Privacy Policy

1. Introduction

Welcome to Himalaya Holidays ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Himalaya Holidays is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided at the end of this document.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Make a booking or inquiry through our website
• Subscribe to our newsletter
• Contact us via email, phone, or contact forms
• Create an account on our website
• Participate in surveys or promotions

This information may include:

• Name and contact details (email address, phone number, postal address)
• Passport information and nationality (for travel bookings)
• Date of birth and age
• Payment and billing information
• Travel preferences and special requirements
• Emergency contact information
• Dietary requirements or medical information (if relevant to your trip)

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• IP address and device information
• Browser type and version
• Operating system
• Pages visited and time spent on our website
• Referring website addresses
• Clickstream data

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. You can manage your cookie preferences through your browser settings. For more information, please see our Cookie Policy section below.

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 To Provide Our Services

• Processing and managing your travel bookings
• Communicating with you about your trips and bookings
• Providing customer support
• Sending booking confirmations and travel documents

3.2 To Improve Our Services

• Analyzing website usage to improve user experience
• Conducting market research and customer surveys
• Developing new products and services

3.3 For Marketing Purposes

• Sending promotional emails and newsletters (with your consent)
• Personalizing marketing communications based on your interests
• Displaying targeted advertisements

3.4 For Legal and Security Purposes

• Complying with legal obligations and regulations
• Protecting against fraud and security threats
• Enforcing our terms and conditions
• Resolving disputes

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing is necessary to fulfill our contractual obligations to you (e.g., providing travel services you've booked)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving our services, fraud prevention)
• Legal Obligation: Processing is required to comply with legal or regulatory requirements

5. Data Sharing and Third Parties

We may share your personal information with the following categories of third parties:

5.1 Service Providers

• Hotels, airlines, and tour operators for booking arrangements
• Payment processors for secure transaction handling
• Email service providers for communications
• Website hosting and IT infrastructure providers
• Marketing and analytics platforms

5.2 Legal and Regulatory Authorities

We may disclose your information when required by law, court order, or to protect our legal rights.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity.

International Transfers: Some of our service providers may be located outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Booking Data: Retained for 7 years after your trip completion for accounting and legal purposes
• Marketing Data: Retained until you withdraw consent or unsubscribe
• Technical Data: Typically retained for 12-24 months

After the retention period expires, we will securely delete or anonymize your personal data.

7. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month.

8. Cookies Policy

Our website uses cookies to distinguish you from other users and provide you with a better browsing experience. Cookies are small text files stored on your device.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly
• Analytics Cookies: Help us understand how visitors use our website
• Functional Cookies: Remember your preferences and personalize your experience
• Marketing Cookies: Track your activity to deliver targeted advertisements

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure payment processing through PCI-DSS compliant providers
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Employee training on data protection and security

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach where required by law.

10. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will promptly delete such information.

11. Third-Party Links

Our website may contain links to third-party websites, such as hotel booking platforms or social media sites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

For significant changes, we will provide prominent notice on our website or send you an email notification if we have your email address.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

14. Data Protection Officer

If you have specific questions about how your data is processed or wish to exercise your GDPR rights, you may contact our Data Protection Officer at:

Email: info@himalayaholidayz.com