Privacy Policy | Pantoura Voyage

1. Who We Are

Pantoura Voyage is a boutique travel agency registered in Sri Lanka providing personalized travel planning, tours, bookings, and related services. We operate in compliance with applicable privacy laws, including Sri Lanka’s Personal Data Protection Act No. 9 of 2022 (as amended) and, where relevant, international standards such as the EU General Data Protection Regulation (GDPR).

2. Information We Collect

We collect personal information only when you voluntarily provide it or when necessary to deliver our services. This may include:

A. Personal Information Provided Directly

• Full name, contact details (email, phone, address)
• Nationality, passport/identification information (required for travel arrangements)
• Travel details (preferred dates, destinations, special requirements)
• Payment or billing details (handled securely via third-party processors)
• Any other information you voluntarily share during enquiries or bookings

B. Automatically Collected Information: IP address and device/browser information; usage data (pages visited, clicks, analytics); cookies and tracking data.

3. How We Use Your Data

We use your personal information to:

• Provide and manage your travel bookings and services
• Communicate with you about your trip, enquiries, updates, and support
• Process payments and confirmations
• Improve our services, website experience, and offerings
• Comply with legal and regulatory obligations
• Send marketing materials and travel inspiration (only with your consent)

4. Legal Basis for Data Processing

We process personal data in accordance with applicable laws. For example, under GDPR:

• Contractual necessity: to fulfil travel arrangements you requested
• Legal obligation: where required by law (e.g., passport info for hotels)
• Consent: where you agree (e.g., marketing communications)
• Legitimate interests: for internal business operations and quality improvement

5. Sharing & Disclosure of Information

We do not sell or rent your personal information. We may share your data with carefully selected parties only as needed to fulfil services:

• Hotels, transport operators, activity providers
• Payment processors and financial institutions
• Regulatory or government authorities (if required by law)
• Service providers under contract (e.g., cloud hosting, email systems)

All third parties we share data with are bound by confidentiality and data protection obligations.

6. International Data Transfers

As a Sri Lankan company, some systems we use (e.g., cloud, analytics, CRM) may involve servers or service providers outside Sri Lanka, including within the EU, UK, or USA. We ensure appropriate safeguards (such as contractual clauses) are in place to protect your data during such transfers.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to improve website functionality and user experience:

Essential cookies: required for basic operation

Performance cookies: help understand usage patterns

Analytics cookies: assist us in improving our site

You can manage cookies via your browser settings.

For more details, see our Cookie Policy.

8. Data Security & Retention

We implement reasonable technical and organisational measures (e.g., encryption, access controls) to protect personal data from unauthorised access, loss, or misuse. We retain personal information only as long as necessary to fulfil our services or as required by law (e.g., business records).

9. Your Privacy Rights

Depending on your location and applicable laws (e.g., GDPR), you may have rights including:

• Accessing your personal data
• Correcting inaccuracies
• Requesting deletion (where lawful)
• Withdrawing consent
• Restricting processing
• Data portability

To exercise these rights, please contact us using the details below. We will respond in accordance with applicable law.

10. Children’s Privacy

Our services and website are intended for adults. We do not knowingly collect personal data from children under the age of 16 without appropriate parental consent.

11. Third-Party Links

Our site may link to third-party websites. We are not responsible for the privacy practices of those sites, and we encourage you to review their respective privacy policies.

12. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on our website with the revised date. We may notify you of material changes where appropriate.