Privacy Policy

Privacy Policy — Azornexus & ARAVIA

Last updated: April 1st, 2026

We may update this Privacy Policy from time to time. Updates will be published on this page. We do not use personal data for automated decision-making or profiling.

1. Who we are

Azornexus, Lda
Estrada Regional N6, Ribeira Seca de Vila Franca do Campo
São Miguel, Azores, Portugal
Email: [email protected]

Azornexus develops and operates the ARAVIA platform.

1.1 Scope of this policy

This Privacy Policy applies to:

  • The Azornexus corporate website (www.azornexus.com)
  • The ARAVIA platform (including booking and CRM services)

For the Azornexus website, Azornexus acts as a data controller for any personal data collected directly (e.g. contact requests).

For the ARAVIA platform, Azornexus acts as a data processor, processing data on behalf of operators.

2. Our role

ARAVIA provides a platform that allows tour and activity operators to manage bookings and connect with customers.

  • The operator is the data controller of customer booking data
  • Azornexus acts as a data processor, processing data on behalf of operators

2.1 Responsibility of operators

Operators using the ARAVIA platform are responsible for:

  • Determining what personal data is collected from customers
  • Ensuring that such data collection complies with applicable laws
  • Responding to customer data requests

Azornexus does not control the content of data submitted by operators or their customers. Azornexus processes personal data only in accordance with instructions from the relevant operator.

3. Data we process

When accessing the Azornexus website, limited technical data such as IP address and browser information may be processed for security and basic functionality.

When using ARAVIA booking services, we may process:

  • Full name
  • Email address
  • Phone number
  • Booking details (date, time, number of participants)
  • Optional information provided by the user
  • Payment status and transaction reference (via payment provider)
  • Technical data such as IP address and browser information, used for security, fraud prevention, and basic functionality (e.g. localization)

We do not store payment card details.

Operators may request additional optional information as part of the booking process. Such data is defined and controlled by the operator.

4. Purpose of processing

We process personal data to:

  • Enable booking of services
  • Manage reservations and send transactional communications (e.g. booking confirmations and updates)
  • Provide access to the CRM platform for operators
  • Ensure platform security and performance

We do not use personal data for marketing purposes unless explicitly stated.

Processing is based on:

  • Performance of a contract: to enable booking and delivery of services
  • Legitimate interests: to ensure platform security, prevent fraud, and maintain service performance

6. Payments

Payments are processed by Mollie.

We receive limited transaction data such as payment status and transaction identifiers.
Payment details are handled directly by the payment provider.

7. Sub-processors

We use third-party providers to operate the platform, including:

  • DigitalOcean (hosting and database)
  • Cloudflare (network and security)
  • Mollie (payments)
  • Better Stack (logging and monitoring)
  • Resend (sending transactional emails such as booking confirmations)
  • ipwho.is (IP-based location lookup for user experience)

These providers may process data on our behalf under appropriate safeguards.

8. Data retention

  • Booking data: up to 10 years (depending on operator obligations)
  • Logs: up to 3 days

9. Data sharing

Personal data is shared with the relevant operator responsible for the booked service.

We do not sell personal data.

10. International transfers

Some service providers may process personal data outside the European Economic Area.

Where this occurs, appropriate safeguards such as Standard Contractual Clauses are used.

11. Your rights

As the operator providing the booked service is the data controller, requests regarding personal data (access, correction, deletion) should primarily be directed to the relevant operator.

Azornexus will assist operators in fulfilling such requests where applicable.

You may also contact us at [email protected] and we will forward your request to the appropriate operator if necessary.

12. Cookies

We use only necessary cookies required for the operation of the booking platform.

No tracking or advertising cookies are used.

13. Security

We implement appropriate technical and organizational measures to protect personal data.

14. Contact

For any data protection questions:

[email protected]