Legal

Privacy Policy

Last updated: 1 January 2026

1. Introduction

Soraflwarc ("we," "us," "our"), operating through soraflwarc.bond, is committed to protecting your privacy and handling your personal data with transparency, care, and respect. This Privacy Policy explains how we collect, use, store, and protect information when you visit and interact with our Website.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable data protection laws. By using our Website, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For the purposes of applicable data protection law, the data controller is:

Soraflwarc
Website: soraflwarc.bond
Email: [email protected]

3. Information We Collect

3.1 Information You Provide Voluntarily

We collect personal data that you voluntarily provide when you use our contact form. This may include:

  • Your first and last name
  • Your email address
  • Your message content and enquiry subject
  • Hotel or dining preferences you indicate

3.2 Automatically Collected Data

When you visit our Website, certain technical information may be automatically collected, including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Pages viewed and time spent on pages
  • Referring website
  • Date and time of access

3.3 Cookies

Our Website may use essential cookies necessary for the Website to function correctly. We do not use advertising or tracking cookies. For more information about our cookie usage, please refer to our Cookie Notice below.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to your enquiries — when you contact us via our contact form, we use your information solely to respond to your message.
  • To improve our Website — anonymised technical data helps us understand how users interact with our Website and improve its content and performance.
  • To comply with legal obligations — we may process your data where required by law.
  • To protect our legitimate interests — including security, fraud prevention, and protecting the integrity of our Website.

We do not use your personal data for marketing purposes without your explicit consent. We do not sell, rent, or trade your personal data to any third party.

5. Legal Basis for Processing (GDPR)

Under the GDPR, we rely on the following legal bases for processing personal data:

  • Consent (Article 6(1)(a)): Where you have explicitly consented to the processing of your data, such as when submitting our contact form with consent checkbox ticked.
  • Legitimate Interests (Article 6(1)(f)): For Website analytics and security purposes, where such processing does not override your rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Where processing is required to comply with applicable law.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions are retained for a maximum of 12 months following the conclusion of any correspondence, then securely deleted.
  • Anonymised technical and analytical data may be retained for up to 24 months for Website improvement purposes.

7. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure, or destruction. These measures include:

  • Secure HTTPS encrypted transmission
  • Access controls limiting who can access personal data
  • Regular review of our security practices

While we take all reasonable steps to protect your data, no internet transmission or electronic storage is entirely secure. You submit personal data at your own risk.

8. Third-Party Sharing

We do not sell or share your personal data with third parties for their own marketing purposes. We may share data with:

  • Service providers who assist in operating our Website (e.g., hosting providers), under strict data processing agreements.
  • Legal authorities if required to do so by law or in response to valid legal process.

Third-party links on our Website (to hotels, restaurants, etc.) are governed by those third parties' own privacy policies, for which Soraflwarc accepts no responsibility.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the UK, you have the following rights regarding your personal data:

  • Right of Access: To obtain confirmation of whether we process your data and to receive a copy.
  • Right to Rectification: To have inaccurate data corrected or incomplete data completed.
  • Right to Erasure ("Right to be Forgotten"): To have your data deleted under certain circumstances.
  • Right to Restriction of Processing: To restrict how we use your data in certain circumstances.
  • Right to Data Portability: To receive your data in a structured, machine-readable format.
  • Right to Object: To object to processing based on legitimate interests.
  • Right to Withdraw Consent: To withdraw any previously given consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

10. Cookies Policy

What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function efficiently and to provide information to the website owner.

Our Use of Cookies

We use only strictly necessary cookies that are required for the Website to function. These may include session cookies that maintain your browsing session. We do not use tracking, advertising, or analytical cookies that require consent under GDPR.

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Website.

11. International Transfers

We aim to process all personal data within the EEA. If any transfer outside the EEA is required (for example, for hosting services), we will ensure appropriate safeguards are in place in accordance with GDPR requirements, such as Standard Contractual Clauses.

12. Children's Privacy

Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at [email protected] and we will take steps to delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Soraflwarc
Email: [email protected]
Website: soraflwarc.bond