Privacy Policy

1. Data Controller

ASSIRAJ VOYAGES OÜ ("Assiraj Hotels", "we", "us"), a company registered in Estonia, is the data controller responsible for personal data processed via assirajhotels.com. Contact: privacy@assirajhotels.com.

2. Data We Collect

• Identity & contact: name, email, phone, address.
• Booking data: travel dates, guest names, special requests.
• Payment data: handled by PCI-DSS certified processors (Stripe, Airwallex, PayPal). We never store full card numbers.
• Technical data: IP address, browser, device, cookies.

3. Legal Basis & Purpose

We process your data to perform the booking contract, comply with legal obligations (tax, anti-fraud), and with your consent for marketing communications.

4. Sharing

We share booking data with the hotel partner and our supplier channels (Hotelbeds, Expedia, WebBeds) strictly to fulfil your reservation. We do not sell personal data.

5. Retention

Booking records are retained for 7 years to meet Estonian accounting law. Marketing data is retained until consent is withdrawn.

6. Your Rights (GDPR)

Access, rectification, erasure, restriction, portability, and objection. Contact privacy@assirajhotels.com. You may lodge a complaint with the Estonian Data Protection Inspectorate (AKI).

7. Cookies

Essential cookies operate the booking flow; analytics cookies (with consent) help us improve. Manage preferences in your browser settings.

8. International Transfers

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission.