Version: v1.0
Effective date: 31.01.2026
Data controller (under data protection law): DIGITAL TRAVEL S.R.L.
1.1. IDNO: 1025600062792
1.2. Address: MD-2028, str. Nicolae Costin, 61/3, ap. 70, mun. Chișinău, Republic of Moldova
1.3. E-mail for data protection matters: ebilet.md@gmail.com
This policy explains how we process the personal data of users/passengers (“Data Subjects”) when you use the E-Bilet website and/or apps, create an account, book/purchase tickets, or interact with customer support. The policy applies both to processing carried out by E-Bilet as a controller and to situations where we act as a processor for Carriers, as well as to processing performed by independent partners on their own behalf.
We currently apply Law No. 133/2011 on the protection of personal data (Republic of Moldova). This law remains in force until 23.08.2026.
Law No. 195/2024 on the protection of personal data was published on 23.08.2024 and enters into force on 23.08.2026; from that date it will replace Law No. 133/2011.
For users from the EU/EEA or when we monitor their behaviour, we apply the relevant principles and obligations of Regulation (EU) 2016/679 (GDPR).
4.1. E-Bilet (DIGITAL TRAVEL S.R.L.) – Controller for: account administration, displaying offers, the booking/purchase process, ticket issuance, customer relations, fraud prevention, legal/accounting reporting, direct marketing (where consent or legitimate interest exists).
4.2. Carriers – Independent controllers for performance of transport (boarding conditions, baggage, delays/cancellations, incidents), including data collected/requested by them.
4.3. Processors/partners (IT/Cloud/hosting providers, anti-fraud/security, accountants, auditors) – act either as processors or as independent controllers, as applicable, under contracts including confidentiality, security, and audit clauses.
5.1. Identification and contact data: name, surname, e-mail, phone, billing address, preferred language.
5.2. Transaction data: routes/itineraries, seats, baggage options, booking codes, payment/booking status, change/refund requests.
5.3. Travel document data: only if required by law/Carrier for boarding or formalities.
5.4. Communications and support: registered requests, tickets, calls/e-mails, feedback, complaints.
5.5. Technical and usage data: IP, online identifiers, system events, logs, device/browser type, settings, cookies and similar technologies (see §12).
5.6. Marketing: communication preferences, consent history, interactions with our messages.
5.7. Special categories: not intentionally requested; may occur exceptionally (e.g., special assistance requests) and are processed only with explicit consent or another legal basis.
6.1. Provision of services and contract performance: (account creation, booking, ticket issuance, operational notices, refunds) – legal basis: contract performance.
6.2. Legal compliance: (accounting/tax, reporting obligations to authorities) – legal basis: legal obligation.
6.3. Fraud prevention/detection and security: (log monitoring, anti-abuse measures, reasonable KYC/KBA) – legal basis: legitimate interest and/or legal obligations.
6.4. Customer support and complaint handling: – legal basis: contract performance/legitimate interest.
6.5. Service improvement and statistics: (aggregated/anonymous analytics) – legal basis: legitimate interest.
6.6. Electronic direct marketing: (newsletters, offers) – legal basis: consent; you may withdraw at any time.
6.7. Non-essential/analytics/marketing cookies: – legal basis: consent (see Cookies Policy).
7.1. The platform is intended for adults (18+). Persons aged 14–18 may use the services only with the consent and under the responsibility of their legal representative.
7.2. We do not intentionally collect data of children under 14. If we learn that we have collected such data without a legal basis, we will delete it without undue delay.
8.1. Carriers (for transport performance).
8.2. PSP/Payment processors – card data are processed directly by them; E-Bilet does not store the full card number.
8.3. IT/Cloud/Hosting providers.
8.4. Anti-fraud and security partners.
8.5. Accountants, auditors, consultants (within their mandate).
8.6. Public authorities (upon lawful request).
8.7. In all cases we apply minimisation and confidentiality rules and conclude contracts as required by law.
9.1. If we transfer data outside Moldova/EU/EEA, we use appropriate safeguards (e.g., Standard Contractual Clauses), legal derogations, or other instruments recognised by law.
10.1. Account and contractual relationship: for the duration of the account and 3 years after last activity/closure.
10.2. Financial-accounting documents: 5 years from year-end/document issuance.
10.3. Security logs: 12 months.
10.4. Complaints/customer requests: 3 years after resolution.
10.5. Marketing based on consent: until withdrawal or 24 months of inactivity.
10.6. Cookies: as set in the Cookies Policy.
11.1. We apply appropriate technical and organisational measures (encryption, access control, MFA, backup). Payments are processed via a PSP certified to PCI-DSS.
12.1. We use necessary cookies and, with your consent, analytics and marketing cookies. You can change your options at any time via the banner.
13.1. We do not take decisions based solely on automated processing. If we introduce such processes, we will inform you in advance.
14.1. You have the following rights: access; rectification; erasure; restriction; portability; objection; withdrawal of consent. To exercise your rights: send a request using the details in §1.
15.1. National Center for Personal Data Protection (CNPDCP)
Address: MD-2004, mun. Chișinău, str. Serghei Lazo, 48
E-mail: centru@datepersonale.md
Tel.: (022) 820 801
16.1. If a data breach may create a risk to individuals’ rights, we will assess the incident and notify the CNPDCP and/or data subjects as required by law.
17.1. For substantial changes, we will give 15 days’ notice. The current version will always be available on the site.
18.1. This policy applies together with the Terms & Conditions (T&C). Processing carried out by Carriers and/or PSPs is subject to their own policies.
