Areora Travel values your privacy and the protection of your personal data. In this Privacy Policy, we explain what personal data we collect, why we process it, how we handle it, and what rights you have.

This Privacy Policy applies to all personal data processed by Areora Travel in connection with its services, including through our website, mobile application, social media channels, email, telephone, and through our Travel Advisors.

The controller responsible for the processing of your personal data is:

AreoraTravel
Sumba 16
1448 AT Purmerend
The Netherlands
Email: info@areoratravel.com

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us using the details above.

Areora Travel processes personal data carefully and in accordance with applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR).

This means, among other things, that we:

• process your personal data only for specific, explicit, and legitimate purposes;

• limit the processing to personal data that is necessary for those purposes;

• only process personal data where there is a valid legal basis;

• implement appropriate technical and organizational security measures;

• do not retain personal data longer than necessary;

• respect your privacy rights.

Depending on the nature of your relationship with Areora Travel, we may process the following categories of personal data:

• first name, middle name, and last name;

• address details;

• telephone number;

• email address;

• date of birth;

• gender;

• travel preferences;

• booking details;

• payment and invoicing details;

• passport and visa details;

• communication data;

• data relating to your use of our website, app, or digital communications;

• social media content you share with us.

In some cases, we may also process sensitive or special categories of personal data, such as medical information, disabilities, or special requirements, where necessary for the performance of your travel arrangements or services and where legally permitted.

We process your personal data for the following purposes, among others:

• to handle travel enquiries;

• to prepare and carry out bookings;

• to communicate with you about your enquiry, booking, or assignment;

• to manage administration and payments;

• to provide personal service through our Travel Advisors;

• to improve our services, website, and systems;

• to protect our systems and prevent fraud;

• to send newsletters and marketing communications where permitted;

• to conduct surveys, promotions, and customer research;

• to comply with legal obligations;

• to handle questions, complaints, and requests.

We only process your personal data where there is a valid legal basis to do so. This may include:

• performance of a contract, for example to arrange a trip or process a booking request;

• compliance with a legal obligation, for example for tax administration or mandatory data disclosures;

• consent, for example for marketing communications or the processing of certain special categories of personal data;

• legitimate interests, for example for customer service, fraud prevention, internal administration, or improving our services.

Where we rely on your consent, you have the right to withdraw that consent at any time.

When you request or book a trip, we may process personal data necessary to assist you properly.

For an enquiry, we may process:

• first name, middle name, and last name;

• telephone number;

• email address;

• gender;

• date of birth;

• address;

• holiday or travel preferences;

• in some cases, medical information, disabilities, or special requirements.

For a booking, we may also process:

• payment details, such as debit card or credit card details;

• travel document details, such as passport or visa information;

• other information required to perform your booking.

Purposes

We use this information for:

• processing your enquiry or booking;

• communicating with you about your trip;

• administrative and financial handling;

• providing appropriate service;

• complying with legal obligations.

Retention period

We retain this information for the duration of the agreement and no longer than necessary afterwards. Data forming part of our financial administration is generally retained for up to 7 years, where legally required.

When you subscribe to our newsletter or consent to receiving marketing communications, we may process the following personal data:

• first name, middle name, and last name;

• email address;

• preferences and interactions with our communications.

We use this information to send you news, offers, inspiration, and information about our products and services.

You can unsubscribe at any time via the unsubscribe link in our emails, through your Travel Advisor, or by contacting our head office.

We retain this data for as long as you remain subscribed to our marketing communications or until you withdraw your consent.

If you participate in promotions, campaigns, surveys, or customer research, we may process personal data such as:

• name;

• email address;

• responses, feedback, and suggestions;

• files or content you share with us, such as images, videos, or emails.

We use this information to carry out the relevant campaign, improve our services, and gain customer insights.

When you communicate with Areora Travel via social media or share content with us, we may process data such as:

• comments, reviews, and feedback;

• photos, videos, and messages;

• in some cases, contact details or location data.

We use this information for customer service, communication, analysis, and marketing purposes.

If you publicly share content with us or tag us, that content may be used by us in communication materials, such as on our website, social media channels, newsletters, or other marketing materials, to the extent permitted by law. Where required, we will ask for your permission in advance.

When you visit our website or use our mobile application, we may collect data through cookies and similar technologies, such as:

• browsing, search, and click behaviour;

• IP address;

• device data;

• browser and operating system information;

• interaction with digital communications.

We use this information to:

• ensure our website and app function properly;

• analyse and improve usability;

• optimize our services;

• measure the effectiveness of marketing;

• make content and communications more relevant.

Cookies are small data files stored on your device. For non-essential cookies, we will request your consent in advance where legally required. You can also manage or disable cookies via your browser settings.

We may process personal data of prospects, stakeholders, and other interested parties, for example when you contact us, hand over your business card, or connect with us via LinkedIn.

This may include:

• first name, middle name, and last name;

• telephone number;

• email address;

• business contact details.

We use thisinformation for relationship management, information sharing, and targetedcommunication.

We do notretain this data longer than necessary for these purposes.

We process employee personal data for the performance of the employment contract and to comply with legal obligations.

This may include:

• name and contact details;

• date of birth;

• salary information;

• copy of identification document;

• citizen service number or national identification number, where applicable.

This data is retained for as long as necessary in connection with the employment relationship and for any legally required retention period.

We only share your personal data with third parties where necessary for our services, where we are legally required to do so, or where you have given your consent.

We may share personal data with, for example:

• airlines;

• hotels and accommodation providers;

• insurers;

• local agents and travel partners;

• payment service providers;

• IT and hosting providers;

• newsletter and marketing software providers;

• administrative and financial service providers;

• government authorities or regulators.

Where third parties process personal data on our behalf, we enter into a data processing agreement where required by law.

We never sell your personal data to third parties.

To carry out travel assignments and bookings, it may be necessary to transfer personal data to parties located outside the European Union or European Economic Area, for example airlines, hotels, local agents, insurers, or public authorities.

Where personal data is transferred outside the EU/EEA, we ensure that such transfer takes place in accordance with the GDPR. Where necessary, we implement appropriate safeguards.

Please note that the level of protection of personal data in some countries outside the EU/EEA may differ from the level of protection within Europe.

We only process personal data of children under the age of 16 where consent has been given by a parent, guardian, or legal representative, or where otherwise permitted by law.

We do not retain personal data longer than necessary for the purpose for which it was collected, unless we are legally required to retain it for a longer period.

This means, among other things:

• booking and administrative data: for the duration of the agreement and thereafter in accordance with legal retention obligations;

• financial administration data: generally up to 7 years;

• marketing data: until you unsubscribe or withdraw your consent;

• other data: for as long as necessary for the relevant purpose.

Areora Travel takes appropriate technical and organizational measures to protect your personal data against loss, misuse, or unauthorized access.

These measures include, among others:

• confidentiality obligations for employees and engaged third parties;

• secure access to systems;

• username and password policies;

• encryption or pseudonymization where appropriate;

• backups and recovery measures;

• regular review and evaluation of security measures;

• staff awareness regarding privacy and data protection.

Under the GDPR, you have several rights regarding your personal data. You may request:

• access to your personal data;

• correction of inaccurate data;

• deletion of your data;

• restriction of processing;

• transfer of your data;

• objection to processing;

• withdrawal of previously given consent.

If you would like to exercise any of these rights, please contact us at info@areoratravel.com. To prevent misuse, we may ask you to verify your identity.

If you have a complaint about the way we handle your personal data, we kindly ask you to contact us first. We will do our best to resolve the matter with you.

You also have the right to lodge a complaint with the relevant supervisory authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Areora Travel may amend this Privacy Policy from time to time. The most current version will always be made available through our website.

We recommend that you review this Privacy Policy regularly.

Areora Travel

Sumba 16

1448 AT Purmerend

The Netherlands

Email: info@areoratravel.com