Privacy

Vela e Bardhë Effective date: 25/05/2026 Version: 1.0 1. Who we are This Privacy Policy explains how Vela e Bardhë, with NUIS L26904204B, and main address at Vlorë, Himarë, Dhërmi, Rruga e Kampit, Lagjja Kampi i Ri, Objekt Nr.10, Albania, collects, uses, stores, and protects personal data when users visit or use our online platform. Our platform allows users to book rooms, reserve restaurant tables by areas, book or purchase tickets for events, purchase selected physical products for pickup, and allows authorized administrators and staff to manage these services. For any privacy-related question, you may contact us at: Email: book.vela@hotmail.com Phone: 0692495207 Website: https://velaebardhe.com 2. What personal data we collect We may collect personal data when you use our platform, make a booking, place an order, submit forms, communicate with us, or use our online services. The data we may collect includes: 2.1 Identification and contact data First name Last name Phone number Email address Country/city, where requested Notes or special requests submitted by you during a booking or order 2.2 Room booking data Check-in date Check-out date Number of adults Number of children Selected room or apartment Price, taxes, fees, and total amount Booking status Special guest requests 2.3 Table reservation data Reservation date and time Selected area/zone Number of guests Customer name, phone, and email Reservation status Customer notes 2.4 Event booking data Selected event Number of tickets Buyer name and contact details Price and payment status Generated PDF ticket or confirmation 2.5 Physical product order data Selected products Quantity Product variant, where applicable Customer details Order status Pickup information 2.6 Payment data If you make an online payment, payment-related data may be processed, including: Payment amount Currency Payment status Transaction reference Payment method We do not store full card numbers or CVV codes on our servers. Card payments are processed by authorized payment service providers. 2.7 Technical data When you use the platform, we may automatically collect: IP address Device type Browser Operating system Date and time of access Pages or sections visited Technical logs for security and functionality 2.8 Administrator and staff data For internal platform users, we may collect: Name Email User role Actions performed in the admin panel Login/logout activity Changes made to bookings, products, events, prices, or settings 3. How we use your data We use personal data for the following purposes: To enable room bookings To manage restaurant table reservations To process event bookings and ticket purchases To process physical product orders To send email confirmations To generate PDF tickets or confirmations To process payments To notify customers about booking or order status To manage availability, pricing, taxes, and fees To provide customer support To prevent abuse, fraud, or unauthorized access To improve the platform’s functionality, security, and quality To comply with legal, tax, accounting, or regulatory obligations 4. Legal basis for processing We process personal data based on one or more of the following legal grounds: Performance of a service or contract, when you make a booking, order, or payment Legitimate interests, for security, administration, and improvement of the platform Legal obligations, where data must be kept for tax, accounting, or regulatory reasons Consent, where required for marketing communications, non-essential cookies, or optional features 5. Payments Online payments may be processed by external banking or payment service providers. These providers may process the data necessary to authorize and confirm the payment. We do not access or store the full card number, CVV, or other sensitive card details. If a payment fails, is cancelled, or is declined, the booking or order may remain unconfirmed until the payment is successfully completed or manually approved by an administrator. 6. Emails and notifications We may send you emails for: Booking confirmation Booking status updates Order confirmation Event ticket confirmation Practical service-related information Necessary administrative communication If marketing communications are enabled in the future, they will only be sent where there is a valid legal basis or your consent, where required. 7. Cookies and similar technologies The platform may use cookies or similar technologies for: Technical website functionality Preference storage Session security Analytics and performance improvement Measuring platform usage Essential cookies are used for the platform to function properly. Non-essential cookies, such as analytics or marketing cookies, may be activated depending on platform settings and, where required, your consent. 8. Who we share data with We may share personal data only when necessary and in line with this Privacy Policy, with: Hosting and infrastructure providers Database and server providers Payment service providers Email/SMTP providers Technical maintenance providers Legal, financial, or accounting advisers, where necessary Public authorities, where required by law We do not sell users’ personal data. 9. International data transfers Some technical providers or third-party services may operate outside Albania or outside the European Economic Area. In such cases, we use appropriate safeguards for the storage and transfer of personal data. 10. How long we keep data We retain personal data only for as long as necessary for the purposes for which it was collected, including: Managing bookings and orders Providing services Meeting legal, tax, and accounting obligations Security and abuse prevention Resolving disputes Data that is no longer needed will be deleted, anonymized, or securely archived, as applicable. 11. Data security We use technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or misuse. These measures may include: Restricted access for authorized users only Secure passwords and hashing User roles and permissions Data validation and controls Secure server configuration Backups, where applicable Monitoring of errors and suspicious activity However, no online system can guarantee absolute security. 12. Your rights Depending on applicable law, you may have the right to: Request access to your personal data Request correction of inaccurate data Request deletion of data, where permitted Request restriction of processing Object to the processing of your data Request data portability Withdraw consent, where processing is based on consent File a complaint with the competent data protection authority To exercise these rights, you may contact us at: Email: book.vela@hotmail.com 13. Minors The platform is not intended for use by children without the supervision or approval of a parent/legal guardian where required. If we become aware that we have collected personal data from a minor without a valid legal basis, we will take steps to delete or restrict that data. 14. Administrator and staff accounts The administrative part of the platform is intended only for authorized users. Administrators and staff members are responsible for keeping their credentials secure and must not share them with unauthorized persons. Activity in the admin panel may be logged for security, audit, and operational management purposes. 15. Links to other websites The platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We recommend that you read their privacy policies. 16. Changes to this Privacy Policy We may update this Privacy Policy from time to time. The updated version will be published on the platform with the relevant effective date. 17. Contact For questions, requests, or complaints regarding privacy and personal data, you may contact us at: Vela e Bardhë NUIS: L26904204B Address: Vlorë, Himarë, Dhërmi, Rruga e Kampit, Lagjja Kampi i Ri, Objekt Nr.10, Albania Email: book.vela@hotmail.com Phone: 0692495207 Website: https://velaebardhe.com