Privacy Policy

Effective Date: July 20, 2025

1. Introduction

Travespert Tours and Travels (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, share, and protect the personal information you provide when using our travel website and services as a travel Company and tour operator.

This policy complies with major international privacy laws including the General Data Protection Regulation (GDPR) in the European Union, California Consumer Privacy Act (CCPA) in the United States, Digital Personal Data Protection Act (DPDPA) 2023 of India, Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, Lei Geral de Proteção de Dados (LGPD) in Brazil, Act on the Protection of Personal Information (APPI) in Japan, Australian Privacy Principles (APPs) under the Privacy Act 1988 in Australia, Personal Data Protection Act (PDPA) in Singapore, Personal Information Protection Act (PIPA) in South Korea, Privacy Act 2020 in New Zealand, Personal Data Protection Law (PDPL) in the UAE, Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) in Mexico, and Payment Card Industry Data Security Standards (PCI DSS).

2. Information We Collect

Personal Information for Travel Bookings and Services

As a Travel Company, we collect the following personal information necessary for travel arrangements:

Basic Personal Information:

  • Full name as it appears on government-issued identification documents
  • Contact information (home address, email address, phone numbers)
  • Date of birth and nationality
  • Gender (where required for travel arrangements)

Travel Documentation:

  • Passport details, including passport number, expiry date, and issuing country
  • Visa information and requirements
  • Travel insurance information

Payment and Financial Information:

  • Credit card details and payment information
  • Billing address
  • Transaction history and booking confirmations
  • Invoicing and receipt information

Travel Preferences and Special Requirements:

  • Accommodation preferences (room type, bedding preferences)
  • Dietary restrictions and meal preferences
  • Accessibility requirements and special assistance needs
  • Medical information relevant to travel (allergies, medical conditions affecting travel)

Trip-Specific Information:

  • Travel itinerary and destination preferences
  • Emergency contact information
  • Travel companion details
  • Purpose of travel (business or leisure)

Newsletter and Marketing Information

  • Email address collected when you voluntarily subscribe to our newsletter for travel updates and promotional offers

Analytics and Advertising Data

We automatically collect certain information through third-party services:

  • Google Analytics Data: Website usage patterns, page views, session duration, and user behavior to improve our website functionality
  • Facebook and Instagram Advertising Data: Information about your interactions with our social media advertisements, including clicks, views, and engagement metrics

3. How We Use Your Information

Travel Booking and Service Provision

  • Process and manage your travel reservations and bookings
  • Arrange and coordinate travel service,  accommodations, transportation, and tours
  • Communicate booking confirmations, changes, cancellations, and travel updates
  • Provide 24/7 customer support and emergency assistance during travel
  • Handle travel insurance claims and assistance
  • Manage group bookings and corporate travel arrangements

Third-Party Service Provider Coordination

  • Share necessary booking details with travel service providers including:
    • Hotels and accommodation providers for reservations
    • Tour operators and activity providers
    • Travel insurance companies
    • Ground transportation providers

Marketing and Communication

  • Send newsletters about travel deals, destinations, and company updates (with your consent)
  • Provide personalized travel recommendations based on your preferences
  • Improve our website and services based on usage analytics
  • Display relevant advertisements on social media platforms

Legal and Business Purposes

  • Comply with legal obligations and regulations including anti-money laundering and counter-terrorism financing requirements
  • Prevent fraud and ensure transaction security
  • Resolve disputes and enforce our terms of service
  • Maintain records for accounting and tax purposes
  • Assist law enforcement agencies when legally required

4. Legal Basis for Processing

EU Users (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing booking information to fulfill our travel services contract with you
  • Consent: Processing newsletter subscriptions, marketing communications, and special categories of personal data with your explicit consent
  • Legitimate Interest: Using analytics data to improve our website and services while protecting your privacy rights
  • Legal Obligation: Processing required for compliance with legal requirements including travel documentation and safety regulations

Canadian Users (PIPEDA)

Under Canada’s PIPEDA, we process your personal data based on:

  • Consent: We obtain your knowledge and consent for the collection, use, and disclosure of personal information
  • Business Purpose: Processing necessary for fulfilling our contractual obligations and providing travel services

Brazilian Users (LGPD)

Under Brazil’s LGPD, we process your personal data based on:

  • Consent: We obtain your free, specific, and informed consent for processing personal data
  • Contract Performance: Processing necessary for the performance of a contract
  • Legitimate Interest: Processing for our legitimate interests while ensuring your rights are protected

Japanese Users (APPI)

Under Japan’s APPI, we process your personal data based on:

  • Consent: We obtain your consent for processing personal information
  • Business Purpose: Processing necessary for business operations and service provision

Australian Users (Privacy Act)

Under Australia’s Privacy Act and APPs, we process your personal data based on:

  • Reasonably Necessary: Collection and use reasonably necessary for our business functions
  • Consent: Where required for specific uses or disclosures

Singapore Users (PDPA)

Under Singapore’s PDPA, we process your personal data based on:

  • Consent: We obtain your consent before collecting, using, or disclosing personal data
  • Business Purpose: Processing for legitimate business purposes

South Korean Users (PIPA)

Under South Korea’s PIPA, we process your personal data based on:

  • Consent: We obtain explicit consent before collecting or processing personal data
  • Contract Performance: Processing necessary for contract fulfillment

New Zealand Users (Privacy Act 2020)

Under New Zealand’s Privacy Act 2020, we process your personal data based on:

  • Lawful Purpose: Collection and use for lawful purposes connected with our business functions
  • Individual Consent: Where consent is obtained for specific purposes

UAE Users (PDPL)

Under the UAE’s PDPL, we process your personal data based on:

  • Consent: We obtain explicit consent from data subjects before processing their data
  • Contract Performance: Processing necessary for contract execution

Mexican Users (LFPDPPP)

Under Mexico’s LFPDPPP, we process your personal data based on:

  • Consent: We obtain informed and express consent before processing data
  • Legal Basis: Processing based on legitimate legal grounds

Indian Users (DPDPA Rights)

  • Right to Information: Obtain information about personal data processing
  • Right to Correction and Erasure: Correct, update, or erase your personal data
  • Right to Grievance Redressal: Access readily available means to report grievances
  • Right to Nominate: Appoint someone to exercise your rights in case of death or incapacity
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

Note: Some rights may be limited where we have legal obligations to retain certain information for travel industry compliance, safety, or security purposes.

9. Travel Industry Specific Privacy Considerations

Passport and Government ID Processing

  • We collect and process passport and government-issued identification details solely for the purpose of facilitating travel bookings and meeting legal requirements
  • This information is shared only with authorized travel service providers and government authorities as required
  • We implement enhanced security measures for the protection of identity documents

Group Travel and Corporate Accounts

  • For group bookings, we may collect information about all travelers in the group
  • Corporate travel accounts may involve sharing information with designated corporate administrators
  • We ensure appropriate consent mechanisms are in place for group and corporate bookings

Emergency Contact and Assistance

  • Emergency contact information is maintained for traveler safety and assistance purposes
  • This information may be shared with local authorities, medical services, or family members in case of emergencies
  • We maintain 24/7 access to emergency contact information for traveler assistance

10. Data Security Measures

We implement comprehensive security measures appropriate for the travel industry:

Technical Safeguards:

  • Encryption: All sensitive data is encrypted in transit and at rest using industry-standard encryption protocols
  • Secure Payment Processing: PCI DSS compliant payment processing systems
  • Access Controls: Multi-factor authentication and role-based access controls
  • Regular Security Audits: Ongoing security assessments and penetration testing
  • Secure Data Centers: Data stored in certified, secure data centers with physical access controls

Organizational Safeguards:

  • Employee Training: Regular data protection training for all staff members
  • Data Handling Procedures: Strict procedures for handling sensitive travel documentation
  • Vendor Management: Due diligence and data protection agreements with all third-party providers
  • Incident Response: Comprehensive incident response and data breach notification procedures

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies for:

  • Essential website functionality and security
  • Google Analytics performance measurement
  • Social media advertising and remarketing
  • Personalized travel recommendations
  • Booking process optimization

You can manage cookie preferences through your browser settings or our cookie consent banner. For users in jurisdictions with specific cookie consent requirements (EU, UK, Brazil, etc.), we obtain appropriate consent before deploying non-essential cookies.

12. Children’s Privacy

Our travel services are not directed to children under the applicable age limits, which vary by jurisdiction:

  • 13 years: United States, Canada
  • 16 years: European Union (or lower age set by member states)
  • 18 years: India (as per DPDPA), UAE
  • 14 years: South Korea
  • 12 years: Brazil (with parental consent)

When processing information for family travel that includes minors, we ensure appropriate parental or guardian consent is obtained. Special procedures apply for unaccompanied minor travel arrangements.

13. Data Breach Notification

We are committed to notifying relevant authorities and affected individuals of data breaches in accordance with applicable laws:

  • EU Users: Within 72 hours to supervisory authorities; without undue delay to individuals for high-risk breaches
  • Canadian Users: As soon as feasible to the Privacy Commissioner and affected individuals
  • Brazilian Users: Within reasonable timeframe to ANPD and affected individuals
  • Japanese Users: To the Personal Information Protection Commission and affected individuals for breaches affecting 1,000+ individuals
  • Australian Users: Notifiable data breaches reported to OAIC and affected individuals
  • Singapore Users: No mandatory breach notification currently required
  • South Korean Users: To PIPC and affected individuals within 72 hours
  • New Zealand Users: Privacy breaches causing serious harm reported to Privacy Commissioner and affected individuals
  • UAE Users: To UAE Data Office and affected individuals without undue delay
  • Mexican Users: To relevant authorities and affected individuals as required
  • Indian Users: To Data Protection Board and affected individuals as per applicable rules

14. Third-Party Links and Services

Our website may contain links to third-party websites, including airline websites, hotel booking platforms, and activity providers. This Privacy Policy does not apply to these external sites. We encourage you to review the privacy policies of any third-party sites you visit through our platform.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on our website with an updated effective date
  • Sending email notifications for significant changes affecting your rights
  • Providing additional notice as required by applicable law

We encourage you to review this policy regularly to stay informed about how we protect your information.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Travespert Tours and Travels
Email: connect@hornbillfestival.travespert.com
Phone: +918099802044
Address: Link Road, Gandhinagar, Dibrugarh, Assam, 786001, India

Privacy Officer/Data Protection Contact: connect@hornbillfestival.travespert.com
24/7 Emergency Travel Assistance: +918099802044

17. Regulatory Authorities and Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to file a complaint with the relevant data protection authority:

International Regulatory Bodies

European Union: Your local Data Protection Authority
United Kingdom: Information Commissioner’s Office (ICO)
United States (California): California Attorney General’s Office
Canada: Office of the Privacy Commissioner of Canada
Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
Japan: Personal Information Protection Commission (PPC)
Australia: Office of the Australian Information Commissioner (OAIC)
Singapore: Personal Data Protection Commission (PDPC)
South Korea: Personal Information Protection Commission (PIPC)
New Zealand: Office of the Privacy Commissioner
UAE: UAE Data Office
Mexico: Ministry of Anticorruption and Good Governance (formerly INAI)
India: Data Protection Board of India (DPBI) – Digital complaint filing available

These authorities have the power to investigate complaints, issue penalties, and provide remedies for data protection violations under their respective jurisdictions.

18. Travel Industry Compliance Certifications

We maintain compliance with relevant travel industry standards and certifications:

  • IATA (International Air Transport Association) accreditation where applicable
  • PCI DSS (Payment Card Industry Data Security Standard) compliance for payment processing
  • ISO 27001 information security management certification
  • Regular compliance audits and assessments

19. Automated Decision-Making and Profiling

Where we engage in automated decision-making or profiling that produces significant effects (such as pricing algorithms or fraud detection), we will:

  • Inform you about such processing
  • Provide meaningful information about the logic involved
  • Offer you the right to request human intervention (where required by applicable law)
  • Allow you to contest the decision

This applies particularly to users in jurisdictions with specific automated decision-making protections such as the EU, Brazil, South Korea, and Mexico.

This Privacy Policy was last updated on July 20, 2025 and is effective immediately.