Privacy Policy for SeyFerry (seychelles-ferry.com) Last Updated: March 30, 2026

We take the protection of your personal data and your privacy very seriously. Behind SeyFerry are real people who value the careful handling of personal data. This Privacy Policy explains how we collect, process, and use your data when you visit our website and use our booking services, in full compliance with the EU General Data Protection Regulation (GDPR).

1. Controller Information

The responsible entity (Data Controller) for data processing on this website is:

SeyFerry: SunMediaSitours GmbH Rottweg 39, 5020 Salzburg, Austria Email: [email protected]

2. What Data We Collect and Why

We adhere to the principle of data minimization and only collect data necessary for the functionality of our website, the processing of your bookings, and our legitimate business operations.

A. Data collected automatically (Server & Infrastructure) When you visit our website, certain technical data is automatically logged to ensure security and functionality.

  • Data collected: IP address, browser type/version, operating system, referring URL, time of access.

  • Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in maintaining server stability and security.

B. Data you provide directly (Bookings & Support) When you book a ferry, contact us, or subscribe to communications, we process data you actively provide.

  • Data collected: Name, email address, phone number, billing/postal address, payment details, and travel/booking parameters.

  • Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and Consent (Art. 6(1)(a) GDPR).

3. Third-Party Services and Data Processors

To provide a secure, fast, and reliable service, we utilize various third-party tools. We have Data Processing Agreements (DPAs) in place with these providers (per Art. 28 GDPR) to ensure your data is handled securely.

Hosting, Infrastructure & Security

  • Amazon Web Services (AWS) & Google Cloud: We use these services to securely host our website, databases, and backend infrastructure.

  • Cloudflare: Used as a Content Delivery Network (CDN) and web application firewall to optimize website loading speeds and protect against malicious traffic (e.g., DDoS attacks).

Payment Processing

  • Stripe: All online payments are securely processed via Stripe. We do not store your full credit card information on our servers. Stripe processes your payment details securely under their own strict privacy and PCI-DSS compliance standards.

Customer Support & Communication

  • Zendesk: We use Zendesk as our customer service ticketing system to manage and respond to your inquiries efficiently.

  • Sipgate: Used for our telecommunications and VoIP services when you contact our phone support.

  • Mailgun: Used to reliably deliver transactional emails, such as your booking confirmations, tickets, and operational updates.

Monitoring & Analytics

  • Google Analytics & Google Search Console: Used to understand how visitors interact with our website so we can improve the user experience. IP anonymization is active.

Consent Management

  • Usercentrics: We use Usercentrics to manage your cookie preferences and ensure we have legally valid consent before loading non-essential tracking scripts.

4. Marketing, Google Consent Mode & Customer Match

Google Consent Mode v2 We respect your privacy choices. We have implemented Google Consent Mode, which acts as a bridge between our consent management platform (Usercentrics) and Google’s services (Analytics and Ads).

  • If you decline cookies, Google Consent Mode ensures that Google tags dynamically adjust their behavior. Instead of storing identifiable cookies, they will only transmit basic, anonymized “pings” to measure conversions and website traffic without tracking you as an individual.

Google Ads We use Google Ads to promote our services. Based on our legitimate interest in direct marketing (and subject to your consent where required by law), we may utilize Google’s Customer Match feature.

  • How it works: We may upload encrypted (hashed) lists of customer email addresses to Google. Google compares these hashed files against their own user base to display relevant SeyFerry advertisements to you when you use Google services (like Search or YouTube).

  • Data Security: The data is strictly hashed locally before upload, meaning Google never receives unencrypted email addresses. Google is not permitted to use this data for any purpose other than matching for our specific ad campaigns, and the data is deleted after the matching process.

  • Opt-out: You can opt out of personalized advertising at any time via your Google Account settings, or by withdrawing your marketing consent directly with us.

5. Use of Cookies

We use cookies to ensure a smooth online experience.

  • Session Cookies: Essential for website functions like maintaining your booking progress. They are deleted when you close your browser.

  • Persistent Cookies: Used to remember your preferences (e.g., language selection) for future visits.

  • Third-Party Cookies: Set by our partners (like Google Analytics) for statistical evaluation and marketing, only if you grant permission via our Usercentrics consent banner.

You can manage, change, or withdraw your cookie consent at any time by clicking the “Cookie Settings” link in the footer of our website.

6. International Data Transfers

Some of our service providers (e.g., Google, AWS, Stripe, Zendesk) are based in or process data in the United States. Whenever personal data is transferred outside the European Economic Area (EEA), we ensure an adequate level of data protection is maintained. This is achieved through reliance on the EU-US Data Privacy Framework (DPF) for certified companies, or by executing Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We only store your personal data for as long as is necessary to fulfill the purposes outlined in this policy, or as required by statutory retention periods (e.g., tax and commercial laws require us to keep booking and invoicing data for up to 10 years). Once the retention period expires, your data will be routinely and securely deleted.

8. Your Rights Under the GDPR

Under the GDPR, you have comprehensive rights regarding your personal data:

  • Right of Access (Art. 15): You can request information about the data we hold about you at any time, free of charge.

  • Right to Rectification (Art. 16): You can request the correction of inaccurate or incomplete data.

  • Right to Erasure (Art. 17): You can request the deletion of your data, provided there are no legal obligations requiring us to retain it.

  • Right to Restriction of Processing (Art. 18): You can request that we restrict the processing of your data under certain conditions.

  • Right to Data Portability (Art. 20): You have the right to receive your data in a structured, commonly used, and machine-readable format.

  • Right to Object (Art. 21): You can object to the processing of your data for direct marketing purposes at any time.

To exercise any of these rights, or to withdraw your consent to data processing, please email: [email protected] with the subject “Data Privacy Request.”

9. Changes to this Privacy Policy

As our services evolve and legal requirements change, we reserve the right to update this privacy policy. The current version will always be available on our website.