Gray Line Romania

Privacy and Cookie Policy

Privacy and Cookie Policy

This Privacy and Cookie Policy explains how Gray Line Romania collects, uses, stores and protects personal data when you use our website, make a booking with us, contact us or use our services.

By using this website or making a booking with Gray Line Romania, you acknowledge that your personal data may be processed as described in this policy.

Who We Are

This website is owned and operated by GRAY LINE ROMANIA SRL, a company registered in Romania.

Company name: GRAY LINE ROMANIA SRL
Trade name: Gray Line Romania
Trade Register No.: J2022004099406
Fiscal Identification Code / CUI: 45738971
Registered office: Bdul. Tudor Vladimirescu 22, Green Gate Offices, 5th Floor, Office 526, Sector 5, Bucharest, Romania, 050883
Website: www.grayline.ro

For privacy or personal data requests, please contact us at: info@grayline.ro.

What Personal Data We Collect

Depending on how you interact with us, we may collect and process the following types of personal data:

  • full name;
  • email address;
  • phone number;
  • country or nationality, where relevant;
  • booking details;
  • number of participants;
  • selected tour, activity or service;
  • date of travel or service;
  • meeting point, pick-up point or accommodation address, where relevant;
  • payment status and transaction-related information;
  • invoice details, where required by law;
  • customer messages, requests, feedback or complaints;
  • special requests related to the operation of the service;
  • technical data related to website usage, such as IP address, browser type, device information and cookie identifiers.

We do not intentionally collect sensitive personal data unless it is necessary for the provision of a service, for safety reasons, or if you voluntarily provide such information to us.

How We Collect Personal Data

We may collect personal data when you:

  • use our website;
  • make a booking directly on www.grayline.ro;
  • contact us by email, phone, WhatsApp, SMS or other communication channels;
  • book one of our services through a third-party platform or booking partner;
  • complete a payment;
  • request customer support;
  • submit a complaint, review or feedback;
  • interact with cookies, analytics or similar technologies on our website.

Bookings made through our website are processed through our booking system, Bókun. Booking data received from third-party platforms may also be processed through Bókun for operational and reservation management purposes.

Why We Use Personal Data

We use personal data for the following purposes:

  • to process and manage bookings;
  • to confirm reservations;
  • to contact customers before, during or after the service;
  • to send meeting point, pick-up, schedule or operational updates;
  • to provide the booked tour, activity, transfer or transport service;
  • to coordinate with guides, drivers, tour hosts, subcontractors and operational partners;
  • to process payments;
  • to issue invoices and comply with accounting or tax obligations;
  • to respond to customer questions, complaints or support requests;
  • to manage no-shows, cancellations, rescheduling or refunds;
  • to improve our services and customer experience;
  • to protect the security and proper functioning of our website;
  • to analyze website traffic and performance;
  • to send marketing communications only where permitted by law or where consent has been provided;
  • to comply with legal obligations.

Legal Bases for Processing

We process personal data based on one or more of the following legal grounds:

  • performance of a contract, when processing is necessary to provide the service you booked;
  • legal obligation, when processing is required for tax, accounting, consumer protection or other legal purposes;
  • legitimate interest, for example to communicate with customers, manage operations, improve services, prevent fraud or protect our business;
  • consent, where required, for example for certain cookies, analytics or marketing communications.

Booking Data and Bókun

Gray Line Romania uses Bókun as a booking and reservation management system.

When you make a booking on our website, your booking data is processed through Bókun. Booking data received from third-party platforms or booking partners may also be transferred to or managed through Bókun.

This may include your name, contact details, booking reference, selected tour or service, date of travel, number of participants, pick-up or meeting point details and other information necessary to operate the service.

We use this data to manage reservations, organize tours, communicate with customers and coordinate operational details.

Payments and Stripe

Online payments made on our website may be processed through Stripe.

When you make a payment, payment information may be processed by Stripe in accordance with its own security standards and privacy policy.

Gray Line Romania does not store full card details on its own systems. We may receive limited payment-related information, such as payment status, transaction reference, amount paid, payment date and information needed for refunds, accounting or customer support.

Who We Share Personal Data With

We may share personal data only when necessary for the provision of our services, for operational purposes or to comply with legal obligations.

Personal data may be shared with:

  • guides, drivers, tour hosts and operational staff;
  • subcontracted transport providers or service partners;
  • booking and reservation systems, including Bókun;
  • payment processors, including Stripe;
  • third-party booking platforms and online travel agencies, where the booking was made through such platforms;
  • IT, hosting, website, email and communication service providers;
  • accounting, tax or legal service providers;
  • public authorities, if required by law.

We only share the data necessary for the relevant purpose.

For example, a guide, driver or subcontracted partner may receive the customer’s name, number of participants, phone number, pick-up details and relevant booking information in order to provide the booked service.

Bookings Made Through Third-Party Platforms

Some customers book Gray Line Romania services through third-party platforms or online travel agencies, such as Viator, GetYourGuide, Civitatis or other booking partners.

In such cases, the platform through which the booking was made may also act as an independent data controller and may process your personal data according to its own privacy policy.

Gray Line Romania may receive booking data from these platforms in order to provide the service, manage the reservation, contact the customer and coordinate operational details.

Booking data received from third-party platforms may also be processed through Bókun.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to ensure proper functionality, improve user experience, analyze website traffic and, where applicable, support marketing or advertising activities.

Cookies are small text files stored on your device when you visit a website. They help the website function properly, remember certain preferences, understand how visitors use the website and improve performance.

We use CookieScript to manage cookie consent on our website. Through the cookie banner or cookie settings tool, you can accept, reject or manage non-essential cookies, where available.

Types of Cookies We May Use

We may use the following categories of cookies:

Strictly necessary cookies

These cookies are required for the website to function properly. They may support basic functions such as page navigation, security, booking functionality or access to secure areas. These cookies cannot usually be disabled through the website.

Analytics and performance cookies

These cookies help us understand how visitors use our website, which pages are visited, how users interact with the site and how we can improve website performance.

We use Google Analytics for website traffic and performance analysis.

Functionality cookies

These cookies may allow the website to remember certain choices or preferences, where applicable.

Marketing and advertising cookies

We may use marketing or advertising cookies where permitted by law or based on your consent. These may be used to measure advertising performance, personalize advertising or create audiences for online advertising campaigns.

We may use, now or in the future, tools such as Google Ads and Meta Pixel / Facebook Pixel for advertising, remarketing or performance measurement, where permitted by law and based on your cookie choices.

The exact cookies used may vary depending on the website configuration and the third-party services active at a given time.

Managing Cookies

You can manage your cookie preferences through the CookieScript consent banner or cookie settings tool available on our website.

You can also control or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality or performance of the website.

For more information about managing cookies, you can consult the help section of your browser.

Google Analytics

We use Google Analytics to understand how visitors use our website and to improve our content, structure and performance.

Google Analytics may collect information such as pages visited, time spent on the website, device type, browser type, general location based on IP address and interactions with the website.

Where required by law, Google Analytics cookies will be used based on your consent.

Marketing Communications

We may send marketing communications only where permitted by law or where consent has been provided.

Marketing communications may include information about our tours, activities, offers, updates or relevant travel services.

You may opt out of marketing communications at any time by following the unsubscribe instructions included in the message, where available, or by contacting us at info@grayline.ro.

Service-related communications, such as booking confirmations, pick-up details, operational updates, payment information or important changes to your reservation, are not considered marketing communications and may still be sent when necessary for the provision of the booked service.

Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including the provision of services, customer support, accounting, tax, legal or reporting obligations.

Booking and transaction-related data may be retained for the period required by Romanian accounting, tax and consumer protection legislation.

Customer communication and support records may be retained for a reasonable period in order to manage inquiries, complaints, disputes or service history.

When personal data is no longer needed, it will be deleted, anonymized or securely archived, unless further retention is required by law.

International Data Transfers

Some of the service providers we use, such as booking systems, payment processors, analytics tools, communication tools or advertising platforms, may process data outside Romania or outside the European Economic Area.

Where such transfers take place, we rely on appropriate safeguards required by applicable data protection law, such as standard contractual clauses, adequacy decisions or other legally recognized transfer mechanisms.

Children’s Data

Our services may be booked for children only by an adult or legal guardian.

We may process limited information related to children when necessary for the booking and safe operation of a tour or activity, such as the number of children, age category or information relevant to participation.

We do not knowingly collect personal data directly from children for marketing purposes.

Data Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, disclosure, alteration or destruction.

Access to personal data is limited to persons and partners who need the information in order to provide services, manage bookings, process payments, comply with legal obligations or support business operations.

Although we take reasonable measures to protect personal data, no website, online system or communication method can be guaranteed to be completely secure.

Your Rights

Under applicable data protection law, you may have the following rights regarding your personal data:

  • the right to access your personal data;
  • the right to request correction of inaccurate or incomplete data;
  • the right to request deletion of your personal data, where applicable;
  • the right to request restriction of processing;
  • the right to object to certain processing activities;
  • the right to data portability, where applicable;
  • the right to withdraw consent where processing is based on consent;
  • the right to lodge a complaint with the competent data protection authority.

To exercise your rights, please contact us at info@grayline.ro.

We may need to verify your identity before responding to certain requests.

Data Protection Authority

If you believe that your personal data has not been processed in accordance with applicable law, you have the right to contact the Romanian data protection authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Website: www.dataprotection.ro

Links to Other Websites

Our website may contain links to third-party websites, platforms or services.

Gray Line Romania is not responsible for the privacy practices, content or security of third-party websites. We recommend reading the privacy policies of any third-party websites you visit.

Changes to This Policy

Gray Line Romania may update this Privacy and Cookie Policy from time to time.

Any changes will be published on this page. The updated version becomes effective once published on the website.

We recommend reviewing this page periodically to stay informed about how we process personal data and use cookies.