Privacy Policy

Updated: 2026-05-04

1. Data controller

The data controller is Rančo Gobas SIA, reg. no. 40103XXXXXXX, Līči, Krāslavas novads, LV-5601, Latvija. Data contact: hello@forestretreat.lv.

2. What data we collect

For booking: first and last name, e-mail, phone, check-in dates, number of guests. For payment: card data is handled by the Swedbank/EveryPay banking gateway — we do NOT receive or store card number, CVV or PIN. For server logs: IP address, user agent, request times.

3. Purposes of processing

Conclusion and execution of the rental contract (GDPR Art. 6(1)(b)), accounting and tax reporting (6(1)(c)), service security and fraud prevention (6(1)(f)), marketing messages — only with explicit consent (6(1)(a)).

4. Third-party recipients

Payment gateway: AS Swedbank (Latvia) and AS EveryPay (Estonia) — for settlement. Hosting and database: Supabase Inc. (EU region). E-mail notifications: Resend Inc. All recipients are bound by GDPR; data is not transferred outside the EEA without adequate safeguards.

5. Retention period

Booking and payment data are retained for 5 years after service delivery (Accounting Act). Marketing consents — until withdrawn. Server logs — up to 90 days.

6. Your rights

You have the right to: request a copy of your data, correct it, delete it (where no other legal basis applies), restrict processing, port your data, withdraw consent, lodge a complaint with the Latvian State Data Inspectorate (Datu valsts inspekcija). Requests — to hello@forestretreat.lv, response within 30 days.

7. Cookies

The site uses only technical cookies (auth session, language). No analytics or marketing cookies are used.

8. Security

Connection is encrypted with TLS, passwords are stored as hashes, access follows least-privilege, audit logs are kept.