Privacy

Data Controller

GCDB Blue Escape Yachts LTD (HE 491683), Adamantiou Korai 72, 1st floor, Flat/Office 3, Paralimni 5281, Famagusta, Cyprus. Email: support@blueescapeyachts.com. See full corporate details in our imprint.

Categories of Data Processed

We process the following categories of personal data:

  • Contact data: name, email address, phone number, country of residence, language preference
  • Booking data: charter type, dates, party size, special requests, special-occasion details
  • Payment data: handled directly by Stripe (we do not store card numbers on our servers)
  • Technical data: IP address (anonymized), browser type, device type, language, referring URL, pages visited, session duration (only with cookie consent)

Legal Bases (GDPR Art. 6)

Contract performance (Art. 6(1)(b)) — for processing your booking and providing the charter service. Legitimate interest (Art. 6(1)(f)) — for security monitoring (Sentry error tracking), basic site performance, and fraud prevention. Consent (Art. 6(1)(a)) — for analytics cookies (GA4, Contentsquare) and marketing tracking. You can withdraw consent at any time via the cookie banner.

Third-Party Recipients

We share data with the following third-party processors strictly for the purposes described:

  • Stripe — payment processing. Receives payment data and booking metadata for charge authorization, fraud detection, and refund handling. Hosted EU and US (Standard Contractual Clauses). Privacy: stripe.com/privacy.
  • AffiliateHub (operated by GC Hospitality Labs LTD on behalf of Blue Escape Yachts) — booking management, admin dashboard, customer service workflow. Hosted EU (Render Frankfurt).
  • Render (web hosting + Master API) — receives all server-side requests. Hosted in EU regions (Frankfurt).
  • Resend — transactional email delivery (booking confirmations, contact-form responses). Hosted EU/US (Standard Contractual Clauses).
  • Sentry — error tracking and session replay. Receives anonymized error events, browser metadata, and (with marketing consent only) replay recordings. PII fields are masked. Hosted EU (sentry.io DE region).
  • Google Analytics 4 — web analytics. Receives anonymized usage data including IP-truncated session events (only with analytics consent). Hosted US (Standard Contractual Clauses).
  • Contentsquare — UX analytics and heatmap recording (only with marketing consent). PII fields are masked at source. Hosted EU.
  • Cloudflare — CDN, DDoS protection, and edge routing. Receives request IP, user agent, and edge metadata. Hosted globally with EU edge nodes.
  • Namecheap Private Email — mailbox infrastructure for support@blueescapeyachts.com. Hosted US (Standard Contractual Clauses).
  • Meta Platforms Inc. (Instagram) — receives outbound link clicks only if users follow @blueescapeyachts. We do not embed Instagram pixels or share user data with Meta beyond the linked profile.
  • Telegram FZ-LLC (Telegram) — receives outbound link clicks only if users open the t.me/blueescapeyachts channel. We do not embed Telegram tracking or share user data beyond the channel link.
  • Meta Platforms Inc. (Facebook) — receives outbound link clicks only if users open our Facebook page. We do not embed Meta pixels or share user data with Meta beyond the linked page.
  • Snap Inc. (Snapchat) — receives outbound link clicks only if users open our Snapchat profile. We do not embed Snap pixels or share user data with Snap Inc. beyond the linked profile.
  • ByteDance Ltd. (TikTok) — receives outbound link clicks only if users open our @blueescapeyachts profile. We do not embed TikTok pixels or share user data with ByteDance beyond the linked profile.

Third-Country Transfers

Some of our processors (Stripe, Resend, GA4, Namecheap Private Email) are based in or transfer data to the United States. Transfers occur under EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. We do not transfer data to any third country without an adequate safeguard.

Storage Periods

Booking data: 7 years (Cyprus accounting law). Contact-form inquiries: 6 months unless converted to a booking. Cookie consent: 12 months. Error tracking events: 90 days. Analytics data: 14 months. You may request earlier deletion under the GDPR rights below.

Your Rights (GDPR)

Under EU GDPR you have the following rights:

  • Right of access (Art. 15) — request a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion ("right to be forgotten")
  • Right to data portability (Art. 20) — receive your data in a portable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to lodge a complaint — with the Cyprus Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy) or your local supervisory authority

Cookies

We use cookies in three categories. You can adjust your consent at any time via the cookie banner.

  • Essential — language preference, cookie consent state, session management. Required for the site to function. Cannot be disabled.
  • Analytics — Google Analytics 4 (anonymized) for understanding aggregate site usage. Enabled only with analytics consent.
  • Marketing — Contentsquare heatmaps and session replays for UX improvement. Enabled only with marketing consent. PII fields are masked at source.

Contact for Data Protection

For data protection inquiries, please contact us at support@blueescapeyachts.com. We aim to respond within 30 days.