Significance of personal data protection
Your privacy is important to us and we recognize that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process.
Purpose of this Policy
We respect your need to understand how and why information is being collected, used, disclosed, transferred and stored. Thus we have developed this Policy to familiarize you with our practices. This Policy sets out the way in which we process your information when you use our Website or other digital platforms in accordance with applicable data protection laws. It is important that you read this Policy together with any other policies we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This Policy supplements the other policies and is not intended to override them.
Defining controller of personal data
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This Policy is issued on behalf of Bali Tour Desk as controller. Unless we notify you otherwise Bali Tour Desk is the controller for your personal data.
Personal data collected by us
Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).You may be asked for personal data anytime you are in contact with Bali Tour Desk directly or indirectly through a third party.We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this Policy:
(a) “Contact Data”: including your work address, email address and telephone numbers;
(b) “Identity Data”: including your first name, last name, username or similar identifier, title;
(c) “Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
(d) “Profile Data”: including information collected progressively when you visit our site including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
(e) “Technical Data”: includes information collected when you access our Website, Premiere (our B2B online booking system) or , your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using; and
(f) “Usage Data”: information about how you use our Website.
Modes of collecting personal data
The only way we will get any kind of personal data is if you choose to give it to us in following circumstances:
(a) Direct interaction:
- When you make a reservation or purchase from our Website or through our customer service team – by email, letter, fax, on the phone or in physical store.
- When you register with us, subscribe to our newsletter, enter competitions, send us queries or register for promotions.
- When you take part in surveys or provide us with feedback.
- When you engage with us in any online or offline event, promotions, page hosted by us on a third party platform or location.
- Through cookies on our Website.
(b) Cookies and other technologies :
(c) Third parties or publicly available sources:
- We receive Technical Data from analytics providers such as Google.
Grounds for lawful processing of data
When you use our Website we will use your personal data in the following circumstances:
(a) “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
(b) “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
(c) “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
(d) “consent”: Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Use of personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. We generally use the information to establish and enhance our relationship with our users for the following purposes:
(a) The personal data we collect helps us to keep you posted about our latest product announcements, offers, promotions and events. It also allows us to improve our services, content and advertising. If you wish to unsubscribe, you can choose to do so.
(b) We may also use the personal data to improve our product offering, develop, and deliver products, services, content and advertising.
(c) We may use personal data to send you important notices and communications regarding our products and services availed or changes to the terms and conditions and policies.
(d) We may use the personal data we collect to allow you to access specific account information.
(e) We may use the information provided by you to customize your visit to the Website by displaying appropriate content at our judgment and discretion.
(f) The personal data we collect may be used to send you information about products and services offered by Bali Tour Desk and its affiliates, to contact you for payment reminder notices, travel vouchers and to keep you updated on the Travel sector through our newsletters. In event you do not wish to receive such information, you may unsubscribe through the facility in the email message you receive.
Personal data may also be used internally for research, analysis and auditing.
Collection and use of non-personal data
Non-personal data is data which can never be used to identify an individual. We may collection information regarding customer activities on our various portals. This aggregated information is used in research, analysis, to improve and monitor products and for various promotional schemes. It may be shared in aggregated, non-personal form with third party to enhance customer experience, products offering or services.
Cookies and other technologies
For your convenience, our Website provides links to other sites. When you click on one of these links, you are leaving our Website and entering another site. We are not responsible for such third party sites. You should carefully review the privacy statements of any other sites you visit, because those privacy statements will apply to your visit to such other sites.
Disclosure to third parties
The personal data collected is primarily used and passed on to third parties where it is necessary to process your booking, enquiry or participation. We may share personal data as required to fulfil the service offering and/or to make booking, reservation, blocking and any such activity initiated by user. We may share personal data with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information.We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data.
(a) Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
- any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body ();
- our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and
- service providers who provide information technology and system administration services to us.
(b) We may share your personal data with persons or entities outside of Bali Tour Desk to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this Policy.
Due to the multinational character of Bali Tour Desk, some of the affiliated companies and other recipients may be located in countries that do not provide a level of data protection equivalent to that set forth by the law in your home country. Bali Tour Desk will take steps to make sure that such recipients act in accordance with applicable law and provide an adequate level of protection for your personal data including appropriate technical and organizational security measures, also through implementation of appropriate contractual measures to secure such transfer, in compliance with the applicable law.
Information protection and security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, including:
(a) the pseudonymization and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.To protect your personal data and prevent unauthorized access, we have put in place appropriate security measures and certifications. We have SSL site and user should use it to protect the information transmission while transacting online.
Marketing and exercising your right to opt-out of marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.As part of the registration process, we give you the ability to receive via e-mail or direct messaging information about our Products and Services, updates to our Website, customized advertisements and promotions that are targeted to your specific interest, such as flight specials, promotions, contests, sweepstakes and other travel opportunities available on our Website and/or sponsored by our travel service providers and advertisers. We send this information directly ourselves, or via third party service providers.
Third-party advertisers and marketing
When you click on one of these advertisers’ links, you are leaving our Website and entering another site. We are not responsible for such third party’s sites. You should carefully review the privacy statements of any other site you visit, because those privacy statements will apply to your visit to that site, and may be very different from our policy.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defense of legal claims.We will retain your personal data in our databases in accordance with our document management, retention and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain information to allow you to obtain credit for trip your purchased but had to cancel. We may also need the retain certain information to prevent fraudulent activity; to protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain; or if we believe in good faith that a law, regulation, rule or guideline requires it.In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Changes to Policy
This Policy is effective as of October 9, 2020. We reserve the right to update or change this Policy at any time, and we will provide you with the updated Policy when we make any substantial updates at the earliest by providing a prominent Policy of change on our Website. You should check the Policy periodically. Your continued use of our Website after we post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.
Under certain circumstances, you have rights under applicable data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights under General Data Protection Regulation (GDPR) are set out below:
(a) right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
(b) right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
(c) right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
(d) right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
(e) right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
(f) right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Website). Information about you which has been gathered by monitoring your behavior will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
(g) right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
(h) right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
In case you have any questions, comments or concerns about this Policy, you may message us at firstname.lastname@example.org.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.