MANGROVE VIP LTD
Last Updated: 22 May 2026
This Privacy Policy explains how Mangrove VIP Ltd collects, uses, stores, shares, and protects your personal data when you use our websites and services. We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this Privacy Policy carefully. By using our websites or services, you acknowledge that you have read and understood this Privacy Policy.
1.1. The data controller responsible for your personal data is:
Mangrove VIP Ltd
(a) Company number: 16679784
(b) Registered address: 16a Ground Floor, Yeldham Road, London, W6 8JE, United Kingdom
(c) Director: Patrick Bernard Matima
(d) Websites: www.matima.me and Mangrove.Vip
(e) Email: info@matima.me
(f) Telephone: +44 (0)20 8741 4358
(g) Mobile: +44 (0)7747 237 312 / +44 (0)7942 934 423
1.2. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details set out above or in Section 14 below.
2.1. We collect and process the following categories of personal data:
(a) Identity Data: your full name, title, date of birth, gender, nationality, and copies of identification documents (such as passport or national identity card) where required for travel bookings;
(b) Contact Data: your email address, postal address, telephone numbers, and social media contact details;
(c) Financial Data: your bank account details, payment card details, and billing address (note that full payment card details are processed by our third-party payment processors and are not stored on our systems);
(d) Booking and Transaction Data: details of the services you have purchased or enquired about, including booking references, travel itineraries, accommodation preferences, tour selections, event tickets, and transaction history;
(e) Travel Data: passport details, visa information, travel insurance details, dietary requirements, accessibility needs, and other information necessary to fulfil travel and touring services;
(f) Preference Data: your marketing preferences, communication preferences, interests, and feedback;
(g) Technical Data: your internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type, and other technology on the devices you use to access our websites;
(h) Usage Data: information about how you use our websites, including pages visited, links clicked, time spent on pages, and navigation patterns; and
(i) Communications Data: records of correspondence between you and us, including emails, telephone call records, live chat transcripts, and any feedback or complaints you submit.
2.2. We do not intentionally collect any Special Category Data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). If we are required to process Special Category Data (for example, dietary requirements that may reveal religious beliefs, or accessibility needs that may reveal health information), we shall do so only with your explicit consent or where necessary to protect your vital interests.
3.1. We collect personal data through the following methods:
(a) Direct interactions: when you make a booking, create an account, subscribe to our newsletter, complete a contact form, correspond with us by email, telephone, or post, or participate in a survey or promotion;
(b) Automated technologies: when you interact with our websites, we automatically collect Technical Data and Usage Data using cookies, server logs, and similar technologies (see Section 8 for our Cookie Policy);
(c) Third parties: we may receive personal data about you from third-party sources, including:
(i) analytics providers such as Google Analytics;
(ii) payment and booking platforms;
(iii) travel operators, hotels, and event organisers with whom we partner to provide services; and
(iv) publicly available sources such as Companies House or social media profiles where you have made your data public.
4.1. We process your personal data only where we have a lawful basis to do so under Article 6 of the UK GDPR. The legal bases we rely on are:
(a) Performance of a contract (Article 6(1)(b)): processing that is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes:
(i) processing bookings for Grand Prix Monaco tickets, Tour de France tickets, guided tours, helicopter tours, vineyard and domain visits, hotel and villa bookings, yacht party reservations, car hire, flight bookings, casino experiences, art gallery tours, and chateau and mansion estate property rentals;
(ii) processing payments for our services;
(iii) communicating with you about your bookings and travel arrangements; and
(iv) collecting passport and identification data necessary to fulfil travel bookings;
(b) Legitimate interests (Article 6(1)(f)): processing that is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. This includes:
(i) operating, maintaining, and improving our websites and services;
(ii) analysing how our websites and services are used to enhance user experience;
(iii) protecting our business against fraud and other unlawful activity;
(iv) maintaining the security of our systems and data; and
(v) administering our business, including record-keeping and internal reporting;
(c) Consent (Article 6(1)(a)): where you have given your clear, affirmative consent for us to process your personal data for a specific purpose. This includes:
(i) sending you email marketing communications and newsletters;
(ii) using non-essential cookies and similar tracking technologies on our websites; and
(iii) processing Special Category Data where applicable;
(d) Legal obligation (Article 6(1)(c)): processing that is necessary to comply with a legal obligation to which we are subject, including tax reporting, regulatory compliance, and responding to lawful requests from public authorities; and
(e) Vital interests (Article 6(1)(d)): in rare circumstances, processing that is necessary to protect the vital interests of you or another person, for example in an emergency situation during a tour or excursion.
4.2. Where we rely on legitimate interests as our legal basis, we have conducted a legitimate interests assessment to ensure that our processing is necessary and that your fundamental rights and freedoms do not override our interests.
4.3. Where we rely on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
5.1. We use your personal data for the following purposes:
(a) Booking fulfilment: to process, manage, and fulfil your bookings for touring services, event tickets, accommodation, transport, and related experiences;
(b) Payment processing: to process payments, refunds, and manage your billing account;
(c) Service delivery: to provide the services you have requested, including coordinating with third-party service providers such as hotels, tour operators, transport providers, and event organisers;
(d) Customer service: to respond to your enquiries, requests, complaints, and feedback;
(e) Marketing communications: to send you marketing emails, newsletters, and promotional offers about our services, where you have consented to receive such communications;
(f) Website analytics: to analyse website usage, monitor website performance, and improve the functionality and content of our websites;
(g) Personalisation: to personalise your experience on our websites and tailor our services and communications to your preferences;
(h) Security and fraud prevention: to detect, prevent, and investigate fraud, unauthorised access, and other unlawful activity;
(i) Legal compliance: to comply with applicable laws, regulations, and legal processes, including tax and accounting obligations; and
(i) Business administration: to manage our business operations, maintain internal records, and conduct internal reporting and analysis.
6.1. We may share your personal data with the following categories of third parties:
(a) Payment processors: we use third-party payment processors (such as Stripe and PayPal) to handle payment transactions securely. These processors receive your Financial Data solely for the purpose of processing payments and are required to comply with the Payment Card Industry Data Security Standard (PCI DSS);
(b) Booking and ticketing platforms: we share Booking and Transaction Data and Travel Data with booking systems and ticketing platforms to fulfil your reservations and bookings;
(c) Travel and service providers: we share relevant personal data with hotels, villa operators, tour operators, transport providers (including helicopter and car hire companies), airlines, event organisers, yacht charter companies, and other service providers as necessary to deliver the services you have booked;
(d) Website analytics providers: we use analytics services such as Google Analytics to collect and analyse Technical Data and Usage Data about website traffic and user behaviour;
(e) Email marketing platforms: we use email marketing services (such as Mailchimp) to manage our mailing lists and send marketing communications to individuals who have consented to receive them;
(f) Professional advisers: we may share personal data with our legal advisers, accountants, auditors, and insurers where necessary for the provision of professional services;
(g) Regulatory and public authorities: we may disclose personal data to regulatory bodies, tax authorities, law enforcement agencies, or courts where required by law or to protect our legal rights; and
(h) Business transfers: in the event of a merger, acquisition, reorganisation, or sale of all or part of our business, your personal data may be transferred to the acquiring entity, subject to appropriate data protection safeguards.
6.2. We require all third parties to whom we disclose personal data to respect the security of your data and to treat it in accordance with applicable data protection laws. We do not permit our third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes in accordance with our instructions.
6.3. We do not sell your personal data to any third party.
7.1. As our services span multiple countries and regions, including the United Kingdom, Monaco, France, and other worldwide destinations, your personal data may be transferred to, stored in, or processed in countries outside the United Kingdom.
7.2. When we transfer your personal data outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data, in accordance with the UK GDPR. These safeguards include:
(a) transfers to countries that the UK Secretary of State has determined provide an adequate level of protection for personal data under UK adequacy regulations (this includes transfers to European Economic Area countries, which benefit from UK adequacy decisions);
(b) where no adequacy decision applies, we use UK International Data Transfer Agreements (UK IDTAs) or the UK Addendum to the EU Standard Contractual Clauses, as approved by the Information Commissioner’s Office (ICO);
(c) binding corporate rules where applicable; and
(d) other lawful transfer mechanisms recognised under the UK GDPR, such as transfers necessary for the performance of a contract between you and us (Article 49(1)(b) UK GDPR) or transfers made with your explicit consent (Article 49(1)(a) UK GDPR).
7.3. In particular, the following international transfers may occur in connection with our services:
(a) sharing booking and travel data with hotels, tour operators, and service providers located in Monaco, France, and other European and worldwide destinations;
(b) processing payment data through payment processors that may operate servers outside the United Kingdom; and
(c) using analytics and email marketing platforms whose servers may be located in the United States or other jurisdictions.
7.4. You may request further details about the safeguards we have put in place for international data transfers by contacting us using the details set out in Section 14.
8.1. Our websites use cookies and similar tracking technologies to enhance your browsing experience, analyse website usage, and support our marketing activities.
8.2. A cookie is a small text file placed on your device when you visit a website. Cookies allow the website to recognise your device and store information about your preferences or past actions.
8.3. We use the following types of cookies:
(a) Strictly Necessary Cookies: these cookies are essential for the operation of our websites and enable core functionality such as security, session management, and accessibility. These cookies do not require your consent;
(b) Performance and Analytics Cookies: these cookies collect information about how you use our websites, including which pages you visit most often and whether you receive error messages. We use analytics services such as Google Analytics to collect this data. These cookies require your consent;
(c) Functionality Cookies: these cookies allow our websites to remember choices you make (such as your preferred language or region) and provide enhanced, more personalised features. These cookies require your consent; and
(d) Marketing and Targeting Cookies: these cookies are used to deliver advertisements and marketing content relevant to your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies require your consent.
8.4. When you first visit our websites, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You may change your cookie preferences at any time by adjusting your browser settings or by using the cookie preference centre on our websites.
8.5. You can also control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, and set preferences for specific websites. Please note that disabling certain cookies may affect the functionality of our websites.
8.6. For more information about cookies and how to manage them, visit www.allaboutcookies.org.
9.1. We may send you marketing communications about our services, promotions, and offers by email where you have given your prior consent to receive such communications, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).
9.2. We shall obtain your consent to receive marketing communications through a clear, affirmative opt-in mechanism (such as an unticked checkbox) at the point of data collection. We do not use pre-ticked boxes or treat silence or inactivity as consent.
9.3. Each marketing email we send will include:
(a) a clear identification of Mangrove VIP Touring Limited as the sender;
(b) a valid contact address; and
(c) a simple and free mechanism to unsubscribe from future marketing communications (an “unsubscribe” link).
9.4. You may withdraw your consent to receive marketing communications at any time by:
(a) clicking the unsubscribe link in any marketing email you receive from us;
(b) emailing us at info@matima.me with the subject line “Unsubscribe”; or
(c) contacting us using any of the details set out in Section 14.
9.5. If you unsubscribe from marketing communications, we shall process your request without undue delay and, in any event, within 10 working days. Please note that unsubscribing from marketing communications does not affect our ability to send you non-marketing communications, such as booking confirmations, service updates, and transactional messages.
9.6. We maintain a suppression list of individuals who have opted out of marketing communications to ensure that we do not send further marketing emails to those individuals.
10.1. Under the UK GDPR, you have the following rights in relation to your personal data:
(a) Right of access (Article 15): you have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We shall respond to a SAR within one calendar month of receiving it, unless the request is complex or we receive a large number of requests, in which case we may extend this period by a further two months;
(b) Right to rectification (Article 16): you have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete personal data completed;
(c) Right to erasure (Article 17): you have the right to request that we delete your personal data in certain circumstances, including where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where we have no overriding legitimate interest to continue processing it. This right is also known as the “right to be forgotten”;
(d) Right to restriction of processing (Article 18): you have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where the processing is unlawful, or where we no longer need the data but you require it for legal claims;
(e) Right to data portability (Article 20): you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted directly to another controller where technically feasible. This right applies only to data processed by automated means on the basis of consent or contract performance;
(f) Right to object (Article 21): you have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. We shall cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You also have an absolute right to object to processing for direct marketing purposes at any time;
(g) Right not to be subject to automated decision-making (Article 22): you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. We do not currently make decisions based solely on automated processing; and
(h) Right to withdraw consent: where we process your personal data on the basis of consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
10.2. To exercise any of the above rights, please contact us using the details set out in Section 14. We may need to verify your identity before processing your request.
10.3. We shall respond to all data subject requests within one calendar month of receipt. If your request is complex or we are dealing with a number of requests, we may extend this period by a further two months, in which case we shall inform you within the initial one-month period.
10.4. There is no fee for exercising your data subject rights. However, we may charge a reasonable administrative fee if your request is manifestly unfounded or excessive, or if you make repetitive requests.
11.1. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The specific retention periods we apply are:
(a) Booking and Transaction Data: we retain this data for a period of 6 years from the date of the last transaction, in line with our obligations under UK tax and accounting legislation (Taxes Management Act 1970 and Companies Act 2006);
(b) Financial Data: we retain billing records and payment references for 6 years from the date of the relevant transaction. Full payment card details are not stored on our systems (they are processed and retained by our PCI DSS-compliant payment processors);
(c) Identity and Travel Data (including passport and ID copies): we retain copies of identification documents for the duration necessary to fulfil the relevant booking, and for no longer than 90 days following completion of the relevant travel service, unless a longer retention period is required by law or to resolve a dispute;
(d) Marketing Data and Consent Records: we retain records of your marketing consent for as long as you remain subscribed to our marketing communications, plus 3 years after you unsubscribe (to evidence our compliance with PECR);
(e) Communications Data (emails, correspondence): we retain customer correspondence for 3 years from the date of the last communication, unless a longer period is needed for legal or regulatory purposes;
(f) Technical and Usage Data (analytics, cookies): we retain this data for a maximum of 26 months, in line with standard analytics data retention practices;
(g) Account Data: if you create an account on our websites, we retain your account data for as long as your account remains active. If your account is inactive for more than 2 years, we may contact you to confirm whether you wish to keep it open before taking steps to close and delete it; and
(h) Legal Claims Data: where we reasonably believe that personal data may be needed in connection with a legal claim, we may retain relevant data for the duration of the applicable limitation period (generally 6 years under the Limitation Act 1980).
11.2. When your personal data is no longer required, we shall securely delete or anonymise it in accordance with our data retention and disposal procedures.
12.1. We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage.
12.2. The security measures we employ include:
(a) encryption of personal data in transit using Transport Layer Security (TLS/SSL) on our websites;
(b) encryption of sensitive personal data at rest where appropriate;
(c) access controls to restrict access to personal data to authorised personnel who need it for their role;
(d) regular security assessments and vulnerability testing of our systems;
(e) secure password policies and, where available, multi-factor authentication;
(f) use of PCI DSS-compliant third-party payment processors to handle payment card data, ensuring that full card details are not stored on our systems;
(g) staff training on data protection and information security;
(h) incident response procedures to detect, report, and investigate personal data breaches; and
(i) regular review and updating of our security measures to address new threats and vulnerabilities.
12.3. While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.
12.4. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we shall notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, and shall notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms, in accordance with Articles 33 and 34 of the UK GDPR.
13.1. Our services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children under the age of 18.
13.2. Where a booking is made on behalf of a minor (for example, a family booking that includes a child), the personal data of the minor shall be provided by and with the consent of the minor’s parent or legal guardian. The parent or legal guardian is responsible for ensuring that any personal data relating to the minor is provided with appropriate consent.
13.3. If we become aware that we have collected personal data from a child under the age of 18 without valid parental or guardian consent, we shall take steps to delete that data as soon as reasonably practicable.
13.4. If you believe that we have inadvertently collected personal data from a child under 18 without appropriate consent, please contact us immediately using the details set out in Section 14.
14.1. If you have any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, please contact us at:
Mangrove VIP Ltd
(a) Address: 16a Ground Floor, Yeldham Road, London, W6 8JE, United Kingdom
(b) Email: info@matima.me
(c) Telephone: +44 (0)20 8741 4358
(d) Mobile: +44 (0)7747 237 312 / +44 (0)7942 934 423
14.2. We aim to resolve any complaint or concern you raise with us as promptly as possible.
14.3. If you are not satisfied with our response to your complaint or believe that we are processing your personal data in a manner that is not lawful, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
(a) Website: www.ico.org.uk
(b) Telephone: 0303 123 1113
(c) Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14.4. We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
15.1. We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business operations.
15.2. Where we make material changes to this Privacy Policy, we shall notify you by:
(a) posting the updated Privacy Policy on our websites with a revised “Last Updated” date;
(b) displaying a prominent notice on our websites for a reasonable period after the changes take effect; and
(c) where we hold your email address and the changes materially affect how we process your personal data, sending you a notification by email.
15.3. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
15.4. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.
16.1. Links to third-party websites. Our websites may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of those third-party websites. We encourage you to read the privacy policies of any third-party website you visit.
16.2. Multiple websites. This Privacy Policy applies to all personal data collected through our websites at www.matima.me and Mangrove.Vip, both of which are operated by Mangrove VIP Touring Limited.
16.3. Governing law. This Privacy Policy and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales.
16.4. Severability. If any provision of this Privacy Policy is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.