We are pleased that you are visiting our websites and digital platforms. As part of the Mallorcard community and the services operated by Tiquetero GmbH, we place great importance on transparency, responsibility, and the careful handling of personal data. Protecting your privacy is not only a legal obligation for us but also a fundamental principle in how we build long term relationships with our users, partners, and community members.
This Privacy Policy explains what personal data we collect, for which purposes it is used, and how we protect it in accordance with the General Data Protection Regulation GDPR and other applicable data protection laws within the European Union.
- Controller for Data Processing
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union is:
Tiquetero GmbH
Pestalozzistr. 25
22305 Hamburg
Germany
Email: info@tiquetero.com
Managing Directors:
David Alexander Behnk
Nadine Yvonne Wohlfarth
Commercial Register: Local Court Hamburg, HRB 196593
- Data Protection Officer
You may contact our Data Protection Officer at any time regarding questions related to data protection, privacy rights, or the processing of personal data:
David Alexander Behnk
Tiquetero GmbH
Pestalozzistr. 25
22305 Hamburg
Germany
Email: info@tiquetero.com
Requests will be handled confidentially and in accordance with applicable data protection laws.
- What Are Personal Data
Personal data are all information relating to an identified or identifiable natural person. This includes, for example, name, postal address, email address, telephone number, date of birth, IP address, online identifiers, or booking related information.
- Legal Bases for Processing
We process personal data only where legally permitted. The main legal bases are:
Article 6 paragraph 1 letter a GDPR consent
Article 6 paragraph 1 letter b GDPR contractual necessity
Article 6 paragraph 1 letter c GDPR legal obligation
Article 6 paragraph 1 letter d GDPR vital interests
Article 6 paragraph 1 letter f GDPR legitimate interests
- General Data Collection When Visiting the Website
When you access our websites, certain technical information is automatically collected by our systems. This may include:
Browser type and version
Operating system
Internet service provider
IP address
Date and time of access
Referrer URL
Visited pages and duration of stay
These data are processed for technical stability, security, and statistical evaluation. They are generally not combined with other personal data.
- Cookies and Consent Management
Our websites use cookies and similar technologies to ensure functionality, improve user experience, analyze usage, and support marketing activities.
Cookies are small text files stored on your device by your browser. You may prevent or delete cookies at any time through your browser settings. Please note that disabling cookies may limit certain website functions.
Technically necessary cookies are processed based on Article 6 paragraph 1 letter f GDPR.
Analytical or marketing cookies are processed only with your consent based on Article 6 paragraph 1 letter a GDPR.
A consent management platform or cookie banner allows you to control your preferences at any time.
- Log Files
Each time our website is accessed, data are automatically stored in server log files. These files contain technical information necessary for website delivery, security monitoring, and system stability.
A combination of these data with other personal data does not normally take place.
- Contact Options
If you contact us via email or contact forms, the personal data you provide will be stored for the purpose of processing your inquiry.
Legal basis:
Article 6 paragraph 1 letter a GDPR consent
Article 6 paragraph 1 letter b GDPR contract related inquiries
Article 6 paragraph 1 letter f GDPR legitimate interest
The data will be deleted once the request has been fully resolved unless legal retention obligations apply.
- Newsletter and Marketing Communication
Newsletter Based on Consent
You may subscribe to our newsletter via a registration form. A confirmation email is sent to verify your subscription.
We store IP address, date, and time of registration to document consent.
Legal basis: Article 6 paragraph 1 letter a GDPR.
You may withdraw your consent at any time via the unsubscribe link in each email.
Direct Marketing
Where legally permitted, we may send information about similar products or services.
You may object at any time without cost.
- Third Party Services and Technical Providers
We may use external service providers for hosting, analytics, marketing tools, newsletter distribution, technical infrastructure, payment processing, and platform functionality.
These providers act as data processors under Article 28 GDPR and are contractually obligated to comply with data protection requirements.
If data are transferred outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses are implemented.
- Affiliate Services and API Based Partner Content
Our websites and platforms may display third party offers, availability information, prices, or booking related content from external providers through technical interfaces such as APIs. These may include travel services, activities, rentals, tickets, or similar offerings.
The display of such partner content serves informational and comparison purposes. The actual purchase, payment processing, contract conclusion, service delivery, customer support, and liability for the booked service remain solely with the respective provider. Tiquetero GmbH does not become a contractual party of the transaction.
If you proceed with a booking, you are usually redirected to the provider’s website or checkout environment. In this context, personal data may be processed by the provider under its own responsibility. Please review the provider’s privacy policy and terms before completing a booking.
To operate affiliate partnerships, it may be necessary to process technical identifiers such as referral parameters, booking attribution information, device data, or transaction confirmation data in order to correctly assign referrals and calculate commissions. Depending on the partner configuration, this may involve cookies or similar technologies, which are processed only according to your cookie preferences.
Legal basis:
Article 6 paragraph 1 letter a GDPR consent where tracking technologies require consent
Article 6 paragraph 1 letter f GDPR legitimate interest for technical functionality and fraud prevention
- Social Media Links and Integrations
Our websites may contain links or integrations to social media platforms such as Instagram, Facebook, TikTok, or YouTube.
When accessing these platforms, the privacy policies of the respective providers apply.
- Data Retention
Personal data are stored only as long as necessary for the respective purpose or as required by statutory retention periods.
After expiration of these periods, data are routinely deleted unless further storage is legally required.
- Security Measures
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures are regularly reviewed and updated.
- Rights of Data Subjects
Under the GDPR, you have the following rights:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority
- Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority.
The competent authority for our company is:
Hamburg Commissioner for Data Protection and Freedom of Information
Germany
- Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect legal, technical, or operational changes.
The current version published on our websites always applies.