Mallorca Map - Dein Guide für Mallorca | Restaurants, Events, Touren & Aktivitäten

Privacy Policy

Last updated: January 2025

We take the protection of your personal data very seriously. This privacy policy informs you about how we process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Controller

Responsible for data processing:
BOTZILLA Ltd.
Landscape House, Baldonnell Business Park
Dublin 22, D22 P3K7, Ireland

2. Legal Basis for Processing

We process personal data based on the following legal bases according to Art. 6 GDPR:

  • Art. 6 para. 1 lit. a GDPR: Consent (e.g., newsletter, optional cookies)
  • Art. 6 para. 1 lit. b GDPR: Contract performance (e.g., account management, business subscriptions)
  • Art. 6 para. 1 lit. c GDPR: Legal obligation (e.g., invoicing, tax obligations)
  • Art. 6 para. 1 lit. f GDPR: Legitimate interest (e.g., security, fraud prevention, internal analytics)

3. What Data Do We Process?

3.1 Account Data (Registration & Login)

Processed data: Email address, name (optional), password (encrypted as hash)

Purpose: Provision and management of your account, authentication

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until account deletion

Recipients: Supabase (EU servers, GDPR compliant)

3.2 Profile Data

Processed data: Profile picture, bio, city, country, language, notification preferences

Purpose: Personalization of your profile, improvement of user experience

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until account deletion or manual removal

Note: All profile data is optional and can be deleted at any time

3.3 Business Data (Claims & Subscriptions)

Processed data: Company data, verification documents, billing information, payment data (via Stripe)

Purpose: Verification of business claims, processing of subscriptions and payments

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. c GDPR (legal obligation)

Retention period: Verification documents: 12 months after claim, invoicing data: 10 years (tax obligation)

Recipients: Stripe (PCI-DSS certified, GDPR compliant)

3.4 User-Generated Content

Processed data: Reviews, comments, events, jobs, classifieds, uploaded images/videos

Purpose: Provision of platform functionality, information exchange between users

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Retention period: Until manual deletion or account deletion

Note: Published content is publicly visible. Please do not share sensitive personal data.

3.5 Analytics & Usage Data

Processed data: IP address (anonymized), user agent, referrer URL, geo data (country/city), session ID, page views, interactions

Purpose: Platform improvement, troubleshooting, security, fraud prevention

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Retention period: 24 months (analytics), 12 months (logs)

Technology: PostgreSQL Analytics (server-side, no external trackers like Google Analytics)

3.6 Cookies

Processed data: Session token, language settings

Purpose: Authentication, language selection

Legal basis: Art. 6 para. 1 lit. b GDPR (technically necessary) or Art. 6 para. 1 lit. a GDPR (with consent)

Details: See our Cookie Policy

4. Disclosure to Third Parties

We only disclose your data to third parties in the following cases:

Supabase (Hosting & Database)

Location: EU servers (GDPR compliant)

Purpose: Platform hosting, database management, authentication

Privacy: supabase.com/privacy

Stripe (Payment Processing)

Location: USA (EU-US Data Privacy Framework)

Purpose: Payment processing, PCI-DSS compliant storage of payment data

Privacy: stripe.com/privacy

Hetzner (Server Hosting)

Location: Germany (GDPR compliant)

Purpose: Server infrastructure, website hosting

Privacy: hetzner.com/legal/privacy-policy

5. Your Rights as Data Subject

You have the following rights under the GDPR:

Right to access (Art. 15 GDPR): You can request information about your stored personal data.
Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR): You can request the deletion of your data ("right to be forgotten").
Right to restriction (Art. 18 GDPR): You can request the restriction of processing.
Right to data portability (Art. 20 GDPR): You can receive your data in a structured format.
Right to object (Art. 21 GDPR): You can object to processing for reasons relating to your particular situation.
Right to withdraw consent (Art. 7 para. 3 GDPR): You can withdraw given consents at any time (e.g., newsletter).

Exercising Your Rights:

Contact us at support@mallorca-map.com or use the account settings on the platform.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority:

Competent authority in Ireland:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: dataprotection.ie
You can also contact the data protection authority of your country of residence.

7. Data Security

We implement technical and organizational security measures to protect your data:

  • SSL/TLS encryption (HTTPS) for all data transmissions
  • Encrypted storage of passwords (bcrypt hash)
  • Access control and authentication (row-level security)
  • Regular security updates and backups
  • Monitoring and logging for security incidents

8. Automated Decision-Making & Profiling

We do not use automated decision-making processes according to Art. 22 GDPR. There is no profiling that produces legal effects or significantly affects you.

9. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in the legal situation or changes to our services. The current version is always available on this page.

10. Contact

For privacy questions, contact us:

Postal address:
BOTZILLA Ltd.
Landscape House, Baldonnell Business Park
Dublin 22, D22 P3K7, Ireland