Privacy Policy

1. What This Policy Covers

This policy explains how we collect, use, store, share, and protect your personal data when you use the Viopa Holiday platform (the "Platform"), in compliance with the GDPR where applicable.

2. What Data We Collect

• Identity Data: Name, surname, passport/ID information
• Contact Data: Email, phone, country, address
• Booking Data: Check-in/out dates, guests, property selected, special requests
• Payment Data: Processed via secure third-party services (we do not store full card data)
• Technical Data: IP, browser, device, OS, language, referrer
• Usage Data: Pages viewed, interactions, referring/exit pages, date/time stamps
• Marketing & Communications: Preferences, consents, unsubscribes
• Cookie/Tracking Data: Analytics, functional, and advertising cookies (see Cookies section)

3. How We Use Your Data

• To register and manage your account and bookings
• To communicate with you about reservations, support, and updates
• To process payments, prevent fraud, and ensure platform security
• To personalize content and improve the Platform and our services
• To send marketing communications where you have given consent
• To comply with legal, tax, and regulatory obligations

4. Lawful Basis for Processing

• Contractual necessity (e.g., to manage your booking)
• Legitimate interests (e.g., to improve services, prevent fraud)
• Legal obligations (e.g., tax/audit requirements)
• Consent (e.g., marketing communications, non-essential cookies)

5. Your Rights

Under GDPR, you may have the right to:
• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data (right to be forgotten)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with a supervisory authority

To exercise your rights, contact [email protected].

6. Data Sharing

We share your data only with:
• Property owners and managers to fulfill your booking
• Payment processors to complete transactions
• IT hosting, analytics, and customer support providers
• Professional advisors (legal, accounting) when necessary
• Public authorities where required by law

7. International Data Transfers

If data is transferred outside the EEA/UK, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures where necessary.

8. Retention Periods

• Booking and invoicing records: typically 6 years (or longer where required by law)
• Customer support communications: up to 3 years
• Marketing data: until you withdraw consent or object
• Technical logs: typically 12 months, unless a security investigation requires longer

9. Security

We use technical and organizational measures such as encryption in transit, access controls, audit logs, and secure hosting to protect personal data. No method is 100% secure, but we strive to protect your data to industry standards.

10. Cookies and Tracking Technologies

• Strictly Necessary: Required for core site functions (cannot be disabled).
• Functional: Remember preferences and enhance usability.
• Analytics: Help us understand usage to improve performance.
• Advertising: Personalize ads where applicable (used only with consent).
You can manage cookies via your browser settings and, where available, our cookie banner preferences.

11. Marketing Communications

We send marketing emails or messages only with your consent or where permitted by law. You can opt out at any time using the unsubscribe link or by contacting us.

12. Children's Data

The Platform is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, please contact us to delete it.

13. Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. We may use limited profiling (e.g., preferences) to personalize content with your consent.

14. Third-Party Links

Our Platform may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

15. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be posted here and the Effective Date will be updated. Continued use after changes means you accept the updated Policy.

16. Contact and Complaints

If you have questions or concerns about this Policy or our data practices, contact us at [email protected].
You also have the right to lodge a complaint with your local supervisory authority in the EEA/UK.