Privacy Policy

and Data Protection (GDPR Compliance)

1

Introduction

This Privacy Notice (“Notice”) establishes how BLANDY TRAVEL Protects the privacy of the Personal Data of our employees, customers, partners, or any other entity with which the BLANDY TRAVEL relates in the context of its activity).

Being a travel agent, the BLANDY TRAVEL need to collect, use, and disclose Personal Data to perform the functions and business activities, including carrying out and managing travel reservations on behalf of our clients. In the BLANDY TRAVEL we are committed to protect the privacy and confidentiality of Personal Data and to maintain the various physical, digital, human and process related controls.

In the context of the General Data Protection Regulation 2016/679 (“GDPR”) the BLANDY TRAVEL is a “data controller” of any personal information that is shared in the context of our relationship with our clients or other interested parties.

By providing us Personal Data, stakeholders agree that this notice apply to how we deal with Personal Data and consent that Personal Data is collected, used, and disclosed as detailed in this Notice. If stakeholders do not agree with all or part of this Notice, the stakeholders should not provide us their Personal Data. If stakeholders do not provide us their Personal Data or withdraw their consent according to this Notice, that could affect our ability provide the services or negatively affect the quality of services provided. For example, most travel bookings must be made under the traveller’s full name and must include contact details and appropriate identification (e.g. passport details). We cannot make reservations without this information. There may be cases where local data protection laws impose treatment practices more restrictive than the practices defined in this notice. When that occurs, we will adjust our data processing practices to comply with these local laws data protection.

2

What Personal Data Do We Collect?

Personal Data have the meaning given by the local data protection laws and, where the GDPR applies, the meaning given under the GDPR. Personal Data usually mean data related with a living individual who can be identified from that data; or is identifiable from the combination of that data and other available data.

Generally, the type of personal information we collect is necessary to facilitate travel arrangements, support reservations or to arrange services and / or products relating to travel on behalf of our clients.

In this regard, we usually process the following types of Personal Data about our customers:

a) Contact information (such as name, home address / correspondence, telephone number, email address);
b) Payment data;
c) Passport detailed data;
d) Loyalty programs /frequent flyer detailed data;
e) Data on dietary needs and health problems (if any); and
f) Otherdetails relevant tothetravel plans or required by therelevant travel serviceprovider(s) (e.g. airlines andproviderofaccommodationor tourism).

When our customers contact us for other purposes, Personal Data related to those purposes may also be collected. For example, we may collect personal information so that we may contact our customers about a contest / campaign that has signed up or to respond to a question or comment they have sent us. We also collect data necessary for use in the business activities of BLANDY TRAVEL and our related entities, including, for example, financial details required to process multiple transactions, video surveillance images used for security purposes, or other relevant Personal Data you may choose to provide us.

In some circumstances, we may collect Personal Data from our customers that may be considered sensitive data in accordance with local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal history and the alleged commission of an offense, affiliation to political, professional, or commercial associations, biometric and genetic information, financial data, and health data. We will only collect sensitive data in accordance with local data protection laws, with explicit consent of the subject and where the data is reasonably necessary or directly related to one or more of our functions or operational activities (for example, travel), unless required or permitted to do so by law. To the extent permitted or required by local data protection laws, our customers consent that we use and disclose your sensitive data solely for the purpose for which it was collected, unless we subsequently receive your consent for another purpose. For example, if our clients provide us with health information related to travel insurance that they wish to do, customers consent that we use and disclose such health information on their behalf in the contacts made with the entity that promotes such travel insurance. Another example is when our customers can divulge their religious beliefs because they are interested, for example, in certain vacation packages, the use and disclosure of this information to make the trip operational. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent for another purpose.