Privacy Policy

1. Data Controller Information

cartoupoqp B.V. is the data controller responsible for your personal data. Our contact details are:

• Company: cartoupoqp B.V.
• Registration Number: 28573496
• VAT Number: NL237598641B105
• Address: Molenweg 114, 4814 HL Breda, North Brabant, Netherlands
• Email: privacy@cartoupoqp.top
• Phone: +31 102885678

2. Information We Collect

We collect and process the following types of personal data:

2.1 Information You Provide

• Contact Information: Name, email address, phone number, postal address
• Travel Preferences: Destination preferences, travel dates, budget, accommodation preferences
• Booking Information: Passport details, emergency contacts, dietary requirements, special needs
• Payment Information: Billing address, payment method details (processed securely by our payment providers)
• Communication Records: Correspondence, consultation notes, feedback, and reviews

2.2 Information We Collect Automatically

• Website Usage Data: IP address, browser type, pages visited, time spent on pages
• Device Information: Device type, operating system, screen resolution
• Cookies and Tracking: See our Cookie Policy for detailed information

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 Travel Services (Legal Basis: Contract Performance)

• Planning and booking your travel arrangements
• Coordinating with hotels, airlines, and local service providers
• Providing travel documentation and itineraries
• Offering customer support and assistance during travel

3.2 Business Operations (Legal Basis: Legitimate Interest)

• Processing payments and maintaining financial records
• Improving our services and website functionality
• Conducting customer satisfaction surveys
• Preventing fraud and ensuring security

3.3 Marketing Communications (Legal Basis: Consent)

• Sending travel inspiration and destination guides
• Sharing special offers and promotions
• Providing personalised travel recommendations
• Inviting participation in customer feedback programmes

3.4 Legal Compliance (Legal Basis: Legal Obligation)

• Maintaining records as required by tax and business regulations
• Complying with travel industry reporting requirements
• Responding to legal requests and court orders

4. Data Sharing and Disclosure

We may share your personal data with the following parties:

4.1 Service Providers

• Travel Partners: Hotels, airlines, tour operators, and local guides
• Payment Processors: Secure payment processing services
• Technology Providers: Website hosting, email services, and booking platforms
• Professional Services: Legal, accounting, and business advisory services

4.2 Legal Requirements

We may disclose your information when required by law, court order, or to protect our legal rights and interests.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred to the new entity.

5. International Data Transfers

As a European travel agency, we may transfer your personal data to countries outside the European Economic Area (EEA) for the purposes of providing travel services. When we do so, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes approved by supervisory authorities

6. Data Retention

We retain your personal data for the following periods:

• Active Customer Data: While you remain an active customer and for 3 years after your last booking
• Financial Records: 7 years as required by Dutch tax and business regulations
• Marketing Consent: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months for Google Analytics data
• Legal Claims: Until the expiration of applicable limitation periods

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data in certain circumstances.

7.4 Right to Restrict Processing

You can request limitation of how we process your data in certain situations.

7.5 Right to Data Portability

You can request your data in a structured, commonly used format.

7.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

7.7 Right to Withdraw Consent

You can withdraw consent for marketing communications at any time.

7.8 Right to Lodge a Complaint

You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption: Data transmission and storage encryption
• Access Controls: Restricted access to personal data on a need-to-know basis
• Regular Security Assessments: Ongoing evaluation of security measures
• Staff Training: Regular privacy and security training for all employees
• Incident Response: Procedures for handling data breaches and security incidents

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. For detailed information about our cookie practices, please see our Cookie Policy.

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered customers
• Displaying prominent notices on our website

The "Last updated" date at the top of this policy indicates when it was most recently revised.

12. Contact Information

For any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

13. Supervisory Authority

If you have concerns about our data processing practices, you can contact the Dutch Data Protection Authority:

• Autoriteit Persoonsgegevens
• Website: autoriteitpersoonsgegevens.nl
• Phone: +31 70 888 8500
• Address: Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands