Privacy Policy
We process only the data required for booking, communication and legal compliance.
Last updated: March 26, 2026
Data Subject Rights
- Access, rectification, deletion/anonymization, restriction, portability, and objection rights are supported.
- DSAR requests are handled via dashboard tools and support channels with 30-day SLA workflow.
- Rights requests and privacy complaints can be sent to: booking legal contact (/contact)
Legal Bases and Retention
- Contract performance, legal obligation, legitimate interest, and consent are used as applicable legal bases.
- Retention categories: accounting/reservation records (up to 10 years, where required), support records (up to 3 years), marketing consent records (up to 24 months), security/operational logs (up to 12 months), subject to applicable law.
- Deletion requests apply anonymization where legal retention is required.
Jurisdiction Coverage
- This booking policy framework is prepared for MK, EU/EEA, UK, US, and Canada operations.
- Platform-level policy templates are locked and booking operators cannot override required legal clauses.
- Controller identity is injected from verified organization legal profile data.