Booking by Alla Media – Online Booking Platform
Effective Date: June 2025
This Privacy Policy outlines in detail how Booking by Alla Media (“we”, “our”, or “the platform”) collects, processes, uses, stores, protects, and shares your personal data. We are committed to complying with the General Data Protection Regulation (GDPR), applicable Albanian data protection laws, and international privacy standards. This policy applies to all individuals who access or use our services, including accommodation partners and end users who make bookings.
We collect different categories of data depending on the nature of your interaction with our platform:
A. Personal Identification Data:
Full name and surname
Gender
Nationality
Date of birth
Identification number or passport (only when legally required)
B. Contact Information:
Email address
Phone number (mobile and/or landline)
Physical address (optional, if needed for invoicing)
C. Booking and Stay Information:
Check-in and check-out dates
Number of guests
Room or accommodation type
Special requests or preferences
Payment status and booking references
D. Technical and Usage Data:
IP address
Device ID and model
Operating system and browser type
Log data and access time
Website navigation behavior (pages visited, actions performed)
E. Partner Business Information:
Name of hotel/business entity
NUIS (business registration number)
Legal representative details
Bank account information for billing and payment purposes
Property availability and pricing
F. Cookies and Tracking Data:
Session cookies for login and account security
Analytics cookies (Google Analytics or similar tools)
Preference cookies (to remember language and currency)
We process your data based on one or more of the following legal grounds:
Your explicit consent (e.g., when you subscribe to emails or agree to cookies)
The necessity to perform a contract (e.g., to process and confirm a booking)
Our legal obligations (e.g., tax laws, AML compliance, invoicing)
Our legitimate interests (e.g., fraud prevention, service improvement, system maintenance)
Your data is used strictly for the following purposes:
Booking Fulfillment: To process and confirm accommodation bookings.
User Account Management: To enable registration, login, and profile updates.
Communication: To send confirmations, reminders, support messages, and relevant updates.
Partner Relations: To manage our business relationship with accommodation providers, including billing, compliance, and technical support.
Security Monitoring: To detect unauthorized access or fraudulent activity.
Legal Compliance: To comply with fiscal reporting, anti-money laundering obligations, and requests from regulatory authorities.
Platform Improvement: To analyze trends and feedback in order to optimize functionality and user experience.
We do not sell or rent your personal data under any circumstances. We may share data with the following parties:
A. Accommodation Partners:
Information about the guest (name, number of guests, preferences) is shared solely to complete the booking.
B. Service Providers and Processors:
Hosting services (cloud infrastructure)
Payment processors (e.g., Stripe, PayPal, bank APIs)
Email and SMS communication tools (e.g., SendGrid, Twilio)
Analytics and data performance tools (Google Analytics, Hotjar)
C. Regulatory and Legal Authorities:
When required by law, a court order, or other legal processes
To defend our legal rights or investigate security threats
All third parties we work with are bound by strict data processing agreements (DPAs) to ensure your data is treated securely and confidentially.
We retain personal data according to the following criteria:
Customer Booking Records: Stored for a minimum of 5 years in accordance with accounting and tax regulations.
Communication Logs: Stored for 12 months unless a legal dispute arises.
Inactive Accounts: Deleted after 3 years of inactivity, with prior notification.
Cookies and tracking data: Retained between 1 day and 26 months depending on purpose.
When data is no longer required, we ensure its secure deletion or anonymization.
You have the right to:
Access your personal data and receive a copy.
Rectify inaccurate or outdated information.
Erase your data (right to be forgotten), except where required by law.
Restrict or object to certain processing.
Withdraw consent at any time, if processing is based on consent.
Portability – request your data in machine-readable format.
File a complaint with the Albanian Data Protection Authority or another supervisory authority.
To exercise your rights, email us at: office@alla-media.com with subject line “Data Privacy Request”.
To protect your data, we implement:
SSL encryption on all pages
Role-based access controls for staff
Firewalls and DDoS protection
Regular data backups with redundancy
Continuous monitoring and alert systems
Employee training on data handling and confidentiality
We conduct periodic audits and engage third-party security reviews to evaluate compliance.
Cookies are used to:
Keep users logged into their accounts
Measure site performance and troubleshoot errors
Tailor content and remember user preferences
You can manage or block cookies through your browser settings. However, disabling cookies may affect platform functionality.
Our platform may include links to third-party websites (e.g., social networks, payment providers). We are not responsible for the privacy practices or policies of those sites. We recommend reviewing their privacy policies before submitting any data.
Alla Media reserves the right to update this privacy policy at any time. All updates will be posted on this page with a revised “Effective Date.” In the case of material changes, we will notify registered users by email. Continued use of the platform constitutes acceptance of the latest version.
If you have questions, requests, or complaints about this policy, please reach out:
Email: office@alla-media.com
Phone: +355 67 20 28 692
Postal Address: Edit Durham, Durrës, Albania
Support Hours: Monday–Friday, 09:00–17:00 (CET)
