OBJECTIVE OF THIS POLICY
The purpose of this policy is to make known how Perú Escape Tours (hereinafter ” Perú Escape”) protects and treats the personal data of customers, passengers, suppliers, tour operators, travel agencies, and collaborators, from its collection through the different channels, whether physical or digital, for the purposes duly communicated by the company.
GENERAL INFORMATION
Peru Escape, a company belonging to Global Experience Network SRL and operating under the brands Peru Escape Tour Operador, Peru Escape Tour Operator, and Peru Escape Tours, among others, aims to provide tourist services at the national and international levels, related to the sale of individual and collective air tickets (tickets), in addition to carrying out the marketing, operation, and promotion of tourist programs, among other services. For this purpose, information is collected, used, administered, transferred, stored, and processed, which can be associated with information belonging to natural persons in the development of their activities. For example, name, identity document, telephone number, email address, and country of residence, among others, through various physical and digital formats.
Peru Escape, following Peruvian Law No. 29733 – Personal Data Protection Law – and Regulation No. 003-2013-JUS; as well as the General Data Protection Regulation GDPR (EU 2016/679), undertakes to guarantee and adopt measures for the security of the information through the best international practices, inattention to the confidentiality, integrity, and availability of the data of a personal nature provided.
DEFINITIONS
Responsible for the treatment: it is the natural or legal person who, alone or together with others, determines the purposes and means of the processing of personal data; In other words, Peru Escape will be responsible for the personal data obtained through its various collection channels and provided by Peru Escape users, as well as the companies that are part of it.
Personal data: it is all that information about an identified or identifiable natural person (the user), such as the name, ID, passport, location data, or one or more elements of the physical, physiological, genetic, psychic identity, economic, cultural or social of a person.
Treatment: would be any operation or set of operations carried out on personal data or sets of personal data (automated or not) such as the collection, registration, organization, modification, consultation, use, dissemination, or any other form of access authorization, collation or interconnection, limitation, deletion or destruction of personal data.
Right of access: it is the right of the User to know what data Peru Escape is treating and obtain a copy of them.
Right of rectification: it is the right of the user to update, rectify and/or correct their data.
Right of opposition: it is the user’s right to object at any time to the processing of their data by Peru Escape.
Right of cancellation (“right to be forgotten”): it is the right of the user to request the deletion of their data in any document, file, or place where they are accessible.
Right of limitation of treatment: it is the right of the user to demand that the processing of their data be limited when any of the circumstances established in the legislation occur, such as the illicit treatment of the data or that Peru Escape no longer needs them.
Right to data portability: it is the right of the user to receive the personal data that concerns him, that he has provided to Peru Escape, in a structured format, of common use and mechanical reading, and to transmit them to another data controller without can prevent it.
Right not to be the subject of individualized decisions: it is the right of the user not to be the subject of a decision based solely on automated processing, including profiling, that produces legal effects on it or significantly affects it similarly.
CONSENT AND LEGITIMATION OF THE TREATMENT
Peru Escape treats user data:
(i) When they expressly consent to the processing of their data for the purposes detailed in this document and/or;
( ii ) When the treatment is necessary for the execution of a contract for the provision of services and products in which the user is a party.
PERSONAL DATA OBJECT TO PROCESSING AND SCOPE
This policy is directed to the personal data corresponding to clients, passengers, suppliers, tour operators, travel agencies, and collaborators, supplied by themselves, making use of their freedom, voluntarily and consciously. The information collected and stored includes basic data entered through registration, contact, or other similar forms; such as, for example, name, ID, passport, gender, age, telephone number, email address, country of residence, among others, data collected through the various channels, necessary for the provision of tourist services of Peru Escape. In any case, users will be able to see which are essential for the correct provision of the service and which will be an accessory before sending their data.
The user will be solely responsible for the veracity and accuracy of the data provided. Only those over 18 years of age and/or those with sufficient legal capacity may be users. Likewise, the user will be solely responsible for the data provided by third parties, as well as ensuring that they have been informed of this Privacy Policy and have obtained their express consent.
GUIDING PRINCIPLES
Peru Escape will take into account the following principles in the process of processing personal data.
Principle of Legality: The processing of personal data in terms of Law 29733 is a regulated activity that must be subject to the provisions of the aforementioned standard, and the other provisions that regulate it. The collection of personal data by fraudulent, unfair, or illegal means is prohibited.
Consent Principle: Given the consent principle, the processing of personal data is lawful when the owner of the personal data has given their free, prior, express, informed, and unequivocal consent. Forms of consent in which it is not expressed directly are not allowed, such as those in which it is required to presume or to assume the existence of a will that has not been express. Even the consent given with other declarations must be expressly and clearly stated.
Principle of Purpose: Given the principle of purpose, it is considered that a purpose is determined when it has been clearly expressed, without room for confusion and when the object of the processing of personal data is objectively specified. In the case of a personal data bank containing sensitive data, its creation can only be justified if its purpose, in addition to being legitimate, is specific and following the activities or explicit purposes of the owner of the personal data bank. Professionals who process any personal data, in addition to being limited by the purpose of their services, are required to maintain professional secrecy.
Quality Principle: The personal data to be processed must be truthful, accurate, and, as far as possible, updated, necessary, relevant, and adequate for the purpose for which they were collected. They must be kept in such a way that their security is guaranteed and only for the time necessary to fulfill the purpose of the treatment.
Principle of Proportionality: All processing of personal data must be adequate, relevant, and not excessive for the purpose for which they had been collected.
Security Principle: The owner of the personal data bank and the person in charge of its treatment must adopt the technical, organizational, and legal measures necessary to guarantee the security of personal data. The security measures must be appropriate and following the treatment to be carried out and with the category of personal data in question.
Principle of Disposition of Appeal: Every owner of personal data must have the administrative or jurisdictional channels necessary to claim and enforce their rights when these are violated by the processing of their data.
Principle of Adequate Level of Protection: For the border flow of personal data, a sufficient level of protection must be guaranteed for the personal data to be processed or, at least, comparable to the provisions of the Law or international standards in the matter.
PURPOSES OF PERSONAL DATA
Peru Escape will use the personal data provided by users for the following purposes:
Passengers and Travel Agencies:
• Comply with the provision of contracted tourist services: flight programming and reservation, tourist packages, hotel reservation, itinerary programming; as well as car rental and insurance services, among others.
• Contact the client (natural person, companies, and travel agencies) before and during the provision of the contracted tourist services to answer questions, queries, and requests.
• Send information regarding the nature of the service and/or provisions of mandatory knowledge and compliance during the service or tourist package purchased, such as the contracting conditions and/or other conditions within which internal company policies could be included.
• Issuance of digital advertising of promotions or tourist packages on offer.
• Security of the clients in the facilities through video surveillance at our service counter.
• Analyze and identify the expectations and preferences of customers (natural person, companies, and travel agencies).
Workers and collaborators:
• The company will request personal information from its workers to comply with current labor regulatory requirements and/or the development of projects related to Human Resources and Talent Management such as payroll registration, personnel assistance, personnel selection, payment of commissions, among others.
• Comply with the policy and procedures of the Policy for the Prevention of Money Laundering and Financing of Terrorism.
• Security in the facilities through video surveillance.
Tourism Operators and Suppliers:
• To be able to manage the payment of the requested tourist services and products.
• To contact about the provision of contracted services and products.
• Security in the facilities through video surveillance.
The personal data that you provide us will be stored in our data banks.