🇪🇸 ES 🇬🇧 EN
WhatsApp

PRIVACY POLICY

Tu privacidad es importante para nosotros. Aquí te explicamos cómo tratamos tus datos.

1. Data Controller

Identity: The Island Indoor Skatepark
Location: Mallorca, Balearic Islands, Spain
Contact: WhatsApp +34 680 851 112

2. Data We Collect

At The Island Indoor Skatepark, we may collect the following types of data:

  • Account data: When you create an account, we collect your email, name, profile photo (optional), and skill level. Authentication is managed through Google Firebase Authentication.
  • Activity data: Attendance confirmations, class bookings, visit history, loyalty points, and pass usage. This information is stored in our Cloudflare D1 database.
  • Contact data: Name and phone number when you contact us via WhatsApp for bookings or inquiries.
  • Browsing data: Technical information such as IP address, browser type, device used, and pages visited.
  • Cookie data: Information collected through our own cookies and third-party cookies (see cookie section).

3. Purpose of Data Processing

We use your data to:

  • Manage your user account and authentication through Firebase Authentication.
  • Process attendance confirmations, class bookings, and pass management.
  • Administer the loyalty points program and exclusive offers.
  • Manage bookings and inquiries about our skatepark services.
  • Inform you about events, competitions, jams, and special community activities.
  • Share community content (photos, videos) on our social media and website.
  • Analyze website usage to improve user experience (Google Analytics).
  • Display personalized advertising based on your interests (Google AdSense).
  • Send notifications about your bookings, classes, and activity (with your consent).
  • Comply with applicable legal obligations.

4. Use of Cookies

This website uses our own cookies and third-party cookies:

4.1 Our Own Cookies

  • Technical cookies: Required for the basic functioning of the website.
  • Preference cookies: To remember your language and configuration preferences.

4.2 Third-Party Cookies

  • Google Analytics: We use Google Analytics to analyze website traffic. Google may transfer this information to third parties when required by law, or when such third parties process the information on behalf of Google.
  • Google AdSense: We use Google AdSense to display personalized ads. Google and its advertising partners may use cookies to show ads based on your previous visits to this website or other websites on the Internet.

4.3 Personalized Advertising

Google uses advertising cookies to display relevant ads both on our site and on other sites within the Google network. You can manage your personalized advertising preferences by visiting Google Ads Settings.

5. Legal Basis for Processing

  • Consent: For the use of non-essential cookies and personalized advertising.
  • Legitimate interest: To improve our services and user experience.
  • Contract performance: To manage bookings and service provision.

6. Data Retention

Personal data will be retained for as long as necessary to fulfill the purpose for which it was collected and to determine any responsibilities that may arise from said purpose.

7. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request information about the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request the deletion of your personal data ("right to be forgotten").
  • Restriction: Request the restriction of processing of your data.
  • Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to the processing of your data for certain purposes.

To exercise any of these rights, contact us via WhatsApp: +34 680 851 112

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Secure authentication: We use Firebase Authentication with end-to-end encryption.
  • Secure storage: Your data is stored in Cloudflare D1, a database with SOC 2 Type II certification.
  • Encrypted connections: All website traffic uses HTTPS/TLS.
  • JWT tokens: Sessions are managed through signed and verified JWT tokens.

9. Service Providers

We use the following trusted service providers to process your data:

  • Google Firebase: User authentication (Firebase Authentication).
  • Cloudflare: Data storage (D1 Database), hosting, and CDN.
  • Google Analytics: Web traffic analysis.
  • Google AdSense: Personalized advertising.

All these providers comply with GDPR and have appropriate security certifications.

10. Photography, Video, and Community Content

The Island is a creative space where photography and video recording are part of skate culture. By using our facilities, you accept the following policies:

  • Recording Consent: By entering the skatepark, you consent to being photographed or recorded on video by other users or park staff.
  • Social Media Use: We may use photos and videos taken at the park for content on our social media (@theislandindoor), website, and promotional materials.
  • Tagging: When you share park content on social media, we encourage you to tag us. We may share your content on our official channels.
  • Events and Competitions: During special events, jams, or competitions, there may be more extensive photo and video coverage. These events will be announced in advance.
  • Right to Object: If you prefer not to appear in our official content, please inform staff. We will respect your decision.
  • Minors: For children under 14, we request parental/guardian consent for the use of images on our official channels.

Share the stoke, tag the park, and let's grow the community together!

11. Third-Party Links

Our website may contain links to third-party websites (WhatsApp, Instagram, Google). We are not responsible for the privacy practices of such sites. We recommend that you read their privacy policies.

12. Minors

This website is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14 without the consent of their parents or legal guardians. Children under 14 must be accompanied by an adult or bring signed authorization to use our facilities.

13. International Transfers

Some of our service providers (Google, Cloudflare) may process data outside the European Economic Area (EEA). These transfers are protected through:

  • Standard contractual clauses approved by the European Commission.
  • Privacy and security certifications (Privacy Shield, ISO 27001).
  • Technical measures for encryption and data protection.

13. Changes to This Policy

We reserve the right to modify this privacy policy at any time. Changes will be posted on this page with the date of the last update. We will notify you of significant changes via email (if you have an account) or through a prominent notice on the website.

15. Contact and Data Protection Officer

If you have any questions about this privacy policy, about the processing of your personal data, or wish to exercise your GDPR rights, you can contact us through:

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if you believe that the processing of your personal data does not comply with current regulations.

Last updated: January 23, 2026