Back to home

Privacy Policy

Last update: February 2026

1. Who We Are

This website is operated by:

Access global concierge travel agency L.L.C., a company incorporated under the laws of the United Arab Emirates, registered under number 1109904, with its registered office at № 3, One Central, DWTC, Dubai, UAE, email: info@whitebirdclub.com

(hereinafter referred to as "Company", "We", "Us", or "Our").

The Company acts as the Data Controller within the meaning of the GDPR for personal data collected through this website in connection with bookings and guest management for the property located in Montenegro:

Castello degli Aranci Eco Resort Krstac bb, 85300 Petrovac na Moru, Montenegro

2. Applicability of This Privacy Policy

This Privacy Policy explains how We collect, use, store, and protect Your personal data when You:

  • browse Our website
  • make a reservation
  • contact Us
  • use Our booking engine
  • interact with cookies or tracking technologies

If You are located in the European Union, Your personal data is processed in accordance with the GDPR.

3. What Personal Data We Collect

3.1 Data You Provide Directly

When You make a booking or contact Us:

  • First name, last name
  • Email address
  • Phone number
  • Postal address
  • Country of residence
  • Passport or ID details (if required by local law)
  • Booking details (stay dates, room type, preferences)
  • Payment information (processed via secure payment provider)

If You do not provide required data, We may not be able to complete Your reservation.

3.2 Data Collected Automatically

When You use the website:

  • IP address
  • Browser type and device information
  • Pages visited
  • Date and time of access
  • Referrer URL
  • Interaction with booking engine

3.3 Cookies

We use cookies for:

  • Essential functionality
  • Security and authentication
  • Booking session management
  • Analytics (if applicable)
  • Marketing (only with consent)

Non-essential cookies are placed only after Your explicit consent.

Cookie consent remains valid for 13 months unless withdrawn earlier.

A separate Cookie Policy may apply.

4. Purposes of Processing and Legal Bases

We process Your personal data only for specified purposes:

A. Managing Reservations

Data: identity, contact details, booking data

Purpose: to complete and manage Your booking

Legal basis: performance of a contract (Art. 6(1)(b) GDPR)

B. Guest Management and Compliance

Data: identity documents (if required)

Purpose: compliance with local hospitality and reporting laws in Montenegro

Legal basis: legal obligation (Art. 6(1)(c) GDPR)

C. Communication

Data: name, email, phone

Purpose: respond to inquiries, pre-arrival communication, dispute handling

Legal basis: legitimate interest (Art. 6(1)(f) GDPR)

D. Marketing (if applicable)

Data: contact details, booking history

Purpose: send promotional offers

Legal basis: explicit consent (Art. 6(1)(a) GDPR)

You may withdraw consent at any time.

E. Website Analytics

Data: IP, browsing behavior

Purpose: improve website functionality and performance

Legal basis: consent (for non-essential cookies)

5. International Data Transfers

The Company is established in the United Arab Emirates.

If You are located in the European Union, Your personal data may be transferred outside the EU, including to the UAE.

Where required, such transfers are safeguarded by:

  • Standard Contractual Clauses approved by the European Commission
  • Technical and organisational security measures
  • Contractual data protection agreements with service providers

6. Who Has Access to Your Data

Within the Company

Access is limited to authorised personnel involved in reservations, administration, and compliance.

External Service Providers

We may share data with:

  • Payment processors
  • Property Management System (PMS) providers
  • Channel managers
  • Hosting providers
  • IT service providers
  • Legal and accounting advisors

All processors act under written data processing agreements.

We may also disclose data if required by law or judicial authority.

7. Data Retention

We retain personal data only as long as necessary:

PurposeRetention Period
Reservation managementDuration of stay + 2 years
Accounting dataAs required by applicable tax law
MarketingUntil consent withdrawal
Disputes3 years after last interaction

After these periods, data is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encrypted payment processing
  • Secure hosting infrastructure
  • Access control mechanisms
  • Staff confidentiality obligations

9. Your Rights Under GDPR

If You are located in the EU, You have the right to:

  • Access Your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability

To exercise Your rights, contact: info@whitebirdclub.com

We will respond within one month as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority in Your country of residence within the EU.

10. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this website.