Platform and controller
Platform: HeyArvi
Website: www.heyarvi.ro
Personal data controller:
S.C. ARCVITAL SRL
CUI: 52983664
Trade Register No.: J2025091539000
Registered office: Iasi, Strada Sucidava no. 4, Romania
Website: www.heyarvi.ro
Contact email: contact@heyarvi.ro
GDPR email: contact@heyarvi.ro
Phone: 0750275418
1. Introduction
S.C. ARCVITAL SRL ("HeyArvi", "the Company", "we", "the controller") respects the privacy and personal data protection rights of all users of the HeyArvi platform available at www.heyarvi.ro.
This Privacy Policy explains how we collect, use, store, transfer, protect, and process personal data belonging to users of the HeyArvi platform.
Protecting personal data is a priority for us, and all processing activities are carried out in accordance with applicable data protection law.
This policy is prepared in accordance with:
- Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data ("GDPR");
- Romanian Law no. 190/2018 implementing the GDPR;
- Romanian and European legislation on electronic commerce;
- applicable legislation on digital services and consumer protection.
By accessing or using the HeyArvi platform, the user confirms that they have read, understood, and accepted this Privacy Policy.
This policy must be read together with the HeyArvi Terms & Conditions, Cookie Policy, Refund Policy, and any other legal documents published by S.C. ARCVITAL SRL.
2. Who we are
The personal data controller is S.C. ARCVITAL SRL, CUI 52983664, Trade Register No. J2025091539000, with registered office in Iasi, Strada Sucidava no. 4, Romania, operating the website www.heyarvi.ro.
For GDPR purposes, S.C. ARCVITAL SRL acts as controller for the personal data collected through the HeyArvi platform.
The controller is responsible for complying with legal obligations regarding data protection and for implementing measures required to ensure the security of processed information.
3. What is HeyArvi?
HeyArvi is a digital travel planning and assistance service.
The platform offers users personalized recommendations, information, and features intended to organize and manage trips.
HeyArvi is not a travel agency and does not directly sell flight tickets, transport services, accommodation, or tourist packages.
The platform provides information, recommendations, and digital assistance tools that may help users plan and organize trips.
Contracts for recommended travel services are concluded exclusively between the user and the relevant third-party providers.
4. What data we collect
Depending on the services used, HeyArvi may collect the following categories of data.
4.1 Identification data
- first and last name;
- email address;
- country of residence;
- preferred language.
4.2 Account data
- authentication information;
- usage preferences;
- personalized settings;
- login history.
4.3 Travel data
- preferred destinations;
- transport preferences;
- accommodation preferences;
- culinary preferences;
- indicative budgets;
- travel history;
- interests and tourist activities.
4.4 Payment data
For payment processing, HeyArvi may process the transaction identifier, payment status, purchased package, and information required for invoicing.
HeyArvi does not store the full card number, CVV/CVC code, bank passwords, or bank authentication codes. These details are managed exclusively by the authorized payment processor.
4.5 Technical data
The platform may automatically collect IP address, device type, browser, operating system, technical identifiers, and information about use of the platform.
4.6 Location data
When navigation and orientation functions are used, HeyArvi may process the user's location data only with the user's consent and only to provide the requested features.
5. How we collect data
Personal data may be collected directly from the user when creating an account, through forms completed on the platform, through use of available services and features, through Google or Apple sign-in, through support interactions, through cookies and similar technologies, and through technical providers integrated into the platform.
6. Data provided when creating an account
To create and manage an account, the user may provide name, email address, country of residence, preferred language, and other information necessary to provide the services.
The user guarantees that the information provided is real, accurate, and up to date.
7. Sign-in through Google and Apple
To simplify platform access, HeyArvi may allow sign-in through Google and Apple.
7.1 Google sign-in
When a user chooses "Sign in with Google", HeyArvi may receive the user's name, the email address associated with the Google account, and the unique Google account identifier.
HeyArvi does not receive or store the Google account password. Google sign-in is also subject to Google's privacy policies and terms of use.
7.2 Apple sign-in
When a user chooses "Sign in with Apple", HeyArvi may receive the user's name, the email address associated with the Apple account, and the unique identifier provided by Apple.
HeyArvi does not receive or store the Apple account password. Apple sign-in is also governed by Apple's applicable policies.
8. Purposes of processing
HeyArvi uses personal data only for legitimate and specific purposes, including:
- creating and managing accounts;
- providing contracted services;
- personalizing travel recommendations;
- processing payments;
- issuing tax documents;
- communicating with users;
- providing support;
- improving platform features;
- securing services;
- preventing fraud;
- complying with legal obligations.
9. Legal bases for processing
HeyArvi processes personal data only on one or more GDPR legal bases.
9.1 Performance of a contract
This basis applies when processing is necessary to provide services requested by the user, including account creation, authentication, platform access, subscription management, personalized recommendations, and user request handling.
9.2 User consent
HeyArvi may request explicit consent for newsletters, non-essential cookies, promotional communications, GPS location access, and optional platform functions. Consent may be withdrawn at any time.
9.3 Legitimate interest
HeyArvi may process data based on legitimate interest for IT infrastructure protection, fraud prevention, prevention of unauthorized access, security incident investigation, and service improvement.
9.4 Legal obligations
Data may also be processed to comply with applicable law, including tax, accounting, fraud-prevention, and competent-authority request obligations.
10. Payment processing
HeyArvi uses authorized payment processors for online payments. The platform currently uses Stripe.
Depending on the transaction, payment processing may involve the holder's name, billing address, transaction amount, currency, purchased package information, and required tax information.
HeyArvi does not store full card numbers, CVV/CVC codes, bank passwords, or bank security codes. These are processed exclusively by Stripe.
Stripe operates as an independent payment service provider and applies its own data protection and information security policies. Users are encouraged to consult Stripe's documentation and policies before using payment services.
11. Google Maps and navigation features
HeyArvi may use Google Maps to display maps, calculate routes, identify attractions, and navigate to hotels, restaurants, pharmacies, hospitals, embassies, and consulates.
Google Maps may process the user's location, IP address, device information, and technical information necessary for the service to function.
HeyArvi cannot guarantee the permanent accuracy of information provided by Google Maps. Routes, estimated times, and displayed information depend on Google's data and conditions at the time of use.
12. Google Analytics
HeyArvi uses Google Analytics to analyze and improve services.
Google Analytics may collect statistical information such as accessed pages, session duration, device type, operating system, browser, approximate country, and traffic source.
The data is used to improve user experience, identify errors, optimize services, and analyze platform performance.
13. Google Cloud and data hosting
HeyArvi uses Google Cloud infrastructure for hosting and operating its services.
Google Cloud may be used for app hosting, data storage, backups, infrastructure security, and technical processing necessary for the platform to function.
Google implements technical and organizational measures designed to protect data against unauthorized access, loss, or disclosure.
14. International data transfers
In certain cases, use of services provided by Google, Stripe, or other technology partners may involve international data transfers.
Any transfer will be carried out in accordance with the GDPR and will rely on appropriate safeguards, including European Commission standard contractual clauses, recognized compliance mechanisms, and other applicable legal safeguards.
15. Location data and GPS functions
HeyArvi may request access to the user's device location for certain features. Location access is optional and requires the user's explicit consent.
Location data may be used for guidance to hotels, attractions, restaurants, pharmacies, hospitals, embassies and consulates, nearby points of interest, and available safety features.
HeyArvi does not permanently monitor the user's location, does not perform continuous background tracking, and does not build profiles based on user movements.
The user may withdraw location permission at any time through device or browser settings.
16. Panic Button feature
Certain service packages may include a "Panic Button" feature intended to help users quickly communicate location and relevant information to persons designated by the user.
The feature is activated only by the user's voluntary action. HeyArvi does not automatically transmit the user's location without explicit initiation of the feature.
Depending on available features at the time of use, transmitted data may include current location, GPS coordinates, geographic position information, date and time of transmission, and other information necessary to provide the service.
The Panic Button is only a digital assistance tool. It is not an emergency service, does not replace 112, police, ambulance, firefighters, or other competent authorities, does not guarantee intervention, receipt of messages, or availability of communication networks. The user understands and accepts these limitations.
17. Translation services
HeyArvi may offer text, image, document, and audio translation services.
Users may upload images, documents, audio files, and text to use these services.
Files are used exclusively to provide the service requested by the user.
By default, images, audio files, and documents uploaded for translation are deleted after processing and are not permanently retained unless the user explicitly requests that they be saved.
The user is responsible for uploaded content and guarantees that they hold the necessary rights to use it.
18. Travel profile
To improve user experience, HeyArvi may create a personalized travel profile including preferred destinations, indicative budgets, preferred vacation types, accommodation preferences, culinary preferences, favorite activities, and travel history.
The profile is used only to personalize recommendations, improve services, simplify future trip planning, and remember user preferences.
The travel profile is private and accessible only to the account holder and authorized personnel to the extent necessary to provide services.
19. Personalized recommendations
HeyArvi uses information provided by users to generate personalized recommendations based on travel preferences, travel history, selected period, indicated budget, preferred destinations, and selected activities.
Recommendations are indicative and informational. They are not guarantees of service availability, prices, user experience, or quality of third-party providers.
20. Profiling and automated decisions
HeyArvi may use automated analysis of user-provided information to provide personalized recommendations and improve user experience.
These processes may consider preferred destinations, travel history, indicative budgets, accommodation and transport preferences, activities of interest, and other voluntarily provided information.
Profiling is used only to provide personalized recommendations, adapt displayed content, optimize platform features, and improve user experience.
HeyArvi does not make solely automated decisions that produce legal effects for users or significantly affect them. Recommendations are informational and indicative, and the user remains fully responsible for choosing services, destinations, and providers.
21. Newsletter and commercial communications
HeyArvi may send information about new features, travel recommendations, promotional offers, service information, and communications relevant to users.
Commercial and promotional communications are sent only based on user consent or where permitted by applicable law.
Users may unsubscribe at any time through the unsubscribe link, account settings, or a request sent to the controller.
22. Cookies and similar technologies
HeyArvi uses cookies and similar technologies for service operation, authentication, security, remembering preferences, analytics, statistics, and improving user experience.
The platform may use essential, performance, analytics, and marketing cookies. Complete details are available in the separate Cookie Policy.
23. Accuracy of travel information
HeyArvi makes reasonable efforts to provide up-to-date and relevant information. However, information about entry conditions, visas, passports, health requirements, weather, local regulations, service availability, third-party prices, transport schedules, and travel conditions may change after publication or display.
Before traveling, users must verify official information from destination authorities, embassies, consulates, airlines, transport operators, hotels, travel service providers, and other relevant official sources.
HeyArvi does not guarantee permanent accuracy of information, preservation of displayed prices, availability of recommended services, or absence of changes made by third parties. The platform provides information and recommendations only for indicative and informational purposes.
24. Data retention
HeyArvi retains personal data only for the period necessary to fulfill the purposes for which it was collected and in accordance with applicable legal obligations.
Account data is retained for the duration of the account. When an account is closed, data will be deleted or anonymized according to internal procedures and applicable legal obligations.
Payment, invoice, tax-document, and accounting records are retained for the periods required by Romanian tax and accounting law.
Support messages and requests may be kept for reasonable periods necessary to manage user relationships, resolve complaints, prevent fraud, and defend the controller's rights.
Location data used for navigation features is not permanently stored and is used only to provide requested functions.
25. Backups
To protect integrity and availability of services, HeyArvi may create backups of databases, app configurations, IT infrastructure, and information necessary for incident recovery.
Deleted user data may temporarily remain in backups. Such information is not actively used and is kept only for system recovery, service continuity, and preventing data loss.
After retention periods and backup cycles expire, data is deleted or anonymized in accordance with internal procedures.
26. Account deletion
Users may request account closure, deletion of personal data, and removal of account information at any time.
Requests may be made through account features, by contacting support, or by submitting a GDPR request.
Certain information may continue to be retained where legal obligations apply, including tax and accounting records, fraud prevention, dispute resolution, and exercising or defending legal claims.
27. User rights
Under the GDPR, users have the right of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent, and the right to lodge a complaint with the competent supervisory authority.
28. Exercising GDPR rights
Requests to exercise GDPR rights may be sent to contact@heyarvi.ro or by post to S.C. ARCVITAL SRL, Iasi, Strada Sucidava no. 4, Bl. Z1, Stair A, Apt. 1, 10th floor, Romania.
To protect personal data, HeyArvi may request additional information needed to verify the applicant's identity.
Requests will be analyzed and resolved within a maximum of 30 days from receipt, with possible extension in the cases provided by the GDPR.
29. Supervisory authority
If a user believes their rights have been violated, they may submit a complaint to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).
Website: https://www.dataprotection.ro
Address: Bulevardul General Gheorghe Magheru no. 28-30, Sector 1, Bucharest, Romania.
30. Data security
HeyArvi takes personal data protection seriously and implements appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or loss of data.
Measures may include HTTPS/TLS encrypted communications, secure authentication, access controls, IT infrastructure monitoring, backups, protection systems against unauthorized access, and internal information security procedures.
HeyArvi may use specialized infrastructure and cloud service providers, including Google Cloud and other technology partners with appropriate security and compliance measures.
Although HeyArvi implements reasonable security measures, no IT system, cloud service, or internet transmission method can guarantee absolute security. Users understand and accept inherent risks associated with using the internet and digital services.
If a security incident may affect users' personal data, HeyArvi will act according to GDPR and applicable law and, where required, notify users and competent authorities.
HeyArvi is not responsible for damage resulting exclusively from external cyberattacks, actions of unauthorized third parties, vulnerabilities of external providers' infrastructure, internet interruptions, force majeure events, or incidents not reasonably controllable by the controller. This does not limit users' rights under applicable law.
31. Minors
The HeyArvi platform is intended only for persons who are at least 18 years old.
We do not knowingly collect personal data from persons under 18. If such a situation is identified, we will take necessary measures to delete the information within a reasonable period.
Parents or legal representatives who believe a minor has provided personal data through the platform may contact us to request removal.
32. Changes to this Privacy Policy
HeyArvi may update or amend this Privacy Policy whenever necessary due to legal changes, new features, changes in technical providers, updates to internal processes, or platform development.
The updated version will be published on www.heyarvi.ro and the last updated date will be shown in the document. For significant changes, users may be informed through platform notifications or other appropriate means.
33. Contact
For questions about personal data processing, users may contact:
S.C. ARCVITAL SRL
CUI: 52983664
Trade Register No.: J2025091539000
Registered office: Iasi, Strada Sucidava no. 4, Romania
Website: www.heyarvi.ro
Contact email: contact@heyarvi.ro
GDPR email: contact@heyarvi.ro
Phone: 0750275418
34. Applicable law
This Privacy Policy is governed by and interpreted in accordance with the GDPR, Romanian Law no. 190/2018, Romanian data protection law, and European digital services law.
Any matter not expressly regulated in this document will be interpreted according to applicable law.
35. Final statement
By accessing, using, or continuing to use the HeyArvi platform, the user confirms that they have read this Privacy Policy, understood how their personal data is collected and used, understood their GDPR rights, and accepted data processing under the conditions described here.
This Privacy Policy is an integral part of HeyArvi's legal documentation and must be read together with the Terms & Conditions, Cookie Policy, Refund Policy, and any other documents officially published by S.C. ARCVITAL SRL.

