This page describes, in broad terms, what kinds of processing may occur when you use Invizita and for what purposes, in line with Regulation (EU) 2016/679 (āGDPRā) and applicable law. Invizita showcases stays and editorial content; you will often reach hosts via the channels shown in listings, and sometimes optional on-site flows may be available (forms or steps clearly presented as such) where enabled-they do not necessarily replace all direct contact with the host.
Who we are (controller)
The entity operating Invizita is the controller for processing related to this site (āweā). For data-protection requests (including exercising your rights), use the contact details published on the site.
What data we may process
Depending on how you use the site, broad categories may include: technical and operational data (to run the site, protect it, and improve it in aggregated or functional ways); account-related data if you sign in; information about how you browse content; messages you send us; language and display preferences; and data needed for options you explicitly choose in the interface (such as notifications or clearly labelled flows). Some preferences and saved lists may stay only in your browser (local storage) and are not automatically linked to a server account.
Why we process data (purposes and legal bases)
We process data to: 1) Provide the site: content, language, favorites, account access (where applicable), and-where clearly offered in the interface-optional features related to stays or information you enter in those flows. 2) Security and abuse prevention: protect against unauthorized access, fraud and attacks. 3) Analytics and improvement: understand usage and improve the product (for example via web analytics tools when enabled with your consent), typically in aggregated form. 4) Communications: respond to questions, requests or complaints. 5) Send notifications you explicitly opted into. 6) Comply with legal obligations where applicable. Legal bases may include: performance of a contract or pre-contract steps, legitimate interests (e.g. security and improvements), legal obligation, or your consent (e.g. for certain cookies/measurement) as applicable.
Retention
We keep data only as long as needed for the purposes above or as required by law. Actual retention varies by type of processing (technical logs, account data, messages, analytics, etc.); we generally use limited periods or aggregation where possible, and align account-related data with operational needs and legal requirements.
Recipients and where processing happens
We may use service providers (processors) for hosting, infrastructure, analytics, transactional email and embedded page features (such as maps or content delivery through third parties). They process data only on our instructions and only as needed. If a provider is located outside the EEA, we use appropriate safeguards (for example Standard Contractual Clauses) under GDPR.
Your rights
You have rights of access, rectification, erasure, restriction, objection and portability, subject to applicable law. You can also withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal. You may lodge a complaint with your local supervisory authority or with the Romanian DPA (ANSPDCP). You can contact us about personal data using the contact details shown on the site.
Updates
We may update this policy when the site or legal requirements change. Last updated: 2 May 2026.