Privacy Policy

Introduction

Beautiful Albania (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (https://beautifulalbania.al) or our services. It also outlines your rights under the EU General Data Protection Regulation (GDPR) and how you can exercise those rights. By using our website or providing your information, you agree to the terms of this Privacy Policy.

Personal Data We Collect

We collect personal data to provide you with our tour services and improve your experience on our site. The types of personal information we may collect include:

• Contact Information: When you fill out a contact form or inquire about a tour, we may collect your name, email address, phone number, and any other information you provide.
• Inquiry and Booking Details: If you request information or book a tour, we collect details related to your request (e.g. travel dates, group size, preferences) and any personal data needed to organize the tour.
• Comments: If you leave comments on our blog posts, we collect the information you enter in the comments form (such as your name, email, and comment content). We also capture your IP address and browser user agent string to help filter out spam. If you use the Gravatar service for your avatar, an anonymized hash of your email may be shared with Gravatar (operated by Automattic Inc.) to retrieve your profile image.
• Payment Information: When you make a payment for a tour or service, payments are processed through third-party providers (like PayPal). We do not receive or store your full credit card details. We may receive confirmation of payment and basic transaction details from the payment provider (such as your name, email, and the payment amount).
• Device and Usage Data: When you visit our site, we automatically collect certain data through cookies and similar technologies. This may include your IP address, browser type, device information, pages you visit, and how you interact with the site. This information helps us understand how our website is used and enables us to improve its performance.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather information about how you use our site. Cookies are small text files stored on your device by your web browser. We use the following categories of cookies:

• Necessary Cookies: These cookies are essential for the website to function properly. They remember your preferences and enable core features (for example, session cookies that keep you logged in or remember items in a booking cart). We may set these cookies without your consent, as they are needed for the service you request.
• Analytics Cookies: We use analytics/statistics cookies to understand how visitors use our website (for example, which pages are visited most often, how users navigate the site). This helps us optimize our website and improve user experience. We only set analytics cookies if you consent to them. Any data collected via these cookies is used in aggregate form or anonymized for statistical purposes.
• Marketing and Social Media Cookies: Marketing or tracking cookies may be used to create user profiles, display relevant advertisements, and enable social media features. For instance, if we display content from social networks (like Facebook or Instagram) or use advertising pixels, those services may set cookies to track your activity. We only use such cookies with your consent.

When you first visit our site, you will see a cookie consent notice. You can choose which optional cookies to allow. You can change your cookie preferences at any time by using our website’s cookie settings or through your browser settings. Please note that disabling certain cookies (especially necessary cookies) may affect the functionality of the site. For more detailed information on the cookies we use, please see our Cookie Policy.

How We Use Your Personal Data

We use the collected personal data for the following purposes:

• To Provide Services: We process your information to respond to your inquiries, plan and arrange your tours, and deliver the travel services you request. For example, we use your contact and booking details to communicate with you and organize your tour itinerary.
• To Process Transactions: If you make a payment or booking, we use your information to process the transaction (through our payment provider) and to confirm your purchase or reservation.
• To Communicate with You: We may use your contact details to send you important updates or responses. For example, we will email or call you to confirm tour details, respond to your questions, or provide customer support. If you have opted in to receive marketing communications (such as a newsletter), we will use your contact information to send you news or promotions – and you can opt out of these at any time.
• To Improve Our Website and Services: We use usage data and analytics to understand how our site is used and to improve its layout, content, and functionality. This helps us enhance user experience and tailor our offerings to what users find most useful.
• To Ensure Security and Prevent Fraud: We use certain data to protect our website, our business, and our users. For instance, IP addresses and cookie data are used to detect and prevent malicious activity. We also use Google reCAPTCHA on our forms to block spam and automated abuse, which helps keep our site secure.
• To Comply with Legal Obligations: In some cases, we need to process and retain data to meet legal and regulatory requirements. For example, we keep transaction records for accounting/tax purposes and may disclose information if required by law or a valid legal process.

We do not sell your personal data to third parties. We only share your information with third parties in the ways explained in this policy – for example, with service providers or partners who help us deliver our services, or if we are legally required to do so.

Third-Party Services and Data Sharing

Our website integrates several third-party services and content to function effectively and provide you with a rich experience. These third parties may collect certain personal data (such as your IP address or set cookies) when you interact with our site. Below is a list of the third-party services we use, what we use them for, and how they handle data:

• Google Fonts: We use Google Fonts to display consistent and attractive fonts on our website. When our site loads, your browser connects to Google’s servers to fetch font files, which may result in Google receiving your IP address and browser info. Google Fonts usage is covered by Google’s Privacy Policy.
• Google reCAPTCHA: We implement Google reCAPTCHA on our forms (e.g. the contact form) to prevent spam and automated abuse. reCAPTCHA analyzes user behavior (such as mouse movements or answering a challenge) to determine if you’re a real user. In doing so, it may collect hardware and software information (like device and application data) and send it to Google for analysis. This service is subject to Google’s Privacy Policy.
• Google Maps: Some pages include embedded Google Maps to show locations (for example, our office address or tour destinations). If you view or interact with an embedded map, Google may collect data such as your IP address and any location information you choose to share. Google Maps is governed by Google’s Privacy Policy.
• YouTube: We might embed YouTube videos on our site (for example, to showcase tour highlights). Playing these videos may set YouTube cookies and allow Google/YouTube to collect usage data (such as which video was watched and your IP address). Any data collected is handled according to Google’s Privacy Policy.
• PayPal: For secure online payments, we use PayPal as our payment gateway. When you choose to pay via PayPal, you will be redirected to PayPal’s platform. Any personal and financial information you provide during payment (such as credit card details or PayPal login) is collected and processed by PayPal on their secure system. PayPal shares with us only the information needed to confirm the transaction (like your name, email, and payment status). PayPal handles your data in line with the PayPal Privacy Policy.
• Facebook and Instagram Plugins: Our site may feature social media plugins or content from Facebook and Instagram (both operated by Meta Platforms, Inc.), such as an embedded feed, “Like” button, or share buttons. When you visit a page with these features, your browser connects to Facebook/Instagram’s servers and may load cookies from these services. This means those platforms might receive information about your visit to our site (for example, your IP address and the fact that your browser visited our website). If you are logged into Facebook or Instagram, they could associate your site visit with your profile. These social media features are governed by Facebook’s data policy. For more details, please refer to Facebook/Instagram’s Data Policy.
• WhatsApp: We offer a WhatsApp chat link or widget for customer support and inquiries. If you contact us via WhatsApp, you will be using the WhatsApp application or web interface. WhatsApp (also owned by Meta) will process your phone number, message contents, and any other information according to its own privacy terms. We will receive the information you choose to send via WhatsApp (such as your name and message content) and use it to assist you. WhatsApp’s handling of your data is described in the WhatsApp Privacy Policy.
• Gravatar: As mentioned under Comments above, if you use Gravatar for your profile picture, the Gravatar service (run by Automattic) receives a hashed version of your email address to check for an associated avatar. If you have a Gravatar profile image, it may be displayed next to your comment on our site. Gravatar’s use of your data is governed by the Automattic Privacy Policy.

Each of these third-party services has its own privacy policy and may process your personal data according to their terms. We encourage you to review the privacy policies of these providers to understand how they handle your information. We only integrate third-party content or services that we trust and that are necessary for our website’s functionality or our business operations.

Data sharing with service partners: In addition to the above, if you book a tour with us, we may need to share certain personal details with our trusted partners or suppliers to fulfill your booking. For example, we might provide your name to a hotel or local tour guide as part of arranging your travel accommodations or activities. We only share the data that is necessary for the service, and we ensure that our partners handle your information securely and in compliance with privacy laws.

Please note that some of these third-party providers may be located in countries outside the European Economic Area (EEA). For instance, Facebook, Instagram, and WhatsApp may process data on servers in the United States. If your personal data is transferred to a country with different data protection standards, we will ensure that appropriate safeguards are in place. For example, we may require these providers to sign agreements that commit them to protect your information to EU privacy standards (using standard data protection clauses).

Data Storage and Security

We take appropriate measures to secure your personal data and protect it from unauthorized access, alteration, disclosure, or destruction. Personal data you provide to us is stored on secure servers, and we use encryption (such as SSL/TLS) to protect data transmitted between your browser and our website. We also restrict access to personal information to authorized personnel who need it to perform their duties.

We will store your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements. For example:

• If you contact us with an inquiry but do not ultimately book a service, we will retain your information for a reasonable period to follow up with you and then delete it when it’s no longer needed.
• If you book a tour or service with us, we will retain your personal data for as long as needed to manage your booking and provide the service. After the service is completed, we may keep certain information (such as invoices, transaction records, and basic contact details) for a period required by law (for example, for tax and accounting records) or to address any post-trip questions or issues.
• Comments that you post on our website may remain visible on our site indefinitely, unless you request their removal or we delete them as part of website maintenance. You can contact us if you wish to update or remove a comment you have posted.
• Cookie and analytics data is retained according to the lifespan of each cookie (see our Cookie Policy for specific cookie durations). Analytics data may be stored in aggregate form for longer periods to help us analyze trends over time.

While we strive to protect your information, please be aware that no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. In the unlikely event of a data breach that affects your personal data, we will notify you and the appropriate authorities as required by applicable law.

Your Rights Under GDPR

If you are in the European Union or EEA, you have certain rights regarding your personal data under the GDPR. We are committed to upholding these rights for all users where applicable. These include:

• Right to Be Informed: You have the right to know why and how we are collecting and using your personal data, and this Privacy Policy aims to provide that information.
• Right of Access: You have the right to request access to the personal data we hold about you and to obtain a copy of that data.
• Right to Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data we have about you.
• Right to Erasure: You have the right to request that we delete your personal data if it is no longer necessary for us to keep it, or if you withdraw your consent (in cases where consent is the legal basis for processing). This is sometimes called the “right to be forgotten.” Keep in mind we might need to retain certain information for legal obligations or legitimate interests (for example, we may retain transaction records even if you request deletion, where required by law).
• Right to Data Portability: You have the right to request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to ask us to transfer this data to another service provider if technically feasible.
• Right to Object: You have the right to object to our processing of your personal data in certain circumstances. For instance, you can object to processing that is based on our legitimate interests, including profiling, or to direct marketing. If you object to direct marketing, we will stop using your data for that purpose immediately.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. For example, you might request restriction if you contest the accuracy of your data or if you want us to preserve data while you establish, exercise, or defend a legal claim. When processing is restricted, we can still store your data but will not use it for other purposes without your consent (except for storage or as needed for legal claims).
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can withdraw your consent for marketing emails by unsubscribing, or revoke consent for optional cookies via our cookie settings. Withdrawing consent will not affect the lawfulness of any processing we conducted before your withdrawal.
• Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with a supervisory authority (a Data Protection Authority). You can do this in the EU member state where you reside, where you work, or where the alleged infringement occurred. For instance, if you are in Albania or the issue relates to our operations in Albania, you may contact the Albanian Data Protection Commissioner. We would appreciate the chance to address your concerns directly, so we encourage you to contact us first with any complaint, and we will do our best to resolve it.

To exercise any of these rights, please contact us using the contact details provided below. We may ask you to verify your identity (to ensure we don’t disclose your data to someone else). We will respond to your requests as soon as possible, and at least within one month as required by GDPR, unless the request is complex (in which case we may extend the deadline by up to two further months and will inform you of the extension).

Contact Us (Data Controller Information)

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and address any privacy-related issues you may have.

Data Controller: Beautiful Albania (Tour Operator)
Address: Durres Street, Tirana, Albania, 1001
Email: info@beautifulalbania.al
Phone: +355 68 56 81 759

You can reach out to us by email or phone for any privacy inquiries, such as questions about your data, requests to exercise your rights, or to withdraw consent. We will respond promptly to assist you.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing laws, regulations, or business needs. When we update the policy, we will post the new version on this page and update the “Last updated” date below. If changes are significant, we may also notify you by email or through a notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Last updated: March 29, 2025