Legal
Privacy Policy
Yachtzap demonstrates a strong commitment to user privacy. Our Privacy Policy outlines clear practices for data collection, storage, and usage in accordance with GDPR ((EU) 2016/679).
1. Introduction
1.1. Welcome to the privacy policy, which adheres to GDPR ((EU) 2016/679).
1.2. The company respects user privacy and protects personal data. This policy explains data handling when visiting our online facilities and describes your privacy rights and legal protections.
1.3. Users should read this policy alongside other notices when personal data is collected to understand data usage fully.
1.4. Questions about this policy should be directed to the company at the provided address.
2. Definitions
2.1. Key terms are defined as follows:
2.1.1. Legitimate Interest means conducting business to provide the best service and secure experience.
2.1.2. Online Facilities encompasses websites and mobile applications owned or distributed by the company.
2.1.3. Personal Data includes information identifying you, excluding anonymised data.
2.1.4. We/Us/Our refers to Yachtzap ApS, a company incorporated in Denmark, located at Pakhus 47, Sundkaj 7, 1st Fl., DK-2150 Nordhavn, Copenhagen.
2.1.5. You/Your means any person accessing the online facilities.
3. Important Information
3.1. Purpose of this Policy
3.1.1. This policy informs you how personal data is collected and processed during and following use of our online facilities, including data you provide to us.
3.2. Controller
3.2.1. The company is the controller responsible for personal data as outlined in this policy.
3.2.2. A data protection officer oversees policy-related questions and legal rights requests.
3.3. Contact Details
3.3.1. Users may complain to Datatilsynet, Denmark's supervisory data protection authority, though the company appreciates the opportunity to address concerns first.
3.4. Changes to this Policy
3.4.1. This policy undergoes regular review. Historic versions are available upon request.
3.5. Your Duty to Inform Us of Changes
3.5.1. Users should keep the company informed when personal data changes during their relationship with us.
3.6. Third Party Links
3.6.1. Our online facilities may link to third-party websites and applications. The company does not control these sites or their privacy statements and encourages reading third-party privacy policies.
4. The Data We Collect About You
4.1. The company collects various categories of personal data:
4.1.1. Identity data includes first name, last name, username, marital status, title, date of birth, and gender.
4.1.2. Contact data includes addresses, email addresses, and telephone numbers.
4.1.3. Financial data includes bank accounts and payment card details.
4.1.4. Transaction data includes payment details and service purchase information.
4.1.5. Technical data includes IP addresses, login data, browser types, timezone settings, location, plug-in types, operating systems, and device technology.
4.1.6. Profile data includes usernames, passwords, yacht charter requests, interests, preferences, feedback, and survey responses.
4.1.7. Usage data includes information about how you use our online facilities and services.
4.1.8. Marketing and communications data includes your marketing preferences and communication preferences.
4.2. The company collects aggregated statistical or demographic data that may not constitute personal data. If combined data identifies you, it is treated as personal data.
4.3. The company does not collect special categories of data (race, ethnicity, religious beliefs, sexual orientation, political opinions, health information, genetic data, biometric data) or criminal conviction information.
4.4. If required personal data is not provided, the company may not be able to perform contracted services.
5. How Personal Data Is Collected
5.1. The company uses multiple methods to collect personal data.
5.2. Users provide identity, contact, and financial data by completing online forms or corresponding via post, phone, or email when:
5.2.1. Creating accounts.
5.2.2. Using services.
5.2.3. Requesting marketing.
5.2.4. Responding to surveys, competitions, or promotions.
5.2.5. Providing feedback or contacting the company.
5.3. Technical data about your equipment, browsing actions, and patterns are automatically collected via cookies and similar technologies.
5.4. The company receives personal data from third parties and public sources:
5.4.1. Technical data from analytics providers, advertising networks, and search providers.
5.4.2. Contact, financial, and transaction data from service providers.
5.4.3. Identity and contact data from data brokers or aggregators.
5.4.4. Identity and contact data from publicly available or subscription sources.
6. How We Use Personal Data
6.1. Personal data is used only where legally permitted, typically when:
6.1.1. Performing contracts with users.
6.1.2. Necessary for legitimate business interests where your rights do not override those interests.
6.1.3. Complying with legal obligations.
6.2. The company balances potential impacts on users and their rights before processing personal data for legitimate interests.
6.3. Personal data is not processed for activities where your interests override company interests, absent your consent or a legal requirement.
6.4. The company generally does not rely on consent for processing; however, express consent is obtained before sending third-party marketing communications via email or text. You may withdraw marketing consent at any time.
6.5. The company uses your data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| Register new users | Contract performance |
| Manage payments and debt collection | Contract performance; legitimate interest in debt recovery |
| Manage relationships; notify of changes; request reviews | Contract performance; legal compliance; legitimate interest in record maintenance |
| Enable survey/competition participation | Contract performance; legitimate interest in service improvement and business growth |
| Administer business and online facilities; prevent fraud; system maintenance | Legitimate interest in business operations, IT services, network security, and legal compliance |
| Deliver relevant content and advertisements; measure effectiveness | Legitimate interest in service improvement, business growth, and marketing strategy |
| Improve facilities, products, services, and marketing via analytics | Legitimate interest in user type definition, site relevance, and business development |
| Make service recommendations | Legitimate interest in service development and business growth |
6.6. The company provides choices regarding personal data uses, particularly for marketing and advertising.
6.7. The company uses identity, contact, technical, usage, and profile data to determine relevant services and offers for you.
6.8. Marketing communications are sent if you have requested information or purchased services without opting out.
6.9. Express opt-in consent is obtained before sharing personal data with third parties for marketing purposes.
6.10. You can request cessation of marketing communications at any time by contacting the company.
6.11. Opting out of marketing does not exclude personal data provided through service supply.
6.12. You can set your browser to refuse cookies or to alert you when sites set or access cookies. Disabling cookies may restrict access to certain facilities.
6.13. Personal data is used only for the purposes for which it was collected, unless reasonably necessary for compatible reasons. You may request an explanation of any such compatibility.
6.14. If unrelated purposes require use of your personal data, you will be notified with a legal basis explanation.
6.15. Personal data may be processed without your knowledge or consent where legally required or permitted.
7. Disclosure of Personal Data
7.1. Personal data is shared with:
7.1.1. Other online facility users who need data to fulfil contractual obligations.
7.1.2. External third parties, including IT providers, professional advisers (lawyers, bankers, accountants, auditors, and insurers), tax authorities, and regulators.
7.1.3. Third parties acquiring the company's business or assets; new owners will use personal data in the same manner.
7.2. All third parties are required to respect the security of personal data and comply with applicable law. Service providers may not use personal data for their own purposes.
8. International Transfers
8.1. External third parties may be located outside the EEA, requiring international transfers of personal data.
8.2. Appropriate protections are ensured for all transfers of personal data outside the EEA.
9. Data Security
9.1. Appropriate security measures are in place to prevent accidental loss, unauthorised access, alteration, or disclosure. Access is limited to employees and contractors with a legitimate need-to-know, who process data under instruction and are subject to confidentiality obligations.
9.2. Procedures are in place to address suspected data breaches; users and applicable regulators will be notified where legally required.
10. Data Retention
10.1. Personal data is retained only as long as reasonably necessary for the purposes for which it was collected, including satisfying legal, regulatory, tax, and reporting requirements. Retention may be extended where complaints exist or litigation seems probable.
10.2. Retention periods consider data amount, nature, sensitivity, risks of unauthorised use or disclosure, processing purposes, alternative methods of achieving those purposes, and applicable legal requirements.
10.3. Certain data is retained for tax purposes in accordance with applicable tax law periods.
10.4. In some circumstances, personal data may be anonymised for research or statistical purposes and used indefinitely without further notice.
11. Your Legal Rights
11.1. Under certain circumstances, you have the following rights regarding your personal data:
11.1.1. Access request — enables you to receive a copy of your personal data and verify that it is being lawfully processed.
11.1.2. Correction request — allows you to correct incomplete or inaccurate data held about you, though verification may be required.
11.1.3. Erasure request — permits deletion of your personal data where there is no good reason for continued processing, where you have successfully objected to processing, where unlawful processing has occurred, or where erasure is required by law. Legal reasons may prevent erasure, and you will be notified accordingly.
11.1.4. Processing objection — applies where the legitimate interest basis is used and you object on grounds relating to your particular situation that impact your fundamental rights and freedoms, or for direct marketing purposes. The company may demonstrate compelling legitimate grounds overriding your rights.
11.1.5. Processing restriction request — allows you to request suspension of processing in order to establish data accuracy, where unlawful use exists but erasure is not desired, where data is needed for legal claims despite no current requirement, or where an objection is pending verification.
11.1.6. Data transfer request — provides your personal data in a structured, commonly used, machine-readable format to you or a chosen third party. This applies to automated information you consented to or that was processed to perform a contract.
11.1.7. Consent withdrawal — you may withdraw consent at any time. Withdrawal does not affect prior lawful processing. Service provision may be affected, and you will be given notice.
11.2. No fees apply to accessing your personal data or exercising your rights, although unreasonable fees may apply for unfounded, repetitive, or excessive requests, which the company may refuse.
11.3. Specific information may be requested to confirm your identity and ensure you are the rightful party seeking access. This is a security measure. Additional information may be requested to expedite responses.
11.4. The company responds to legitimate requests within one month. Complex or multiple requests may extend this period; you will be notified and kept updated.