Docking
Log InSign Up
All Documents

Privacy Policy

Last updated: May 2026 (v2026-05)

This Privacy Policy describes how Docking, LDA. ("Docking", "we", "us" or "our") collects, uses, stores, transfers and otherwise processes personal data in connection with the Docking digital platform (the "Platform"). It is intended to provide individuals whose personal data is processed by Docking with clear information about their rights and Docking’s obligations under Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and other applicable data protection legislation. This Privacy Policy forms an integral part of the Docking Terms of Service.

By accessing or using the Platform, individuals acknowledge that they have read and understood this Privacy Policy. The processing operations described herein are carried out in compliance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

Article 1 - Data Controller

Docking, LDA., a company incorporated under the laws of Portugal, with registered office at Rua do Outeiro 2, 2F S7, 4050-452 Porto, Portugal and registered under company number 519278674, acts as the data controller in respect of all personal data processed through the Platform. As data controller, Docking determines the purposes and the means of the processing.

For any matter relating to the processing of personal data, including the exercise of the rights described in Article 11 below, Docking can be contacted at general@docking.app or by post at the address indicated above. Where required by law, Docking may appoint a Data Protection Officer; the contact details of the Data Protection Officer, if any, will be published on the Platform.

Article 2 - Scope of Application

This Privacy Policy applies to all personal data processed by Docking in connection with the operation, maintenance, security and improvement of the Platform, including data of (i) Yacht Users, (ii) representatives, employees and contact persons of Marinas, and (iii) any other individual interacting with Docking through the Platform, the Docking website, the Docking mobile applications, customer support channels or marketing communications.

Personal data processed by Marinas in their own capacity, for their own purposes (including the management of berthing services on-site), is not governed by this Privacy Policy. Marinas act as independent data controllers in respect of such processing and remain responsible for providing their own data protection information to data subjects.

Article 3 - Definitions

The terms used in this Privacy Policy shall have the meaning given to them in the GDPR. In particular, "personal data" means any information relating to an identified or identifiable natural person, "processing" means any operation performed on personal data, and "data subject" means the individual to whom personal data relates.

Article 4 - Categories of Personal Data Collected

Depending on how the data subject interacts with the Platform, Docking may process the following categories of personal data:

  • Identification and contact data: first and last name, date of birth, email address, telephone number, country of residence, profile picture (where provided), and similar information necessary to identify and communicate with the data subject.

  • Account data: login credentials (in encrypted form), authentication tokens, account preferences, language settings, notification settings.

  • Vessel data voluntarily provided by Yacht Users: name of the vessel, type, dimensions (length, beam, draft, air draft), registration number, flag state, year of construction, model, photographs, insurance information and other documents required by Marinas.

  • Booking data: search history, Booking Requests, confirmed Bookings, cancellation history, and communications exchanged through the Platform with Marinas and with Docking support.

  • Payment-related data: amounts paid, transaction identifiers, charge timestamps, refund history, billing address, last four digits of the payment card, card brand and expiry date as transmitted by Stripe. Docking does not store full payment card numbers, CVV codes or other sensitive authentication data, which are processed and stored exclusively by Stripe.

  • Billing Entity data: where the Yacht User identifies a separate Billing Entity for invoicing purposes on the vessel profile, the legal name, registered or domicile address and, where applicable, VAT or other tax identification number of that Billing Entity, as well as any contact email associated with it.

  • Technical and usage data: IP address, device identifiers, browser type and version, operating system, language, time zone, referrer, access logs, in-Platform behaviour (pages viewed, features used, time spent), and similar data collected automatically when the Platform is accessed.

  • Marketing-related data: marketing preferences, consent records, interactions with marketing communications.

Article 5 - Sources of Personal Data

Personal data processed by Docking is collected (i) directly from the data subject when they create an Account, submit a Booking Request, communicate with Docking or with a Marina, or otherwise interact with the Platform; (ii) automatically when the data subject accesses the Platform, through cookies and similar technologies as described in Article 12 below; and (iii) from third parties such as Marinas (in respect of Booking-related information), Stripe (in respect of payment-related data), authentication providers (where applicable) and public sources (for example, anti-fraud and sanctions databases).

Article 6 - Legal Bases for Processing

Docking processes personal data on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract (Article 6(1)(b)): for the creation and management of the Account, the submission and processing of Booking Requests, the conclusion of Bookings, the processing of payments and refunds through Stripe, the operation of the in-Platform messaging tools, and the management of disputes.

  • Compliance with a legal obligation (Article 6(1)(c)): for the retention of accounting and tax records, the response to requests from competent authorities, and compliance with anti-money-laundering, sanctions, fraud-prevention and consumer protection obligations.

  • Legitimate interests (Article 6(1)(f)): for the security and integrity of the Platform, the prevention and detection of fraud and abuse, the analysis and improvement of the Platform, the management of user relationships, and direct marketing to existing customers in respect of similar products and services, in each case subject to a balancing test against the rights and freedoms of the data subject.

  • Consent (Article 6(1)(a)): for the placement of non-essential cookies and similar technologies, for marketing communications where consent is required by law, and for any other processing for which consent has been obtained. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

Article 7 - Purposes of Processing

Personal data is processed for the following purposes:

  • account creation, authentication, profile management and customer relationship management;

  • facilitation of Booking Requests, conclusion of Bookings between Yacht Users and Marinas, and management of the Booking lifecycle, including notifications, modifications, cancellations and refunds;

  • processing of payments, deposits, balances, refunds and chargebacks through Stripe Connect, including the splitting of payments between the Marina and Docking;

  • issuance, transmission and storage of Docking invoices in the name of the Billing Entity in respect of the Service Fee, including the secure delivery of such invoices to the Yacht User and the Billing Entity through a personalised link, and the transmission of Billing Entity details to the Marina to enable the Marina to issue its own invoice in respect of the Net Rate and any on-site charges;

  • communications between Yacht Users, Marinas and Docking, including support, dispute handling and operational notifications;

  • security, integrity and reliability of the Platform, including prevention and detection of fraud, abuse, unauthorised access and other unlawful activity;

  • analytics, statistics and improvement of the Platform, including usability, performance and content;

  • marketing communications, in accordance with applicable law and the data subject’s preferences, and measurement of their effectiveness;

  • compliance with legal, regulatory, accounting, tax and judicial obligations.

Article 8 - Recipients and Data Sharing

Docking shares personal data only to the extent necessary for the purposes described above. The recipients of personal data may include:

  • Marinas in respect of Booking Requests and Bookings concerning them, including the identification details of the Yacht User, vessel information necessary for the provision of the berthing service, the Billing Entity details required by the Marina to issue its own invoice in respect of the Net Rate and any on-site charges, and Booking-related communications. Marinas process such data in their own capacity as independent data controllers.

  • Stripe, as the regulated payment service provider engaged by Docking to process payments and refunds and to operate Stripe Connect splits between Docking and Marinas. Stripe processes payment data as an independent controller for its own regulatory and risk-management purposes.

  • Technical and operational service providers acting on Docking’s behalf as processors, including hosting and cloud infrastructure providers, email and notification providers, customer support tools, analytics tools, fraud-prevention tools, and back-up and disaster-recovery services. These processors are bound by data processing agreements compliant with Article 28 of the GDPR.

  • Professional advisors (lawyers, accountants, auditors) and insurers, where necessary to defend Docking’s rights or comply with its legal obligations.

  • Public authorities, law enforcement and judicial authorities, where required by applicable law or by a binding order, including tax authorities, port authorities and consumer protection authorities.

  • Acquirers, investors or successors in the context of a corporate reorganisation, merger, acquisition, sale of assets or financing transaction, subject to appropriate confidentiality and data protection commitments.

Docking does not sell personal data to third parties.

Article 9 - International Transfers

Personal data is primarily processed within the European Economic Area ("EEA"). Where personal data is transferred to a country outside the EEA, including in the context of services provided by Stripe, hosting providers or other processors, Docking ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR. Such safeguards may include adequacy decisions of the European Commission, the EU Standard Contractual Clauses, binding corporate rules or, where applicable, other recognised transfer mechanisms. Data subjects may obtain a copy of the safeguards in place by contacting Docking at general@docking.app.

Article 10 - Data Retention

Docking retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with applicable legal obligations, or to establish, exercise or defend legal claims. Once retention periods expire, personal data is securely deleted or irreversibly anonymised.

Indicative retention periods:

  • Account data: for the duration of the Account, plus a reasonable period after closure to handle outstanding obligations and disputes.

  • Booking and payment data: for the duration of the contract and for a maximum of ten (10) years thereafter, in accordance with Portuguese accounting and tax obligations.

  • Communications between Yacht Users, Marinas and Docking: as long as necessary to provide the services and to evidence Booking-related events, in line with the limitation periods applicable to commercial disputes.

  • Technical and usage data: for periods commensurate with the relevant security, fraud-prevention or analytics purpose, generally not exceeding twenty-four (24) months in identifiable form.

  • Marketing data: until the data subject withdraws consent or objects, plus a short period to evidence such withdrawal.

Article 11 - Rights of the Data Subject

Subject to the conditions and exceptions provided by applicable law, the data subject has the right to:

  • access their personal data and obtain a copy of it (Article 15 GDPR);

  • rectify inaccurate or incomplete personal data (Article 16 GDPR);

  • obtain the erasure of their personal data, where one of the grounds set out in Article 17 GDPR applies;

  • obtain the restriction of processing under Article 18 GDPR;

  • object to processing based on Docking’s legitimate interests, including profiling related to direct marketing (Article 21 GDPR);

  • receive their personal data in a structured, commonly used and machine-readable format and to transmit such data to another controller (Article 20 GDPR);

  • withdraw consent, where processing is based on consent, at any time (Article 7 GDPR), without affecting the lawfulness of processing carried out before withdrawal;

  • lodge a complaint with the Portuguese data protection authority, the Comissão Nacional de Proteção de Dados ("CNPD"), accessible at www.cnpd.pt, or with the supervisory authority of their habitual residence or place of work.

Requests for the exercise of these rights may be submitted to general@docking.app. Docking may request additional information to verify the identity of the requester. Docking will respond within the time limits set by applicable law, as a rule within one (1) month of receipt of the request, with the possibility of extension by two (2) further months in cases of complexity or volume.

Article 12 - Cookies and Similar Technologies

The Platform uses cookies and similar technologies (such as local storage and tracking pixels) to ensure its proper functioning, security and performance, to store the user’s preferences, to analyse usage and, subject to the user’s consent, for marketing and personalisation purposes. Strictly necessary cookies do not require consent. Other cookies are placed only after the user has provided consent through the cookie banner displayed on first access to the Platform, and consent may be withdrawn or modified at any time through the cookie preference centre accessible from the Platform.

Detailed information about the cookies used, their purpose, their duration and the third parties involved is provided in the dedicated cookie information published on the Platform.

Article 13 - Marketing Communications

Docking may send marketing communications to data subjects, including information about new features, partner Marinas, special offers and other content related to the Platform. Such communications are sent in accordance with applicable law, on the basis of consent or, where permitted, of legitimate interests. The data subject may at any time, free of charge and without justification, oppose receiving marketing communications, including by clicking on the unsubscribe link contained in each commercial email or by adjusting their notification preferences in their Account.

Article 14 - Automated Decision-Making

Docking does not take decisions producing legal effects concerning data subjects, or significantly affecting them in a similar manner, that are based solely on automated processing within the meaning of Article 22 of the GDPR. Where automated tools are used, in particular for fraud detection, anti-money-laundering checks or content moderation, the outputs are subject to meaningful human review before any such decision is taken.

Article 15 - Data Security

Docking implements technical and organisational measures appropriate to the risk in order to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Such measures include access controls, encryption in transit, secure authentication, segregation of environments, regular back-ups, logging and monitoring, vendor due diligence and staff training. Docking selects payment, hosting and other infrastructure providers that meet recognised industry security standards. Notwithstanding the foregoing, no system can guarantee absolute security; Docking shall notify the competent supervisory authority and, where required, the affected data subjects of any personal data breach in accordance with Articles 33 and 34 of the GDPR.

Article 16 - Minors

The Platform is intended for use by individuals aged eighteen (18) years or older. Docking does not knowingly collect personal data of minors. If a parent or legal guardian becomes aware that personal data of a minor has been provided to Docking without the necessary authorisation, they may contact Docking at general@docking.app to request deletion.

Article 17 - Amendments

Docking may update this Privacy Policy from time to time to reflect changes in the Platform, in applicable law or in processing practices. Updated versions take effect upon publication on the Platform with an updated version date. In the case of substantive changes, Docking shall use reasonable efforts to inform data subjects in advance, including by email notification or in-Platform notice.

Article 18 - Contact

For any question related to this Privacy Policy or to the processing of personal data by Docking, the data subject may contact Docking at:

Docking, LDA.

Rua do Outeiro 2, 2F S7, 4050-452 Porto, Portugal

Email: general@docking.app

Website: https://docking.app

Article 19 - Governing Law

This Privacy Policy is governed by the laws of Portugal and by the directly applicable provisions of the GDPR. In the event of any discrepancy between language versions of this Privacy Policy, the English version shall prevail.