Privacy policy

The data controller is GLOBAL TRAVEL EXPERIENCE PARIS, SAS (Société par actions simplifiée), registered at 66 Avenue des Champs-Élysées, 75008 Paris, France, SIREN 984 192 633.

Privacy contact: privacy@navibus.app.

• Identification data: name, surname, email, phone, language, profile picture.
• Account data: encrypted password, role (traveler, agency, operator, admin), connection logs.
• Company data (Operators / Agencies): company name, address, country, VAT number, KYC documents.
• Request and booking data: origin, destination, dates, passengers, vehicle type, notes, offers, prices, status.
• Payment data: handled by external payment providers; we do not store card numbers.
• Technical data: IP address, browser, device, cookies (see Cookie policy).

• Providing the Platform and managing accounts — performance of the contract (Art. 6(1)(b) GDPR).
• Matching requests and offers, processing bookings — performance of the contract.
• Invoicing, accounting and tax obligations — legal obligation (Art. 6(1)(c)).
• Fraud prevention, security, KYC checks — legitimate interest and legal obligation.
• Customer support and communications related to the service — performance of the contract.
• Commercial communications and newsletters — consent, with opt-out at any time.
• Analytics and improvement of the Platform — legitimate interest, with anonymisation where possible.

Data may be shared with: the counter-party of a booking (Operator ↔ Agency / Traveler) strictly to the extent necessary; our processors (hosting, database, email, payment, analytics); and competent authorities upon legal request.

Some of our processors may be located outside the European Economic Area. In such case, transfers are framed by appropriate safeguards (European Commission adequacy decisions or Standard Contractual Clauses).

• Account data: for the duration of the account and up to 3 years after the last activity.
• Bookings, invoices and accounting documents: 10 years (legal obligation).
• KYC documents: 5 years after the end of the business relationship.
• Connection logs: up to 12 months.
• Marketing data: until withdrawal of consent and at most 3 years after the last contact.

Under the GDPR, you have the right to access, rectify, erase or restrict the processing of your personal data, the right to object, the right to data portability, and the right to define directives on the fate of your data after your death. You may exercise these rights by writing to privacy@navibus.app. You also have the right to lodge a complaint with the French data protection authority (CNIL, www.cnil.fr) or your local supervisory authority.

GLOBAL TRAVEL EXPERIENCE PARIS implements technical and organisational measures to protect personal data against loss, alteration and unauthorised access (encryption in transit, access controls, role-based authorisations, regular backups).