Privacy Policy

Last updated: 14 April 2026

At Chisinau Tours (“we”, “us”, “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect through chisinautours.md, how we use it, how we store it, and what rights you may have in relation to your personal data.

By using our website or contacting us to book a tour, you agree that your personal data may be processed as described in this Privacy Policy.

1. Who we are

Data Controller: Grilin Travel S.R.L.
Website: chisinautours.md
Registered address: Moldova, Chișinău, Str. Romana 4/1
Physical address: Moldova, Chișinău, Str. Studenților 9/11
Email: support@chisinautours.md

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us using the details above.

2. What personal data we may collect

We may collect the following categories of personal data:

  • your name
  • email address
  • phone number
  • country of residence
  • booking details
  • travel dates and tour preferences
  • billing details
  • messages or enquiries you send to us
  • technical data such as IP address, browser type, device information, and website usage data
  • cookie and analytics data, where applicable

If you provide special requests as part of a booking, please only share information that is necessary for us to assist you.

3. How we collect your data

We may collect your personal data when:

  • you fill in a contact form
  • you make a booking request
  • you subscribe to updates or marketing communications
  • you contact us by email, phone, WhatsApp, or other channels
  • you browse our website
  • you accept cookies or analytics tools on the website

4. How we use your data

We use your personal data to:

  • respond to your enquiries
  • process and manage tour bookings
  • contact you about your booking or requested service
  • provide customer support
  • send important service-related updates
  • improve our website, services, and customer experience
  • keep records for accounting, legal, and administrative purposes
  • send marketing messages, where you have asked for them or where permitted by applicable law

5. Why we process your data

Depending on the situation, we process your personal data because:

  • it is necessary to respond to your request or manage your booking
  • it is necessary for our legitimate business interests, such as improving our services and protecting our website
  • it is necessary to comply with legal or tax obligations
  • you have given consent, for example for optional cookies or marketing communications

Where we rely on your consent, you may withdraw it at any time.

6. Sharing your data

We do not sell your personal data.

We may share your personal data only where necessary, including with:

  • payment service providers
  • website hosting or technical service providers
  • analytics or cookie providers
  • email or communication platforms
  • tour partners, guides, drivers, or service providers involved in delivering your booking
  • accountants, legal advisers, or public authorities where required by law

We only share the data that is reasonably necessary for the relevant purpose.

7. International transfers

In some cases, your data may be processed or stored outside Moldova, for example if we use international software providers for hosting, email, payments, bookings, or analytics. Where required, we will take reasonable steps to ensure that appropriate safeguards are in place and that your personal data is protected. Moldovan law contains rules for cross-border transfers, and the supervisory authority also recognises data-transfer protections in this area.

8. How long we keep your data

We keep personal data only for as long as it is reasonably necessary for the purposes set out in this Privacy Policy, including bookings, customer support, record keeping, legal compliance, and dispute resolution. When the data is no longer needed, we delete it, anonymise it, or securely store it only where the law requires retention. Moldovan data-protection law requires storage periods to be set by law and provides that, after the retention period ends, personal data should be destroyed in the manner required by law.

9. Cookies and similar technologies

Our website may use cookies and similar technologies to ensure proper website functionality, remember user preferences, analyse traffic, and improve performance.

Some cookies are strictly necessary for the website to function and may be used without additional consent. Other cookies, especially analytics, preference, or marketing cookies, should only be set where required after the user has given consent. Official EU guidance states that some cookies require consent and cannot be set on first page load before consent is obtained, while certain technical or operational cookies may be exempt where they are necessary for the site to function.

You can control cookies through your browser settings and, where available, through our cookie banner or cookie settings tool.

10. Your rights

Depending on the applicable law, you may have the right to:

  • be informed about how your data is used
  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request deletion of your personal data in certain situations
  • request restriction of processing
  • object to certain types of processing
  • request data portability where applicable
  • withdraw consent at any time where processing is based on consent
  • lodge a complaint with the competent data protection authority

The European Data Protection Board summarises these GDPR-style rights as including the right to be informed, access, rectification, erasure, restriction, portability, objection, and protection from solely automated decision-making in certain cases. Official EU guidance also states that consent must be withdrawable, and that withdrawing consent does not make earlier lawful processing unlawful. Moldovan law also provides a complaint route to the National Centre for Personal Data Protection. 

To exercise any of your rights, please contact us at: Support@chisinautours.md

11. Data security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no website or online system can guarantee absolute security.

12. Third-party links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We recommend reviewing their privacy policies separately.

13. Children’s privacy

Our services are not intentionally directed at children without the involvement of a parent, guardian, school, or authorised adult organiser. If you believe that personal data has been submitted to us inappropriately, please contact us so that we can review and, if necessary, delete it.

14. Complaints

If you believe that your personal data has been handled unlawfully, you may contact us first so that we can try to resolve the issue. You may also lodge a complaint with the National Centre for Personal Data Protection of the Republic of Moldova (NCPDP), which is the independent public authority responsible for supervising personal-data protection in Moldova. 

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our website, services, or legal obligations. The updated version will be published on this page with a new “Last updated” date.