Privacy Policy

1. Introduction

Wanderlust Journeys ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website your-domain.com and use our travel services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

2. Information We Collect

2.1 Personal Data

We may collect personally identifiable information that you voluntarily provide to us when you:

• Register for an account
• Book travel services or make reservations
• Subscribe to our newsletter
• Contact us via forms or email
• Participate in surveys or promotions

This information may include:

• Name and contact information (email, phone, address)
• Payment and billing information
• Travel preferences and booking history
• Passport and identification details (when required)
• Emergency contact information

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

• IP address and browser type
• Operating system and device information
• Pages visited and time spent on pages
• Referring website addresses
• Click patterns and navigation paths

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. This helps us improve our website functionality and provide personalized content.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Process bookings, reservations, and travel arrangements
• Communication: Send confirmations, updates, and customer support responses
• Marketing: Deliver newsletters, promotional offers, and personalized recommendations (with your consent)
• Improvement: Analyze website usage to enhance user experience and service quality
• Legal Compliance: Comply with legal obligations and protect our rights
• Fraud Prevention: Detect and prevent fraudulent transactions and activities
• Payment Processing: Process payments and prevent financial fraud

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

• Contract Performance: Processing necessary to fulfill our services to you
• Legitimate Interests: Processing for our legitimate business interests that do not override your rights
• Consent: You have given explicit consent for specific processing activities
• Legal Obligations: Processing required to comply with applicable laws

5. Sharing Your Information

We may share your information with the following parties:

5.1 Service Providers

• Travel suppliers (airlines, hotels, tour operators)
• Payment processors and financial institutions
• Email and marketing service providers
• Website hosting and cloud storage providers
• Analytics and performance monitoring services

5.2 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights, property, or safety.

5.4 Third-Party Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Help us understand how visitors interact with our site
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track your browsing to deliver relevant advertisements

6.2 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Delete cookies when closing the browser

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• SSL/TLS encryption for data transmission
• Secure server infrastructure and firewalls
• Regular security assessments and updates
• Access controls and authentication procedures
• Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law. Retention periods vary based on:

• Active Accounts: Data retained while your account is active
• Legal Requirements: Financial records retained for tax and legal compliance (typically 7 years)
• Marketing: Marketing data retained until you withdraw consent
• Inactive Accounts: Data may be deleted after extended periods of inactivity

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 GDPR Rights (EEA Residents)

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request limitation of processing your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests or direct marketing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

9.2 CCPA Rights (California Residents)

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Opt-out of the sale of personal information
• Request deletion of personal information
• Non-discrimination for exercising privacy rights

9.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Adequate data protection measures in receiving countries

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

12. Marketing Communications

With your consent, we may send you marketing emails about our services, special offers, and travel inspiration. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at [email protected]

Note: Even if you opt-out of marketing communications, we may still send you transactional emails related to your bookings and account.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification for significant changes (where appropriate)

Your continued use of our services after such modifications constitutes your acknowledgment and acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Data Protection Officer:

Email: [email protected]

We aim to respond to all privacy inquiries within 30 days.

15. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.