Imago Artis Travel s.r.l. (we/us/our) is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and the purpose for our collection of it. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

What is the purpose of this Privacy Policy?
This privacy policy is to tell you what personal data we collect from you and why, and what we will do with this data. It also tells you about some of the key rights which you have under data protection laws. From 25 May 2018 onwards, you and your personal data will be protected by the EU General Data Protection Regulation (which is otherwise known as GDPR). In this privacy policy, we refer to this legislation as data protection laws. We will only process your personal data as set out in our privacy policy, or otherwise notified to or agreed by you, or as we are otherwise permitted to do in accordance with data protection laws. When we refer to “you” in this privacy policy, we mean every person who communicates with us in respect of a booking, booking request, enquiry or for any other reason and all persons for whom a booking or booking request is made.

What personal information do we collect and why do we collect it?
We may collect and process personal information about you including information:
– that you provide by filling in forms on our website, requesting further services or reporting a problem with our website;
– that you provide when you use our professional services as a client;
– received in correspondence that you send to us;
– provided to us as part of a job or student placement application you make;
– received during certain calls to and from us
– concerning your visits to our website (including but not limited to traffic data) and the resources that you access.
Where you wish to make a booking, the personal data we need to collect and process is likely to include:
– names of all persons travelling;
– contact details (such as telephone number, postal and e-mail addresses) of the person making the booking;
– passport information of all persons travelling;
– travel insurance details for all persons travelling;
– dietary information where applicable;
– credit / debit card or other payment information for the person making the booking;
– information in respect of any medical condition, disability or reduced mobility which may affect you or anyone travelling with you.
For an enquiry, the personal data we will need to process is likely to include the name and contact details of the person making the enquiry.
For a booking or booking enquiry, we will process your personal data on the basis that this is necessary for the performance of your contract with us, or to enable us to take steps at your request prior to your entering into a contract with us. We may also need to do so to comply with a legal obligation to which we are subject or in order to protect your vital interests (for example, in an emergency situation).

How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
– Where we need to perform the contract we are about to enter into or have entered into with you.
– Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
– Where we need to comply with a legal or regulatory obligation. The way we process your personal data we collect as set out above varies depending on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired. These include:
– providing our services to you or an entity for which you work;
– verifying your identity;
– delivering services you may have requested;
– administration, billing and record-keeping purposes;
– communicating with you by telephone, email, fax or post;
– meeting our legal, regulatory and contractual obligations arising from our relationship with you;
– providing and improving customer service and support;
– administering our website, enhancing operational capabilities and for internal operations;
– verifying or enforcing compliance with this policy and applicable laws;
– to inform you of developments that may affect you or to inform you of products, services or events.

Who may we provide your personal data to?
Where you make a booking, appropriate personal data will be passed on to the relevant suppliers of your chosen arrangements together with any other third party who needs this information so that we can arrange for your holiday to be provided. Suppliers and other third parties are likely to include the following, depending on the arrangements booked:
– in-country transport operators
– hotels and the providers of other forms of accommodation
– tour managers and guides
– excursion and activity operators
– travel insurance providers
– credit card companies / banks in respect of payments
The information may also be provided to government / public authorities such as customs or immigration if required by them, or as required by law. We only provide third parties with the personal data they require in order to deliver their services. Other than in relation to government / public authorities (over whom we have no control), we will take appropriate steps which are intended to ensure that anyone to whom we pass your personal data for any reason agrees to keep it secure, only uses it for the purposes of providing their services and does not collect any personal data from you in the course performing their services.

Retention of your personal data
We will retain your personal information as so long as is reasonably necessary for the purpose for which it was obtained and in accordance with our legal obligations and follow our data destruction policy and processes thereafter.

How do we protect your personal data?
We take appropriate technical and organizational measures to protect against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, which is appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.

Your rights
Your personal information is protected under data protection law and you have a number of rights (see below) which you can seek to exercise. Please contact us in writing, by email or telephone using the details shown under ‘Contact’ below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
– Right of access: subject to certain exceptions, you have the right of access to your personal data that we hold
– Right to rectify your personal information: if you discovered that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
– Right to be forgotten: you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
– Right to restriction of processing: in some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
– Right to object to processing: you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
– Right to data portability: you have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
– Right to withdraw consent: you have the right to withdraw your consent where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Cookies
We use cookies and similar tracking technology (collectively, "Cookies") to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Policy.

Chances to this Policy
From time to time, we may change this privacy notice to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you on our Website if these changes are material and, where required by applicable law, we will obtain your consent. All update(s) will be effective immediately on posting. You can see when the Privacy Policy was updated by checking the "last updated" date displayed at the top of this document.

Contact us
If you have any questions about how we treat your personal data and protect your privacy, or if you have any comments or wish to seek to exercise any of your rights as outlined above or to complain about our use of your personal data, please send us an email at info@iatravel.com.