The short version: We collect only what's needed to process your booking. We don't sell your data. We use Netlify and Stripe to process forms and payments — both are GDPR compliant. You have the right to access, correct, or delete your data at any time.
Zamá Charters is operated by Cristian Ortiz Suárez, a sole trader (enskild firma) registered in Sweden. We are the data controller for all personal data collected through zamacharters.com.
Contact: [email protected]
When you submit a booking request or contact us, we collect:
| Data | Why We Need It |
|---|---|
| Full name | To identify your booking and communicate with you |
| Email address | To send booking confirmations and pre-trip details |
| Phone / WhatsApp number | For direct communication about your charter |
| Charter details (date, experience, group size) | To fulfill your booking |
| Special requests | To prepare your experience appropriately |
| Country of origin | For booking coordination purposes |
When you visit zamacharters.com, standard web server logs may collect your IP address, browser type, pages visited, and time of visit. This data is held by Netlify (our hosting provider) and is used solely for security and performance monitoring. We do not use analytics tracking cookies or third-party advertising pixels.
Payment card details are processed entirely by Stripe. Zamá Charters never sees, stores, or handles your card number, CVV, or banking details. Stripe stores payment data on PCI DSS-compliant infrastructure.
We use your personal data only for the following purposes:
We do not use your data for: unsolicited marketing emails, third-party advertising, data brokering, or profiling.
After your charter, we may send a single follow-up email asking for a review. You can opt out of this by replying to any email with "unsubscribe" or contacting us directly. We do not send newsletters or marketing emails without your explicit consent.
We use the following third-party services that may process your data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Netlify | Website hosting and form collection | netlify.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Zoho Mail | Email communications | zoho.com/privacy |
| WhatsApp (Meta) | Direct client communication | whatsapp.com/legal |
| Google Fonts | Website typography | Google Privacy Policy |
Netlify and Stripe are GDPR-compliant and operate under EU Standard Contractual Clauses for data transfers. No personal data is sold or shared with third parties for marketing purposes.
Booking form submissions are stored on Netlify's servers (US-based, GDPR-compliant infrastructure). Booking records are retained for a minimum of 7 years as required by Swedish accounting law (Bokföringslagen). After this period, records are deleted.
Email communications are retained for the duration of the business relationship and up to 3 years thereafter. WhatsApp messages are subject to Meta's retention policies.
As a data subject under the EU General Data Protection Regulation (GDPR), you have the following rights:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY), Sweden's data protection authority, at imy.se.
Zamá Charters does not use tracking cookies, advertising cookies, or third-party analytics cookies. The only cookies placed on your browser are:
We do not use Google Analytics, Facebook Pixel, or any other advertising or tracking technology.
Zamá Charters does not knowingly collect personal data from children under 16 years of age without parental consent. Our booking services are intended for adults. If you are a parent or guardian and believe your child has submitted personal data to us, contact us immediately at [email protected] and we will delete the data promptly.