Refund and Returns Policy
I. PURPOSE OF THIS POLICY
The purpose of this policy is to explain how MAJESTIC TRAVEL SOCIEDAD ANONIMA CERRADA (hereinafter “MAJESTIC TRAVEL”) protects and processes the personal data of clients, passengers, suppliers, tour operators, travel agencies, and collaborators, from its collection through various channels, whether physical or digital, for the purposes duly communicated.
II. GENERAL INFORMATION
MAJESTIC TRAVEL is a company that provides individual and group travel services, organizes tours and excursions, arranges accommodation, and carries out any other activity directly related to tourism. To this end, it collects, uses, manages, transfers, stores, and processes information, which may be associated with information belonging to individuals in the course of its activities. This includes, for example: name, identity document number, telephone number, email address, country of residence, among others, through various physical and digital formats.
MAJESTIC TRAVEL, in accordance with Peruvian Law No. 29733 – Personal Data Protection Law – and its Regulation No. 003-2013-JUS; as well as the General Data Protection Regulation (GDPR) (EU 2016/679), is committed to guaranteeing and adopting measures for information security through international best practices, ensuring the confidentiality, integrity, and availability of the personal data provided.
III. DEFINITIONS
Data Controller: This refers to the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data; that is, MAJESTIC TRAVEL will be the data controller for the personal data obtained through its various collection channels and provided by MAJESTIC TRAVEL users.
Processing: This refers to any operation or set of operations performed on personal data or sets of personal data (automated or not), such as collection, recording, organization, modification, consultation, use, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction of personal data. Right of access: This is the User’s right to know what data MAJESTIC TRAVEL is processing and to obtain a copy of it.
Right to rectification: This is the User’s right to update, rectify, and/or correct their personal data.
Right to object: This is the User’s right to object at any time to the processing of their personal data by MAJESTIC TRAVEL. Right to erasure (“right to be forgotten”): This is the User’s right to request the deletion of their data from any document, file, or location where it is accessible.
Right to restriction of processing: This is the user’s right to demand that the processing of their data be restricted when any of the circumstances established by law occur, such as the unlawful processing of the data or when MAJESTIC TRAVEL no longer needs it.
Right to data portability: This is the user’s right to receive the personal data concerning them, which they have provided to MAJESTIC TRAVEL, in a structured, commonly used, and machine-readable format, and to transmit it to another data controller without hindrance.
Right not to be subject to automated decision-making: This is the user’s right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
IV. CONSENT AND LEGAL BASIS FOR PROCESSING
MAJESTIC TRAVEL processes user data:
(i) When users expressly consent to the processing of their personal data for the purposes detailed in this document.
(ii) When processing is necessary for the performance of a contract for the provision of services and products to which the user is a party.
V. PERSONAL DATA SUBJECT TO PROCESSING AND SCOPE
This policy applies to the personal data of clients, passengers, suppliers, tour operators, travel agencies, and collaborators, provided by them voluntarily and knowingly. The information collected and stored includes basic data entered through registration forms, contact forms, or similar means; such as, for example, name, national identity document number, passport number, gender, age, telephone number, email address, country of residence, among others. This data is collected through the various channels managed by the company and is necessary for the provision of MAJESTIC TRAVEL’s tourism services. In any case, users will be able to see which data is essential for the proper functioning of the service.
V. PERSONAL DATA PROCESSED AND SCOPE
This policy applies to the personal data of clients, passengers, suppliers, tour operators, travel agencies, and collaborators, provided by them voluntarily and knowingly. The information collected and stored includes basic data entered through registration forms, contact forms, or similar means; such as name, national identity document number, passport number, gender, age, telephone number, email address, country of residence, among others. This data is collected through the various channels managed by the company and is necessary for providing MAJESTIC TRAVEL’s tourism services. In any case, users will be able to see which data is essential for the proper provision of the service and which is optional before submitting their personal data.
The user is solely responsible for the truthfulness and accuracy of the data provided. Only individuals over 18 years of age and/or those with sufficient legal capacity may be users. Likewise, the user will be solely responsible for the data provided from third parties, as well as for ensuring that they have informed them of this Privacy Policy and obtained their express consent.
VI. GUIDING PRINCIPLES
MAJESTIC TRAVEL will take into account the following principles in the process of processing personal data.
a. Principle of Legality: The processing of personal data, in accordance with Law 29733, is a regulated activity that must comply with the provisions of said law and other applicable regulations. The collection of personal data by fraudulent, unfair, or unlawful means is prohibited. b. Principle of Consent: In accordance with the principle of consent, the processing of personal data is lawful when the data subject has given their free, prior, express, informed, and unambiguous consent. Forms of consent that are not directly expressed, such as those that require presuming or assuming the existence of an unexpressed will, are not permitted. Even consent given through other declarations must be expressly stated. c. Principle of Purpose: In accordance with the principle of purpose, a purpose is considered determined when it has been clearly expressed, without room for confusion, and when the object of the personal data processing is objectively specified. In the case of personal data banks containing sensitive data, their creation can only be justified if their purpose, in addition to being legitimate, is specific and consistent with the explicit activities or purposes of the data bank owner. Professionals who process personal data, in addition to being limited by the purpose of their services, are obligated to maintain professional secrecy. d. Principle of Quality: The personal data to be processed must be truthful, accurate, and, as far as possible, up-to-date, necessary, relevant, and adequate with respect to the purpose for which they were collected. They must be stored in such a way as to guarantee their security and only for the time necessary to fulfill the purpose of the processing. e. Principle of Proportionality: All processing of personal data must be adequate, relevant, and not excessive in relation to the purpose for which it was collected. f. Principle of Security: The data controller and the data processor must adopt the necessary technical, organizational, and legal measures to guarantee the security of personal data. Security measures must be appropriate and consistent with the processing to be carried out and the category of personal data concerned. g. Principle of Right to Redress: Every data subject must have access to the necessary administrative or judicial channels to claim and enforce their rights when these are violated by the processing of their personal data. h. Principle of Adequate Level of Protection: For cross-border transfers of personal data, a sufficient level of protection must be guaranteed for the personal data to be processed, or at least equivalent to that provided for by law or international standards on the matter.
VII. PURPOSES OF PERSONAL DATA
MAJESTIC TRAVEL will use the personal data provided by users for the following purposes: Passengers: To fulfill the objective of providing the contracted tourism services and products. To contact the client (travel agencies, companies, and individuals) during the provision of the contracted services and products. To facilitate coordination with suppliers, travel agencies, and hotels. To send clients information regarding the nature of the service and/or mandatory provisions that must be known and complied with during the service, for example, the terms of service, tax compliance, and/or other conditions, which may include internal company policies. To respond to questions, inquiries, and requests. To support the settlement of Non-Resident Value Added Tax (VAT) before the Tax Authorities, through information from Passports and the Andean Migration Card (TAM), among others. To analyze and identify the expectations and preferences of travel agencies for acquiring tickets and services. Employees and Collaborators: The company will request personal information from its employees to comply with current labor regulations and/or for the development of projects related to Human Resources and Talent Management, such as payroll registration, employee attendance, personnel selection, commission payments, among others. Security on the premises through video surveillance. Compliance with the policy and procedures of the Anti-Money Laundering and Counter-Terrorist Financing Policy. Tourism Operators and Suppliers: To manage payment for requested services and products. To contact them regarding the provision of contracted services and products. Security on the premises through video surveillance.
VIII. RIGHTS OF DATA SUBJECTS
The data subject shall have the following rights: a. The rights of information, access, rectification, erasure, objection, and objective processing of personal data may only be exercised by the data subject, without prejudice to the regulations governing representation. b. The exercise of any one or more of these rights does not preclude the exercise of any of the others, nor can it be understood as a prerequisite for exercising any of them. c. To know, update, and rectify your personal data held by MAJESTIC TRAVEL or the designated data processor. This right may be exercised, among other things, with respect to data that is partial, inaccurate, incomplete, fragmented, misleading, or whose processing is expressly prohibited or has not been authorized. d. To be informed by MAJESTIC TRAVEL or the designated data processor, upon request, regarding the use that has been made of your personal data. e. To revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the National Authority for the Protection of Personal Data has determined that MAJESTIC TRAVEL or the designated data processor has engaged in conduct contrary to Law 29733 and the Constitution. f. Access, free of charge and under the conditions defined in this document, to their personal data that has been processed.
IX. CONDITIONS FOR DATA PROCESSING
a. Data Subject Authorization:
For MAJESTIC TRAVEL to carry out any action involving the processing of personal data, prior and informed authorization from the data subject is required. This authorization must be obtained by any means that allows for subsequent verification. These mechanisms may be predetermined through technical means that facilitate the data subject’s automated consent, or they may be in writing or orally. MAJESTIC TRAVEL will adopt the necessary procedures to request, no later than at the time of data collection, the data subject’s authorization for the processing of their data and will inform them of the personal data that will be collected, as well as all the specific purposes of the processing for which consent is obtained. Personal data found in publicly accessible sources may be processed by MAJESTIC TRAVEL provided that such data is, by its nature, public data. In the event of substantial changes to the content of MAJESTIC TRAVEL’s data processing policies, regarding the identification of the data controller and the purpose of processing personal data, which affect the content of the authorization, MAJESTIC TRAVEL will communicate these changes to the data subjects before or at the latest upon implementation of the new policies. Furthermore, MAJESTIC TRAVEL will obtain a new authorization from the data subject when the change relates to the purpose of the processing. Technical means that facilitate this activity may be used to communicate the changes and obtain the authorization.
b. Cases in which authorization is not required: Information required by a public or administrative entity in the exercise of its legal functions or by court order. Data of a public nature. Cases of medical or health emergencies. Processing of information authorized by law for historical, statistical, or scientific purposes. Data related to the Civil Registry.
c. Provision of Information: The information requested by the data subject will be provided by MAJESTIC TRAVEL in the same manner in which the request was made.
d. Duty to Inform the Data Subject. When requesting authorization from the data subject, MAJESTIC TRAVEL must clearly and expressly inform them of the following: The processing to which their personal data will be subjected and its purpose. The optional nature of answering questions when these pertain to sensitive data or the data of children and adolescents. The rights they have as a data subject. The identification, physical or electronic address, and telephone number of the data controller.
e. Revocation of Authorization and/or Deletion of Data: Data subjects may at any time request MAJESTIC TRAVEL to delete their personal data and/or revoke the authorization granted for its processing, by submitting a request, in accordance with the provisions of Law 29733 of 2011 and Regulation DS No. 003-2013-JUS of 2013. The request for deletion of information and the revocation of authorization will not be granted when the data subject has a contractual obligation to remain in the MAJESTIC TRAVEL database.
f. Persons to whom the information may be provided: Information about personal data that has been processed by MAJESTIC TRAVEL may be provided to: Data subjects, their successors, or their legal representatives. Public or administrative entities in the exercise of their legal functions or by court order. Third parties authorized by the data subject or by law.
X. PERSONAL DATA SECURITY
MAJESTIC TRAVEL complies with the legally required personal data protection measures and has adopted all reasonably necessary measures, in accordance with current technical knowledge and best practices, for the custody and management of information in order to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data provided by users.
XI. PROCEDURES
The data subject or their successors have the right to submit inquiries and/or complaints to MAJESTIC TRAVEL, after verification of their identity, through a written means addressed to the following address at any time; withdraw their consent for the processing of personal data and/or exercise their rights of access, information, rectification, objection, erasure, limitation, right to be forgotten, portability, and the right not to be subject to automated individual decision-making, by sending a written request to MAJESTIC TRAVEL with the reference “PERSONAL DATA” to the following address: Physical Address: Urb. San Borja Jr. Ancash Mz. Lot B 20 E-mail: Info@peruandestop.com MAJESTIC TRAVEL will respond to the inquiry and/or complaint through the same means by which it was submitted: a) INQUIRIES (ACCESS/INFORMATION) Data Subjects or their successors may inquire about the Data Subject’s personal information held in the MAJESTIC TRAVEL database, which will provide the requester with all the information contained in its databases related to the Data Subject’s identification. The Data Subject may inquire about their personal data free of charge whenever there are substantial modifications to MAJESTIC TRAVEL’s Data Processing Policies. All inquiries will be answered through the same means by which they were submitted within 5 business days following their submission. To exercise this right, the Data Subject or their successors must submit the Access form, which is included in the Annex to this policy. b) CLAIMS (REQUESTS / PETITIONS) The Data Subject or their successors who believe that the information contained in a database should be rectified, canceled, or objected to, or who become aware of the alleged breach of any of the duties contained in Law 29733 of 2011, may submit a request to the Owner of the Personal Data Bank or to the Data Controller of MAJESTIC TRAVEL. To exercise these rights, the Data Subject or their successors must submit the corresponding form, which is included in the Annex to this policy.
XII. GETTRIP VACATION’S DUTIES IN DATA PROCESSING
Guarantee the Data Subject, at all times, the full and effective exercise of their right to data protection (habeas data). Request and retain, under the conditions stipulated by law, a copy of the respective authorization granted by the Data Subject. Inform the Data Subject properly about the purpose of the data collection and their rights under the authorization granted. Take measures to keep the information secure to prevent its alteration, loss, unauthorized or fraudulent access, use, or disclosure. Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable. Update the information, promptly notifying the Data Processor of any changes to the data previously provided and take all other necessary measures to keep the information provided up-to-date. Rectify the information when it is incorrect and notify the Data Processor accordingly. Provide the Data Processor, as applicable, only with data whose processing has been previously authorized in accordance with the law. Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information. Process inquiries and complaints in accordance with the terms established by law. Adopt an internal manual of policies and procedures to ensure proper compliance with this law, and especially for handling inquiries and complaints. Inform the Data Processor when certain information is under dispute by the Data Subject, once a complaint has been filed and the respective process has not yet been completed. Inform the Data Subject, upon request, about the use given to their data. Inform the National Authority for the Protection of Personal Data when security policy violations occur and there are risks in the management of data subjects’ information. Comply with the instructions and requirements issued by the National Authority for the Protection of Personal Data.
XIII. SECURITY MEASURES
MAJESTIC TRAVEL takes all reasonable precautions and technical, administrative, and organizational measures to guarantee the security of the personal data of Data Subjects, primarily those aimed at preventing its alteration, loss, and unauthorized processing or access. The application of security measures aims to ensure the preservation, confidentiality, integrity, and availability of the data. MAJESTIC TRAVEL’s security guidelines are supported by MAJESTIC TRAVEL’s information security policies, developed under best practices and existing security standards and in compliance with current regulations. These policies are strictly adhered to by all direct and indirect employees working within MAJESTIC TRAVEL.
XV. DATA RETENTION
The retention periods for users’ personal data by MAJESTIC TRAVEL will vary depending on the purpose of the processing. Therefore, data will be retained while a contractual relationship for the provision of products and services between MAJESTIC TRAVEL companies and users remains in effect, and/or until users request the deletion of their personal data from MAJESTIC TRAVEL. Users also understand and accept that certain personal data must be retained by MAJESTIC TRAVEL due to legal regulations and according to the timeframes established by law.
XVI. POLICY CHANGES
MAJESTIC TRAVEL may make changes and update this policy based on new legislation or case law requirements, and/or the institution’s needs, among other reasons. Therefore, users are advised to review this policy regularly and/or each time they access the company’s website.