Privacy Policy

Mon Voyage SH.P.K. ("Mon Voyage", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under applicable data protection law — including the EU General Data Protection Regulation (GDPR) where applicable. By using our website or making a booking, you acknowledge this Privacy Policy. If you do not agree, please do not use our services. Data Controller: Mon Voyage SH.P.K., Rruga Ismail Qemali, Tirana, Albania Contact: privacy@monvoyage.al

We collect the following categories of personal data: Personal identification data • Full name, email address, phone number, country of residence • Passport/ID details where required for certain tours or border crossings Booking data • Tour selection, departure date, group composition • Special requirements (dietary, accessibility, medical notes you choose to share) • Payment information (card details are processed by Stripe and never stored on our servers) Technical data • IP address, browser type and version, device type • Pages visited, time spent, referring URL • Cookies and similar tracking technologies (see Cookie Policy below) Communications • Content of emails, chat messages, or contact form submissions you send us We do not intentionally collect data from children under 16. If you are under 16, a parent or guardian must make the booking on your behalf.

We process your personal data for the following purposes: Processing and managing bookings (Legal basis: Contract) • Sending booking confirmations, vouchers, and pre-departure information • Managing your itinerary, accommodation, and transport arrangements Customer communications (Legal basis: Legitimate interest / Consent) • Responding to enquiries • Sending review requests after a completed tour • Notifying you of booking changes or emergencies Marketing (Legal basis: Consent) • Sending newsletters, offers, and travel inspiration — only if you opt in • You can unsubscribe at any time via the link in any marketing email Legal compliance (Legal basis: Legal obligation) • Maintaining records required by Albanian tax and company law • Responding to lawful requests from authorities We do not use your data for automated decision-making or profiling that produces legal effects.

We share your personal data only where necessary: Service providers (data processors) • Stripe — payment processing (PCI DSS compliant, data processed in the EU/US) • Resend — transactional email delivery • Supabase — secure cloud database (data stored in EU data centres) • Cloudinary — image hosting (no personal data stored) Tour operations • Local guides, accommodation providers, and transport operators receive your name and booking details to facilitate your tour. They are bound by confidentiality. Legal requirements • We may disclose data to government authorities if required by law, a court order, or to protect the safety of persons. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

We retain your personal data for the following periods: • Booking records and financial transactions: 7 years (Albanian legal requirement) • Account data (if you create an account): Until you delete your account, plus 30 days • Marketing consent and email history: Until you withdraw consent, plus 1 year • Website analytics (anonymised): 26 months When data is no longer required, it is securely deleted or anonymised.

Under GDPR and applicable Albanian data protection law, you have the following rights: Right of access — Request a copy of the personal data we hold about you. Right to rectification — Ask us to correct inaccurate or incomplete data. Right to erasure ("right to be forgotten") — Request deletion of your data, subject to legal retention requirements. Right to restriction — Ask us to limit how we process your data in certain circumstances. Right to data portability — Receive your data in a machine-readable format. Right to object — Object to processing based on legitimate interests, or to direct marketing at any time. Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing. To exercise any of these rights, email privacy@monvoyage.al. We will respond within 30 days. You also have the right to lodge a complaint with the Albanian Information and Data Protection Commissioner (IDP) or your local supervisory authority.

We use the following types of cookies: Essential cookies — Required for the website to function (session management, security, language preference). Cannot be disabled. Analytics cookies — Help us understand how visitors use the site (page views, traffic sources). We use anonymised analytics and you can opt out. Marketing cookies — Only set if you consent to marketing communications. You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to book tours.

Mon Voyage is based in Albania, which is recognised by the EU as providing adequate data protection (adequacy decision). Some of our service providers (e.g., Stripe) may process data in the United States under the EU–US Data Privacy Framework or Standard Contractual Clauses. We ensure appropriate safeguards are in place for all international transfers.

We implement industry-standard security measures including: • HTTPS encryption on all pages • Stripe's PCI DSS Level 1 certified payment processing (we never see or store raw card numbers) • Row-level security on our database • Regular security reviews No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at security@monvoyage.al.

We may update this Privacy Policy from time to time. The "last updated" date at the top will reflect the most recent revision. For material changes, we will notify registered users by email. Continued use of our services after a policy update constitutes acceptance of the revised policy. Last updated: 1 April 2026 Contact: privacy@monvoyage.al | Mon Voyage SH.P.K., Rruga Ismail Qemali, Tirana, Albania