Data Protection

Your data, handled with care.

This page explains how HERB processes personal data in line with the European data protection rules, including the GDPR.

Important note: This page is maintained by HERB as a privacy notice for visitors and clients. It is based on standard European data protection principles and should be reviewed by your legal advisor before publication.

Who we are

HERB Management ("HERB", "we", "us") provides property and yacht management services across the Balearic Islands. For data protection purposes, we act as the data controller for information collected through this website and our client services.

Contact details:
Email: dan@herb.partners
Address: 07518, Lloret de Vistalegre, Illes Balears, Spain
Head office: Palma Marina, Palma de Mallorca, 07012, Spain

What data we collect

We collect personal data that is necessary to manage estates and yachts and to communicate with our clients. This may include:

  • Name, email address, and phone number
  • Property and yacht details
  • Billing address and payment information
  • IP address and browser information
  • Cookies and similar technologies used to operate the website

How we use your data

We use personal data to deliver our management services and maintain the relationship with our clients. Typical purposes include:

  • Managing estates and yachts on behalf of our clients
  • Processing quotes, invoices, and maintenance records
  • Communicating about services, appointments, and requests
  • Improving website functionality and security
  • Complying with legal and accounting obligations, where applicable

Legal basis for processing

Under European data protection rules, we process personal data only when one of the following legal bases applies:

  • Performance of a contract — to provide the property or yacht management services we have agreed to deliver
  • Legal obligation — to comply with tax, accounting, or other applicable laws
  • Legitimate interests — to operate our business, maintain the website, and keep client records secure
  • Consent — where you have given clear permission, for example for marketing communications

How long we keep your data

We keep personal data only for as long as it is needed for the purposes described above, or for as long as required by law. Client records are generally retained while the person or company remains a client and for a reasonable period afterwards to meet legal, accounting, and dispute resolution requirements.

Who we share data with

We do not sell personal data. We may share data with trusted service providers who help us run the website and deliver services, such as:

  • Hosting and database providers
  • Email and communication services
  • Payment processors
  • Maintenance, contractors, and suppliers where needed to manage a property or yacht

These providers are contractually required to protect the data and use it only for the services they provide to us.

Cookies and tracking

Our website uses cookies and similar technologies to operate securely and improve the browsing experience. You can control cookies through your browser settings. For any cookies that require consent under local law, we will ask for your permission before placing them.

Your data protection rights

Under the GDPR and related European data protection rules, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data in certain circumstances
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, commonly used format
  • Right to object — object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent — withdraw any consent you have given at any time

To exercise these rights, please contact us at dan@herb.partners. We will respond within one month, or longer if permitted by law.

International transfers

Client data is primarily stored and processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data security

We apply appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse. This includes access controls, encryption where appropriate, and regular review of our security practices.

Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

Changes to this policy

We may update this policy from time to time to reflect changes in our services or legal requirements. The latest version will always be available on this page, and the effective date is shown below.

Contact us

If you have any questions about this policy or how we handle your personal data, please contact us at dan@herb.partners or write to us at:

07518, Lloret de Vistalegre
Illes Balears, Spain

Effective date: 18/07/2026