Legal
Privacy Policy
Last updated: 26 April 2026
1. Introduction
MagalufLive ("we", "us", "our") is operated by a company registered in England and Wales. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal information when you visit our website, make a booking or contact us.
We are the data controller for the personal data you provide to us. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.
2. What Personal Data We Collect
We may collect the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Full name, date of birth, gender |
| Contact Data | Email address, telephone number, postal address |
| Booking Data | Event selections, booking dates, group size, special requests |
| Financial Data | Payment card details (processed securely by our payment provider), transaction records |
| Technical Data | IP address, browser type, device information, operating system, referral source |
| Usage Data | Pages visited, time spent on pages, click patterns, search queries on our site |
| Communications Data | Emails, messages and enquiries you send to us, including via social media |
3. How We Collect Your Data
We collect personal data directly from you when you make a booking, create an account, subscribe to our newsletter, contact us with an enquiry, or interact with us on social media. We also collect data automatically when you browse our website through cookies and similar technologies (see our Cookie Policy for details). In some cases, we may receive data from third parties such as payment processors and analytics providers.
4. How We Use Your Data
We use your personal data for the following purposes, relying on the legal bases indicated:
| Purpose | Legal Basis |
|---|---|
| Processing and managing your bookings | Performance of a contract |
| Processing payments and refunds | Performance of a contract |
| Sending booking confirmations and event updates | Performance of a contract |
| Responding to enquiries and providing customer support | Legitimate interests |
| Sending marketing communications about events and offers | Consent (you can opt out at any time) |
| Improving our website and services | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Preventing fraud and ensuring website security | Legitimate interests |
5. Who We Share Your Data With
We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described above:
- Event Suppliers and Venues: We share your name, booking details and contact information with the relevant event organiser or venue to fulfil your booking.
- Payment Processors: Your payment details are processed securely by our third-party payment provider. We do not store your full card details on our servers.
- Analytics Providers: We use analytics services to understand how visitors use our website. These providers process data in an aggregated or anonymised form where possible.
- Email and Marketing Platforms: If you have opted in to receive marketing, we use third-party platforms to send communications.
- Legal and Regulatory Authorities: We may disclose your data if required to do so by law, regulation, legal process or enforceable governmental request.
We do not sell your personal data to third parties. We require all third parties to whom we disclose data to respect the security of your personal data and to treat it in accordance with applicable data protection law.
6. International Transfers
As our Suppliers operate in Spain, your personal data may be transferred to and processed in Spain and other countries within the European Economic Area (EEA). Transfers within the EEA are protected by the adequacy framework between the UK and the EU. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the relevant authorities.
7. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Booking data is typically retained for six years after the date of the event to comply with our legal and accounting obligations. Marketing data is retained until you withdraw your consent or unsubscribe. Technical and usage data collected through cookies is retained in accordance with the retention periods set out in our Cookie Policy.
8. Your Rights
Under data protection law, you have the following rights in relation to your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
- Right to Erasure: You can ask us to delete your personal data in certain circumstances.
- Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
- Right to Data Portability: You can request that we transfer your data to another organisation in a structured, commonly used format.
- Right to Object: You can object to our processing of your data where we rely on legitimate interests as the legal basis.
- Right to Withdraw Consent: Where we rely on your consent to process data (such as for marketing), you can withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include encryption of data in transit, secure server infrastructure, access controls and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
10. Children's Privacy
Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised "Last updated" date. We encourage you to review this page periodically. Where changes are significant, we may notify you by email or through a notice on our website.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Email: [email protected]
Website: magaluflive.com