Mallorca Map - Your guide to Mallorca | Restaurants, events, tours and activities
+EN

Privacy Policy

Last updated: April 2026

We take the protection of your personal data very seriously. This privacy policy informs you about how we process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Controller

Responsible for data processing:
BOTZILLA EUROPE S.L.U.
Camí Vell de Llucmajor 112
07007 Palma de Mallorca, Spain
NIF: B26964957

2. Legal Basis for Processing

We process personal data based on the following legal bases according to Art. 6 GDPR:

  • Art. 6 para. 1 lit. a GDPR: Consent (e.g., newsletter, optional cookies)
  • Art. 6 para. 1 lit. b GDPR: Contract performance (e.g., account management, business subscriptions)
  • Art. 6 para. 1 lit. c GDPR: Legal obligation (e.g., invoicing, tax obligations)
  • Art. 6 para. 1 lit. f GDPR: Legitimate interest (e.g., security, fraud prevention, internal analytics)

3. What Data Do We Process?

3.1 Account Data (Registration & Login)

Processed data: Email address, name (optional), password (encrypted as hash)

Purpose: Provision and management of your account, authentication

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until account deletion

Recipients: Supabase (EU servers, GDPR compliant)

3.2 Profile Data

Processed data: Profile picture, bio, city, country, language, notification preferences

Purpose: Personalization of your profile, improvement of user experience

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until account deletion or manual removal

Note: All profile data is optional and can be deleted at any time

3.3 Business Data (Claims & Subscriptions)

Processed data: Company data, verification documents, billing information, payment data (via Stripe)

Purpose: Verification of business claims, processing of subscriptions and payments

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. c GDPR (legal obligation)

Retention period: Verification documents: 12 months after claim, invoicing data: 10 years (tax obligation)

Recipients: Stripe (PCI-DSS certified, GDPR compliant)

3.4 User-Generated Content

Processed data: Reviews, comments, events, jobs, classifieds, uploaded images/videos

Purpose: Provision of platform functionality, information exchange between users

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until manual deletion or account deletion

Note: Published content is publicly visible. Please do not share sensitive personal data.

3.5 Analytics & Usage Data

Processed data: IP address (anonymized), user agent, referrer URL, geo data (country/city), session ID, page views, interactions

Purpose: Platform improvement, troubleshooting, security, fraud prevention

Legal basis for internal analytics: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Retention period: 24 months (analytics), 12 months (logs)

Technology: PostgreSQL Analytics (server-side). Meta Pixel & Meta Conversions API only run after Marketing consent.

Meta context data after consent: Meta may additionally enrich Pixel events with page information, media content, product/offer information, business/location context and catalog signals to support conversion tracking, remarketing and campaign optimization.

3.6 Cookies

Processed data: Session token, language settings

Purpose: Authentication, language selection

Legal basis: Art. 6 para. 1 lit. b GDPR (technically necessary) or Art. 6 para. 1 lit. a GDPR (with consent)

Details: See our Cookie Policy

4. Disclosure to Third Parties

We only disclose your data to third parties in the following cases:

Supabase (Hosting & Database)

Location: EU servers (GDPR compliant)

Purpose: Platform hosting, database management, authentication

Privacy: supabase.com/privacy

Stripe (Payment Processing)

Location: USA (EU-US Data Privacy Framework)

Purpose: Payment processing, PCI-DSS compliant storage of payment data

Privacy: stripe.com/privacy

Hetzner (Server Hosting)

Location: Germany (GDPR compliant)

Purpose: Server infrastructure, website hosting

Privacy: hetzner.com/legal/privacy-policy

Meta Platforms Ireland/Meta Platforms, Inc. (Meta Pixel & Conversions API)

Location: Ireland/USA (EU-US Data Privacy Framework)

Purpose: Conversion tracking, remarketing, measuring marketing campaign success and automatic event enrichment with page, media, product/offer, business/location and catalog context

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via the Marketing category)

Privacy: facebook.com/privacy/policy

Google Ireland Ltd./Google LLC (Google AdSense manual slots)

Location: Ireland/USA (EU-US Data Privacy Framework)

Purpose: Delivery of contextual advertising on explicitly approved public placements; funding of the free service. Google sets its own cookies and collects device/usage data.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via Google Privacy & Messaging as certified CMP with IAB TCF — category "Partner advertising"). Without consent, no manual Google AdSense slots are shown.

Publisher ID: ca-pub-5164045590594283

Privacy: policies.google.com/technologies/ads

5. Your Rights as Data Subject

You have the following rights under the GDPR:

Right to access (Art. 15 GDPR): You can request information about your stored personal data.
Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You can request the deletion of your data ("right to be forgotten").
Right to restriction (Art. 18 GDPR): You can request the restriction of processing.
Right to data portability (Art. 20 GDPR): You can receive your data in a structured format.
Right to object (Art. 21 GDPR): You can object to processing for reasons relating to your particular situation.
Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw given consents at any time (e.g., newsletter).

Exercising Your Rights:

Contact us at support@mallorca-map.com or use the account settings on the platform.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority:

Competent supervisory authority (Spain):
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan 6, 28001 Madrid, Spain
Website: aepd.es
You can also contact the data protection authority of your country of residence.

7. Data Security

We implement technical and organizational security measures to protect your data:

  • SSL/TLS encryption (HTTPS) for all data transmissions
  • Encrypted storage of passwords (bcrypt hash)
  • Access control and authentication (row-level security)
  • Regular security updates and backups
  • Monitoring and logging for security incidents

8. Automated Decision-Making & Profiling

We do not use automated decision-making processes according to Art. 22 GDPR. There is no profiling that produces legal effects or significantly affects you.

9. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in the legal situation or changes to our services. The current version is always available on this page.

10. Contact

For privacy questions, contact us:

Postal address:
BOTZILLA EUROPE S.L.U.
Camí Vell de Llucmajor 112
07007 Palma de Mallorca, Spain
NIF: B26964957