page you visited.

If you are logged into your Instagram account, clicking the Instagram button may associate the contents of this website with your Instagram profile.

Joint Controllership under Art. 26 GDPR:
If personal data is transferred to Meta through the integration of Instagram tools (e.g., widgets), we and Meta Platforms Ireland Ltd. are considered joint controllers for this transfer phase. You can find the agreement here:
https://www.facebook.com/legal/controller_addendum

Please note: After transmission, Meta is solely responsible for the further processing.

Legal basis:

  • Art. 6(1)(a) GDPR and § 25(1) TDDDG – if you have given consent

  • You may withdraw your consent at any time with future effect

Data transfer to the USA may occur and is based on the EU-US Data Privacy Framework (DPF).
Meta is certified under the DPF. See:
https://www.dataprivacyframework.gov/participant/4452

More information:
https://privacycenter.instagram.com/policy

Pinterest

This website uses elements from Pinterest, operated by:

Pinterest Europe Ltd.
Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

When you visit a page that includes a Pinterest element (e.g. “Save” button), your browser establishes a direct connection to Pinterest servers. The server may receive log data including:

  • Your IP address

  • The URL of the site you visited

  • Browser type and settings

  • Date and time of your request

  • How you interact with Pinterest content

  • Cookies

Legal basis:

  • Art. 6(1)(a) GDPR and § 25(1) TDDDG – if you have consented

  • Consent can be withdrawn at any time

More information on how Pinterest processes your data and your rights:
https://policy.pinterest.com/privacy-policy

Optional future platforms (currently not active but planned):

  • TikTok Feeds

  • Facebook Widgets

Once activated, details will be added to this section, including provider identity, legal basis, and any potential data transfers to third countries.

6. Newsletter

Newsletter Subscription via Website

If you subscribe to our newsletter, we will use your email address and any additional data you voluntarily provide to send you regular updates, offers, or relevant news about our services and content.

We use a double opt-in procedure:
You will only receive the newsletter after you explicitly confirm your subscription via a confirmation link sent to your email address.

Required Data

To subscribe to the newsletter, we need:

  • Your valid email address

  • Optionally: your name (for personalized messages)

This information is used solely for sending the requested emails and will not be shared with third parties unless explicitly stated.

Legal Basis

Processing is based on:

  • Art. 6(1)(a) GDPR – your explicit consent
    You can withdraw your consent at any time by clicking the “unsubscribe” link in any newsletter or by contacting us directly. The lawfulness of data processing prior to withdrawal remains unaffected.

Storage Duration

We store your data for as long as you remain subscribed to our newsletter.

After you unsubscribe, your data will:

  1. be deleted from the active mailing list,

  2. and may be stored in a suppression list (blacklist) if necessary to prevent future mailings.

Storing your email address in a suppression list is based on our legitimate interest in complying with legal email marketing obligations (Art. 6(1)(f) GDPR). The suppression is not time-limited, but you may object to this storage if your interests outweigh ours.

Newsletter Provider

Our newsletter system is operated via Squarespace Email Campaigns or comparable integrated services. If we switch providers in the future, we will update this section accordingly.

7. Plugins and Tools

This section outlines third-party services and embedded tools used on our website. These tools may collect personal data such as your IP address or use tracking technologies (e.g., cookies, local storage).

Whenever such tools are used, data processing is based on Art. 6(1)(a) GDPR (consent) and § 25(1) TDDDG (if device access is involved). Consent can be withdrawn at any time.

YouTube (Enhanced Privacy Mode)

We embed videos from YouTube, operated by:

Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland

We use YouTube’s enhanced privacy mode, which prevents YouTube from storing cookies until the video is played. However, local storage objects may still be used and personal data such as your IP address may be collected.

If you are logged into your YouTube account, YouTube can associate your browsing behavior with your profile.

Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG (consent)
Data transfer: May occur to the U.S. under EU-US Data Privacy Framework
https://policies.google.com/privacy

Google Maps

We use Google Maps to display interactive maps. Provider:

Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland

To use Google Maps, your IP address and location data (if permitted) may be transmitted to Google servers.

Google Maps may also load Google Fonts from its own servers during use.

Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG
Data transfer: To the USA based on Standard Contractual Clauses (SCCs)
https://policies.google.com/privacy

Google reCAPTCHA

We use Google reCAPTCHA to protect our website from spam and abuse in contact forms. The tool analyzes user behavior to distinguish humans from bots (e.g. mouse movements, IP address).

Analysis starts automatically once you access the page – without separate notification.

Legal basis:

  • Art. 6(1)(f) GDPR – legitimate interest in securing our website

  • Art. 6(1)(a) GDPR and § 25(1) TDDDG – if consent is requested
    Data transfer: May occur to the USA under EU-US Data Privacy Framework
    https://policies.google.com/privacy

Google Fonts (Local Hosting)

We use Google Fonts to ensure consistent typography. The fonts are hosted locally on our server.
No connection to Google servers is established.

https://developers.google.com/fonts/faq

Spotify

Our site may embed audio content from Spotify, operated by:

Spotify AB
Birger Jarlsgatan 61, 113 56 Stockholm, Sweden

When the Spotify plugin is used, your IP address and possibly other technical data may be transmitted to Spotify servers.

If you're logged into your Spotify account and interact with content, this may be linked to your profile.

Spotify may also use Google Analytics as a third-party tool, which may transmit data to the USA.

Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG
https://www.spotify.com/de/legal/privacy-policy/

Instagram / TikTok / Pinterest Feeds (Planned)

These social media feeds are not currently active, but may be added in the future. Once activated, the following applies:

  • Consent will be requested via cookie banner

  • Privacy policies and data transfer mechanisms (e.g. DPF or SCCs) will be disclosed

Last Updated

This privacy policy was last updated in July 2025.
We reserve the right to update this statement at any time in compliance with applicable regulations.