Privacy Policy

Last updated: January 2025

1. Data Controller

Avangarde Tourism (“we”, “us”, “our”) is the data controller responsible for your personal data. We are committed to protecting your privacy and processing your data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian data protection law.

Data Controller: Avangarde Tourism
Address: Bd. Maraști 59, Bucharest, Romania
Email: contact@avangardetourism.com
Phone: +40 75 955 7601

2. Personal Data We Collect

Depending on how you interact with our platform, we may collect the following categories of personal data:

  • Identity data: full name, username, date of birth, nationality, passport number.
  • Contact data: email address, phone number, postal address, city, country.
  • Account data: encrypted password, account role, registration date, profile photo.
  • Travel preferences: preferred destinations, dietary needs, travel preferences, emergency contact.
  • Business data (Providers): company name, tax ID, company address, website, bank details (IBAN, bank name, SWIFT).
  • Transaction data: bookings, payments, invoices, vouchers used.
  • Technical data: IP address, browser type, device information, session tokens.
  • Communication data: messages sent through our platform's chat and messaging features.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Creating and managing your account on the platform.
  • Processing bookings, payments, and issuing invoices.
  • Providing customer support and responding to enquiries.
  • Sending booking confirmations and important service notifications.
  • Sending promotional communications and newsletters (only with your consent).
  • Improving our platform functionality and user experience.
  • Complying with legal and regulatory obligations.
  • Preventing fraud and ensuring the security of the platform.

4. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): processing necessary to provide you with travel services and manage your account.
  • Legal obligation (Art. 6(1)(c)): processing required to comply with Romanian and EU law (e.g., invoicing, tax obligations).
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, platform security, and improving our services.
  • Consent (Art. 6(1)(a)): marketing communications and newsletter subscriptions, which you may withdraw at any time.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected or as required by law. Account data is retained for the duration of the account and for a period of 3 years following account closure. Financial and transaction records are retained for 10 years in accordance with Romanian fiscal legislation. Marketing data is retained until you withdraw your consent.

6. Sharing Your Data

We may share your personal data with:

  • Travel service providers: hotels, airlines, and other providers necessary to fulfil your booking.
  • Payment processors: to securely handle transactions.
  • IT and hosting providers: who process data on our behalf under strict data processing agreements.
  • Legal and regulatory authorities: where required by law.

We do not sell your personal data to third parties. All third-party processors are bound by GDPR-compliant data processing agreements.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data where there is no compelling reason for its continued processing.
  • Right to restriction: request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at contact@avangardetourism.com. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.

8. Cookies

We use essential cookies to maintain your session and ensure platform security. With your consent, we may also use analytical and marketing cookies to improve our services. You may control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the platform.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Passwords are stored using industry-standard bcrypt hashing. All data transmissions are encrypted using TLS. Access to personal data is restricted to authorised personnel only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. The date of the latest revision is always shown at the top of this page.

11. Contact

For questions, concerns, or to exercise your data rights, contact us at:
Avangarde Tourism - Data Protection
Bd. Maraști 59, Bucharest, Romania
Email: contact@avangardetourism.com
Phone: +40 75 955 7601

Avangarde Agent

Hello! I'm Avangarde Agent, your virtual assistant. How can I help you today?