24/7 [email protected]
shopping_cart 0

Privacy Policy

PRIVACY POLICY & COOKIE POLICY

HotelsTourist.com
Last updated: 2025
Operated by: SC Casa Bella Servimpex S.R.L., Romania
Data Protection Officer (DPO): [email protected]

🔐 PRIVACY POLICY (GDPR-Compliant)

1. Who We Are

HotelsTourist.com (“Platform”) is owned and operated by:
SC Casa Bella Servimpex S.R.L., Romania
Email: [email protected]

The Company is the Data Controller for Tourist and User data.
Partners (accommodations, tours, car rentals, cruises) are independent Data Controllers for data they receive from booking requests.

2. What Personal Data We Collect

2.1 From Tourists (Users)

  • Full name

  • Email address

  • Phone number

  • Booking request details

  • Messages sent to Partners

  • Reviews posted on the Platform

  • IP address

  • Device and browser information

  • Cookies and analytics data

2.2 From Partners (Sellers)

  • Business name

  • Contact person

  • Business email, phone

  • Business registration details

  • Address and service location

  • Images, descriptions, listings

  • Prices, availability, policies

  • Subscription and billing information (if applicable)

2.3 Automatically Collected Data

  • IP address

  • Browser type

  • Operating system

  • Device information

  • Log files

  • Geolocation (approximate)

  • Cookie identifiers

  • Analytics data

3. How We Use Personal Data

We process personal data for:

 Booking operations

  • Forwarding booking requests to Partners

  • Allowing direct Partner—Tourist communication

 Account management

  • Creating and maintaining accounts

  • Password reset

  • Dashboard functions

 Platform operation & security

  • Preventing fraud

  • Detecting abusive activity

  • System monitoring

 Marketing (only with consent)

  • Emails or newsletters

  • Retargeting ads

  • Promotions

 Analytics (only with consent)

  • Website performance

  • Visitor behavior

  • Optimization

 Legal obligations

  • Financial records

  • Invoices

  • Compliance with EU law

4. Legal Basis for Processing (GDPR Art. 6)

We process data based on:

  • Contract performance (booking requests, account use)

  • Legitimate interest (security, fraud prevention)

  • Consent (cookies, marketing)

  • Legal obligation (billing, tax records)

  • Pre-contractual steps (contacting Partners)

5. Sharing Personal Data

5.1 With Partners

For each booking request, we share:

  • Name

  • Email

  • Phone

  • Booking details

Partners act as independent data controllers.

5.2 Third-Party Processors

Data may be shared with:

  • Hosting providers

  • Email delivery services

  • Cloud storage providers

  • Google (Analytics, Ads)

  • Meta (Facebook, Instagram)

  • TikTok

  • Cloudflare

  • Affiliate networks

  • Anti-spam and security tools

5.3 Legal authorities

Only when required by law.

6. International Data Transfers

Some third parties may process data outside the EU:
(USA, UK, Canada, Singapore, etc.)

Transfers comply with:

  • Standard Contractual Clauses (SCCs)

  • GDPR-compliant agreements

  • Adequacy decisions

7. Data Retention

  • Booking data → 24 months

  • Accounts → until deletion

  • Analytics data → up to 24 months

  • Marketing data → up to 180 days

  • Server logs → 12 months

  • Invoices/billing → 10 years (legal requirement)

8. Your GDPR Rights

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Delete your data

  • Restrict processing

  • Object to processing

  • Withdraw consent

  • Data portability

  • File a complaint with an EU authority

Requests via email:
📧 [email protected]

9. Account Deletion

Users and Partners may request account deletion by email.
All non-required data will be deleted.

10. Security Measures

We use industry-standard protections:

  • Encryption

  • Firewalls

  • Secure hosting

  • Access controls

  • Monitoring

  • Anti-DDoS systems

No system can guarantee absolute security.

11. Children

The Platform is for users 18+ only.
We do not knowingly process minors’ data.

🍪 COOKIE POLICY

12. What Are Cookies?

Cookies are small files stored on your device to:

  • enable functionality

  • improve performance

  • analyze traffic

  • personalize ads (with consent)

13. Types of Cookies We Use

 Essential Cookies

Required for:

  • login

  • booking forms

  • security

  • site functionality

Cannot be disabled.

 Analytics Cookies (consent required)

Used for:

  • Google Analytics

  • heatmaps

  • traffic insights

 Marketing Cookies (consent required)

Used for:

  • Google Ads

  • Meta Pixel

  • TikTok Pixel

  • retargeting ads

  • affiliate tracking

 Functional Cookies

Used for:

  • language settings

  • saved preferences

 Affiliate Cookies

Track:

  • referrals

  • conversions

  • commissions

14. Cookies from Non-EU Providers

Some cookies originate from providers outside the EU.
These are protected by:

  • SCCs

  • GDPR-compliant safeguards

15. Cookie Duration

  • Essential: session/permanent

  • Analytics: up to 24 months

  • Marketing: 30–180 days

  • Affiliate: 30–90 days

  • Functional: up to 12 months

16. Managing Cookies

Users may:

  • Accept all cookies

  • Reject all non-essential cookies

  • Customize cookie preferences

  • Use browser-level blocking

These options appear in the cookie banner.

17. Third-Party Tracking

Services used by:

  • Google

  • Meta

  • TikTok

  • Cloudflare

  • Hosting providers

  • Affiliate networks

may collect data through their own cookies.

18. Changes to This Policy

We may update this policy at any time.
Continued use of the Platform = acceptance.

19. Contact

For all GDPR, privacy or cookie-related matters:

📧 [email protected]