Privacy Policy

1. Information We Collect

We may collect and process the following categories of personal data, depending on how you interact with us and the services you request.

1.1 Identity and Contact Information

This may include:

• Full name
• Email address
• Telephone and mobile number
• WhatsApp or other messaging contact details
• Postal or billing address
• Nationality
• Date of birth, where required for travel arrangements
• Passport details, visa information, or identity-document details, where required for bookings, permits, hotel check-ins, domestic travel arrangements, or legal compliance
• Emergency contact details

1.2 Booking and Travel Information

This may include:

• Travel dates
• Arrival and departure details
• Flight details
• Hotel, villa, room, and meal-plan preferences
• Tour itinerary preferences
• Vehicle and chauffeur-guide arrangements
• Excursions, experiences, permits, tickets, and activity choices
• Previous inquiries, quotations, and booking records
• Special requests relating to your journey

1.3 Special-Category or Sensitive Travel Information

To arrange safe and suitable travel services, we may need to collect limited sensitive information, such as:

• Medical, mobility, accessibility, or health-related requirements
• Allergies or dietary restrictions
• Religious, cultural, or personal preferences relevant to meals or travel arrangements
• Information needed to assist children, elderly travellers, or travellers requiring additional care

We collect and use this information only where relevant to your travel arrangements, where necessary to protect your interests, or where we have your explicit consent where required by applicable law. We share this information only with service providers who reasonably need it to deliver the requested service.

1.4 Payment and Billing Information

Payment details are processed securely by third-party payment providers, banks, or financial institutions. We do not store full card numbers, CVV codes, or complete payment credentials. We may retain:

• Billing name and address
• Invoice details
• Payment confirmations
• Transaction references
• Bank-transfer records
• Refund or cancellation records
• Accounting and tax records

1.5 Communication Information

This may include:

• Emails, letters, messages, or WhatsApp communications exchanged with us
• Telephone-call notes or operational records
• Feedback, reviews, survey responses, complaints, or service-quality comments
• Communications with travel agents, tour operators, or representatives acting on your behalf

1.6 Technical and Usage Information

When you visit our Site, we may collect certain technical and usage information, such as:

• IP address
• Browser type and version
• Device type
• Operating system
• Time zone setting
• Referring website URLs
• Pages visited
• Time spent on pages
• Website interaction data
• Server logs
• Cookie and analytics data

2. How We Collect Personal Data

We collect personal data in the following ways.

2.1 Directly from You

You may provide personal data when you:

• Submit an inquiry form
• Request a quotation
• Book a tour or travel service
• Subscribe to a newsletter
• Contact us by email, telephone, WhatsApp, social media, or online form
• Provide travel documents or passenger details
• Share feedback, reviews, complaints, or special requests

2.2 From Travel Agents, Tour Operators, or Representatives

If your booking is arranged through a travel agent, overseas tour operator, corporate client, family member, or other representative, we may receive personal data from them in order to prepare and operate your travel arrangements.

2.3 Through Automated Technologies

When you browse our Site, we may collect technical and usage information through cookies, analytics tools, server logs, and similar technologies.

2.4 From Third Parties

We may receive personal data from third parties such as:

• Payment processors and banks
• Hotels, villas, activity providers, guides, and transport providers
• Booking platforms or travel-management systems
• Analytics providers, such as Google Analytics
• Social media or messaging platforms, where you interact with us through those platforms
• Publicly available sources, where relevant and lawful

3. How We Use Personal Data

We use personal data only where we have a lawful and legitimate reason to do so. The main purposes are set out below.

3.1 To Respond to Inquiries and Prepare Quotations

We use your contact, travel, and preference information to respond to your inquiry, prepare suitable travel proposals, and communicate with you about possible travel arrangements.

Lawful basis: legitimate interest, pre-contractual steps, and/or consent where applicable.

3.2 To Arrange and Operate Travel Services

We use personal data to arrange and deliver your travel services, including accommodation, transport, chauffeur-guides, national guides, airport transfers, excursions, tickets, permits, meals, and special arrangements.

Lawful basis: performance of a contract, legitimate interest, and/or consent where sensitive information is involved.

3.3 To Process Payments and Issue Invoices

We use billing and payment-related information to process payments, issue invoices, manage refunds, maintain financial records, and comply with tax and accounting requirements.

Lawful basis: performance of a contract and legal obligation.

3.4 To Provide Customer Support and Emergency Assistance

We use your information to manage operational changes, respond to service issues, provide emergency assistance, support travellers during their journey, and communicate with nominated emergency contacts where necessary.

Lawful basis: performance of a contract, legitimate interest, vital interests, and/or legal obligation where applicable.

3.5 To Improve Our Services and Website

We may use inquiry, booking, feedback, analytics, and usage information to improve our website, itineraries, service standards, operations, client experience, and internal business processes.

Lawful basis: legitimate interest.

3.6 To Send Marketing Communications

We may send newsletters, travel inspiration, promotional offers, surveys, or updates where you have subscribed, where we have your consent, or where we are otherwise permitted by applicable law. You may unsubscribe or opt out of marketing communications at any time.

Lawful basis: consent and/or legitimate interest, depending on applicable law.

3.7 To Protect Our Business, Website, and Legal Rights

We may use personal data to prevent fraud, protect website security, enforce our terms, manage disputes, recover payments, comply with legal obligations, and protect our rights, property, clients, staff, and service providers.

Lawful basis: legitimate interest and legal obligation.

4. Required and Optional Information

Some personal data is necessary for us to provide travel services, confirm bookings, issue invoices, arrange accommodation, organize transport, comply with hotel or permit requirements, or meet legal obligations. If you do not provide required information, we may be unable to provide some or all requested travel services.

Optional information, such as preferences, interests, or feedback, helps us personalize and improve your travel experience but is not always required.

5. Sharing Personal Data

We do not sell or rent your personal data. We may share personal data only where necessary, lawful, and proportionate, including with the following categories of recipients.

5.1 Travel Service Providers

To arrange and operate your travel services, we may share relevant data with hotels, villas, lodges, resorts, transport providers, chauffeur-guides, national guides, activity providers, restaurants, domestic travel services, site authorities, and local representatives. We share only the information reasonably necessary for the relevant service.

5.2 Overseas Travel Agents and Tour Operators

Where your booking is arranged through a travel agent, tour operator, corporate client, or representative, we may share booking-related information with them for itinerary coordination, service delivery, emergency support, accounting, and client-service purposes.

5.3 Payment Processors and Banks

We may share payment and billing information with trusted payment processors, banks, card processors, or financial institutions to process payments securely.

5.4 Professional Advisors

We may share personal data with lawyers, auditors, accountants, insurers, consultants, and other professional advisors where necessary for legitimate business, legal, insurance, financial, or compliance purposes.

5.5 Legal and Regulatory Authorities

We may disclose personal data where required by law, regulation, court order, tax authority, immigration authority, police authority, government authority, or other lawful request.

5.6 With Your Consent

We may share personal data in other circumstances where you have given us your consent.

All third parties who process personal data on our behalf are expected to respect the confidentiality and security of your data and to process it only for authorised purposes.

6. International Data Transfers

Rediscover Journeys is based in Sri Lanka. If you are located outside Sri Lanka, your personal data may be transferred to, stored, and processed in Sri Lanka. We may also share limited personal data with service providers, agents, or partners in other countries where necessary to arrange or operate your travel services.

If you are located in the European Union, European Economic Area, United Kingdom, or another jurisdiction with specific international-transfer rules, your personal data may be transferred to a country that may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we use appropriate safeguards, such as contractual protections, limited-access arrangements, confidentiality obligations, and careful service-provider selection, to protect personal data transferred internationally.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction. These measures may include SSL encryption on our website, restricted access to personal data, role-based access for employees, secure storage of physical and electronic records, staff confidentiality obligations, use of trusted service providers, internal security reviews, and careful handling of sensitive information.

However, no method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

8. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide travel services, meet legal obligations, resolve disputes, maintain business records, and protect our legal rights.

After the relevant retention period, we will securely delete, anonymise, or archive personal data in accordance with applicable law and business requirements.

9. Cookies and Tracking Technologies

Our Site may use cookies and similar technologies to remember preferences, improve website performance, analyze website traffic, understand how visitors use the Site, protect security and functionality, and improve user experience. We may use analytics tools such as Google Analytics, subject to applicable cookie and consent requirements.

You can control or disable cookies through your browser settings. Disabling certain cookies may affect website functionality, including inquiry forms or booking-related features. Where required by law, we will request your consent before placing non-essential cookies or similar tracking technologies on your device.

10. Marketing Communications

We may use your contact details to send newsletters, destination updates, travel inspiration, offers, surveys, or similar communications where permitted by law. You may opt out of marketing communications at any time by using the unsubscribe link in an email, contacting us at [email protected], or requesting removal from our marketing list.

Even if you opt out of marketing communications, we may still send service-related communications, such as booking confirmations, itinerary updates, payment notices, emergency information, or operational messages relating to your travel arrangements.

11. WhatsApp, Social Media, and Messaging Platforms

If you communicate with us through WhatsApp, Facebook, Instagram, LinkedIn, or other third-party platforms, those platforms may process your personal data according to their own privacy policies and terms. We are not responsible for the privacy practices of those third-party platforms. We recommend reviewing their privacy notices before using them. For important travel, payment, passport, or sensitive information, we may ask you to use a more appropriate or secure communication channel where necessary.

12. Photographs, Videos, Reviews, and Testimonials

During tours, events, familiarization trips, site inspections, or client experiences, photographs or videos may be taken by clients, staff, guides, partners, or service providers. We will not use identifiable guest photographs, videos, reviews, or testimonials for our marketing purposes without appropriate permission, unless the content has already been made public by you and we are legally permitted to use or reference it. If you ask us to remove a photograph, testimonial, or review from our own marketing channels, we will review and respond to your request in accordance with applicable law and practical limitations.

13. Children’s Privacy

Our website and services are not directed to children acting independently. We may process children's personal data where it is provided by a parent, guardian, travel agent, tour operator, school, family member, or authorized representative for the purpose of arranging family travel, educational travel, or other travel services. Where children's data is collected, we process it only as necessary for the travel arrangements, safety, legal compliance, or related operational purposes. If you believe a child has provided personal data to us without appropriate authority, please contact us so that we can review and, where appropriate, delete the information.

14. Third-Party Links

Our Site may contain links to third-party websites, including hotels, payment providers, booking platforms, social media platforms, travel partners, or other external websites. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to read the privacy policies of any third-party website you visit.

15. Your Rights

Depending on your location and applicable law, you may have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete personal data
• Request deletion of your personal data, subject to legal and operational requirements
• Request restriction of processing
• Object to processing based on legitimate interests
• Object to direct marketing
• Request data portability, where applicable
• Withdraw consent where processing is based on consent
• Request information about how we process and share your personal data

To exercise your rights, please contact us using the details in the "Contact Us" section below. We may need to verify your identity before responding to a request. We will respond within the period required by applicable law. For requests under Sri Lankan data protection law, this may be within 21 working days. For EU or UK data protection requests, this is generally within one month, unless an extension is permitted by law.

There is no fee for reasonable requests. However, where permitted by law, we may charge a reasonable administrative fee or refuse a request that is manifestly unfounded, excessive, repetitive, or abusive. Some rights may be limited where we need to retain or process data for legal, accounting, tax, contractual, safety, dispute-resolution, or legitimate business reasons.

16. Complaints

If you have a concern about how we process your personal data, please contact us first so that we can try to resolve the matter. Depending on your location, you may also have the right to lodge a complaint with a relevant data protection authority, including the Data Protection Authority of Sri Lanka, the UK Information Commissioner's Office (if applicable), the relevant supervisory authority in your EU or EEA country of residence, or another competent authority in your jurisdiction.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, operational practices, or data-processing activities. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically. Continued use of our Site or services after changes are posted means that you acknowledge the updated Privacy Policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

For travel-related emergency support, clients may use the emergency contact details provided in their booking confirmation or travel documents.