Privacy Policy (GDPR)
Last updated: 03 March 2026
1. Data Controller
S.C. IBIS S.R.L.
Registered office: Maliuc, Tulcea County, Romania
VAT: RO7115695 | Trade Reg.: J36/103/1995
Email: ibistours@gmail.com | Phone: +40 726 766 103
2. Data We Collect
- Booking / contact forms: name, email, phone, nationality, travel preferences.
- Newsletter: email (only with consent).
- Browsing data: IP, browser, pages — via cookies (see Cookie Policy).
We do not collect bank/payment data. Payments are via direct bank transfer.
3. Purposes
- Processing bookings
- Communication (confirmations, pre-trip info)
- Customer support
- Legal compliance (accounting)
- Direct marketing (only with consent)
4. Legal Basis
- Art. 6(1)(b) GDPR: contract performance;
- Art. 6(1)(c) GDPR: legal obligation;
- Art. 6(1)(a) GDPR: consent (newsletter);
- Art. 6(1)(f) GDPR: legitimate interest (analytics).
5. Processors
• Hosting: Cloudflare, Inc. (USA — Standard Contractual Clauses)
• Email: [TO BE COMPLETED]
• Analytics: [TO BE COMPLETED]
• Payments: direct bank transfers only
• Email: [TO BE COMPLETED]
• Analytics: [TO BE COMPLETED]
• Payments: direct bank transfers only
6. Retention Periods
• Enquiries (no booking): 2 years
• Booking data: 5 years (tax law)
• Marketing: until consent withdrawn
• Cookies: see Cookie Policy
• Booking data: 5 years (tax law)
• Marketing: until consent withdrawn
• Cookies: see Cookie Policy
7. Your Rights
Under GDPR (Art. 15–22): access, rectification, erasure, restriction, portability, objection, withdraw consent.
Requests: ibistours@gmail.com
8. Complaints
ANSPDCP — www.dataprotection.ro
9. Security
HTTPS/TLS, access controls, secure hosting.
10. Changes
This policy may be updated. Last modification date is shown at the top.