Privacy & Cookies (GDPR)

Your privacy is important to us. These cards explain, in simple language, how we collect and use personal data, how cookies work on our site, and what rights you have under the General Data Protection Regulation (GDPR).

Data Bookings

Personal Data We Collect

Only what we need to deliver your stay.

Contact details: name, email address, phone number.
Booking details: dates of stay, room type, preferences and special requests.
Communication: messages sent via forms, email or feedback.
Technical data: IP address (often truncated), browser type, device and pages visited.

GDPR Lawful

Legal Bases for Processing

Why we are allowed to use your data.

Contract – to process enquiries and reservations, and to communicate about your stay.
Consent – for analytics cookies, marketing and newsletters.
Legitimate interests – to keep our website secure and to understand how it is used.
Legal obligations – accounting, invoicing and compliance with regulations.

Cookies Choices

Cookies & Consent

Control which cookies are used.

Necessary cookies keep the site and booking engine working and cannot be disabled.
Analytics / marketing cookies are used only after you give consent in the cookie banner.
You can change or withdraw your choices at any time using the cookie settings link.

Analytics Insights

Analytics

Understanding how our website is used.

When enabled, we use privacy-friendly analytics tools.
IP addresses are anonymised where technically possible.
Data is aggregated and used only to improve content and usability.

Limited Protected

Data Sharing & Transfers

We never sell your personal data.

We share data only with trusted providers: hosting, booking and payment services.
Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or similar safeguards.
Access is limited to what is necessary for each service.

Retention

Data Retention

How long we keep your information.

Booking and invoicing records are kept for up to 6 years (for legal/accounting purposes).
Contact form messages are usually kept for 12 months.
Analytics data is kept between 6–14 months, depending on the tool.
Server security logs are kept for up to 90 days.

Rights Control

Your GDPR Rights

You remain in control of your personal data.

Right to access the data we hold about you.
Right to correct inaccurate or incomplete data.
Right to request deletion (“right to be forgotten”) where applicable.
Right to restrict or object to certain types of processing.
Right to data portability in a structured, commonly used format.
Right to withdraw consent at any time for consent-based processing.

Request my data

Security Care

Security & Children

Protecting your data and your family.

We use HTTPS encryption, access controls and secure configurations.
We regularly review our technical and organisational security measures.
Our services are not directed at children under 16 and we do not knowingly collect their data without parental consent.

Contact Updates

Contact & Policy Updates

Talk to us anytime.

Data Controller: Turism Regard SRL (Akasha Retreat), 187 Strada Principală, Sat Peștera, Moieciu, 507136, Romania.
Email for privacy requests: privacy@akasha.com.ro.
We may update this Privacy & Cookies Policy from time to time; the latest version is always available on this page.