search information plane

PRIVACY POLICY

Classic Travel (Private) Limited places highest priority on the security and privacy of our Clients. Since the safety and security of your data is one of our utmost concerns we have taken appropriate measures to ensure that your date is safe and up-to-date. Please contact us if you wish to have access to your personal information or change your personal information or in the event if you want your information be removed from our database. Further, if you do not wish to receive any emails from us in future, please click here to unsubscribe from our Mailing List. If you have any questions regarding our GDPR (General Data Protection Regulation) or data protection polices, please contact us at: classic@classictravel.lk. Our company is in compliance with GDPR and has taken all reasonable measures for the security and privacy of the personal data we gather from our clients.

DATA COLLECTION AND PROCESSING

Classic Travel (Pvt) LTD as a travel agency company, we will collect and process personal data necessary for the provision of our services, such as names, contact information, passport details, and travel preferences. This will be done in accordance with the Personal Data Protection Laws in Sri Lanka.

WHAT PERSONAL INFORMATION WE COLLECT

Depending on the nature of the service, we may collect a certain amount of personal information from you with your consent prior to using such information to provide convenience services in the future.

We will provide accurate quotes pertaining to the respective services for our customers using the contact details we gather from our Clients, information such as listed hereunder:

  • Identifiers

    • contact information (such as name, residential/mailing address, telephone number, email address);

    • date of birth;

    • passport details, national identity card details, driver’s license details;

    • online identifiers (such as IP address, device data, and network information);

    • loyalty program / frequent flyer details;

  • Commercial Information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;

  • Internet or other electronic network activity (such as the device and network you are using to connect with us);

  • Geolocation data;

  • Audio (such voice recordings for quality control, service improvement, training and dispute resolution), electronic and visual information (such as video surveillance footage) used for security purposes;

  • Professional or employment-related information;

  • Payment account information (credit/debit card details, including card type, card number, security number and expiry date and other financial details necessary to process various transactions);

  • Health information such as your dietary requirements and health issues (if any); and

  • Other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers).

HOW DATA IS COLLECTED

We usually collect your personal information directly from you during your relationship with us. We will collect this information directly from you unless it is unreasonable or impracticable to do so.

Generally, this collection will occur:

  • when you deal with us either in person, by telephone, letter, email;

  • when you visit any of our websites; or

  • when you connect with us via social media.

We may collect personal information about you:

  • when you purchase or make enquiries about travel arrangements or other products and services;

  • when you enter competitions or register for promotions;

  • when you subscribe to receive marketing from us (e.g. e-newsletters);

  • when you request brochures or other information from us; or

  • when you provide information, or use our services, on social media.

CONSENT

Prior to collecting personal data, we will obtain explicit consent from individuals, ensuring they are fully informed about the purpose and extent of the data collection. Consent will be sought for specific purposes, such as making travel arrangements, processing payments, and sharing necessary information with relevant travel partners.

HOW WE USE YOUR DATA

Information gathered from Clients will be used for a variety of service-oriented purposes. Listed below are some of the standard practices;

Quotes: to provide you with quotes for your travel, tour or other requirements as and when requested.

Marketing: to keep you updated about our products, services, future events and special offers that you have opt-in to receive and shown interest. This may be based on your travel preferences where appropriate. You can use the unsubscribe links in our marketing emails to remove yourself from the mailing list at any time. You may contact our Data Protection Officer for any enquiries or feedbacks about our personal data protection policies and procedures, or to request removal of your personal data from our Database entirely.

Bookings: for reservations of flights, hotels, holiday activities, for making payment, travel arrangements, security, incident/accident management and insurance, etc. Occasionally, when travelling overseas, it may be mandatory for us to disclose and share your information with immigrations, border control, security, and anti-terrorism divisions of the respective country for reasons they determine appropriate. Some countries passenger data of the traveler should be provided in advance for granting permission to entry to their land (for example Caricom API and US secure flight data). These requirements may vary according to the destination hence travelers are advised to check prior to travel. If it is not a mandatory requirement we may exercise our discretion to assist where appropriate.

Sometimes it will be necessary to collect personal data considered as Special Category (Ex. Health, Religion, etc.) to cater to your needs or act in your interest. We will only be able to accept this data for booking purposes with your prior consent accordingly.

With your consent: We use your information where you have given us consent to do so for a specific purpose not listed above.

For clarity we may publish testimonials or featured customer comments to promote the Services, with your prior consent.

To send our personalized messages including birthday wishes & passport expiry details.

LAWFUL BASIS FOR USING YOUR PERSONAL DATA

Contract-The personal information we use are provided by you to draw a contract that you will enter with us pertaining to services required by you for a holiday or other arrangement or any request made by you regarding the services from us.

Consent: If it is necessary to process sensitive personal information in relation to your request (e.g. relating to health or religion), we will obtain your prior consent to receive this data and as well as to share it with suppliers when necessary.

Legitimate Interest: If you request any information regarding our products or services we will ensure such information are furnished to you in a timely manner. At any time, if you feel that you do not wish to receive any further information on forthcoming events, destination news and special offers, please do not hesitate to contact us through our contact details herein or use the unsubscribe option on our emails.

WHAT HAPPENS IF YOU DO NOT PROVIDE THE REQUIRED PERSONAL INFORMATION

If you refuse to provide Personal information or withdraw the consent to provide the information for any of the purposes, it may unqualified us to answer your enquiries.

DATA TRANSFERS

In order to provide travel services, it may be necessary to transfer personal data to third parties located outside Sri Lanka. We will ensure that appropriate safeguards, such as data transfer agreements or adherence to recognized data protection standards, are in place to protect the data during such transfers.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We generally do not share personal data with third parties unless otherwise if it is a confirmed booking we may share such information with airlines, hotels and transport companies. Also we may share them with public authorities such as customs and immigration. Furthermore we will take steps to ensure that your personal data continues to receive a standard of protection.

We sometimes use compliant third party software to help us with tasks and it needs to process your data via their servers for processes such as bookings, and sending marketing emails. We disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We Will Never Share Your Data With Other Companies For Marketing Purposes. Nor Will We Sell Or Rent Your Data To Third Parties.

No third parties have access to your personal data unless the law allows them to do so.

Our website contact forms are processed via our website email service provider. For further information please access the privacy policy herein.

We use email marketing software to keep in touch with the customers. For further information please access the privacy statement herein.

DATA STORAGE & SECURITY

We will implement appropriate security measures to safely store and protect personal data from unauthorized access, loss, or alteration. This includes using encryption, firewalls, and access controls to maintain data confidentiality and integrity.

With the consent that you provided we store all your personal data in our system and may retain such information as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

We will retain your personal data as follows:

  • Personal data supplied for the purposes of a holiday enquiry or for the purpose of quotes will be retained for a minimum period relating to the valid date of a quote and for a maximum period of the length of our business relationship.

  • Data supplied for the purposes of general enquiries will be kept until the enquiry has been satisfactorily answered.

  • Personal details attached to your booking will remain on our booking system invoices and be retained in accordance with the law relating to income tax and audit purposes. We do not retain any payment card details and is fully PCI- DSS compliant.

DATA RETENTION

Personal data will be retained only for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required by applicable legal or regulatory obligations. We will regularly review and securely dispose of data that is no longer necessary.

No storage system or equipment are 100% guaranteed to secure data, but we have taken maximum precautions to safeguard your data wherever possible.

  • Our website is protected by an SSL encryption certificate to create a secure link between our website and your browser for protection of your information from hackers.

  • Our Website is hosted on highly secure in cloud data servers with dedicated firewall protection.

  • We only use compliant third-party service processors for helping us to manage tasks (such as sending you mailings). We disclose only the information that is necessary to deliver the service under a legally binding contract to keep your information secure and preventing them from using for their own direct marketing purposes.

  • Enquiries made via our holiday search or offers pages are processed securely by third party software hosted on highly secure data servers.

  • We store your personal details securely on our CRM software hosted on Sri Lankan servers.

  • We have taken all reasonable steps and appropriate security measures to safeguard your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, and whereas we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use password protected access to our in- house computer systems, data sharing agreements with joint controllers e.g. Tour Operators and processing contracts with our software providers and whereas all ours . All Staff members are well informed about our Data Protection polices and security measures. ,

  • We store your personal details securely on our CRM software hosted on Sri Lankan servers and protected by password access.

YOUR RIGHTS

We will always try to ensure that the data we hold about you are up to date, reasonable and not excessive. You will always have the right to:

  • be informed as to how we use your data (via this Privacy Statement)

  • access or request a copy of the data which we hold about you

  • correction request to update, amend or rectify any of the data which we hold about you

  • Change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from Classic Travel (Pvt) Ltd.

  • Request us to remove your personal data from our records

  • withdraw consent, where it is used as a legal basis for processing

  • Object to or restrict the processing of your information for any of the purposes above.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to change or amend the privacy policy and whenever any changes or modifications occur, such updated Privacy Policy will be posted in this page to reflect the new changes to our customers.

CONTACT US

If you have any questions or queries pertaining to this Privacy Policy, or if you wish to receive a copy of your personal information we hold, please contact us at:

Classic Travel (Pvt) Ltd
379/4, Galle Road, Colombo 03, Sri Lanka.

Contact No: +94117773300

Email: Strategy@classictravel.lk / info@classictravel.lk

Website: https://www.classictravel.lk/