LEGAL
Last updated: January 2026
At Plenoxecho.cloud, discretion and respect for your privacy are foundational to every interaction. This Privacy Policy explains how we collect, use, store, and protect the personal information of guests, prospective clients, and visitors to our website. It is designed to comply with the EU General Data Protection Regulation (GDPR), Malta's Data Protection Act, and other applicable laws.
We collect personal data you provide directly via our contact and inquiry forms, including but not limited to: full name, email address, telephone number, nationality, resort preferences, travel dates, dietary requirements, accessibility needs, and any additional information you choose to share to assist with your booking.
For confirmed reservations, we may additionally collect billing information, passport or identification details (as required by partner resorts), and emergency contact information. We do not store full payment card numbers — all transactions are processed by certified PCI-DSS compliant payment providers.
We also automatically collect limited technical information when you visit our website, such as IP address, browser type and version, device identifiers, referral source, pages visited, and timestamps. This data helps us improve site performance and security.
Your data is used to: (a) facilitate your reservation and concierge requests; (b) communicate updates regarding your inquiry; (c) personalize recommendations and itineraries; (d) comply with legal, regulatory, and tax obligations; (e) prevent fraud and ensure platform security; and (f) — with your explicit consent — send occasional curated communications about new experiences and exclusive offers.
We do not sell, rent, or trade your personal data to third parties for marketing purposes. Ever.
Under GDPR, we process your data under one or more of the following legal bases: (i) performance of a contract (e.g., fulfilling your booking); (ii) compliance with legal obligations; (iii) our legitimate interests in operating and improving our service; and (iv) your explicit consent, where required (e.g., marketing communications).
We may share necessary booking information with partner resorts, transfer providers, yacht operators, and other vendors solely to fulfill your reservation. All partners are bound by confidentiality and data-processing agreements.
We may also disclose information when required by law, in response to valid legal process, or to protect the rights, property, and safety of Plenoxecho, our guests, or the public. In the event of a corporate restructuring, merger, or acquisition, data may be transferred to the successor entity under equivalent privacy protections.
While Plenoxecho is based in Malta within the European Economic Area, some of our partners and technology providers may process data outside the EEA. In such cases, we ensure transfers are protected by Standard Contractual Clauses, adequacy decisions, or equivalent safeguards as required by GDPR.
Our website uses cookies and similar technologies to enhance the browsing experience, analyze traffic, and personalize content. We use:
Essential cookies — required for core site functionality, security, and form submissions.
Analytics cookies — anonymized usage statistics that help us understand visitor behavior and improve the site.
Preference cookies — remember your language and display settings.
Marketing cookies — only set with your explicit consent, used for limited remarketing on selected luxury-travel platforms.
You may disable cookies through your browser settings at any time, though some features of the site may not function as intended.
We employ industry-standard security measures including SSL/TLS encryption in transit, encrypted-at-rest databases, role-based access controls, two-factor authentication for staff, regular vulnerability assessments, and secure off-site backups. Despite these safeguards, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
In the unlikely event of a personal data breach affecting your information, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.
Under GDPR and Maltese data protection law, you have the right to:
• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete information.
• Erasure — request deletion of your data ("the right to be forgotten").
• Restriction — limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — at any time, where processing is based on consent.
• Complain — to the Office of the Information and Data Protection Commissioner (IDPC) in Malta.
Contact [email protected] to exercise any of these rights. We will respond within 30 days.
Personal data is retained only as long as necessary to fulfill the purpose for which it was collected, or as required by Maltese tax, accounting, and travel-industry law. Typical retention periods are: inquiry data — up to 24 months; booking and financial records — minimum 7 years; marketing consent records — until consent is withdrawn.
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided information to us, please contact [email protected] and we will promptly delete it.
With your explicit consent, we may send curated emails featuring new resort partnerships, seasonal experiences, and exclusive concierge offers. Every marketing email contains a one-click unsubscribe link. Transactional messages related to active bookings are not optional, as they are essential to the service.
This Privacy Policy may be updated periodically to reflect operational, legal, or regulatory changes. Material changes will be communicated via our website and, where appropriate, by email. The "Last updated" date at the top of this page indicates the most recent revision.
For privacy-related inquiries, requests, or complaints, please contact our Data Protection Officer at [email protected]. Postal correspondence may be addressed to: Plenoxecho.cloud — Data Protection, St. Julian's, Malta. We aim to respond to all privacy correspondence within five business days.