I. PRIVACY POLICY AND DATA PROTECTION

In compliance with current legislation, JetBlast Ibiza (hereinafter, also referred to as “the Website”) commits to adopting the necessary technical and organizational measures appropriate to the level of security required to mitigate risks associated with the data collected.

Laws Governing This Privacy Policy

This Privacy Policy complies with the current Spanish and European regulations on the protection of personal data on the internet. Specifically, it adheres to the following laws:

• Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

• Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

• Royal Decree 1720/2007, of December 21, approving the implementing regulations of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).

• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The entity responsible for the processing of personal data collected through JetBlast Ibiza is JETBLAST IBIZA WATERSPORTS, SOCIEDAD LIMITADA, with CIF: B75866863. Its registered address and contact details are as follows:

• Address: D’es Consultori, 9 – 07830 Sant Josep de sa Talaia (Illes Balears)

• Phone: +34 612 49 82 28

• Email: info@jetblastibiza.com

Registration of Personal Data

In compliance with the GDPR and LOPD-GDD, all personal data collected via forms on the Website will be incorporated into our database. This data will be used to facilitate and expedite commitments established between JetBlast Ibiza and the user or to respond to inquiries or requests made through the forms. Unless otherwise specified under Article 30.5 of the GDPR, a record of processing activities will be maintained in accordance with its requirements.

Principles Governing Personal Data Processing

The processing of personal data will adhere to the following principles as outlined in Article 5 of the GDPR and Article 4 of Organic Law 3/2018:

1. Lawfulness, Fairness, and Transparency: User consent will always be requested following clear and transparent communication of the purposes of data collection.

2. Purpose Limitation: Data will only be collected for specific, explicit, and legitimate purposes.

3. Data Minimization: Only the data strictly necessary for its purposes will be collected.

4. Accuracy: Personal data will be kept accurate and up-to-date.

5. Storage Limitation: Data will be retained only for as long as necessary for its intended purpose.

6. Integrity and Confidentiality: Data will be processed securely to ensure confidentiality.

7. Accountability: The data controller will ensure compliance with these principles.