Start typing your search above and press Enter to search
Phone
Support
Woman enjoying a cocktail on a luxury yacht while sailing with two men in the background at sunset

OneDay Barcelona Privacy Policy

In this Privacy Policy we explain in a clear and simple way how we process your personal data when you use the website https://onedaybarcelona.com, when you write to us, call us or book one of our nautical experiences in Barcelona.

We recommend that you read this text carefully. If you still have any questions related to the protection of your data afterwards, you can write to us at priv@onedaybarcelona.com.

By using this website or providing us with your data, you accept this Privacy Policy and undertake to provide truthful and up-to-date information.

Last update of this Privacy Policy: 24 April 2026

Table of contents

  1. Data controller
  2. Data we may process
  3. Purposes of the processing
  4. Legal basis for processing
  5. Data retention
  6. Recipients and providers
  7. Online payments via Redsys
  8. Use of WhatsApp Business
  9. Google Maps as an external link
  10. International transfers
  11. User rights
  12. Data security
  13. Minors
  14. Commercial communications
  15. Third-party links
  16. Relationship with the Cookies Policy
  17. Changes to this Privacy Policy
  18. Contact

1. Data controller

The controller of your personal data is:

  • Controller: BARCELONA SAIL DREAMS S.L.
  • Trade name: OneDay Barcelona
  • Tax ID: B21752340
  • Address: C/ Font del Tarrés 95, 08560 Manlleu, Barcelona, Spain
  • Website:https://onedaybarcelona.com
  • Email for privacy/data protection:priv@onedaybarcelona.com
  • Contact phone: +34 93 531 97 07

The main activity of OneDay Barcelona is the organisation and sale of nautical experiences, sailing trips, private activities and services related to nautical tourism in Barcelona.

2. Data we may process

The types of personal data we may process depend on how you interact with us (contact form, booking request, phone call, email, WhatsApp Business, etc.). In general, we may process:

  • Identification and contact data: first name, last name, email, telephone number.
  • Data you voluntarily provide in website forms, emails, phone calls or WhatsApp Business messages, such as comments, preferences, special needs or any additional information you wish to share.
  • Booking data: chosen experience, date, time, number of people, language, preferences, remarks or comments relevant to organising the activity.
  • Payment data: data necessary to manage payment through the Redsys gateway. OneDay Barcelona does not store the full details of your bank card.
  • Billing data (where applicable): name or company name, tax ID, billing address and other data required to issue an invoice.
  • Minimum technical data for security and website operation: IP address, device identifiers, server logs and browsing data that are essential to maintain the security of the website and prevent misuse.

We do not intentionally request or process special categories of personal data (such as health data, religion, ideology, etc.), unless you include them voluntarily in your messages (for example, when mentioning a physical condition relevant to the activity). In such cases, we will only use them to correctly manage your booking and to ensure your safety during the experience.

3. Purposes of the processing

We use your personal data only for specific, explicit and legitimate purposes related to our activity. In particular, we may process your data to:

  1. Respond to information requests: when you fill in the contact form, send us an email, call us or write to us via WhatsApp Business to request information about our nautical experiences, timetables, prices, conditions, etc.
  2. Manage bookings or requests for services: when you decide to book an experience, we need your data to process the booking, confirm availability, handle changes or cancellations and coordinate the details of the activity.
  3. Maintain communications related to the requested service: for example, to send you booking confirmations, reminders, information about the meeting point, timetable changes due to weather conditions, safety notices or similar communications.
  4. Manage payments through Redsys: when you make an online payment, your data are used to process the charge through the corresponding payment gateway.
  5. Issue invoices, where applicable: if you request an invoice or we are legally obliged to issue one, we will use your billing data to generate it and retain it in accordance with the applicable regulations.
  6. Comply with legal, tax, accounting or administrative obligations: for example, to comply with requests from public administrations, competent authorities or law enforcement agencies, when necessary.
  7. Ensure the security and proper functioning of the website: through the use of basic technical data, activity logs and controls aimed at preventing unauthorised access, fraudulent uses or security incidents.
  8. Handle user rights or claims: to manage requests to exercise data protection rights, complaints, incidents or disputes related to our services.

We do not use your personal data for behavioural advertising, for creating advanced commercial profiles, or to sell data to third parties or transfer them to advertisers.

4. Legal basis for processing

The legal bases that allow us to process your personal data are:

  • Performance of pre-contractual or contractual measures: when you request information prior to booking, book an experience or hire a service, we need to process your data to manage that relationship (Art. 6.1(b) GDPR).
  • Your consent: when you voluntarily send us a form, email, WhatsApp Business message or other communication, you provide personal data that we process on the basis of your consent (Art. 6.1(a) GDPR). You may withdraw your consent at any time, without retroactive effect, by writing to priv@onedaybarcelona.com.
  • Compliance with legal obligations: in tax, accounting, commercial or data protection matters, as well as to comply with requests from public or judicial authorities (Art. 6.1(c) GDPR).
  • Legitimate interest: to maintain the security of the website, prevent abuse or fraudulent use, and retain basic evidence of communications and operations related to requested services (Art. 6.1(f) GDPR), always balancing your rights and freedoms.

5. Data retention

We retain your data only for as long as necessary for each purpose and, afterwards, for the periods legally established. In particular:

  • Contact and enquiry data: will be kept for the time strictly necessary to deal with your request and, at most, while liabilities may arise or there are pending communications.
  • Data related to bookings and contracted services: will be retained for the duration of the contractual relationship and for the limitation periods of any legal, civil, tax or administrative liabilities that may arise.
  • Billing and accounting data: will be kept for the periods laid down by the applicable tax and commercial regulations.
  • Technical security data and logs: will be stored for the time needed to ensure website security, investigate incidents, prevent fraud and comply with applicable legal obligations.

In all cases, we will not retain your personal data for longer than necessary for the purpose for which they were collected. Once these purposes and the legal periods have been fulfilled, the data will be deleted or, where appropriate, anonymised in a secure manner.

6. Recipients and providers

We do not sell your personal data to third parties or transfer them to advertisers. Your data will only be communicated to third parties when it is necessary to provide the service, to comply with the law or when you have expressly authorised it.

In particular, the following types of providers may have access to your data, acting as data processors following our instructions and with the corresponding safeguards:

  • Web hosting and website maintenance services.
  • Email and communication systems.
  • Website management and development services.
  • WhatsApp Business platform, for the management of messages and instant communications.
  • Redsys payment gateway and, where applicable, the banks involved in the collection of payments.
  • Accounting, tax or legal advisory services, when they need access to billing data or documentation related to transactions.
  • Other technology providers necessary for the normal operation of the website and booking management, always under a data processing agreement and with appropriate safeguards.

In addition, we may disclose personal data when there is a legal obligation or a request from a competent authority (for example, courts, law enforcement agencies or public administrations).

7. Online payments via Redsys

Online payments for our experiences are made through the secure platform Redsys or the corresponding bank.

  • When you make an online payment, you are redirected to a secure environment of the gateway or the bank, where you will enter your card details.
  • OneDay Barcelona does not store the full details of your bank card. The processing of these data takes place mainly in the infrastructure of Redsys or the financial institution.
  • We only retain the information necessary to identify the transaction (amount, date, transaction reference, payment status, etc.) so that we can manage the booking, resolve incidents, process refunds where applicable and meet our accounting and tax obligations.

We recommend that you also consult the privacy policy and terms and conditions of the entity processing the payment (Redsys and/or your bank) to learn more about how your data are processed.

8. Use of WhatsApp Business

OneDay Barcelona provides a communication channel via WhatsApp Business so that you can make quick enquiries, request information or manage bookings.

  • The data you send us via WhatsApp Business (for example, name, phone number, booking details or any information you share in your messages) will be used exclusively to respond to your enquiry, manage the booking or provide the requested service.
  • We will not use this channel to send you a newsletter or to carry out behavioural advertising based on your usage habits.
  • Please note that WhatsApp is a service provided by Meta Platforms. By using it, you are also subject to their terms of use and privacy policy, which we recommend you review.

9. Google Maps as an external link

On our website we may include external links to Google Maps to help you locate the meeting point for experiences or to check information related to the location.

  • Google Maps is not loaded on the website as an embedded iframe. We only use links that lead to Google pages.
  • When you click on these links, you will leave our website and access a site managed by Google, which is governed by its own terms of use and privacy policies.
  • We recommend that you review the Google privacy policy to learn how your location and browsing data are processed when you use their services.

10. International transfers

Some of our technology or service providers (for example, communication platforms, management tools or hosting) may be located outside the European Economic Area (EEA) or may provide their services from countries outside this area.

In such cases, if an international data transfer takes place, we will ensure that the legally required safeguards are adopted, such as:

  • The existence of an adequacy decision by the European Commission regarding the destination country.
  • The signing of standard contractual clauses approved by the European Commission or other legally binding mechanisms.
  • The application of binding corporate rules or other safeguards recognised by data protection regulations.

If you would like more information about specific providers or the safeguards applicable to international transfers, you can write to us at priv@onedaybarcelona.com.

11. User rights

At any time, and under the terms provided for in the applicable regulations, you may exercise the following data protection rights:

  • Access: to find out whether we process your personal data and, if so, obtain a copy of them and additional information about the processing.
  • Rectification: to request the correction of inaccurate or incomplete data.
  • Erasure: to request the deletion of your data when, among other reasons, they are no longer necessary for the purposes for which they were collected.
  • Objection: to request that we do not process your data for certain reasons related to your particular situation, unless there are compelling legitimate grounds or we must retain them due to legal obligations.
  • Restriction of processing: to request that we restrict the processing of your data in certain circumstances (for example, while we verify the accuracy of the data or the legal basis for processing).
  • Portability: to receive your data in a structured, commonly used and machine-readable format, and to transmit them to another controller where the processing is based on consent or a contract and is carried out by automated means.
  • Withdrawal of consent: in cases where the processing is based on your consent, you may withdraw it at any time, without retroactive effect.

To exercise these rights, you can contact us via:

In order to handle your request, we may ask you for additional information to verify your identity and confirm which data you wish to exercise your rights over.

If you believe that your rights have not been properly addressed, you also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or another competent supervisory authority. You can find more information at https://www.aepd.es.

12. Data security

We apply reasonable technical and organisational measures to protect your personal data and minimise the risks of loss, misuse, unauthorised access, improper disclosure or alteration.

Among other things, we implement measures related to:

  • Use of secure channels for sending sensitive information (such as the payment gateway).
  • Restricted access controls to personal data by staff who need them to perform their duties.
  • Internal procedures for managing security incidents and backups.

Although we work to protect your data, no system is completely infallible. Therefore, we cannot guarantee absolute security, but we do undertake to act diligently and to notify, where required, relevant incidents to the supervisory authority and the users concerned.

13. Minors

The OneDay Barcelona website and services are aimed mainly at adults. We do not knowingly collect personal information from children under 14 years of age without the verifiable consent of their parents or legal guardians, when required by law.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, you can contact us at priv@onedaybarcelona.com to request their deletion.

14. Commercial communications

Currently, the OneDay Barcelona website does not have a newsletter and we do not send regular automated commercial communications.

However:

  • We may send you communications necessary to manage your booking or the contracted service (confirmations, reminders, notices of changes, etc.). These communications are not advertising, but form part of the service.
  • We will only send you more commercial-type communications when you expressly request them or where there is a pre-existing contractual relationship that legally allows it, and always respecting your right to object at any time.

15. Third-party links

Our website may include links to third-party pages (for example, Google Maps, social networks, providers of complementary services or other sites of interest).

  • Please note that we cannot be held responsible for how these third parties process your personal data or for the content of their sites.
  • When you click on an external link, you will leave the OneDay Barcelona website and become subject to the terms of use and privacy policies of the destination site.
  • We recommend that you read the privacy policies of those sites carefully before providing them with your personal data.

16. Relationship with the Cookies Policy

In addition to this Privacy Policy, we have a Cookies Policy in which we explain which cookies are used on the website, for what purposes and how you can manage them.

  • The website uses only necessary technical cookies for the correct functioning of the site and the provision of services, as detailed in the Cookies Policy.
  • We do not use external advertising tracking systems or behavioural advertising cookies to show you personalised ads.
  • We do not use services such as reCAPTCHA or other external anti-spam systems in the website forms.

We invite you to consult the Cookies Policy for additional and up-to-date information on the use of cookies on this site.

17. Changes to this Privacy Policy

We may update this Privacy Policy when necessary to adapt it to legislative changes, criteria from supervisory authorities or changes in the operation of the website and the services offered.

  • We will publish the new version on this same page, indicating the date of the last update at the beginning of the text.
  • In the event of significant changes that substantially affect your rights or the way we process your data, we may inform you via the available contact methods, where possible.

We recommend that you review this Privacy Policy periodically to stay informed about how and why we process your personal data.

18. Contact

If you have any questions about this Privacy Policy, about the processing of your personal data or if you wish to exercise your rights, you can contact us via:

For commercial enquiries, bookings or information about experiences, we recommend that you use:

  • The contact form available on the website.
  • The contact phone number indicated on the website.
  • The WhatsApp Business channel of OneDay Barcelona.

We will be happy to help you and answer any questions related to your data and the nautical experiences we offer in Barcelona.

time - 0.05 seg.