Privacy

The data controller for personal data is the publisher of the Moovalia service (see the Imprint page for contact details). For any question regarding data protection, you can contact us at privacy@moovalia.com.

We collect only the data necessary to run the service, secure the platform and comply with our legal obligations. The main categories are:

• Account data: when you create an account, we store your email address and any profile information you provide (display name, preferences). This data is used to identify you and save your conversations and itineraries.
• Usage data: conversations with the assistant, travel preferences you indicate and generated itineraries are stored so you can access them later (if you have an account) and to improve service quality (aggregated and anonymised analysis).
• Technical data: server logs, device and browser type, IP address (for security and abuse prevention), and usage events (pages viewed, clicks, actions) for audience measurement and product optimisation. This data may be held in GDPR-compliant analytics tools.
• Partner-related data: when you click a link to a provider (flight, hotel, activity), information may be passed to the partner as part of our affiliate programme (e.g. session or campaign ID) for booking attribution. We do not pass your identifying personal data to these partners for marketing purposes without your explicit consent.

Your data is used for the following purposes, under our legitimate interests, contract performance or legal obligations:

• Service delivery: travel planning, itinerary generation, saving conversations and PDF export, personalising recommendations.
• Security and abuse prevention: detecting fraudulent use, limiting abuse (spam, overload), protecting systems and users.
• Service improvement: aggregated and anonymised usage analysis to improve models, interface and performance; no individual profiling for marketing without consent.
• Measurement and attribution: usage statistics, attribution of bookings to affiliate partners for commission calculation, in line with our contracts with those partners.
• Legal obligations: retaining evidence in case of dispute, responding to requests from competent authorities within the legal framework.

Processing is based on: (1) contract performance when you use the service and we need to store your data to give you access to your itineraries; (2) our legitimate interest in security, service improvement and performance measurement; (3) compliance with legal obligations (retention, responding to authorities). Consent is obtained where required by law (non-essential cookies, marketing communications, etc.).

We do not sell your personal data. Sharing is limited to the following:

• Technical providers: hosting (servers), email delivery, databases, analytics tools. These providers are bound by contractual obligations (GDPR processors) and use data only for the services they provide to us.
• Affiliate partners: when you click a booking link, you are redirected to the partner's site. The partner may receive technical information (referrer, campaign ID) for attribution; we do not pass your email or conversation data without an appropriate legal basis.
• Authorities: where required by law or a valid judicial or administrative request, we may have to disclose data strictly within the law.

• Account and usage data: kept while your account is active. On account deletion, you can request erasure; we proceed to deletion within technical and legal timeframes (backups, retention obligations).
• Technical data and logs: kept for a limited period (e.g. 12 to 24 months depending on category) for security and debugging, then anonymised or deleted.
• Legal obligations: some data may be kept longer where required by law (accounting, evidence in case of dispute).

Under the GDPR, you have the following rights. To exercise them, contact us at privacy@moovalia.com. We will respond within the legal timeframe (generally one month).

• Right of access: obtain a copy of the personal data we hold about you.
• Right to rectification: have inaccurate or incomplete data corrected.
• Right to erasure: request deletion of your data in the cases provided by law (e.g. withdrawal of consent, data no longer necessary).
• Right to restriction of processing: request that processing be limited to certain purposes in the situations provided by the GDPR.
• Right to data portability: receive your data in a structured, commonly used format where processing is based on consent or contract.
• Right to object: object to processing based on legitimate interest (e.g. direct marketing).
• Complaint: you may lodge a complaint with the supervisory authority in your country (in France: CNIL, www.cnil.fr).

We use cookies and trackers necessary for the operation of the site (session, preferences, security). Analytics or audience measurement cookies may be used in compliance with the GDPR and CNIL guidelines; you can object or manage your preferences via your browser settings or our cookie management tool if we provide one. Partner cookies (affiliate, advertising) are subject to their own policies; we inform you of their presence when you click a partner link.

We implement appropriate technical and organisational measures (restricted access, encryption of sensitive data in transit and at rest where relevant, backups, monitoring) to protect your data against unauthorised access, loss or alteration. In the event of an incident likely to affect your data, we will inform you and notify the supervisory authority when required by law.

Your data is mainly processed within the European Economic Area (EEA). If providers are located outside the EEA, we ensure that appropriate safeguards are in place (European Commission adequacy decision, standard contractual clauses, or other mechanisms recognised under the GDPR).

We may update this policy to reflect changes in practice or regulation. Material changes will be brought to your attention (e.g. by a notice on the site or an email). The last update date may be shown at the top of the document. We encourage you to check this page regularly.

For any question regarding the protection of your personal data or to exercise your rights: privacy@moovalia.com. For more general legal questions: legal@moovalia.com.