📋 Table of Contents
- 1. Controller Information
- 2. Legal Basis for Processing
- 3. Personal Data We Collect
- 4. How We Use Your Data
- 5. Data Sharing and Transfers
- 6. Data Retention
- 7. Your Rights Under GDPR
- 8. Exercising Your Rights
- 9. Cookies and Tracking
- 10. Security Measures
- 11. Automated Decision-Making
- 12. Third-Party Services
- 13. Children's Privacy
- 14. Changes to This Policy
- 15. Contact Us
Controller Information
Data Controller Details
Company: Viva Europa S.A. de C.V.
Address: [Your complete address]
Phone: [Your phone number]
Email: [Your email address]
Website: [Your website]
Data Protection Officer: [DPO contact] (if applicable)
Viva Europa S.A. de C.V. is the data controller responsible for your personal data. We are committed to protecting your privacy and ensuring transparency in how we handle your information.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: To provide travel services you've requested and fulfill our contractual obligations
- Legal Obligations: To comply with tax, accounting, and regulatory requirements
- Legitimate Interests: For service improvement and marketing (with opt-out option available)
- Consent: For cookies, marketing communications, and special categories of data where required
Personal Data We Collect
Identity and Contact Information
- Full name, date of birth, nationality
- Passport number and expiration date
- Email address, phone number, postal address
Financial Information
- Payment card details (processed securely through encrypted systems)
- Banking information for refunds
- Transaction history and payment records
Travel Preferences
- Accommodation preferences and special requests
- Dietary requirements and allergies
- Accessibility needs and mobility requirements
- Travel history with us and feedback
Website Usage Data
- IP address and browser information
- Cookies and similar tracking technologies
- Website interaction data and page views
- Marketing campaign responses and engagement
How We Use Your Data
Service Delivery
- Process and manage your travel bookings
- Provide customer support and assistance
- Send booking confirmations and travel updates
- Handle payments and process refunds
Legal Compliance
- Meet tax and accounting obligations
- Comply with travel industry regulations
- Respond to legal requests and official inquiries
Marketing and Improvement
- Send promotional offers and travel deals (with your consent)
- Analyze service usage and customer preferences
- Improve our website functionality and user experience
- Personalize your travel recommendations
Data Sharing and Transfers
Within the EU/EEA
- Hotels and accommodation providers for your bookings
- Airlines and transportation companies
- Travel insurance providers for coverage
- Secure payment processors for transactions
Outside the EU/EEA
- Mexican parent company (with adequate safeguards in place)
- International service providers with standard contractual clauses
- Transfers only to countries with adequate protection or under appropriate safeguards
🛡️ Transfer Protection
All international data transfers are protected by appropriate safeguards, including standard contractual clauses approved by the European Commission or adequacy decisions.
Data Retention
We retain your personal data for different periods depending on the purpose:
- Booking data: 7 years for tax and legal requirements
- Marketing data: Until consent is withdrawn or you unsubscribe
- Website analytics: 26 months maximum (anonymized after 14 months)
- Customer support: 3 years after last interaction
📋 Retention Policy
We regularly review our data retention practices and delete or anonymize personal data when it's no longer needed for the original purpose or legal requirements.
Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data we hold
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data (right to be forgotten)
- Restriction: Limit how we process your data in certain circumstances
- Data Portability: Receive your data in a structured, machine-readable format
- Object: Oppose processing based on legitimate interests
- Withdraw Consent: Remove consent for data processing at any time
⚠️ Important Note
Exercising certain rights may affect our ability to provide services to you. We'll explain any implications before processing your request.
Exercising Your Rights
To exercise your data protection rights, contact us using any of these methods:
📧 Contact Methods
Email: [privacy email address]
Phone: [phone number]
Address: [postal address]
We will respond to your request within 30 days. If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Verification Process
To protect your privacy, we may need to verify your identity before processing certain requests. This may involve asking for identification documents or additional information.
Security Measures
We implement comprehensive security measures to protect your personal data:
- Encryption: All sensitive data is encrypted both in transit and at rest
- Access Controls: Strict employee access controls and regular monitoring
- Security Assessments: Regular security audits and vulnerability testing
- Staff Training: Ongoing data protection training for all employees
- Incident Response: Established procedures for security incident management
🛡️ Security Commitment
While no system is 100% secure, we continuously update our security measures to protect against unauthorized access, disclosure, or destruction of your personal data.
Automated Decision-Making
We may use automated systems for:
- Fraud Detection: Preventing fraudulent bookings and payments
- Risk Assessment: Evaluating booking risks and payment security
- Personalized Recommendations: Suggesting relevant travel experiences
You have the right to request human review of any automated decision that significantly affects you.
Third-Party Services
Our website may contain links to third-party services and websites. We are not responsible for their privacy practices. Please review their privacy policies before using these services or providing personal information.
⚠️ External Links
When you click on external links, you leave our website and our privacy policy no longer applies. Always check the privacy policy of any website you visit.
Children's Privacy
We do not knowingly collect personal data from children under 16 years of age without parental consent. If you believe we have collected such information, please contact us immediately and we will take steps to remove it.
For family travel bookings, we require that an adult makes the reservation and provides consent for any children included in the booking.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated to you via:
- Email notification to registered users
- Prominent notice on our website
- Updated "last modified" date at the top of this policy
We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Us
If you have any questions about this privacy policy or our data practices, please don't hesitate to contact us:
📞 Get in Touch
Privacy Email: [privacy email address]
General Contact: [phone number]
Postal Address: [complete postal address]
EU Representative: If you don't have an EU establishment but offer services to EU residents, you may need to provide EU representative contact information here.