Website: bookbrancastle.ro Last updated: March 27, 2026
Introduction
Welcome to bookbrancastle.ro. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights regarding that information.
By using bookbrancastle.ro and making a booking through our website, you agree to the collection and use of your information as described in this policy.
1. Who We Are
bookbrancastle.ro is an online booking platform for visits to Bran Castle, Transylvania, Romania.
If you have any questions about how we handle your personal data, please contact us.
2. What Personal Data We Collect
When you use bookbrancastle.ro, we may collect the following personal information:
Booking Information
- Full name
- Email address
- Phone number
- Visit date and time preferences
- Number of visitors
- Any special requests or notes submitted during booking
Payment Information
- Payment card details (processed securely by Stripe — we do not store your full card number)
- Billing name and address
Technical Information
- IP address
- Browser type and version
- Device type
- Pages visited and time spent on site
- Referring website or source
- Cookie identifiers (see our Cookie Policy)
3. Why We Collect Your Data
We collect and use your personal data for the following purposes:
To Process Your Booking We use your name, email, phone number, and visit details to confirm your reservation, issue your tickets, and manage your appointment through our booking system (LatePoint).
To Send Your Receipt and Tickets After completing your purchase, we send you a booking confirmation email containing your receipt and entry tickets. This is a transactional email and is essential to your booking — it is not marketing.
To Process Your Payment Your payment is processed securely through Stripe. We use your billing information solely to complete your transaction. We do not store your full card details on our servers.
To Improve Our Website We use Google Analytics to understand how visitors use our website, which pages are most popular, and where visitors come from. This helps us improve the booking experience.
To Measure Our Advertising We use Google Ads and Meta Pixel (Facebook/Instagram) to track the performance of our advertising campaigns and understand which ads lead to bookings. This helps us invest our marketing budget effectively.
To Comply With Legal Obligations We may retain certain booking and transaction records to comply with applicable tax, accounting, and legal requirements.
4. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing your booking | Contract — necessary to fulfill your booking |
| Sending receipt and tickets | Contract — necessary to fulfill your booking |
| Payment processing | Contract — necessary to complete your transaction |
| Website analytics (Google Analytics) | Consent — obtained via our cookie banner |
| Advertising measurement (Google Ads, Meta Pixel) | Consent — obtained via our cookie banner |
| Record keeping and legal compliance | Legal obligation |
5. Third-Party Services We Use
We share your data with the following trusted third-party services where necessary to operate our website and process your booking:
Stripe We use Stripe to process payments securely. When you make a booking, your payment details are transmitted directly to Stripe and processed on their secure servers. Stripe is PCI-DSS compliant. Stripe Privacy Policy
LatePoint We use LatePoint as our booking and appointment management system. Your booking details are stored and managed through LatePoint. LatePoint Privacy Policy
Google Analytics We use Google Analytics to collect anonymised data about how visitors use our website. This data is processed by Google LLC. Google Privacy Policy
Google Ads We use Google Ads to run and measure our advertising campaigns. Google may use data from your visit to our site to show you relevant ads on other platforms. Google Privacy Policy
Meta Pixel (Facebook/Instagram) We use Meta Pixel to measure the performance of our Facebook and Instagram advertising campaigns. Meta may use data from your visit to personalise ads shown to you on their platforms. Meta Privacy Policy
We do not sell your personal data to any third parties.
6. Email Communications
We will send you emails in the following circumstances:
- Booking confirmation — sent immediately after you complete your booking, containing your receipt and entry tickets
- Booking reminders — sent before your visit date to remind you of your reservation details
We do not send unsolicited marketing emails. If we introduce a newsletter or promotional email service in the future, we will ask for your explicit consent separately before sending any such communications.
7. How Long We Keep Your Data
We retain your personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Booking and contact details | 3 years from your visit date |
| Payment transaction records | 7 years (required for tax/accounting compliance) |
| Analytics data | 26 months (Google Analytics default) |
| Cookie consent records | 1 year |
After these periods, your data is securely deleted or anonymised.
8. Your Rights Under GDPR
If you are located in the EU, UK, or another region with applicable privacy laws, you have the following rights regarding your personal data:
- Right to access — You can request a copy of the personal data we hold about you
- Right to rectification — You can ask us to correct any inaccurate or incomplete data
- Right to erasure — You can request that we delete your personal data, subject to legal retention requirements
- Right to restrict processing — You can ask us to limit how we use your data in certain circumstances
- Right to data portability — You can request your data in a structured, machine-readable format
- Right to object — You can object to our processing of your data where we rely on legitimate interests
- Right to withdraw consent — Where we process your data based on consent (e.g. analytics cookies), you can withdraw that consent at any time via our Cookie Settings
9. Data Security
We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your information against unauthorised access, loss, or misuse. These include:
- Secure HTTPS encryption on all pages of bookbrancastle.ro
- Payment processing exclusively through Stripe’s PCI-DSS certified infrastructure
- Access controls limiting who can view booking and customer data
While we take every precaution, no data transmission over the internet can be guaranteed as 100% secure. If you have concerns about a specific interaction, please contact us.
10. Cookies
We use cookies on bookbrancastle.ro to enable booking functionality, analyse website traffic, and measure the performance of our advertising. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.
11. Children’s Privacy
bookbrancastle.ro is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data through our website, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The “Last updated” date at the top of this page will always show the most recent version. We encourage you to review this policy periodically.
For significant changes, we will make reasonable efforts to notify you — for example, by displaying a notice on our website.
13. Contact & Complaints
If you have any questions, concerns, or complaints about how we handle your personal data, please contact us.
This Privacy Policy applies solely to bookbrancastle.ro and does not cover any third-party websites or services linked from our pages.