Privacy Policy (GDPR Compliant)

1. What This Policy Covers

This policy explains how we collect, use, store, and protect your personal data, in compliance with the GDPR.

2. What Data We Collect

• Identity Data: Name, surname, passport info
• Contact Data: Email, phone, country
• Booking Data: Check-in/out dates, property selected
• Payment Data: Processed via secure third-party services
• Technical Data: IP, browser, device info
• Usage Data: Website interactions
• Consent Preferences: Marketing opt-ins, cookies

3. How We Use Your Data

• To facilitate bookings
• For communication and support
• To comply with legal obligations
• To improve services
• For marketing (with consent)

4. Lawful Basis for Processing

• Contractual necessity
• Legitimate interest
• Legal obligation
• Consent (for marketing/cookies)

5. Your Rights

Under GDPR, you have the right to:
• Access your data
• Rectify inaccuracies
• Erase your data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise your rights, contact [email protected].

6. Data Sharing

We share your data only with:
• Property owners
• Payment providers
• Hosting/support services
• Legal authorities, if required

7. Data Transfers

If data is transferred outside the EEA, appropriate safeguards (e.g. SCCs) are applied.

8. Retention Period

• Booking records: 6 years
• Marketing data: until consent is withdrawn
• Inactive accounts: deleted after 2 years

9. Security

We use encryption, secure servers, and access control to protect your data.