Privacy Policy

1. Introduction

On this website (“site”, “we”, “us”, “our”), operated by Aladdin Lights Ibiza, we are committed to protecting the privacy and personal data of our users (“you”, “your”). This Privacy Policy explains what data we collect, for what purposes, how we process it, your rights, and other relevant information.

2. Data Controller

Controller name: Aladdin Lights Ibiza
Address: Ibiza, Balearic Islands, Spain (or the relevant physical address)
Contact email: (insert email)
Contact phone number: (insert phone number)

3. Data We Collect

We may collect the following personal data:

  • Identification and contact details: name, surname, email address, telephone number.

  • Business or event information (where applicable): company name, position, event name, date, and location.

  • Billing and payment details (where applicable): billing address, tax ID number (NIF/CIF), and payment details — these may be processed through third-party payment platforms.

  • Browsing data collected through cookies and similar technologies: IP address, browser type, pages visited, time spent on site, source of traffic.

  • Communications you have with us: emails, contact forms, phone calls, or messages.

4. Purposes and Legal Basis for Processing

We process personal data for the following purposes:

  • To provide the requested services (lighting and sound equipment hire, events, installations, merchandising).
    Legal basis: performance of a contract or pre-contractual measures.

  • Administrative, accounting, and tax management.
    Legal basis: compliance with legal obligations.

  • Sending marketing communications about our services (events, promotions).
    Legal basis: your prior consent, unless there is an existing contractual relationship for similar services (as per Article 21 LSSI and Article 130.2 LCG).

  • Improving our website, analysing usage, and preventing fraud.
    Legal basis: our legitimate interest (to enhance user experience and prevent misuse), provided such interests do not override your fundamental rights and freedoms.

  • Handling contact requests and customer service.
    Legal basis: performance of pre-contractual measures or legitimate interest.

5. Data Disclosure and International Transfers

We will not share your data with third parties except in the following cases:

  • When necessary to provide the service (e.g. payment platforms, transport companies, subcontracted installers).

  • When required by law.

  • When you have given explicit consent.

We do not foresee any international data transfers outside the European Economic Area (EEA), except where we use service providers who may transfer data under an adequate legal framework (e.g. Standard Contractual Clauses). If this occurs, you will be informed accordingly.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, following these criteria:

  • While there is a contractual relationship or legitimate interest in maintaining it.

  • For the legally required periods (e.g. accounting/tax obligations: typically 6 years in Spain).

  • In any case, until you exercise your right to erasure, without prejudice to lawful retention for legal compliance or the defence of claims.

7. Your Rights

Under the UK GDPR (or EU GDPR, as applicable) and Spanish data protection laws, you have the following rights:

  • Right of access: to know what data we hold about you.

  • Right to rectification: to correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): to delete data when it is no longer needed.

  • Right to restriction of processing: under certain circumstances.

  • Right to object: particularly to processing based on legitimate interests or for direct marketing.

  • Right to data portability: where processing is based on consent or contract and carried out by automated means.

  • Right to withdraw consent at any time, where applicable.

  • Right to lodge a complaint with the supervisory authority (in Spain: the Spanish Data Protection Agency – AEPD) if you believe your rights have been infringed.

To exercise these rights, please contact us using the email address above or in writing to the data controller, stating your full name, the right(s) you wish to exercise, and any supporting documentation where necessary.

8. Data Security

We have adopted the necessary technical and organisational measures to ensure the security of personal data and to prevent its alteration, loss, unauthorised processing, or access, in accordance with the requirements of the GDPR. However, please note that no system of transmission or storage is 100% secure.

9. Use of Cookies and Similar Technologies

Our website uses cookies and similar technologies to:

  • Facilitate navigation, remember preferences, and manage sessions.

  • Analyse website usage to improve performance.

  • Display personalised advertising or collect information about displayed ads (where applicable).

A cookie notice will be provided when you visit the site, together with a link to a detailed cookie policy allowing you to accept, reject, or configure cookies.

10. Links to Other Websites

Our site may contain links to third-party sites (social networks, providers, partner websites). We are not responsible for the privacy practices or content of such third parties. We recommend reviewing the privacy policies of every site you visit.

11. Minors

This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors without parental or guardian consent. If we become aware that we have collected such data without consent, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time (e.g. due to legal changes, service updates, or technological improvements). Any modifications will be published on this page, indicating the date of the latest update. We encourage you to review it periodically.

Last updated: (insert date)

Specific Notes for the Client

Given that Aladdin Lights Ibiza provides equipment hire, installations, event services, and merchandising, the following aspects should be included:

  • If images or videos from events are collected (for use on the website or social media), it should be clearly stated how these are handled and whether consent is obtained from clients/attendees for commercial use.

  • If contact forms are used for quotations, specify what data is requested and the exact purpose.

  • If third-party services are used (payment platforms, email marketing, analytics, hosting, etc.), clarify that these are data processors and, where appropriate, name them or state that a processing agreement is in place.

  • For marketing communications (email campaigns about new services or promotions), specify the legal basis (consent) and the option to unsubscribe.

Would you like me to make this version sound more formal/legal (for a published policy) or more natural and friendly (for a website aimed at general customers)? I can adapt the tone accordingly.