General Information

The following information provides a clear overview of how personal data is processed when you visit this website. Personal data refers to all data that can be used to identify you personally, such as your name, address, email address, or online behaviour. Detailed information on data protection can be found in this Data Protection Policy below.

Legal Basis

In accordance with Article 13 GDPR, we inform you about the collection and processing of personal data when using this website. Personal data includes all data that can be personally associated with you, such as name, address, email address, and user behaviour.

Controller

The controller responsible for data processing on this website is:

Historical Tallship Sailing Ltd
Rony Haynes
55 Gzira Road
GZR 04 Gzira, Malta
Phone: +356 (0)21 318970
Email: info@historic-tallship-sailing.com

The controller determines the purposes and means of processing personal data.

How We Collect Data

Your data is collected in two ways:

• Data you provide to us, for example by entering information into a contact form, submitting an enquiry, subscribing to a newsletter, or applying for a position.

• Data collected automatically when you visit the website. This includes technical information such as browser type, operating system, time of access, and IP address. This data is collected automatically.

  
  

Personal data is processed for the following purposes:

• Ensuring the technically correct and secure operation of the website

• Facilitating and organising guest bookings

• Executing guest stays and services

• Coordinating stays according to guest interests and preferences

• Providing future services aligned with guest interests

• Analysing website usage to improve performance and services

• Marketing and service optimisation

Processing is carried out on the basis of Article 6(1)(a), (b), or (f) GDPR, depending on the purpose.

External Hosting

This website is hosted by an external service provider. Personal data collected on this website is stored on the servers of the hosting provider. This may include IP addresses, contact requests, metadata, communication data, contract data, names, website access data, and other data generated through website use. The use of external hosting serves the fulfilment of contracts with existing or potential customers (Art. 6(1)(b) GDPR) and the secure, efficient provision of online services (Art. 6(1)(f) GDPR). Where consent has been obtained, processing is based on Art. 6(1)(a) GDPR and §25(1) TDDDG. Consent may be withdrawn at any time. The hosting provider processes data only to the extent necessary to fulfil its obligations and in accordance with our instructions.

Your Rights

• Obtain information about stored personal data

• Request rectification or deletion of personal data

• Request restriction of processing

• Object to processing

• Withdraw consent at any time

• Receive your data in a portable, machine-readable format

• Lodge a complaint with a supervisory authority

Supervisory authorities include:

Germany: https://www.bfdi.bund.de
Austria: https://www.dsb.gv.at
Greece: http://www.dpa.gr

Right to Object (Article 21 GDPR)

If data is processed based on Article 6(1)(e) or (f) GDPR, you may object at any time for reasons arising from your particular situation. This also applies to profiling. If personal data is processed for direct advertising, you may object at any time. In such cases, the data will no longer be used for advertising purposes.

Data Security

This website uses SSL/TLS encryption to protect confidential transmissions. Encrypted connections can be recognised by the “https://” prefix and lock icon.

Please note that data transmission via the internet may have security vulnerabilities and cannot be completely protected against third-party access.

Cookies

This website uses cookies. Cookies are small text files stored on your device either temporarily (session cookies) or permanently.

Cookies may be:

• Technically necessary (Art. 6(1)(f) GDPR)

• Based on consent (Art. 6(1)(a) GDPR)

You can configure your browser to control cookie use. Disabling cookies may limit website functionality.

Server Log Files

The website provider automatically collects server log files including:

• Browser type and version

• Operating system

• Referrer URL

• Hostname

• Time of request

• IP address

This data is processed under Art. 6(1)(f) GDPR to ensure technical stability and security.

Contact Forms and Communication

If you contact us via forms, email, telephone, or fax, your data will be stored to process your request. Data is processed under Art. 6(1)(b), (f), or (a) GDPR depending on context. Data remains stored until you request deletion, withdraw consent, or the purpose no longer applies. Statutory retention periods remain unaffected.

Analytics and Tracking

Google Analytics

Provider: Google Ireland Limited, Dublin, Ireland

Google Analytics analyses website usage using cookies and similar technologies. IP anonymisation is enabled. Data may be transferred to the United States under EU-approved safeguards, including Standard Contractual Clauses and the EU-US Data Privacy Framework.

Consent is based on Art. 6(1)(a) GDPR and §25(1) TDDDG.

Opt-out plugin: https://tools.google.com/dlpage/gaoptout

Matomo

This website uses Matomo, hosted on our own servers. IP anonymisation is active. Data is not shared with third parties.

Processing is based on Art. 6(1)(f) GDPR or consent where applicable.

Google Tag Manager

Google Tag Manager manages tracking tools but does not create user profiles. IP addresses may be transferred to Google servers.

Legal basis: Art. 6(1)(f) GDPR or consent where applicable.

Social Media and Embedded Services

Provider: Juicer.io, Santa Monica, USA
Data such as IP address and browser information may be processed. See: https://www.juicer.io/privacy

Google Maps / Translator / Web Fonts / CDN

Google services may process IP addresses and technical data.

Data transfers follow EU-approved safeguards. Legal basis: Art. 6(1)(f) GDPR or consent where applicable.

Newsletter

Newsletter subscriptions require an email address and verification. Data is processed only for newsletter delivery.

Consent may be withdrawn at any time.

Job Applications

Personal data submitted during job applications is processed for recruitment purposes under Art. 6(1)(b) GDPR and §26 BDSG.

If no employment relationship is established, data is stored for up to six months unless legal obligations apply. Applicants may consent to inclusion in a talent pool for up to two years.

Protection of Minors

Personal data may only be submitted by individuals aged 16 or older, or with guardian consent.

Objection to Unsolicited Advertising

The use of published contact details for unsolicited advertising is expressly prohibited. Legal action may be taken in case of violations.

Final note

This Data Protection Policy complies with GDPR and related European data protection regulations and is valid as published.