Privacy Policy
We are committed to maintaining the confidentiality of any personal information you provide when using our website. This privacy policy describes how we treat the personal data you receive during your visit to Peru. We may make content or services from other websites, including co-branded websites, available through links on our site. These other websites are not subject to this Privacy Policy. We encourage you to review each website’s privacy policy to determine how that site protects your privacy.
Privacy Policy
PRIVACY POLICY
PURPOSE OF THIS POLICY
The objective of this policy is to publicize how KONDOR PATH TOURS SAC protects and treats the personal data of customers, passengers, suppliers, tour operators, travel agencies, and collaborators, from the moment they are collected through the different channels, whether physical or digital, for the duly communicated purposes.
- BACKGROUND INFORMATION
KONDOR PATH TOURS is a company whose purpose is to provide services related to individual and group travel by air, sea, or land, the organization of trips or excursions, accommodation, and any other activity directly related to tourism. To do this, it collects, uses, manages, transfers, stores, and processes information that may be associated with data belonging to natural persons in the development of its activities, such as name, ID, telephone number, email address, and country of residence, among others, through various physical and digital formats.
KONDOR PATH TOURS, by Peruvian Law No. 29733 -Personal Data Protection Law- and its Regulation No. 003-2013-JUS; as well as the General Data Protection Regulation GDPR (EU 2016/679), undertakes to guarantee and adopt information security measures through the best international practices, taking into account the confidentiality, integrity, and availability of the personal data provided.
DEFINITIONS
- Responsible for the Treatment: is the natural or legal person who, alone or together with others, determines the purposes and means of the Treatment of personal data; that is, KONDOR PATH TOURS will be responsible for the personal data obtained through its different collection channels and provided by the users of KONDOR PATH TOURS, as well as the companies that are part of it.
- Personal data: any information relating to an identified or identifiable natural person (the user), such as name, identity document number, passport, location data, or one or more elements of physical, physiological, genetic, psychological, economic, cultural, or social of a person.
- Processing: any operation or set of functions on personal data or sets of personal data (whether or not they are automated).
Such as the collection, registration, organization, modification, consultation, use, dissemination, or any other form of access, reconciliation or combination, limitation, erasure, or destruction of personal data.
- Right of access: the user has the right to know what data is processed by KONDOR PATH TOURS and to obtain a copy of the same.
- Right of rectification: The user’s right to update, rectify and correct their data.
- Right of opposition: it is the user’s right to oppose at any time the processing of their data by KONDOR PATH TOURS.
- Right of deletion (“right to be forgotten” ): it is the user’s right to request the deletion of their data from any document, file, or place they are accessible.
- Right to limitation of Treatment: the user has the right to demand the end of the Treatment of their data when any of the circumstances established in the legislation occurs, such as the illicit Treatment of the data or the fact that KONDOR PATH TOURS no longer needs them.
- Right to data portability: the user’s right to receive the personal data that concerns him and that he has provided to KONDOR PATH TOURS . in a structured, commonly used, and machine-readable format and to transmit them to another data controller without being able to prevent it.
- Right not to be subjected to individualized decisions: the user’s right not to be subjected to a decision based solely on automated processing, including profiling, produces legal effects on him or significantly similarly affects him.
- CONSENT AND LEGITIMATE OF TREATMENT
KONDOR PATH TOURS processes user data:
- When they expressly consent to the processing of their data for the purposes detailed in this document and;
- When the Treatment is necessary for the execution of a contract for the provision of services and products in which the user is a party.
- PERSONAL DATA PROCESSED AND SCOPE OF APPLICATION
This policy applies to personal data relating to customers, passengers, suppliers, tour operators, travel agencies, and employees provided by them, using their freedom voluntarily. Aware. The information collected and stored includes the primary data entered in the registration forms, contact forms, or the like, such as, for example, name, identity document, passport, gender, age, telephone number, email address, country of residence, among others, the data collected through the different channels managed by the company, necessary for the provision of tourist services of KONDOR PATH TOURS. In any case, users can see which data is essential for the correct service provision and which is of an accessory nature before sending their data.
The user is solely responsible for the integrity and accuracy of the data provided. Only those over 18 years of age and those with sufficient legal capacity can be users. Likewise, the user is solely responsible for the data provided by third parties and for ensuring that they have been informed of this privacy policy and have obtained their express consent.
GUIDING PRINCIPLES
KONDOR PATH TOURS will consider the following principles in personal processing data.
- Principle of legality: The processing of personal data within the framework of Law 29733 is a regulated activity that must be subject to the law above’s proLlaw’sns and other conditions that regulate it. Collecting personal data by fraudulent, unfair, or illegal means is prohibited.
- Principle of consent: According to the declaration of support, the processing of personal data is lawful when the Owner of the personal data has given their free, prior, express, informed, and unequivocal consent. Formulas of support in which it is not expressed directly, such as those in which it is requested to presume or assume the existence of an unexpressed will, are not admitted. Even the consent given with other declarations must be expressed expressly and clearly.
- Principle of purpose: According to the direction of purpose, a goal is determined when clearly expressed, without confusion, and when the purpose for which the personal data will be processed is objectively specified. In the case of private data banks that contain sensitive data, their creation can only be justified if their purpose, in addition to being legitimate, is specific and in line with the activities or explicit objectives of the Owner of the personal data bank. Professionals who process personal data, in addition to being limited by the purpose of their services, are bound by professional secrecy.
- Principle of quality: The personal data that is processed must be accurate, exact, and, as far as possible, updated, necessary, pertinent, and adequate to the purpose for which they were collected. They must be kept in a way that guarantees their security and only for the time necessary for the Treatment.
- Principle of proportionality: all processing of personal data must be adequate, relevant, and not excessive about the purposes for which they were collected.
- Security principle: The Owner of the personal data bank and the data controller must adopt the necessary technical, organizational, and legal measures to guarantee the security of personal data. The security measures must be adequate and proportionate to the processing to be carried out and to the category of personal data in question.
- Principle of availability of resources: Every Holder of personal data must have the necessary administrative or judicial means to assert and demand their rights when data processing violates them.
- Principle of adequate protection: For the cross-border flow of personal data, a good level of protection must be guaranteed for the personal data to be processed, or at least comparable to that provided by Law or international standards in this field.
- PURPOSES OF PERSONAL DATA
KONDOR PATH TOURS will use the personal data provided by users for the following purposes
passengers
- Comply to provide contracted tourist services and products.
- Contact with the client (travel agencies, companies, and individuals) while providing contracted services and products.
- Facilitate coordination with suppliers, travel agencies, cruise lines, and hotels.
- Provide customers with information about the nature of the service and the knowledge and compliance requirements during the service, for example, contractual terms, compliance with tax obligations, and other terms that could include the company’s internal policies.
- Respond to doubts, questions, and requests.
- Justify the liquidation of the Value Added Tax of Non-residents before the Tax Administration, through the information of the Passport and the Andean Migration Card (TAM), among others.
- Analyze and identify the expectations and preferences of travel agencies regarding tickets and services.
Workers and collaborators:
- The company will request personal information from its employees to comply with the requirements of the applicable labor regulations and for the development of human resources and talent management projects such as payroll registration, staff attendance, personnel selection, and payment of commissions, among others.
- Security in the facilities through video surveillance.
- Comply with the policy and procedures of the Money Laundering and Terrorist Financing Prevention Policy.
Tour operators and suppliers:
- To be able to manage the payment of the requested services and products.
- To contact you about the provision of contracted services and products.
- Security in the facilities through video surveillance.
The personal data you provide will be stored in the databases described in Annex 2 of this document.
- RIGHTS OF THE OWNERS
The Owner of personal data has the following rights:
- The rights of information, access, rectification, cancellation, opposition, and objective Treatment of personal data can only be exercised by the individual data owner without prejudice to the rules of representation.
- The exercise of one or some of the rights does not exclude the possibility of exercising one or some of the others, nor can it be understood as an initial condition for any of them.
- Know, update and rectify your data with KONDOR PATH TOURS or the designated data controller. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data or whose Treatment is expressly prohibited or has not been authorized.
- Be informed by KONDOR PATH TOURS or the designated data processor, upon request, about the use of your data.
- Revoke the authorization and request the cancellation of the data when the Treatment does not comply with the principles, rights, and constitutional and legal guarantees. The revocation and cancellation will be made when the National Authority for the Protection of Personal Data has determined that KONDOR PATH TOURS or the person in charge of the designated Treatment has behaved contrary to Law 29733 and the Constitution.
- Free access to your processed personal data under the conditions defined in this document.
DATA PROCESSING CONDITIONS
- Authorization of the Owner:
For KONDOR PATH TOURS to carry out any personal data processing action, the prior and informed authorization of the Owner is required, which must be obtained by any means that can be consulted later. These mechanisms may be predetermined by technical means that facilitate the automated manifestation of the Holder or may be written or oral.
KONDOR PATH TOURS will adopt the necessary procedures to request, at the latest at the time of data collection, the Holder’s consent for the Treatment of the same. It will inform about the personal data that will be collected, as well as all the specific purposes of the data—treatment for which consent is obtained.
KONDOR PATH TOURS may process personal data found in publicly accessible sources to the extent that they are raw public data. Suppose there are substantial changes in the content of the data processing policies of KONDOR PATH TOURS about the identification of the person in charge and the purpose of the processing of personal data, which affect the content of the authorization. In that case, KONDOR PATH TOURS will communicate these changes to the holders before or at the latest at the time of the implementation of the new policies. It will also obtain new authorization from the Holder when the change refers to the purpose of the Treatment. For the communication of changes and approval, technical means may be used to facilitate this activity.
- Cases in which authorization is not required
- Information is required by a public or administrative body to exercise its legal functions or by judicial decision.
- Public data.
- Medical or health emergencies.
- Treatment of information permitted by Law for historical, statistical, or scientific purposes.
- Data from the civil registry of persons.
- Provision of information
KONDOR PATH TOURS will provide the information requested by the Owner in the same way the request was made.
- Obligation to inform the registrant
KONDOR PATH TOURS. At the time of requesting authorization from the Owner, it clearly and expressly informs you of the following:
- The Treatment to which your data will be submitted and the purpose of said Treatment.
- The optional nature of the answer to the questions asked, in the case of sensitive data or data of children and adolescents.
- The rights you have as the Owner.
- The identification, physical or electronic address, and telephone number of the data controller.
- Revocation of authorization and deletion of data:
Holders may apply at any time to KONDOR PATH TOURS. The deletion of your data and revoke the authorization granted for the Treatment of the same by submitting a request by the provisions of Law 29733 of 2011 and the Regulation of DS Nº 003-2013-JUS of 2013.
The request for data deletion or authorization revocation will not be processed when the Owner has a contractual obligation to remain in the KONDOR PATH TOURS database.
- People to whom the information can be provided:
The information about the personal data processed by KONDOR PATH TOURS can be provided to the following people:
- To the owners, their heirs, or their legal representatives.
- To public or administrative bodies in the exercise of their legal functions or by court order.
- To third parties authorized by the Owner or by Law.
SECURITY OF PERSONAL DATA
KONDOR PATH TOURS complies with the personal data protection measures required by Law. It has adopted the reasonable measures needed according to current technical knowledge and good information custody and management practices to prevent the loss, misuse, alteration, illegitimate intrusion, and theft of personal data provided by users.
PROCEDURES
The Owner or his assignees have the right to present to KONDOR PATH TOURS. Queries and claims, after verifying your identity, by writing to the following address at any time, withdraw your consent to personal processing data. You may exercise your rights of access, information, rectification, opposition, cancellation, limitation, forgetting, portability, and not being subject to individualized decisions, by writing to KONDOR PATH TOURS with the reference “PERSONAL” DATA” to the “following addresses.
- Physical/legal address: AV. Túpac Amaru O-3 Urb. San Borja, Wanchaq Cusco
- Email: info@kondorpathtours.com
KONDOR PATH TOURS will respond to the request and claim in the same way in which it was made:
Inquiries (Access / Information)
Those responsible for the Treatment or their successors in title may consult the personal information of the person responsible for the Treatment contained in the KONDOR PATH TOURS database, which will provide the applicant with all the information in its databases related to the identification of the person responsible for the Treatment.
The Owner may consult their data free of charge when there are substantial changes in the data processing policies of KONDOR PATH TOURS.
All requests will be processed by the same means that were submitted within five working days from their submission. To exercise this right, the interested party or their assignees must submit the access form, which is included in the annex to this policy.
Claims (requests/petitions)
The Holder or his successors in title who consider that the information contained in a database must be rectified, canceled, or opposed, or when they notice the alleged violation of any of the duties included in Law 29733 of 2011, may submit a request to the Holder of the Personal Data Bank or the person in charge of processing KONDOR PATH TOURS. To comply with these rights, the data owner or their assignees must submit the respective form found in the annex to this policy.
If the application does not meet the established requirements, the applicant is obliged to correct the defects within five (5) days from receipt of the application. If this period elapses without the correction being made, the request will be deemed not submitted. Suppose the information provided in the application is insufficient or erroneous in a way that does not allow its attention. In that case, KONDOR PATH TOURS may require, within seven (7) days from receipt of the application, additional documentation from the Holder of personal data to respond to it.
Within ten (10) days after receipt of the request, from the day following its receipt, the Owner of the personal data must attach the additional documents that they consider pertinent to substantiate their request. Otherwise, the application will be regarded as not submitted.
The maximum terms to respond to claims, by the provisions of the Law, are as follows:
- The right to information is five (05) days from the day following the submission of the corresponding request.
- The right of access is twenty (20) days from the day following the submission of the request by the Owner of the personal data.
- Rights of rectification, cancellation or opposition, the maximum response period by the Owner of the personal data bank or the person responsible for the Treatment will be ten (10) days from the day following the presentation of the corresponding request.
Except for the term established for the exercise of the right to information, the times corresponding to the response or attention of the other rights may be extended only once and for a maximum of an equal period, provided that the circumstances justify it. The justification for the extension of the term must be communicated to the Owner of the personal data within the time it is extended.
procedure requirement
The interested party or the assignee may only file a claim with the National Authority for the Protection of Personal Data after having exhausted the consultation or claim procedure with KONDOR PATH TOURS.
KONDOR PATH TOURS FUNCTIONS IN DATA PROCESSING
- Guarantee the interested party, at all times, the whole and effective exercise of the right of habeas data.
- Request and keep, by the Law, a copy of the respective authorization granted by the Concessionaire.
- Duly inform the interested party of the purpose of the collection and the rights that assist him by the authorization granted.
- Take steps to keep the information in a safe condition to prevent tampering, loss, unauthorized or fraudulent access, use, or access. Ensure that the information provided to the data controller is true, complete, accurate, up-to-date, verifiable, and understandable.
- Update the information, promptly communicate to the person responsible for the Treatment any news regarding the previously provided data and adopt other necessary measures to guarantee to update of the provided information.
- Rectify the information when incorrect and communicate the relevant information to the data controller.
- Provide the Data Controller, where appropriate, only the data whose Treatment is previously authorized by the provisions of the Law.
- Require the data controller to respect the security and confidentiality of the data subject’ssubject’sion at all times.
- Address queries and claims made by the Law.
- Adopt a manual of internal policies and procedures to guarantee proper compliance with this Law and, particularly, for managing queries and complaints.
- Inform the data controller when the exciting part discusses certain information once the claim has been submitted and the corresponding process has not been completed.
- Inform, at the request of the interested party, of the use made of their data.
- Inform the National Authority for the Protection of Personal Data when there are breaches of security policies and risks in the administration of the information of those responsible for Treatment.
- Comply with the instructions and requirements issued by the National Authority for the Protection of Personal Data.
OBLIGATIONS OF THE RESPONSIBLE FOR DATA PROCESSING
Those responsible for data processing are required to comply with the following duties without prejudice to the other provisions of the Law and other conditions that regulate their activity:
- Guarantee the interested party, at all times, the whole and effective exercise of the right of habeas data.
- Take measures to keep the information in the necessary security conditions to prevent falsification, loss, consultation, use, or unauthorized or fraudulent access.
- Update, rectify, or delete the data promptly, per this law’s provisions.
- Update the information provided by the data controllers within five (5) business days of receipt.
- Address the requests and claims of the owners by the Law.
- Adopt an internal policy and procedures manual to ensure compliance with the Law and, in particular, to respond to data subjects’ questions and claims from disseminating information contested by the interested party and whose blocking has been ordered by the National Authority for the Protection of Personal Data.
- Allow access to information only to those who can access it.
- Inform the National Authority for the Protection of Personal Data when there are breaches of security policies and risks in the administration of the information of those responsible for Treatment.
- Comply with the instructions and requirements issued by the National Authority for the Protection of Personal Data.
- Guarantee the security of databases containing personal data.
- Respect confidentiality in the processing of personal data.
SECURITY MEASURES
KONDOR PATH TOURS adopts all reasonable precautions and measures of a technical, administrative, and organizational nature to guarantee the security of the Holders’ data, mainly those aimed at preventing its alteration, loss, and unauthorized treatment or access.
Security measures aim to guarantee the data’s conservation, confidentiality, integrity, and availability.
KONDOR PATH TOURS’ seTOURS’ guidelines are based on KONDOR PATH TOURS’ inTOURS’sion security policies, which are the best practices and existing security standards and are in compliance with current regulations and have preparations.
These policies are strictly respected by direct and indirect employees who work at KONDOR PATH TOURS.
DATA RETENTION
KONDOR PATH TOURS will keep the user’s data for different periods depending on the purpose of the Treatment. Thus the data will be kept while a contractual relationship for the supply of products and services between KONDOR PATH TOURS and the users is in force and while the users do not request the cancellation of personal data to KONDOR PATH TOURS. Likewise, users understand and accept that some peKONDOR PATH TOURS must keep some personal data of the legal provisions according to the terms established by Law.
CHANGES IN POLICY
KONDOR PATH TOURS may modify and update this policy based on new developments or legislative and jurisprudential requirements and the company’s needs.
Therefore, it is recommended that users consult this policy regularly each time they access the company company’s