TRVL

Privacy & Personal Data Protection Policy

Last Updated: January 11, 2026

1. Introduction

At TRVL, your trust is our priority. This Policy transparently explains how we collect, process, and safeguard your personal data, in full compliance with the EU General Data Protection Regulation (GDPR).

2. Categories of Data We Collect

  • Identification Data: Full name, email address, phone number.
  • Booking Data: Booking history, travel dates, special preferences, and accommodation details.
  • Payment Data: TRVL does not store card details. All transactions are processed by Stripe in accordance with PCI-DSS security standards.
  • Technical Data: IP address, browser type, device identifiers, and cookie data to improve navigation.

3. Legal Basis and Processing Purposes

We process your data only when:

  • It is necessary for the performance of the contract (e.g., completing a booking).
  • We have your explicit consent (e.g., to send newsletters).
  • There is a legitimate interest (e.g., fraud prevention, improving user experience).
  • There is a legal obligation (e.g., tax regulations).

4. Data Sharing with Third Parties

Your data is shared exclusively with:

  • The Accommodations you select, to complete the booking.
  • Service Providers (e.g., Stripe for payments, cloud hosting services).
  • Public Authorities, if required by law.

TRVL does not sell or rent your personal data to advertising companies.

5. International Transfers

If any provider or accommodation is located outside the European Economic Area (EEA), we ensure that the transfer is made with the necessary safeguards (e.g., EU Standard Contractual Clauses).

6. Retention Period

We retain your data only for as long as necessary to serve the purposes mentioned above or to comply with legal limitation periods and tax obligations (typically up to 5-10 years depending on local legislation).

7. Cookie Policy

We use cookies to personalize content and analyze site traffic. You can manage your preferences through your browser settings or our platform's banner.

8. Your Rights (GDPR)

As a data subject, you have the following rights:

  • Access & Rectification: To know what we hold and to correct it.
  • Erasure (Right to be Forgotten): To request deletion of your data.
  • Portability: To receive your data in digital format.
  • Objection & Restriction: To withdraw your consent or request restriction of processing at any time.

9. Data Security

We implement advanced technical measures, including SSL/TLS encryption, pseudonymization, and periodic vulnerability audits, to protect your information from unauthorized access.

10. Contact & Data Protection Officer (DPO)

To exercise your rights or for any inquiries, you can contact us directly:

Email: welcome@trvl.gr

Subject: Attention Data Protection Officer