Personal Data Protection Policy (GDPR)
1. General Information
This policy explains in plain language what happens with the details you share via our contact form, in line with the General Data Protection Regulation (GDPR).
2. Data Controller
The organisation responsible for your personal data is:
Zibran Cabane SRL,
which owns this website and decides why and how the data is used.
Zibran Cabane SRL,
which owns this website and decides why and how the data is used.
3. Data Processor
Specornio Eddernott Technologies SRL supports our website and email systems and only handles data so that we can answer messages, following documented instructions from Zibran Cabane SRL.
4. Collected Data
When you contact us we collect only the following details:
- • Name
- • Email address
- • Phone number
- • Message content provided by the user
This website does not request or store sensitive data as described in Article 9 GDPR.
5. Purpose of Processing
We use your personal data only for the purposes below:
- • handling and responding to inquiries submitted via the contact form;
- • communicating with users regarding accommodation, reservations, or related services;
- • responding to requests or questions voluntarily submitted by users.
Personal data is never used for marketing without clear consent and is never sold or given to other companies for commercial use.
6. Legal Basis for Processing
Processing relies on two legal grounds:
- • Article 6(1)(a) GDPR - your consent, expressed when you submit the form;
- • Article 6(1)(b) GDPR - steps we take to prepare a booking or service you have requested.
7. Processing and Storage Method
Messages travel through encrypted connections and are stored on secure servers located in the European Union so that we can read and respond to them safely. The simplified flow is:
- • contact form submission on this website;
- • automatic delivery to our private inbox;
- • internal tracking in a restricted workspace;
- • reply sent back to you by email.
Access to personal data is strictly limited to authorised team members and essential technical partners bound by confidentiality duties.
8. Data Retention Period
We keep your data only as long as needed to answer you, manage a booking, or comply with legal obligations.
9. Data Subject Rights
Under the GDPR you can exercise the rights below at any time:
- • right of access to personal data;
- • right to rectification;
- • right to erasure ("right to be forgotten");
- • right to restriction of processing;
- • right to object to processing;
- • right to data portability;
- • right to withdraw consent at any time;
- • right to lodge a complaint with the competent data protection authority.
To exercise these rights, please contact us through the details listed on this website and we will respond promptly.
10. Data Security
We use organisational rules, access controls, and regular security reviews to protect personal data against unauthorised access, loss, destruction, alteration, or accidental disclosure.
11. Policy Updates
We may update this notice whenever our practices change, and the latest version will always be published here.