Privacy Policy for arcoiristours.com
1. Introduction
At arcoiristours.com, we value your privacy and are committed to safeguarding your personal data. We understand the importance of protecting your information and ensuring transparency in how it is collected, used, and shared. This Privacy Policy outlines our practices concerning the collection, processing, and storage of personal data, in accordance with global data protection frameworks, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to visitors, users, and customers of arcoiristours.com and any associated services. For the purposes of data protection legislation, Arcoiris Tours acts as the data controller regarding the personal data collected via the website, mobile experiences, and customer communications. As a data controller, Arcoiris Tours determines the purposes and means of processing your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: This includes data about your interaction with our website, such as IP address, browser type, pages visited, session timestamps, and referral URLs.
– Account Data: If you register an account or request services, we may collect your full name, postal address, email address, and phone number.
– Profile Data: Information such as your travel preferences, purchase history, accommodation or tour bookings, and behavioral trends on arcoiristours.com.
– Communication Data: Any data you provide when contacting us, participating in surveys, submitting support queries, or corresponding via email or forms. This includes communication timestamps and content.
– Technical Data: Details about your device, system configuration, operating system, mobile network, and browser plug-ins.
– Transaction Data: Data required to process payments or complete service delivery, including payment method information, transaction IDs, billing addresses, and order fulfillment data.
– Preference Data: Your expressed consents for newsletters, marketing content, event invitations, or interests in specific types of tours or packages.
4. Legal Bases for Processing
We only process personal data when permitted under applicable law. The legal bases include:
– Consent: When you have explicitly permitted processing, such as subscribing to newsletters or consenting to cookies.
– Contractual Necessity: When processing is required to fulfill our agreement with you (e.g., completing a booking or purchase).
– Legal Obligation: When we are required to comply with a legal obligation (e.g., tax reporting).
– Legitimate Interests: When processing is necessary for our legitimate business needs, provided those interests are not overridden by your rights. Examples include fraud prevention, service optimization, and enhancing user experience.
5. Your Rights
In accordance with GDPR and CCPA, you may exercise the following rights regarding your personal data:
– Right of Access: You may request confirmation and access to the personal data we hold about you.
– Right to Rectification: You have the right to ask us to correct inaccurate or incomplete data.
– Right to Erasure: Under certain conditions, you have the right to request deletion of your data.
– Right to Restriction: You may request that we limit processing of your data in specified instances.
– Right to Data Portability: You can request we provide your personal data in a structured, commonly-used machine-readable format, allowing you to transfer it to another service.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to ensure the protection of your data. Measures include but are not limited to:
– Secure encryption protocols for data transmission and storage
– Role-based access controls and authentication procedures
– Routine server and system security audits
– Redundancy and secure backups of critical systems
– Ongoing privacy and data protection training for all personnel
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or other protected regions, we ensure adequate safeguards are in place, including reliance on Standard Contractual Clauses approved by the European Commission or equivalent mechanisms under applicable privacy laws.
8. Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy. Criteria include:
– Usage Data: Retained for up to 12 months for analytics and performance reviews.
– Account Data: Retained for the duration of account activity and up to 3 years post-closure for audit and legal compliance.
– Profile and Preference Data: Retained for up to 3 years following the last user interaction.
– Communication Data: Retained for up to 24 months to manage support history and service quality.
– Transaction Data: Retained for 7 years to comply with financial recordkeeping laws.
When retention is no longer necessary, data is securely deleted or anonymized.
9. Cookie Policy
arcoiristours.com uses cookies and similar tracking technologies to enhance user experience and analyze site performance. Cookies fall under the following categories:
– Essential Cookies: Necessary for core website functionality, such as maintaining user sessions or processing transactions.
– Functional Cookies: Support enhanced features, such as remembering preferences or enabling chat support.
– Analytics Cookies: Allow us to collect information about how visitors interact with the website, enabling improvements.
– Performance Cookies: Measure system performance, uptime, and responsiveness for optimization purposes.
10. Cookie Management and Compliance
Upon visiting arcoiristours.com, users are provided with a cookie banner and options to manage consent preferences in compliance with GDPR and CCPA. Users may adjust cookie settings at any time via our Cookie Management Console or through browser settings. We respect browser “Do Not Track” signals where applicable.
11. Children’s Privacy
Our website and services are not directed to, nor do we knowingly collect personal data from, children under the age of 13. If we become aware that personal data of a child has been gathered inappropriately, we will take immediate steps to delete such information.
12. Policy Updates
We reserve the right to update this Privacy Policy to reflect changes in our practices or in legal, regulatory, or operational requirements. Material modifications will be communicated via changes to this page, and where required, we will notify you directly using your provided contact information.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:
We are committed to safeguarding your privacy and maintaining compliance with all applicable data protection laws. We welcome your feedback or inquiries concerning your privacy rights at any time.