Privacy Policy
1. FOR WHICH PURPOSE WE COLLECT YOUR PERSONAL DATA AND WHICH LEGAL BASIS
1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
1. Where we need to perform the contract we are about to enter into or have entered into with you.
2. Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
3. Where we need to comply with a legal or regulatory obligation.
2. We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
IMPORTANT: Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data, or you fail to provide that data when requested. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Policy, in particular, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services available in our portfolio ). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
3. We will not use your personal data for purposes that are incompatible with the purposes for which we collected it, and of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
4. We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. For example, in order to prevent fraud and other illegal activity, and for verification process of any online transaction or payment.
5. We use your personal data only where required for specific purposes.
2. WHICH CATEGORIES OF DATA WE COLLECT ABOUT YOU
1. We collect personal data of Mautourco employees, potential employees, customers, suppliers and service providers, shareholders and website users. If the data we collect are not listed in this Privacy Policy, we will give individuals (when required by law) appropriate notice of which other data will be collected and how we will be using them.
2. If you provide us with personal data of another person (other than a child), you are responsible for ensuring that such person is made aware of the information contained in this Privacy Policy and that the person has given you his/her consent for sharing the information with us.
3. The personal data we collect includes and are grouped together as follows:
1. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
2. Contact Data includes billing address, delivery address, email address and telephone numbers.
3. Financial Data includes bank account and payment card details.
4. Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
5. Technical Data (if applicable) includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
6. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
7. Usage Data includes information about how you use our website and services.
8. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
5. We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.
6. We do not collect ‘sensitive personal data’ also known as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data ). Nor do we collect any information about criminal convictions and offences.
7. In limited cases where we do seek to collect sensitive data (for example your food preference, allergies, health conditions when using for example our Tours and excursions services , or any of our leisure activities or facilities, current medication, any physical conditions that affect your mobility) we will do so in accordance with data privacy law requirements and/or ask for your explicit consent.
IMPORTANT: This website is not intended for children and we do not knowingly collect data relating to a child under the age of 18. By law, parents or guardians of the child have the obligation to provide data related to the child. In this case, we shall make every reasonable effort to verify using any reasonable means (including but not limited to any written supporting evidence) that the express consent has been given or authorised.
8. The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
IMPORTANT: It is important that the personal data we hold about you is accurate and current. Please keep us informed and click here, if your personal data changes during your relationship with us.
3. HOW YOUR PERSONAL DATA IS COLLECTED
1. We use different methods to collect data from and about you including through:
1. Direct interactions:
1. You may give us your personal data when you fill in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
(i) book a stay via Mautourco Ltd
(ii) use and/or purchase services offered by Mautourco Ltd
2. (iii) create an account on one of our websites;
(iv) subscribe to publications;
(v) request brochures or newsletters to be sent to you;
(vi) enter a competition, promotion or survey;
3. If you contact us, we may keep a record of that correspondence;
4. Any postings, comments or other content that you upload or post to on websites.
2. Automated technologies or interactions As you interact with our websites, we may automatically collect Technical Data about your equipment, browsing actions and patterns, traffic data . We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details • Third parties or publicly available sources We may receive personal data about you from a third party.
4. HOW WE USE PERSONAL DATA FOR MARKETING PURPOSES
1. The source of our marketing data relates to the data and information collected through our direct interactions with you, or through our automated technologies, and data we obtain from our other subsidiaries .
2. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
5. HOW LONG WILL WE USE YOUR PERSONAL DATA FOR
1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
3. By law we have to keep basic information about our customers (including Identity Contact, Financial and Transaction Data) for ten (10) years or such number of years according the applicable laws, after they cease being customers for tax and other judicial purposes.
4. Please contact us for further details on retention periods for different aspects of your personal data.
5. In some circumstances, you can ask us to delete your personal data: see Request erasure below for further information.
6. In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
IMPORTANT :
• If you wish to exercise any of the rights set out above or need any clarification thereon, please contact us.
o We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
o We would appreciate the chance to deal with your concerns before you approach the DPC, ICO or CNIL, so please contact us in the first instance.
Pursuant to the GDPR, and if you are an EU Citizen, you have the right of portability that is the right to receive your personal data, which you have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.