Privacy Policy – TravelLight

1. Data Controller

1.1.

The data controller is:

HONEY COMB AAA SRL
CUI: 52932422
Registered office: Romania, Argeș County, Negrasi Village, Negrasi Commune no. 48
Email: contact@travellight.ro

1.2.

HONEY COMB AAA SRL is the data controller of the personal data collected through the TravelLight web platform.

1.3.

For any request regarding your personal data, you can contact us at: contact@travellight.ro

2. What is TravelLight

2.1.

TravelLight is a web platform through which users can book luggage pick-up, temporary storage, and delivery services by selecting the location and time slots for pick-up and delivery.

3. What data we collect

3.1. Identification data:

  • First and last name
  • Email
  • Phone number

3.2. Service-related data:

  • Luggage pick-up location
  • Pick-up date and time
  • Delivery location
  • Delivery date and time

3.3. User account data:

  • Email
  • Password (stored encrypted)

Creating an account is not mandatory to use the service.

3.4. Financial data:

Payments are processed exclusively through the payment processor Netopia Payments. TravelLight does not store bank card data.

3.5. Other data:

  • Reviews and feedback
  • Technical data collected through analytics services (Google Analytics – if enabled)

We do not collect sensitive data (e.g., personal numeric code, health data, political orientation, etc.).

4. Purposes of processing

4.1.

Your data is processed for the following purposes:

  • Processing and managing bookings
  • Communicating with users regarding the service
  • Issuing invoices and complying with tax obligations
  • Managing user accounts
  • Preventing fraud and ensuring platform security
  • Statistical analysis regarding platform usage (through Google Analytics, if enabled)

5. Legal basis

5.1.

We process your data based on:

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Compliance with legal tax obligations (Art. 6(1)(c) GDPR)
  • Legitimate interest (security, abuse prevention)
  • Consent (for cookies and analytics)

6. Retention period

6.1.

  • Booking-related data is retained for the period necessary to manage the service and afterwards in accordance with the company’s legitimate interest.
  • Tax-related data is retained in accordance with Romanian legislation (minimum 5–10 years, according to accounting obligations).
  • User accounts are retained until deletion is requested or until prolonged inactivity.
  • Data collected through analytics is retained according to the provider’s policy.

7. Storage and data location

7.1.

Data is stored in Google Firebase / Firestore infrastructure, on servers located in the European Union (Belgium).

7.2.

We do not transfer data outside the European Economic Area.

8. Sharing data with third parties

8.1.

We may share data with:

  • Netopia Payments – payment processor
  • Google Firebase / Firestore – cloud infrastructure provider
  • Google Analytics – analytics services (if enabled)

8.2.

These providers act as processors and comply with GDPR requirements.

8.3.

We do not sell your data to third parties.

9. Cookies

9.1.

The website may use cookies for:

  • Proper operation of the platform
  • User authentication
  • Traffic analysis (Google Analytics)

9.2.

Users will be able to accept or refuse cookies through the consent banner.

10. User rights

10.1.

Under GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction
  • Right to data portability
  • Right to object

10.2.

To exercise your rights, you can contact us at: contact@travellight.ro

10.3.

You have the right to lodge a complaint with ANSPDCP (the Romanian National Supervisory Authority for Personal Data Processing).

11. Minors’ data

11.1.

The platform is not intended for minors under 18 years old. We do not knowingly collect minors’ data.

12. Data security

12.1.

We apply appropriate technical and organizational measures to protect data, including:

  • Password encryption
  • Restricted access to databases
  • Secure cloud infrastructure
  • Measures against unauthorized access

13. Policy changes

13.1.

We reserve the right to update this policy. The updated version will be published on the website with the date of the last modification.

Last updated: 01.03.2026