Your discretion is part of the service. I collect, store and use the minimum personal data needed to deliver each ritual, in strict accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on data protection.
Who is the data controller
The Ibiza Touch · Ibiza, Balearic Islands, Spain. Contact: contact@theibizatouch.vip.
What data I collect
- Identification: first name and, optionally, last name.
- Contact: mobile number or email, used solely to coordinate the visit.
- Location of the visit: hotel name, address, room number, scheduled date and time.
- Service: ritual chosen, modality chosen, enhancements selected.
- Consents: a timestamped record of each consent screen signed during booking.
- Payment: Stripe transaction ID. I never see or store your card number, CVV or expiry.
- Technical: anonymised IP, browser and language, used to operate the website.
Why I use it (legal bases)
- To deliver the booked service — performance of a contract (Art. 6.1.b GDPR).
- To comply with Spanish tax, accounting and consumer-protection law — legal obligation (Art. 6.1.c).
- To prove informed consent for the chosen modality — explicit consent (Art. 9.2.a) for any data that may relate to bodily contact preferences.
- To protect the safety of both client and therapist — legitimate interest (Art. 6.1.f).
Who I share it with
- Stripe — payment processing.
- Resend — transactional email delivery.
- Vercel — hosting.
- Spanish tax authorities — only where legally required.
I never sell, rent or share personal data with marketers, brokers, social networks or hotel staff.
How long I keep it
- Booking and consent records: 5 years (Spanish tax and consumer-law retention).
- Payment metadata held by Stripe: per Stripe’s retention policy.
- Marketing communications: never sent without explicit opt-in; revoked on first request.
Your rights
You have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw any consent you have given. Write to contact@theibizatouch.vip. I respond within 30 days.
You may also lodge a complaint with the Spanish data protection authority (Agencia Española de Protección de Datos, aepd.es).
International transfers
Some processors (e.g. Stripe, Vercel) may transfer data outside the EU/EEA under Standard Contractual Clauses and equivalent safeguards.
Cookies
See my cookies notice.