Privacy Policy

Introduction

The Mälu Club Limited ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you visit monacof1yachttickets.com, purchase tickets, or contact us in connection with the Monaco Grand Prix 2026 Superyacht Experience.

We are registered in England and Wales (Company No. 15059759) and act as the data controller for the personal data we collect about you.

What Data We Collect

Information you provide to us

• Your name and contact details (email address, phone number)
• Billing information and payment card details (processed securely by Stripe — we never store card details)
• Number of guests and ticket preferences
• Any additional information you provide when contacting us by email or enquiry form
• Dietary requirements or accessibility needs if provided voluntarily

Information collected automatically

• IP address and browser type
• Pages visited and time spent on the site
• Device information (desktop, mobile, tablet)
• Referring website or source

Information from third parties

• Payment confirmation and transaction data from Stripe
• Analytics data from Netlify hosting infrastructure

How We Use Your Data

We use your personal data for the following purposes:

• Processing your booking — to confirm your reservation, process your deposit payment, and manage your ticket for the event
• Event communications — to send you important information about the event, including schedules, logistics, and any changes
• Customer service — to respond to your enquiries and provide support before, during, and after the event
• Legal and financial obligations — to comply with applicable laws, accounting requirements, and fraud prevention
• Marketing — only with your explicit consent, to inform you about future Mälu Club events and experiences

Legal basis for processing (UK GDPR)

• Contract performance — processing your booking and deposit payment
• Legitimate interests — responding to enquiries, improving our service, fraud prevention
• Legal obligation — financial record-keeping and compliance
• Consent — marketing communications (you may withdraw consent at any time)

Stripe Payments

All payment processing is handled by Stripe Inc., a PCI-DSS compliant payment processor. When you make a payment:

• Your card details are entered directly on Stripe's secure servers and are never transmitted to or stored by us
• Stripe may collect and process your payment data in accordance with their own privacy policy, available at stripe.com/gb/privacy
• We receive a transaction confirmation and your name/email from Stripe to process your booking
• All transactions are encrypted using TLS/SSL technology

How We Share Your Data

We do not sell your personal data. We may share it only in the following limited circumstances:

• Stripe — for secure payment processing
• Event suppliers — such as the superyacht operator, catering team, and venue management, solely to deliver your booked experience
• Legal authorities — where required by law or to protect our legal rights
• Professional advisors — accountants, lawyers, or insurers under strict confidentiality obligations

How Long We Keep Your Data

• Booking and payment records — 7 years (required by UK tax law)
• Event attendee information — up to 12 months after the event
• Marketing preferences — until you withdraw consent
• Enquiry correspondence — 2 years from last contact

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right to access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your data where there is no legitimate reason to retain it
• Right to restrict processing — ask us to limit how we use your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at info@themaluclub.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Cookies

Our website uses minimal cookies necessary for the site to function. We do not use advertising or tracking cookies. The cookies we use include:

• Essential cookies — required for basic site functionality and security
• Netlify analytics — anonymous, privacy-friendly visitor statistics with no personal data collected

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

• SSL/TLS encryption for all data in transit
• Stripe's PCI-DSS Level 1 compliant payment infrastructure
• Restricted access to personal data within our organisation
• Secure hosting via Netlify's enterprise-grade infrastructure

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. For significant changes, we will notify bookers directly by email.

Contact Us