Policy Privacy.

Identity of the responsible for the treatment.

The responsible party guarantees compliance with the Regulation (EU) 2016/679 (GDPR)., Organic Law 3/2018 (LOPDGDD) and other applicable regulations on the protection of personal data.

Personal data we deal with.

Depending on the form or interaction that you complete with us, we may process the following types of data:

• Identifying data: name, surname, ID card or passport.
• Contact information: email, telephone, mailing address.
• Data necessary for the organization of the trip: preferences, logistical information, companion information.
• Payment information: managed entirely by external secure platforms.
• Navigation data: cookies, IP address, web behavior.

We do not treat special categories of data unless strictly necessary for the organization of the trip (allergies, relevant medical conditions, specific diets) and always with your explicit consent.

Purposes of treatment.

3.1. Management of requests and commercial relationship

• Respond to inquiries, questions and requests for information.
• Manage intake interviews for our group trips and retreats.
• Maintain communications prior to and during the hiring process.

Organization and execution of the trip

• Reservations for lodging, transportation and activities.
• Coordination with local suppliers at destination.
• Management of mandatory insurance and necessary documentation.

3.3. Sending commercial communications

Only if you give us your consent, we will be able to send you information about new trips, promotions, events and activities. You can unsubscribe at any time by clicking on the link included in each communication.

3.4. Security and improvement of the website

• Fraud and unauthorized access prevention.
• Statistical analysis and user experience optimization.

Legal basis of treatment.

The legal bases that legitimize the processing of your data are:

• Execution of a contract: travel arrangements and advisory services.
• User consent: contact forms, newsletter subscription and non-essential cookies.
• Legitimate interest: website security, fraud prevention and internal statistical analysis.
• Compliance with legal obligations: invoicing, accounting and specific tourism regulations.

Addressees of the data.

Your data may be communicated to:

• Suppliers necessary for the execution of the trip: accommodation, local incoming agencies, transportation companies and insurance companies.
• Hosting provider: Hostinger UAB (Lithuania, EU).
• Email marketing and communications management provider: Brevo (Sendinblue SAS), based in France (EU).
• Forms management provider: FormSubmit, used for sending contact forms from the web.
• Video call scheduling provider: Calendly, for booking business meetings.
• Public administrations: when there is a legal obligation to do so.

International transfers

On some trips, local suppliers may be outside the European Economic Area (EEA). These transfers are made because they are necessary for the execution of the contract (art. 49.1.b RGPD) or by means of appropriate safeguards where possible - as Standard Contractual Clauses approved by the European Commission.

Deadlines of conservation.

• Consultations and prior communications: 12 months.
• Customer data: for the duration of the contractual relationship and for 6 years for legal obligations (tax, accounting).
• Marketing data: until you withdraw your consent.
• Navigation data: as indicated in the Cookies Policy.

Rights of the user.

You may exercise the following rights at any time:

• Access to your personal data.
• Correction of inaccurate or incomplete data.
• Suppression of your data where applicable.
• Limitation of treatment in certain circumstances.
• Portability of the data to another data controller.
• Opposition to treatment.
• Withdrawal of consent at any time.

To exercise them, please write to us at info@sunzentravel.com. For your security, if we have doubts about your identity, we may ask you for additional information to verify it.

You also have the right to file a complaint with the Spanish Agency for Data Protection (AEPD) if you consider that the treatment does not comply with the current regulations - if you consider that the treatment does not comply with the current regulations - if you consider that the treatment does not comply with the current regulations www.aepd.es.

Security of the data.

SunZenTravel applies appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of personal data. Our website uses SSL certificate to encrypt communications and regularly updated security systems.

Data of minors.

Personal data can only be provided through this website by the following people over 14 years old. If you are a minor, we need the express consent of your parents or legal guardians for any processing of your data.

Links to third parties.

Our website may contain links to external third party websites. We are not responsible of the privacy policies of those sites - we recommend that you review them before providing your information.

Modifications of this policy.

We may update this Privacy Policy to adapt it to legislative changes or internal improvements. The current version will be always the one published on this page, with the corresponding update date.