Mallorca

Privacy policy

Last updated: May 2026

1. Data protection at a glance

General notes

The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. You can find detailed information on the subject of data protection in our privacy policy set out below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the section Note on the responsible party in this privacy policy.

How do we collect your data?

This website sets no cookies and uses no tracking in the conventional sense. We use Plausible Analytics as a self-hosted, privacy-friendly web analytics tool. Plausible sets no cookies, stores no personal data and creates no individual user profiles.

Other data is collected automatically or after your consent when you visit the website, through our IT systems. This is mainly technical data (for example internet browser, operating system or the time of the page request). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. The aggregated, anonymised analytics data from Plausible Analytics is used to evaluate how our website is used, without allowing any conclusions about individual people.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time about this and about further questions on the subject of data protection.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted on a Virtual Private Server (VPS) with IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). The personal data collected on this website is stored on the IONOS server in Germany. This may mainly involve IP addresses, contact enquiries, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of secure, fast and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR).

IONOS is based in Germany. All data is processed and stored exclusively on servers within the European Union. No data is transferred to third countries.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission over the internet (for example when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible party

The party responsible for data processing on this website is:

Sandor Farkas
Bessemerstraße 51, 1. OG
12103 Berlin

Phone: +49 152 362 00 976
Email: hallo@mallorca-plus.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (for example names, email addresses or similar).

Storage period

Unless a more specific storage period is mentioned within this privacy policy, your personal data remains with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (for example retention periods under tax or commercial law); in the latter case the data is deleted once those reasons cease to apply.

General notes on the legal bases for data processing on this website

Insofar as you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, where special categories of data under Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. Insofar as the data processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data insofar as it is necessary to fulfil a legal obligation, on the basis of Art. 6 (1) (c) GDPR. Data processing can also be carried out on the basis of our legitimate interest under Art. 6 (1) (f) GDPR.

Revoking your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, the persons concerned have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged breach. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

The competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
www.datenschutz-berlin.de

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, where applicable, a right to correction or deletion of this data. You can contact us at any time about this and about further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases: If you dispute the accuracy of personal data stored by us, we generally need time to check this. For the duration of the check you have the right to request the restriction of the processing of your personal data. If the processing of your personal data took place or is taking place unlawfully, you can request the restriction of data processing instead of deletion. If we no longer need your personal data but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion. If you have lodged an objection under Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

4. Data collection on this website

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request and IP address.

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose the server log files must be recorded.

Cookies

This website currently sets no cookies. We use neither our own nor third-party cookies.

Contact by email

If you contact us by email, your enquiry including all personal data arising from it (name, email address, enquiry) is stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) (b) GDPR, insofar as your enquiry is connected with the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), insofar as this has been requested.

The data you send us by email remains with us until you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (for example after your request has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.

Plausible Analytics (self-hosted)

This website uses Plausible Analytics as a self-hosted, privacy-friendly web analytics tool for the statistical evaluation of visitor accesses. Plausible is an open-source analytics tool that works entirely without cookies and stores no personal data. Only aggregated, anonymised data is collected, which allows no conclusions about individual people.

Plausible runs on our own server infrastructure with IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). All analytics data remains on our server in Germany and is not passed on to third parties. No data is transferred to third countries.

Specifically, the following data is collected anonymously and in aggregated form: pages visited, approximate location (only country/region, no precise localisation), browser used and device category (desktop, tablet, mobile), referrer (which page you came from) and the time of the page request.

Since Plausible processes no personal data and sets no cookies, no consent under Art. 6 (1) (a) GDPR is required for the use of this tool. The use is based on our legitimate interest in the statistical analysis of user behaviour for optimisation purposes in accordance with Art. 6 (1) (f) GDPR.

On the detail pages of our service provider directory we additionally record the following anonymous events, each without any personal reference: page views (Provider View), clicks on contact actions (Click Phone, Click Email, Click Website, Click WhatsApp, Click Maps) and, where applicable, submitted lead enquiries (Lead Submitted). To each event we attach only two public identifiers: the provider slug and the category slug of the relevant detail page. No names, email addresses, phone numbers or other personal data is transmitted. This evaluation serves solely the visibility statistics per provider and is the basis for the non-personalised optimisation of the directory in accordance with Art. 6 (1) (f) GDPR.

5. Newsletter

If you sign up for our newsletter, your email address is stored and processed for the purpose of sending the newsletter. The sign-up is based exclusively on your express consent in accordance with Art. 6 (1) (a) GDPR.

For sending the newsletter we use the service Resend (Resend, Inc.). The Resend servers through which the email is sent are located in Ireland (EU). No data is transferred to third countries. Resend processes your email address exclusively on our behalf and according to our instructions (processing on behalf in accordance with Art. 28 GDPR).

When you sign up for the newsletter, only your email address is collected. After signing up you receive a welcome email. You can unsubscribe from the newsletter at any time via the unsubscribe link in every newsletter email or by email to hallo@mallorca-plus.de. Your email address is deleted from our distribution list immediately after you unsubscribe.

6. Affiliate links and partner recommendations

This website contains so-called affiliate links to products and services of external providers. If you click on such a link and buy a product or use a service from the respective provider, we receive a commission.

We currently work with the following affiliate partners:

When you click on an affiliate link you are forwarded to the website of the respective provider. From that point on the privacy provisions of the respective provider apply. We have no influence on the data processing by third-party providers. The respective provider may in turn set cookies or use tracking mechanisms to trace the origin of the buyer and to correctly assign the commission.

Affiliate links are included on the basis of our legitimate interest in the economic financing of our editorial offering in accordance with Art. 6 (1) (f) GDPR. Affiliate links are labelled on our website as partner recommendation or advertising.

7. Links to external websites

Our website contains links to external websites. When you click on these links you leave our website. We have no influence on the data protection practices of these external websites. Please inform yourself about their privacy policies on the respective websites.

8. Service provider directory

A reader-oriented explanation of the directory (sources, selection, badges, financing) can be found on the page About the directory.

On our website we run a directory of local service providers on Mallorca. The information listed in this directory (company name, contact details, opening hours, location) comes exclusively from publicly accessible sources such as Google Maps, the websites of the respective service providers or public business directories.

This data is processed on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR, namely to provide an informative directory for German-speaking users on Mallorca.

The displayed ratings (stars and count) come from Google and are not created or influenced by us. We link to the Google profile of the respective service provider so that users can view the full ratings.

If you are listed as a service provider in our directory and would like to have your listing changed or removed, please contact us by email at hallo@mallorca-plus.de. We will deal with your request within 72 hours.

Data sources and recipients

To maintain the directory we retrieve the master data and the aggregated rating data (average stars, number of reviews) of the listed providers via the Google Maps Platform (Places API). This is a server-to-server call from our automation pipeline; the directory itself sets no Google cookies in the browsers of our users and embeds no Google Maps iframes.

The recipient of these requests is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the EU contractual partner and, within the group, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The legal basis is our legitimate interest in an up-to-date, accurate directory in accordance with Art. 6 (1) (f) GDPR.

For the transfer to the USA, Google relies on standard contractual clauses (SCCs) in accordance with Art. 46 (2) (c) GDPR and on its certification under the EU-US Data Privacy Framework (DPF). Details on the data processing conditions and on the transfer to third countries can be found in the Google privacy policy.

The retrieved data is cached locally on our infrastructure and reconciled with Google again at least every 30 days. In doing so we implement the principle of data minimisation: master data and rating data reflect the state of the last reconciliation; older values are overwritten. Images and review texts are not stored and not displayed. A detailed explanation of the update and deletion logic can be found on the page About the directory.

Verification and recommendations

Service providers in the directory may be marked with the levels verified or trusted. Verified means that we have contacted the service provider personally. Trusted means that at least three users have independently recommended the service provider. Both labels are assigned manually by us and do not constitute a contractual assurance.

Via the contact form you can recommend service providers to us that we do not yet know. In doing so we process the data about the service provider you voluntarily provide (company name, region, website, phone, description) as well as your name and your email address. This processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and our legitimate interest in maintaining the directory in accordance with Art. 6 (1) (f) GDPR. Your data is used exclusively to process the recommendation and is not passed on to third parties. Your name is not published as the person making the recommendation.

Self-registration by service provider owners

Owners and authorised representatives of a service business can apply for inclusion in our directory via the contact form. In doing so the company data provided (company name, contact details, region, languages, description) as well as the name and email address of the registering person are processed. The processing is carried out to implement pre-contractual measures at the request of the data subject in accordance with Art. 6 (1) (b) GDPR and on the basis of our legitimate interest in maintaining an up-to-date directory in accordance with Art. 6 (1) (f) GDPR. Every listing is checked manually before publication. Inclusion in the directory only takes place after a successful review and does not establish any legal entitlement.

Structured enquiries via the provider form

On every detail page of a service provider we offer, in addition to phone, email and website, a structured enquiry form. If you use it, we process the data you provide (name, email, optionally phone, category-specific required fields such as place, frequency or urgency, as well as your message) for the purpose of forwarding it to the respective provider. The legal basis is your express consent in accordance with Art. 6 (1) (a) GDPR, which you give with the corresponding checkbox in the form, as well as the implementation of pre-contractual measures at your request in accordance with Art. 6 (1) (b) GDPR.

Your enquiry is sent by email to the selected service provider, with Mallorca Plus on blind copy for internal traceability. The provider can reply directly to the enquiry (reply-to). We do not keep our own database of enquiries. The internal mailbox (leads@mallorca-plus.de) serves as an audit trail and is deleted after 24 months. You can request the deletion of your enquiry at any time at datenschutz@mallorca-plus.de; we will then also forward the deletion to the provider concerned.

In individual categories explicitly marked as advertising (pay-per-lead), Mallorca Plus receives a commission from the provider for referred enquiries. This does not change the processing of your data; the content and recipient of the enquiry remain the same. The commercial relationship is visibly disclosed in the enquiry form.

The delivery service provider for email delivery is Resend, Inc. (servers in Ireland, EU). No transfer to third countries takes place. The provider to whom your enquiry is forwarded acts as an independent recipient and is itself responsible for its further processing.

For spam protection the form contains a hidden honeypot field; we also count clusters of URLs in messages. Suspicious enquiries are checked manually and not automatically forwarded to the provider. We also limit the number of enquiries per IP address and provider per hour. For this purpose the IP address is only held briefly in working memory and is not stored persistently.

9. Registration and user accounts

This website currently offers no registration or user accounts. No access data, passwords or login information is collected or stored.

10. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the site operator, this page uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from http:// to https:// and by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

11. Validity and amendment of this privacy policy

This privacy policy is currently valid and was last updated in March 2026. Due to the further development of our website or because of changed legal or official requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed by you at any time on this website.