Privacy Policy - HimaDie Travels

* Sri Lanka Personal Data Protection Act No. 9 of 2022

* European Union General Data Protection Regulation (GDPR)

* International travel industry privacy and data protection best practices

* Online payment and cybersecurity standards

This Privacy Policy particularly applies to international travelers, including travelers from France and the European Union.

---

We may collect the following categories of personal information:

1.1 Identification Information

* Full name

* Date of birth

* Nationality

* Gender (optional)

* Passport number and passport copy

* Visa information

* National identity card details where legally required

1.2 Contact Information

* Email address

* Mobile phone number

* WhatsApp number

* Residential address

* Country of residence

* Emergency contact details

1.3 Travel Information

* Travel dates

* Flight details

* Accommodation preferences

* Dietary requirements

* Accessibility requirements

* Medical alerts voluntarily disclosed by the traveler

* Tour preferences and special interests

* Previous travel history with us

1.4 Payment and Billing Information

* Billing address

* Payment confirmations

* Transaction references

* Partial card information where applicable

*Important:*

* HimaDie Travels does not store full credit card details.

* Online payments are processed through secure third-party payment providers compliant with PCI-DSS security standards.

1.5 Technical Information

When you use our website, we may automatically collect:

* IP address

* Browser type

* Device type

* Operating system

* Website activity logs

* Cookie identifiers

* Approximate geographic location

* Referral sources

1.6 Communication Records

We may retain:

* Email correspondence

* WhatsApp conversations

* Inquiry forms

* Customer support communications

* Feedback and reviews

* Call recordings where legally permitted

We collect information through:

* Website contact forms

* Booking forms

* Email communications

* WhatsApp and social media inquiries

* Phone conversations

* Online payments

* Third-party booking platforms

* Partner travel agencies

* Cookies and analytics tools

We only collect information that is necessary for legitimate travel, operational, legal, or customer service purposes.

For travelers located in the European Union, including France, we process personal data under the following lawful bases:

* Your consent

* Performance of a travel contract

* Compliance with legal obligations

* Legitimate business interests

* Protection of vital interests during emergencies

You may withdraw consent at any time where processing is based on consent.

We use personal information for the following purposes:

4.1 Travel Operations

* Organizing tours and itineraries

* Booking hotels, transport, guides, and activities

* Airport pickup arrangements

* Visa-related assistance

* Customer support during travel

* Emergency assistance and safety coordination

4.2 Business Administration

* Sending quotations and invoices

* Confirming reservations

* Processing payments and refunds

* Managing business records

* Fraud prevention and security monitoring

4.3 Marketing and Communication

With your consent, we may:

* Send travel offers

* Share newsletters

* Provide destination updates

* Send promotional campaigns

* Share seasonal travel information

You may unsubscribe at any time.

4.4 Website Improvement

* Improve website performance

* Analyze visitor behavior

* Enhance customer experience

* Prevent misuse and cyber threats

We do not sell, rent, or trade personal data.

We may share limited information only when necessary with:

* Hotels and accommodation providers

* Transport providers and drivers

* Local tour guides

* Safari and activity operators

* Payment processors

* Visa support providers

* Government authorities where legally required

* Insurance providers during emergencies

* IT and cloud service providers

All service providers are expected to maintain confidentiality and use personal information solely for travel-related purposes.

As HimaDie Travels serves international clients, personal information may be transferred between countries including Sri Lanka and the European Union.

Where international transfers occur, we implement reasonable safeguards to protect personal information, including:

* Secure cloud systems

* Restricted access controls

* Confidentiality obligations

* Encrypted communications where possible

We retain personal information only for as long as necessary for:

* Booking and travel operations

* Accounting and tax obligations

* Legal compliance

* Dispute resolution

* Fraud prevention

* Customer relationship management

Typical retention periods:

* General inquiries: up to 12 months

* Booking records: up to 7 years

* Financial records: according to Sri Lankan legal requirements

* Marketing consent records: until consent is withdrawn

When data is no longer necessary, it is securely deleted or anonymized.

HimaDie Travels implements appropriate technical and organizational security measures including:

* SSL-secured website connections

* Password-protected systems

* Restricted employee access

* Antivirus and firewall protection

* Secure cloud storage

* Staff confidentiality obligations

* Regular monitoring against unauthorized access

Despite our efforts, no online transmission or storage system can be guaranteed 100% secure.

Our website may use cookies and analytics technologies to:

* Improve website functionality

* Remember user preferences

* Analyze traffic and performance

* Improve user experience

Types of cookies may include:

* Essential cookies

* Functional cookies

* Analytics cookies

* Marketing cookies (only with consent where legally required)

Users may disable cookies through browser settings.

Depending on applicable laws, you may have the right to:

* Access your personal information

* Correct inaccurate information

* Request deletion of data

* Restrict processing

* Object to certain processing activities

* Withdraw consent

* Request data portability

* Lodge complaints with supervisory authorities

For EU residents, including French travelers, rights under GDPR apply where relevant.

Requests may be submitted through the contact details listed below.

We will only send marketing communications where:

* You have given consent;

* You requested travel information; or

* Applicable law permits us to do so.

All marketing emails will include an unsubscribe option.

We do not knowingly send unsolicited spam communications.

Our services are generally intended for adults.

We do not knowingly collect personal data from children under 16 without parental or guardian consent.

If we become aware that information has been collected from a child without appropriate authorization, we will delete such information.

Certain travel services may require sensitive information such as:

* Medical conditions

* Dietary restrictions

* Accessibility requirements

* Emergency medical information

Such information is collected only when voluntarily provided and only for travel safety and operational purposes.

Sensitive information is handled with enhanced confidentiality.

Where applicable, certain offices, partner hotels, or transport providers may use CCTV systems for:

* Security purposes

* Fraud prevention

* Passenger safety

Recordings are retained only for reasonable periods unless required for investigations.

Our website or social media pages may contain links to third-party websites such as:

* Booking platforms

* Payment gateways

* Social media platforms

* Hotel websites

HimaDie Travels is not responsible for the privacy practices of external websites.

Users are encouraged to review third-party privacy policies separately.

In the event of a significant data breach that may affect personal information:

* We will investigate promptly

* Take corrective security measures

* Notify affected individuals where legally required

* Cooperate with relevant regulatory authorities

HimaDie Travels does not use fully automated decision-making or profiling that produces legal or significant effects on travelers.

When users interact with our social media pages, we may receive:

* Public profile information

* Comments and messages

* Engagement statistics

Users should avoid sharing sensitive personal information publicly through social media channels.

We may update this Privacy Policy periodically to reflect:

* Legal changes

* Business developments

* Security improvements

* Operational requirements

The latest version will always be published on our official website.

Continued use of our services after updates constitutes acceptance of the revised policy.

For privacy-related inquiries, requests, or complaints, please contact:

HimaDie Travels

* Email: contact@himadietravels.fr

* Phone: +94743556949

* WhatsApp: +94743556949

* Website: himadietravels.fr

* Address: 226,diyampitiya watta, Haburugala 80506, Bentota, Sri Lanka

HimaDie Travels:

* Does not sell customer personal data

* Does not intentionally misuse passport information

* Uses reasonable measures to prevent unauthorized access

* Limits employee access to customer information

* Processes customer information only for legitimate travel purposes

* Respects GDPR principles for European travelers

* Attempts to minimize unnecessary data collection

By contacting HimaDie Travels, submitting inquiries, making bookings, or using our website, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal information as described herein.