1.1. This Privacy Policy (hereinafter referred to as the “Policy”) regulates the procedure for processing and protecting the personal data of individuals (hereinafter referred to as the “User”) transferred to LUNAVI.TRAVEL (hereinafter referred to as the “Company”) when using the website https://lunavi.travel, booking forms, messengers, email, and other communication channels.
1.2. This Policy has been developed in accordance with the provisions of the General Data Protection Regulation (GDPR) of the European Union, as well as with applicable norms of international data protection law and the legislation of jurisdictions where the Company operates.
1.3. The purpose of this Policy is to protect the rights and freedoms of Users when processing their personal data, including the right to privacy and the protection of personal and family secrets.
1.4. The Company is the data controller, determines the purposes for processing, and is responsible for compliance with data protection laws.
1.5. For questions related to this Policy or exercising rights, the User may contact info@lunavi.travel or call +43 677 64318868.

2.1. The following terms are used in this Policy:
2.1.1. “User” means a natural or legal person using the Company's services. In the context of personal data processing, it refers to a natural person whose personal data are processed in connection with the use of the Company’s services, including representatives of legal entities.
2.1.2. “Company” means LUNAVI.TRAVEL, which determines the purposes and means of processing personal data and is responsible for compliance with applicable laws.
2.1.3. “Website” means the Company’s web resource at https://lunavi.travel, including its subdomains and functional sections.
2.1.4. “Messengers” means electronic applications used to communicate with the Company (including but not limited to: Telegram, WhatsApp, Instagram, Facebook Messenger, etc.).
2.1.5. “Processing of personal data” means any operation with personal data, including collection, storage, use, transfer, anonymization, and deletion, including by automated means.
2.1.6. “Personal data” means any information that directly or indirectly identifies an individual, including name, contact details, documents, payment information, and other data provided in the course of using the Company’s services.

3.1. By submitting an inquiry through the website forms, email, messengers, or phone, the User (natural person) provides informed and voluntary consent to the processing of their personal data in accordance with this Policy.
3.2. When services are ordered on behalf of a legal entity, consent is provided by the authorized representative regarding their own data and/or third-party data (e.g., employees or clients). The transfer of such data confirms the existence of legal grounds.
3.3. Personal data may also be processed on other lawful grounds, including the necessity of entering into or performing a contract with the User or their represented legal entity.
3.4. Data processing is carried out transparently and proportionately, using appropriate methods and technical means necessary for the stated purposes.
3.5. By giving consent, the User confirms that the data provided is accurate, relevant, and sufficient for processing purposes and that they have the right to share it.
3.6. The User consents to receive electronic, push, or other messages from the Company in connection with contract execution, as well as for marketing or informational purposes, unless otherwise provided by applicable law.
3.7. This Policy constitutes the entire agreement between the Company and the User concerning personal data processing and establishes applicable rules of interaction.

4.1. Personal data is processed to provide travel concierge services and related offerings, including communication with the User, booking arrangements, contract fulfillment, and technical support.
4.2. Depending on context, purposes may include:

• Informing the User about booking or request status;
• Marketing communication, including promotional messages;
• Service quality analysis and improvement;
• Fulfillment of legal or tax obligations.

4.3. Processing is carried out based on the following legal grounds:
4.3.1. User consent — when required by applicable law;
4.3.2. Necessity to enter into or perform a contract involving the User or the represented legal entity;
4.3.3. Legitimate interest of the Company — provided that such processing does not violate data subject rights (e.g., for security, fraud prevention, or process optimization);
4.3.4. Compliance with regulatory requirements in accounting, taxation, sanctions compliance, and other obligations under international and local laws.

5.1. Personal data is processed to the extent and for the duration necessary to achieve the purposes specified in Section 4, but no longer than justified by the nature and duration of the service.
5.2. Personal data is provided voluntarily via forms, messengers, email, or other channels. Data submission implies consent to this Policy.
5.3. The User may withdraw their consent at any time. Such withdrawal does not affect the lawfulness of prior processing but may prevent further service provision.
5.4. Data modification, deletion, or destruction is carried out upon a justified User request if permitted by applicable law. The Company may require identity verification.
5.5. Data deletion occurs:

• Upon User request;
• Upon expiration of the retention period;
• Upon termination of contractual relations;
• Upon other legal grounds.

5.6. The Company will notify the User within ten (10) business days about any data modification, deletion, destruction, or access restriction if such notice is required.
5.7. Processing is based on the principles of:

• Transparency and good faith;
• Proportionality to the stated purposes;
• Minimization of retention volume;
• Restricted access and ensured security.

5.8. The Company may transfer personal data:

• In cross-border transmissions (to the EU or other countries with adequate protection);
• To third parties involved in service provision (e.g., suppliers, hotels, carriers), under relevant agreements and only to the extent necessary.

5.9. Such third parties are required to comply with this Policy and applicable data protection laws.
5.10. The Company does not make decisions based solely on automated data processing that may have legal or other significant effects on the User.

6.1. The User (individual whose data is processed) has the following rights:
6.1.1. To receive information on the purposes, legal basis, scope, and duration of data processing, and on third parties to whom data may be disclosed.
6.1.2. To access their data and receive a copy in a structured, machine-readable format.
6.1.3. To request correction, update, restriction, or deletion of data if inaccurate, outdated, or unlawfully processed.
6.1.4. To object to processing based on the Company’s legitimate interests.
6.1.5. To withdraw consent at any time without providing reasons.
6.1.6. To object to direct marketing use, including email or messenger promotions.
6.1.7. To receive information on automated decision-making, including profiling, and to request human intervention.
6.1.8. To file complaints with a supervisory authority if rights are violated.

7.1. The Company implements technical, organizational, and legal measures to protect data from unauthorized access, alteration, disclosure, or destruction.7.2. Processing follows the principle of least access: only authorized personnel have access, to the extent necessary for duties.
7.3. The Company ensures:

• Regular risk assessments;
• Data encryption and secure transmission;
• Access control and user authentication;
• Antivirus protection and intrusion prevention;
• System activity monitoring;
• Data backups and recovery;
• Timely software and protection tool updates.

7.4. All employees handling personal data are trained and accountable for confidentiality.7.5. The Company regularly audits and adjusts security measures.

8.1. The Company reserves the right to amend this Policy unilaterally. The updated version is effective upon publication on the Website or user notification.
8.2. Continued use of the Company’s services after changes implies acceptance of the updated Policy.
8.3. The Company may send service or informational messages, including booking confirmations, reminders, technical updates, and marketing offers, unless the User has objected.
8.4. Any questions related to data processing or User rights can be sent to info@lunavi.travel or by phone at +43 677 64318868.
8.5. A list of services and conditions of use is available on the official website: https://lunavi.travel.