Privacy Policy

Last updated: 12 April 2026

Important notice: This document is an initial draft and must be reviewed by legal counsel before launch.

1. Data Controller

The controller of the personal data collected through the kairos-travel.ro website is Kairos Biblical Trips, a faith-based travel agency operating since 2016, based in Deva, Hunedoara County, Romania.

You can reach us at the contact details displayed at the bottom of this document.

2. Data We Collect

We only collect personal data that you voluntarily provide when you fill in a form on our site or contact us directly. This typically includes:

  • First and last name
  • Email address
  • Phone number
  • Your message (questions, travel preferences, notes)
  • The name of the trip you are interested in and any booking details (when you complete our booking form)

We do not automatically collect sensitive data (religious beliefs, health information, bank details) through our public forms. If additional data is required for a confirmed booking (for example, a passport scan to issue tickets), we will request it separately through secure channels, with your explicit consent.

3. Purpose of Processing

We use your data strictly to:

  • Reply to the questions and requests you send us
  • Manage bookings for trips organised by Kairos Biblical Trips
  • Share logistics, itinerary details, and practical information before, during, and after the trip
  • Issue the accounting and tax documents required by law
  • Improve our services based on the feedback you share

We do not use your data for automated marketing and we never sell it to third parties.

4. Legal Basis

Under Regulation (EU) 2016/679 (GDPR), we rely on the following legal bases:

  • Your consent (art. 6(1)(a)) when you fill in a form or send us a message.
  • Performance of a contract (art. 6(1)(b)) to manage confirmed bookings and trips.
  • Legal obligation (art. 6(1)©) to retain accounting and tax records.
  • Legitimate interest (art. 6(1)(f)) to respond to a commercial enquiry you initiated.

5. Retention Periods

We keep your data only for as long as necessary for the stated purposes:

  • Contact messages without a booking: up to 3 years from the last interaction, so we can resume the conversation if you ask about another trip.
  • Booking and contractual records: up to 10 years, as required by Romanian tax and accounting law.
  • Consent for communications: until you withdraw it, or 3 years from the last interaction — whichever comes first.

Once the retention period ends, the data is securely deleted or anonymised.

6. Recipients

Your data may be accessed by the following categories of recipients, strictly for the purposes above:

  • Netlify Forms — the hosting platform that processes forms submitted via the site.
  • Google Analytics — only if you consent via our cookie banner, for aggregated usage statistics.
  • Local tour partners (hotels, transport companies, local guides) — who receive only the minimum data required (name, and passport details where applicable) to confirm your booking.
  • Public authorities — only as required by law (for example, the Romanian tax authority ANAF).
  • Our accounting and legal advisors, bound by confidentiality.

7. International Transfers

Some of our technical providers (Netlify, Google) are US-based companies. Transfers to these providers are carried out under safeguards approved by the European Commission, in particular the EU-U.S. Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the EU.

Certain trips also require transmitting limited data (name, passport copy) to partners in the destination country (Israel, Turkey, Greece, Egypt, Italy), strictly for the performance of your travel contract.

8. Your Rights

As a data subject under the GDPR, you have the right to:

  • Access — know what data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure (“right to be forgotten”) — except for data we are legally required to retain.
  • Restriction of processing.
  • Data portability — receive your data in a structured, commonly used format.
  • Object to processing based on legitimate interest.
  • Withdraw your consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) — www.dataprotection.ro.

To exercise any of these rights, email us at the address shown at the bottom of this page. We will reply within 30 days.

9. Cookies

The site uses a minimal number of cookies. For full details, see our Cookie Policy.

10. Security

We apply reasonable technical and organisational measures to protect your data: HTTPS across the site, restricted access to form submissions, strong passwords for admin accounts, and hosting providers with recognised security certifications. No internet transmission can be guaranteed 100% secure, and some residual risk remains.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our services or in legal requirements. Any update will be published on this page and the date at the top will be revised. Please check this page from time to time.

12. Contact for GDPR Requests

For any question, request, or complaint regarding the processing of your personal data, contact us at the email, WhatsApp, or postal address displayed in the site footer.

← Back to home