Effective Date: January 12, 2026
CrossWave Malta (“we”, “us”, “our”, “CrossWave”, operating at https://crosswaverhodes.com/, with address 4 Planet Court, Ix-Xatt ta’ Tigné, Sliema, SLM 1101, Malta, email: info@crosswavemalta.com, phone: +356 77 615 794) is the data controller responsible for processing personal data through this website and booking services. We process data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as applicable in Malta via the Data Protection Act (Chapter 586 of the Laws of Malta), and other applicable laws.
Information We Collect
We collect personal data when you book tours, create an account, subscribe to newsletters, or interact with our site. This includes: name, email, phone, address, date of birth, payment details (via secure processors like Stripe/PayPal), IP address, browsing data (cookies), and special categories like boating licenses if provided for bookings. We also collect data from third parties (e.g., payment gateways, tour operators) for service fulfillment.
How We Use Your Data
- Legal Basis: Consent (for marketing), contract necessity (bookings/payments), legitimate interests (site security/analytics), legal obligations (tax/invoicing).
- Purposes: Process bookings, send confirmations/itineraries, manage payments, improve services (analytics via Google Analytics), prevent fraud, send marketing (opt-out anytime), comply with laws.
- We retain data for 6 years post-booking for legal reasons, then anonymize/delete unless required longer.
Sharing Your Data
We share data only as needed: tour operators for fulfillment, payment processors, hosting providers (e.g., site host), legal authorities if required, or in business transfers. No selling of data. International transfers (e.g., to US providers) use Standard Contractual Clauses or adequacy decisions.
Your Rights
Under GDPR, you have rights to access, rectify, erase (“right to be forgotten”), restrict processing, data portability, object (e.g., to marketing), and withdraw consent. Exercise via info@crosswavemalta.com. Complaints to the Information and Data Protection Commissioner (IDPC) Malta (https://idpc.org.mt/).[3]
Cookies and Tracking
We use essential cookies (bookings), analytics (Google Analytics, opt-out available), and marketing cookies (with consent banner). Manage via browser settings. Full cookie policy [link to policy].
Data Security
We use SSL encryption, firewalls, access controls. While no system is 100% secure, we take reasonable measures.
Children’s Privacy
No services for under 18s without parental consent; we do not knowingly collect their data.
Changes
We may update this policy; continued use implies acceptance. Check periodically.