We encourage this policy to be read be our visitors, customers and the curious minded. Please contact us for any questions you may have about our privacy practises.
What information do we collect?
You may want to provide the user with relevant definitions in relation to personal data and sensitive personal data.
The type of information we collect will depend on the service you sign up for. For tours, we collect personal as well as some identification information to organise and provide a tour service. We will also collect medical information that might be relevant to the tour.
We will collect this information ONLY if you register for our tours, take part in a survey or show interest in a product that sell. We do not provide a registration portal for users so if you visit as a guest, and / or close the browser window – your session will reset and no information will be stored.
We do not collect any information about you from third parties nor do we sell any of your data to third parties without your consent.
How do we use personal information?
Personal information you provide will only be used for:
- Communication with you and third parties that require your information for the purpose of commercial orders, hotel and transportation bookings (as part of the tour service)
- Marketing and general communication
- Internal research into our audience and userbase. No information will leave our secure systems and be stored unencrypted
- Meeting internal audits.
What legal basis do we have for processing your personal data?
Data you provide will be processed by us in order to deliver a contracted service. When you register and subsequently sign up for a service or purchase a product, your data will persist on our systems for the duration of the tour and a maximum of 60 days after. We require this information to ensure we can provide a successful and effective service to you, and in case of emergency or legal audit provide this information to the relevant authorities. Our interest in collecting this information is strictly commercial and if you would like to opt out and request all data we store relating to you is deleted and destroyed please contact us directly.
When do we share personal data?
We will share your personal data (always in an encrypted channel) when we need to book and deliver a service as part of a tour. For example the booking of internal flights where the travel agent will require sensitive personal information.
We use encryption on your website, to store, process and transmit your personal data. All data stored offline will be limited and will be deleted as soon as it no longer serves a purpose. We do not store your data on paper and avoid physical copies of all data to prevent data leakage.
Your data will only be shared with our travel agent representatives in the destination country and our partner organisation Sacredfootsteps.org.
Where do we store and process personal data?
Your personal data will be stored either inside the EU (our servers are based in Iceland) or the US (where we use Google services).
How do we secure personal data?
Describe your approach to data security and the technologies and procedures you use to protect personal information. For example, these may be measures:
- to protect data against accidental loss
- to prevent unauthorised access, use, destruction or disclosure
- to ensure business continuity and disaster recovery
- to restrict access to personal information
- to conduct privacy impact assessments in accordance with the law and your business policies
- to train staff and contractors on data security
- to manage third party risks, through use of contracts and security reviews.
To protect your data we:
- Use secure servers based in Iceland
- Limit access to your data to only those who require
- Use only encrypted channels if the data has to traverse over the internet
- Avoid paper and physical copies of all data
- No storing of personal information on any external storage
How long do we keep your personal data for?
Your data will be stored for up to 60 days , and in the case of other services such as book orders or surveys – 30 days after (unless we explicitly ask for your permission to have the data persist longer).
Once the data is no longer required, we will permanently delete your data. Please note there might be a period in which your data might remain on our third party service providers in the form of backups. These will also be deleted after a period of 30 days.
Your rights in relation to personal data
As a customer you have the right to your information to:
- access this personal information
- correction and deletion of your information
- withdrawal of consent (if processing data on condition of consent)
- data portability
- restriction of processing and objection
- lodging a complaint with the Information Commissioner’s Office
You are able to exercise your right, and if you would like to lodge a data request please contact us and we will respond to your request within 7 working days.
Please note if you have booked a tour with us on behalf of another person or persons, we will not be able to share, modify or delete information relating to that person without explicit consent provided by that person in the form of a written and signed consent letter.
How to contact us?
To contact us please email us at firstname.lastname@example.org or use the ‘Contact’ link on this site.