Privacy and Cookies Policy

Last updated: [05 02 2026]

This Privacy & Cookies Policy explains how Eberths.com (“Eberths.com”, “we”, “us”, “our”) collects and processes personal data when you use our website, applications, and related services (the “Platform”), including when you submit a Booking Request, communicate with us, or complete payments through our authorized payment service provider(s).

1. Controller and Contact Details

Data controller: Eberths.com LTD

Berceni 077020, Romania

Company registration number: 53854691

VAT number: RO 53854691

Trade Register Number: J2026008557009

Email: albert@eberths.com

If you have questions about privacy or want to exercise your rights, contact us at albert@eberths.com.

After assessment of its processing activities, Eberths.com has determined that it is not legally required to appoint a Data Protection Officer under Article 37 GDPR. If this assessment changes, updated contact details will be published in this Policy.

2. What Data We Collect

2.1 Data you provide directly

• Account and contact data: name, email, phone number, address (if provided), language preference.
• Marina Operator information: location, address, marina’s map, available services, images, berths, prices, amenities, website URL and other relevant information. This may include business contact details and, where applicable, personal contact details of marina representatives. This information is provided by Marina Operators, collected from public sources (such as but not limited to marina websites, registries, directories) or created by Eberths.com based on information made publicly available.

• Vessel and booking data: vessel name (if provided), length/beam/draught, arrival/departure dates, marina preferences, optional extras requests, notes or special requests. Some Marina Operators may require though Eberths.com additional data related to your boat such as: boat registration papers, boat insurance etc.
• Communications: emails/messages/calls (including via WhatsApp, Viber, Telegram) related to your Booking Request or support.
• Identity/verification data (if needed): limited data to prevent fraud or resolve disputes (only when necessary). Where required for legal compliance, fraud prevention, or contractual necessity some Marina Operators may require though Eberths.com additional data from you such as a proof / a photo of your ID card, passport, your sailing license or other authentication information.

Where identity documents, licenses, insurance papers, or similar verification materials are processed, such data is subject to enhanced technical and organizational security measures, including restricted access, encryption where appropriate, and limited retention. Access is granted only to authorized personnel on a need-to-know basis.

• For payments and refunds

Some information may be required by our payment processor to comply with the law and anti-money laundering regulations in force. Without it, you will not be able to make your payment and, consequently, to book your berth in a Marina. This information may include, without limitation, payment card details, digital wallet credentials (such as Google Pay), and billing address information. If you act on behalf of a legal person you may be required to provide additional information such as but not limited to: the name of the legal entity, its address, VAT No, The Registration Number of The Chamber of Commerce or at the other Authorised Institution, the Bank details.
On the occasion of every refund, Eberths.com will require you as individual to provide via secure channels your name, your IBAN account, Your address, Your Bank address in order to be able to perform the refund. If you act as a representative for a legal entity, you might be required to provide us the following information via secure channels to enable us to complete the refund: Company Name, VAT registration number, The Company Number Registered at The Chamber of Commerce or at the other Authorized Institution, your company address, your name and contacts as a representative.

Secure channels may include encrypted email, secure upload links, or other protected communication methods made available by Eberths.com

2.2 Data we collect automatically

• Technical and usage data: IP address, device identifiers, browser type, pages visited, timestamps, referrer URL, approximate location (city/region), cookie IDs.
• Log and security data: sign-in attempts, access logs, anti-fraud signals.

2.3 Payment-related data

Payments on the Platform are processed through Shopify Payments. Shopify Payments processes payment card details, authentication data, and transaction information in accordance with its own privacy and security standards. Eberths.com does not store full payment card numbers and does not have direct access to sensitive payment credentials.

We typically receive payment status (paid, failed, or refunded), transaction identifiers, and limited billing information necessary for accounting and reconciliation purposes.

3. How We Use Personal Data

We process personal data for the following purposes:

1. To provide the Platform services
   o Create/manage your Account (if applicable)
   o Process and transmit Booking Requests to Marina Operators
   o Send Booking Confirmations and booking communications
   o Provide customer support
2. To operate payments and refunds
   o Facilitate charges, deposits/Guarantees (if applicable), refunds, and invoicing
   o Prevent payment fraud and resolve payment disputes
3. To improve and secure the Platform
   o Monitor performance, troubleshoot issues, maintain security
   o Prevent misuse (e.g., scraping, fraud, account takeover)
4. To comply with legal obligations
   o Accounting/tax, consumer protection, record-keeping
   o Respond to lawful requests by authorities
5. Marketing (only where permitted)
   o Send service updates or promotional messages where you have consented or where permitted by law (you can opt out any time).

Service and transactional communications are not marketing and may be sent as necessary to perform the contract.

4. Legal Bases for Processing (GDPR)

We rely on one or more of the following legal bases:
• Contract / steps prior to contract (Art. 6(1)(b)): to process Booking Requests, send confirmations, provide support.
• Legitimate interests (Art. 6(1)(f)): platform security, fraud prevention, service improvement, limited analytics.
• Legal obligation (Art. 6(1)(c)): tax/accounting obligations, dispute handling, compliance.
• Consent (Art. 6(1)(a)): non-essential cookies, certain marketing communications, and any optional processing that requires consent.

Where we rely on legitimate interests, we have assessed the impact on your rights and you may request further information by contacting us
You may withdraw consent at any time (without affecting processing carried out before withdrawal).

We process your personal data for the purposes set out below, based on the corresponding legal grounds under Article 6 of the GDPR:

Purpose of Processing	Legal Basis
Processing booking requests, managing reservations, and providing platform services	Performance of a contract (Article 6(1)(b))
Processing payments, refunds, and invoicing	Performance of a contract (Article 6(1)(b)) and Legal obligation (Article 6(1)(c))
Preventing fraud, ensuring platform security, and improving services	Legitimate interests (Article 6(1)(f))
Operating analytics and performance monitoring tools	Consent (Article 6(1)(a))
Sending marketing communications (where applicable)	Consent (Article 6(1)(a))
Complying with accounting, tax, and regulatory requirements	Legal obligation (Article 6(1)(c))
Handling customer support and service communications	Performance of a contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f))

 

Eberths.com does not use automated decision-making, including profiling, that produces legal or similarly significant effects within the meaning of Article 22 GDPR. If this changes, users will be informed.

Processing of identity, verification, and compliance documents is based on legal obligation, necessity for the performance of a contract, or our legitimate interests in fraud prevention and security, as applicable.

5. Sharing and Disclosure of Data

We share personal data only as necessary:

5.1 Marina Operators / Service Providers

To handle your Booking Request and Reservation, we share relevant details with the selected Marina Operator (e.g., contact data, vessel details, dates, special requests). The Marina Operator may act as an independent controller for on-site services and their own legal obligations.

5.2 Payment Service Providers

We share necessary data with our PSP to process payments, authorizations/holds, refunds, and chargebacks.

5.3 Technical service providers (processors)

We may use providers for hosting, email delivery, customer support tools, analytics, security monitoring, and communications. They process data on our instructions under data processing agreements.

5.4 Legal and compliance

We may disclose data if required by law or to establish, exercise, or defend legal claims.
We do not sell your personal data.

6. Use of Technical and Third-Party Service Providers

To operate, secure, and improve the Platform, Eberths.com uses selected third-party service providers acting as data processors under written data processing agreements.
These providers process personal data only on our documented instructions and in accordance with applicable data protection laws.

a) Hosting and Infrastructure Providers
We use professional hosting and cloud infrastructure providers to store Platform data, operate databases, deliver content, and ensure system availability and security.
These providers may process technical data such as IP addresses, access logs, and system identifiers solely for hosting, maintenance, backup, and security purposes.

b) Analytics and Performance Tools
We use analytics services to understand how Users interact with the Platform, including page views, navigation paths, device types, and approximate locations.
Analytics data helps us:
• improve usability and performance,
• detect technical problems,
• optimize booking workflows.
Where required by law, analytics cookies are activated only after your consent.

c) Customer Relationship Management (CRM) Systems
We use CRM systems to manage communications, support requests, booking-related interactions, and business relationships.
CRM systems may contain:
• contact details,
• booking references,
• communication history,
• support tickets.
This data is used exclusively for customer service, operational management, and contractual purposes.

d) Email and Communication Services
We use third-party email and messaging service providers to send:
• Booking Confirmations,
• payment instructions,
• support replies,
• service notifications,
• legally required communications.
These providers process email addresses, message content, and delivery metadata solely for communication purposes.

e) Payment Service Providers (PSP)
All payments on the Platform are processed by authorized third-party payment service providers.
Payment providers process:
• payment card data,
• authentication credentials,
• transaction identifiers,
• fraud-prevention signals.
Eberths.com does not store full payment card numbers and does not have direct access to sensitive payment credentials.

f) Cookie Management and Consent Platforms
We use a cookie consent management platform to record, store, and manage user consent preferences.
This system enables you to:
• accept or reject non-essential cookies,
• modify preferences at any time,
• withdraw consent.
Consent records may be stored to demonstrate legal compliance

g) Data Processing Agreements

All service providers acting as processors are engaged under written Data Processing Agreements in accordance with Article 28 GDPR, ensuring confidentiality, security, and compliance with applicable data protection laws. Where permitted, processors may engage subprocessors only with appropriate contractual safeguards, prior authorization where required, and equivalent data protection obligations.

7. International Transfers

If we or our service providers process data outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:
• adequacy decisions, or
• Standard Contractual Clauses (SCCs), and supplementary measures where required.
You may request information about applicable safeguards by contacting us.

In addition to adequacy decisions and Standard Contractual Clauses, Eberths.com applies supplementary safeguards, including encryption, access restrictions, data minimization, and Transfer Impact Assessments, to ensure an adequate level of protection for transferred personal data.

8. Data Retention

We keep personal data only as long as necessary:
• Account data: while your Account is active; then limited retention for compliance and dispute handling.
• Booking and payment records: We retain booking and payment records for the period required by Romanian accounting and tax laws (typically up to 10 years).
• Support communications: retained as needed to resolve issues and maintain quality.
• Analytics/cookie identifiers: retained per cookie durations (see Cookies section).
We may retain data longer where required to comply with law or defend legal claims.

Eberths.com maintains an internal data retention schedule and periodically reviews stored data to ensure compliance with the principles of storage limitation and data minimization.

9. Your Rights (GDPR)

Subject to conditions and exceptions under GDPR, you may have the right to:
• Access your personal data
• Rectify inaccurate data
• Erase data (“right to be forgotten”)
• Restrict processing
• Object to processing based on legitimate interests
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a supervisory authority (in Romania: ANSPDCP, or your local EU authority)

To exercise your rights, please contact us at albert@eberths.com. We may need to verify your identity before responding. We will respond to all valid requests without undue delay and, in any event, within one month of receipt, in accordance with Article 12(3) of the GDPR. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests, in accordance with applicable law. We will inform you of any such extension.

You have the right to object at any time to processing for direct marketing purposes, including profiling related to such marketing.

10. Security Measures

We use appropriate technical and organizational measures to protect data, such as access controls, encryption where appropriate, and security monitoring. However, no system can be guaranteed 100% secure.

11. Data Breach Notification Clause

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, Eberths.com will notify the competent supervisory authority and affected Users in accordance with applicable legal requirements.

Where required by law, Eberths.com will notify the competent supervisory authority within 72 hours of becoming aware of a personal data breach, in accordance with Article 33 GDPR, unless the breach is unlikely to result in a risk.

12. Children

The Platform is not intended for minors. Users under 18 may use the Platform only with verified parent or guardian consent (as described in the Terms). We do not knowingly collect personal data from children without appropriate authorization.

13. Third-Party Services and Links

The Platform may link to third-party websites or integrate third-party tools (payment providers, maps, weather, communications). These third parties have their own privacy policies; we do not control how they process your data once you leave our Platform or use their services.

14. Updates to This Policy

We may update this Privacy & Cookies Policy from time to time. The “Last updated” date will change, and material changes may be communicated via the Platform or email where appropriate.

COOKIES POLICY

15. Cookies and Similar Technologies

Types of Cookies Used
In accordance with the GDPR and Directive 2002/58/EC (ePrivacy Directive), we use the following categories of cookies and similar technologies on the Platform:

15.1. Strictly Necessary Cookies

These cookies are essential for core functionality, including:
• account login and session management,
• security and fraud prevention,
• payment processing support,
• load balancing and system stability,
• cookie consent storage.
These cookies cannot be disabled via the cookie banner.

15.2. Analytics and Performance Cookies

These cookies collect aggregated and statistical information about Platform usage, such as:
• number of visitors,
• pages viewed,
• navigation paths,
• error reports,
• device and browser types.
They help us improve Platform functionality and user experience.
Activated only with your consent, where required.

15.3. Preference and Functionality Cookies

These cookies remember your choices, such as:
• language selection,
• region,
• interface settings,
• previously entered preferences.
They improve convenience and personalization.
Activated only with your consent, where required.

15.4. Marketing and Communication Cookies (if applicable)

Where used, these cookies help:
• measure the effectiveness of campaigns,
• prevent repeated display of the same advertisements,
• tailor communications.
We do not use marketing cookies without your consent.

16. Cookie Consent Management

When you first access the Platform, you are presented with a cookie banner allowing you to:
• accept all cookies,
• reject non-essential cookies,
• customize cookie categories.
You may change your preferences at any time via the “Cookie Settings” link available on the Platform.
You may also manage cookies through your browser settings. Disabling necessary cookies may limit Platform functionality.

Records of user consent and preference changes are maintained securely and retained only as long as legally necessary for compliance and audit purposes.

17. Cookies and Tracking Technologies

Eberths.com uses cookies and similar technologies to ensure the proper functioning of our website, improve user experience, analyze performance, and support marketing activities, where permitted by law.

Cookies and Similar Technologies
Cookies are small text files stored on your device by your web browser. They help us recognize your browser, remember your preferences, and make our Services more user-friendly.

We use the following types of technologies:
• Essential cookies – Required for website operation, security, and account functionality
• Preference cookies – Remember your settings and choices
• Analytics cookies – Help us understand how users interact with our platform
• Marketing cookies – Support personalized advertising and campaign measurement

In the EU, UK, Israel, and Canada, non-essential cookies are used only with your consent. In the USA, you may opt out of certain tracking and targeted advertising as required by law. You may withdraw your consent at any time through our cookie settings.

If you disable cookies in your browser, some features of Eberths.com may not function properly.

We may also use web beacons, pixels, server logs, SDKs, and mobile identifiers to collect usage and technical information. In many cases, this data is aggregated, or pseudonymized. In some cases, it may be linked to your account where necessary to provide our Services.

Our partners and service providers may also place cookies or similar technologies in accordance with applicable law.

18. Website Analytics, User Interaction Monitoring, and Marketing Technologies

18.1 Use of Google Analytics

Eberths.com uses Google Analytics, a measurement and reporting service operated by Google LLC in the United States, to assess website traffic, usage patterns, and technical performance, where such use is permitted by law and subject to user consent when required.

To limit unnecessary identification, we apply technical safeguards such as IP address masking and similar measures before information is transferred to Google’s infrastructure. Data collected through this service may be processed on servers located in various jurisdictions, including the United States.

Users who prefer not to participate in Google Analytics data collection may install Google’s official opt-out extension, available at:
http://tools.google.com/dlpage/gaoptout

Further details regarding Google’s data processing practices are available in its publicly available privacy documentation.

18.2 Website Interaction and Usability Analysis Tools

In order to evaluate how visitors navigate and use our website, and to identify opportunities for improvement, we may deploy specialized analytics and usability monitoring services, including services offered by Hotjar, Microsoft Clarity, Mouseflow, Crazy Egg, FullStory, Lucky Orange, PostHog, and Glassbox.

Where legally required, these tools are activated only after you have provided your consent.

Depending on the service used, the following categories of information may be collected:

• patterns of cursor movement and page interaction,
• scrolling and navigation behavior,
• technical characteristics of devices and browsers,
• approximate location data derived from network information,
• anonymized or pseudonymized usage metrics.

The purpose of this processing is limited to statistical evaluation, interface optimization, and technical maintenance.

Each provider offers mechanisms that allow users to limit or disable tracking. Relevant information can be found at:

• Hotjar: https://www.hotjar.com/policies/do-not-track/
• Microsoft Clarity: https://privacy.microsoft.com/en-us/privacystatement
• Mouseflow: https://mouseflow.com/opt-out/
• Crazy Egg: https://www.crazyegg.com/opt-out
• FullStory: https://www.fullstory.com/opt-out/
• Lucky Orange: https://privacy.luckyorange.com/
• PostHog: https://posthog.com/opt-out
• Glassbox: https://www.glassbox.com/privacy-policy/

18.3 Marketing Measurement and Advertising Integration Technologies

For the purpose of evaluating promotional activities and managing advertising relationships, Eberths.com may integrate technical tools such as tracking pixels, application development kits (SDKs), and comparable systems supplied by third-party advertising platforms, including LinkedIn, Meta/Facebook, Instagram, TikTok, and similar providers.

These technologies assist us in:

• monitoring advertising reach and effectiveness,
• identifying conversion trends,
• assessing user engagement with marketing content,
• refining future communication strategies.

Through these integrations, certain technical and usage-related data may be generated automatically, including device identifiers, network information, browser configuration, referral paths, and interaction records. Where legally permitted, this data may be correlated across multiple platforms and environments.

Processing activities related to these technologies are carried out in accordance with applicable data protection legislation. Where consent is required, processing is initiated only after such consent has been obtained. Users may revise or withdraw their preferences at any time through available privacy and cookie management controls.

18.4 Browser “Do Not Track” Preferences

At present, Eberths.com does not implement automated responses to “Do Not Track” signals transmitted by web browsers. Users who wish to limit online tracking are encouraged to use browser-based controls and the consent management tools provided on our Platform.

19. Social Media and Messaging Communications

Eberths.com may communicate with Users and Clients through third-party social media platforms and messaging applications, including but not limited to Facebook, Instagram, LinkedIn, WhatsApp, Viber, and Telegram, where such communication is initiated by the User or expressly requested in connection with a Booking Request, Reservation, customer support, or service-related inquiry.
When you contact us or interact with us through these platforms, the communication is subject both to this Privacy Policy and to the privacy policies and terms of the relevant third-party provider.
Depending on the platform used, the following data may be processed:
• your public profile name or username;
• profile picture (where visible);
• message content and attachments;
• communication timestamps;
• technical identifiers and metadata.
Such data is processed solely for the purposes of:
• responding to inquiries and support requests;
• managing Booking Requests and Reservations;
• providing operational assistance;
• resolving disputes or complaints;
• complying with legal obligations.
Eberths.com does not control the data processing practices of third-party social media and messaging service providers and is not responsible for how such providers collect, use, or share your personal data outside of our communications.
Users are encouraged to review the privacy policies of the relevant platforms before initiating contact.
Where required by applicable law, communications may be recorded, archived, or integrated into our CRM systems for documentation, quality assurance, legal compliance, and service improvement purposes.

Where applicable, Eberths.com relies on contractual safeguards, including Standard Contractual Clauses and platform-specific data protection terms, when communicating through third-party messaging and social media platforms.

We periodically review transfer mechanisms to ensure continued compliance with EU law.

20. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

If you choose to register or log in to our services using a third-party social media account (such as Facebook, Twitter, TikTok, Google, or other supported platforms and communication channels as Whatsapp, Viber or Telegram), we may receive certain information about you from that provider.
This information may include:
• Your name
• Email address
• Profile photo
• Public profile information
• Unique user identification number
• Other information you have authorized the platform to share

The categories of personal data we receive depend on your privacy settings with the relevant provider and the permissions you grant at the time of login.

We do not control and are not responsible for how third-party social media platforms use or disclose your personal information. We encourage you to review their privacy policies and manage your privacy settings directly through those platforms.
We use the information we receive only for the purposes described in this Privacy Policy, including:
• Creating and managing your account
• Authenticating your identity
• Providing access to our services
• Communicating with you
• Improving user experience
We will not use your social media information for marketing purposes without your explicit consent. You may object at any time to direct marketing.

21. Cookie List

The following table describes the cookies currently in use:
• Cookie name: [●]
Provider: Eberths.com / [third party]
Category: Necessary / Preferences / Analytics / Marketing
Purpose: [●]
Duration: [session / X days]
(Your developer can populate this based on actual cookies in production.)

22. YOUR PRIVACY RIGHTS (GDPR & CCPA/CPRA)

Depending on your location, you may have the following rights regarding your personal data:

For European Users (GDPR)
You have the right to:
• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• File a complaint with a supervisory authority

For California Residents (CCPA/CPRA)
You have the right to:
• Know what personal data we collect
• Request access to your data
• Request deletion of your data
• Correct inaccurate personal data
• Opt out of the sale or sharing of personal data
• Limit use of sensitive personal information
• Not be discriminated against for exercising your rights
We will respond to all verified requests within the timeframes required by law.

Rights under CCPA/CPRA and similar non-EU privacy laws apply only where legally applicable based on the user’s place of residence and the scope of Eberths.com’s operations.

23. DATA PROTECTION AND LEGAL BASIS (GDPR COMPLIANCE)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Our legal bases for collecting and using your personal information include:
• Consent – When you voluntarily provide your information
• Contractual Necessity – When data is required to perform our services
• Legitimate Interests – To improve and secure our platform
• Legal Obligations – When required by law
You may withdraw your consent at any time by contacting us.

Eberths.com maintains internal documentation and procedures required by GDPR, including Records of Processing Activities (Article 30), Data Protection Impact Assessments where required (Article 35), incident response procedures, and staff confidentiality and data protection training.

24. Prevailing Language; Interpretation

The English version of this Privacy & Cookies Policy issued by Eberths.com is the official and legally controlling version. Any translated versions are provided solely for informational and convenience purposes. In the event that any question arises regarding the interpretation, validity, enforceability, or meaning of any provision of this Policy, the English version shall govern and prevail in all respects.