PRIVACY POLICY
Last updated: June 2026
Villa Amala ('we', 'us', or 'our') is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, communicate with us, or stay at our property, in accordance with the General Data Protection Regulation (GDPR) and applicable local laws.
1. Data Controller
The data controller responsible for your personal data is Villa Amala, located at Rruga Brindisi, 2001 Durrës, Albania. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at info@villaamalalb.com.
2. The Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, including: • Identity Data: First name, last name, username, marital status, title, date of birth, and gender, as well as passport or ID card details required for legal hotel registration. • Contact Data: Billing address, email address, and telephone numbers. • Financial Data: Bank account and payment card details (managed securely through our payment processors or platforms like Airbnb). • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
3. How We Use Your Personal Data (Legal Basis)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., managing your reservation and stay). • Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., registering guests with the Albanian police/authorities as required by hospitality laws). • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests.
4. Disclosures of Your Personal Data
We may share your personal data with external third parties for the purposes set out above. These include: • Service providers acting as processors who provide IT, software, and system administration services. • Professional advisers including lawyers, bankers, auditors, and insurers. • Government bodies, regulators, and law enforcement agencies in Albania, as required by law for guest registration and taxation. • Booking platforms (such as Airbnb) through which you may have made your reservation.
5. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, and contractors who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
6. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. By law, we are required to keep basic information about our guests (including Contact, Identity, Financial, and Transaction Data) for a specific period after they cease being customers for tax and legal purposes.
7. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to: • Request access to your personal data. • Request correction of your personal data. • Request erasure of your personal data. • Object to processing of your personal data. • Request restriction of processing your personal data. • Request transfer of your personal data. • Right to withdraw consent. To exercise any of these rights, please contact us via email.