Professionally Handled Operations
TRAILS OF INDOCHINA routinely collects, uses, stores and transfers a variety of data, including Personal Data. TRAILS OF INDOCHINA is committed to ensure the privacy of Personal Data throughout its business, and to make sure its employees and business partners also take the necessary measures to protect Personal Data.
This refers to a combination of personal data such as your name, address, passport number, telephone number, email address, travel preference and special needs/disabilities/dietary requirements that you supply us or is supplied to us, including your social preference, activities and any information about other persons you represent such as those on your booking. Your personal data is collected when you contact us, make a booking, use our website(s)/apps, link to or from our website(s)/apps, connect with us via social media and any other engagement we or our business partners have with you.
We may collect and process your personal data for the purposes set out below and disclose your personal data to TRAILS OF INDOCHINA companies or subcontractors for business purposes and also to our service providers who act as ‘controller’ or ‘processor’ on our behalf. These purposes include:
Our products and services are intended for adult customers. However, we may knowingly collect and process personal data on children under sixteen (16) if they are travelling with adults or as part of a group or for other reasons. On these occasions, we will take account of this event when processing the personal data of children and implementing the legal basis for such processing. For example, where the processing of personal data of children is based on their consent such as the processing of his/her sensitive personal data, we will seek the consent of parents, tutors, or other adults holding parental responsibility over children, if required under the GDPR.
Links to other sites
We may propose hypertext links from our websites to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read their privacy policies carefully to find out how they collect and process your personal data.
TRAILS OF INDOCHINA
When we process your personal data, we will store it in our systems located outside the EEA. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Your data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers (e.g., travel guides, transportation services). Such staff may be engaged in, among other things, the provision of support services.
For the purpose of providing you with our services, including your booking of flight, hotel, security, incident/accident management etc., we may disclose and process your personal data outside of the EEA countries. In order for you to travel abroad, it may be mandatory as required by government authorities at the point of departure and/or destination to disclose and process your data for immigration, border control and/or any other purposes. Also, we need to provide airlines/accommodation providers with your name, passport number, contact details, etc. in accordance with their terms and conditions.
Legal compliance and security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Safeguards to protect your personal data
By submitting your personal data, you agree to this transfer, storing or processing of your data.
We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect on all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use technical or organisational measures to achieve this level of protection.
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
You have the following rights:
To exercise your rights, or if you require further information about how your personal data is used by us, you can contact the staff member in charge of your travel or write to us at firstname.lastname@example.org.
Following is the procedure when you want to execute these rights;
We have appointed appropriate staff with management support to oversee and ensure compliance with the GDPR.
You can bring complaints in writing by contacting the TRAILS OF INDOCHINA Data Protection Team at email@example.com.
You can also contact the TRAILS OF INDOCHINA Data Protection Team members or other employees to complain about the way we handle your personal data. The employees who have been confronted with the complaint will inform you about the contact details to file a complaint in accordance with the present procedure or pass the complaint to the TRAILS OF INDOCHINA Data Protection Team whichever appropriate.
After receiving the complaint, the Data Protection Team will send an acknowledgement of receipt within one week to you. The confirmation may include further questions necessary for the clarification of the issues. The Data Protection Team or other representatives will provide an answer to you as soon as reasonably practicable, but no later than one month upon receiving the complaint. If due to the complexity of the complaint, a substantive response within one month cannot be provided, you will be notified with a reasonable estimate of the timeframe, but not exceeding two months from the notice.
You may also raise the complaint to the relevant Data Protection Authority or lodge a claim with a court of competent jurisdiction.