Privacy and Cookies Policy (www.alverstur.md)

Last updated: 15.02.2026

This Policy explains how ALVALVER SRL (hereinafter “Alverstur”, “we”) collects, uses, and protects personal data when you use www.alverstur.md and our booking/ticketing services for international passenger transportation.

1) Who we are (Data Controller) and how to contact us

• Legal name: ALVALVER SRL
• IDNO: 1004600026627
• Registered address: Republic of Moldova, Strășeni district, Sireți village
• Office (Chișinău): Ismail str. 77, office 77
• E-mail: info@alverstur.md
• Phone: +373 69 581 101

2) What data we collect

A. Data you provide (bookings / tickets / account)

• Identification and contact data: first name, last name, phone, e-mail (customer and/or passengers).
• Trip data: route, boarding/alighting points, date/time, seat number, ticket/discount type, order notes (if any).
• Customer account (if you create one): first name, last name, e-mail, phone, and a password stored in encrypted form (hash), order history.

B. Online payment data

• Online payments are processed via a payment processor/bank (e.g., maib). We receive and store payment confirmation and technical transaction details (amount, currency, status, transaction identifier, sometimes masked card details) needed to confirm the order, keep records, and handle requests.
• We do not store the full card number or CVV/CVC code on our servers.

C. Data from forms and communications

• Contact: name, e-mail, subject and message (based on the form fields).
• Lost items: e-mail, order/ticket number (if provided), route, date, seat in the coach, item description and useful details for identification.
• Phone / messaging: if you contact us by phone or via messaging apps (WhatsApp/Viber/Telegram), we process the conversation data solely to resolve your request.

D. Technical data (automatically)

• Technical logs: IP address, browser/device type, pages visited, date/time, technical errors, anti-fraud measures.
• Security/anti-abuse: we may use services such as reCAPTCHA and anti-DDoS protection (e.g., Cloudflare) which analyze technical behavior to block bots and fraud attempts.

3) Why we use this data (purposes)

• Booking and ticket issuance (confirmation, seat allocation, trip notifications).
• Performance of the transport contract and communication with you (changes, cancellations, rescheduling, support).
• Payments, accounting and tax records (confirmations, refunds, supporting documents).
• Security and fraud prevention (website protection, preventing abuse and unauthorized access).
• Service improvement (technical analysis and functional optimization).
• Marketing (only if you consent — e.g., newsletter; you can unsubscribe at any time).

4) Legal basis for processing

• Contract performance (booking and transportation).
• Legal obligations (accounting, tax, complaint handling, requests from competent authorities).
• Legitimate interest (security, fraud prevention, defending rights in disputes, improving website performance).
• Consent (newsletter and/or non-essential cookies — where applicable).

5) Who we may share data with (recipients)

We do not sell your data. We may share data only to the extent necessary, with:

• Payment processors / banks (e.g., maib) — to process payments and confirm transactions.
• IT providers (hosting, maintenance, development) — strictly for operating the platform.
• Security and anti-abuse services (e.g., reCAPTCHA, anti-DDoS protection).
• Communication services (e-mail/SMS/messaging) — to send confirmations and notifications.
• Public authorities — only where we have a legal obligation or a lawful request.

6) International data transfers

Because international transport and global service providers may be involved (security/anti-abuse, communications), some technical data may be processed outside the Republic of Moldova and/or the European Economic Area. In such cases, we apply appropriate safeguards (e.g., standard contractual clauses, technical and organizational measures).

7) How long we keep data

• Orders, payments and supporting documents: for the time needed to provide the service and thereafter as required by applicable accounting/tax laws.
• Customer account: while the account is active; upon deletion request — except for data we must retain by law.
• Messages (Contact / Lost items): for the time needed to resolve the request and a reasonable period for record-keeping and legal defense.
• Technical and security logs: generally for limited periods, strictly for security and diagnostics.

8) Your rights

Subject to applicable law, you have the following rights: access, rectification, erasure, restriction, objection, data portability (where applicable), and withdrawal of consent (for consent-based processing).

How to exercise your rights: write to info@alverstur.md with the subject “Personal data” and include your name, the e-mail/phone used for the booking, and your request. We may ask for additional information to verify your identity.

9) Cookies

The website uses cookies necessary for operation (e.g., session cookies and preferences such as displayed currency). Depending on settings and features, security/anti-abuse cookies may be used, and if enabled, analytics/marketing cookies — the latter only with consent where required.

You can control cookies in your browser settings (block/delete). Note: blocking necessary cookies may affect bookings and login.

10) Data security

We apply reasonable technical and organizational measures to protect data (access control, security measures, anti-abuse monitoring). However, no Internet transmission can be guaranteed 100%.

11) Minors

Our services may include bookings for minors (data is provided by a parent/guardian or an adult making the booking). We do not knowingly collect minors’ data for marketing and ask you not to send excessive data.

12) Policy updates

We may update this Policy when features or legal requirements change. The current version is published on the website with the last updated date.