book now

Data Processing

Data Processing Policy

 

This Data Processing Policy explains how The Andes Adventure Travels Company processes personal data in connection with our website, customer communications, booking operations, tourism services, payment coordination, and related business activities.

This Policy should be read together with our Privacy Policy, Terms of Service, Refund Policy, Cancellation Policy, and any booking-specific terms provided at the time of reservation.

 

1. Company Information

Brand Name: The Andes Adventure Travels
Legal Entity: The Andes Adventure Travels
Colombian Address: Cra 46C #80 sur 155
Email: [email protected]
Phone / WhatsApp: +57 3014138967
Website: theandesadventure.com

Where applicable, certain transactions or administrative functions may also involve an affiliated entity or designated merchant of record, which may process relevant data as necessary to complete or administer a booking.

 

2. Scope of Processing

We process personal data when you:

  • visit our website;
  • contact us by email, phone, WhatsApp, social media, or contact form;
  • request information, itineraries, or quotations;
  • book a tour, transportation service, or travel experience;
  • make or attempt to make a payment;
  • participate in one of our services;
  • communicate with us regarding changes, cancellations, refunds, or support;
  • interact with our promotions, advertisements, or analytics tools.

 

3. Categories of Personal Data Processed

Depending on the nature of the interaction, we may process the following types of data:

 

A. Identification Data

  • full name;
  • nationality;
  • country or city of residence;
  • passport or identification details where necessary for travel insurance, operational or legal purposes.

 

B. Contact Data

  • email address;
  • telephone number;
  • WhatsApp number;
  • emergency contact information, where applicable.

 

C. Booking and Travel Data

  • booked service details;
  • travel dates;
  • number of travelers;
  • pickup location;
  • accommodation or meeting point information;
  • language preferences;
  • special requests or operational notes.

 

D. Payment and Transaction Data

  • payment status;
  • transaction references;
  • billing-related details;
  • partial payment instrument details where available through payment providers.

 

We do not typically store full card numbers or full sensitive payment credentials on our own systems when payments are handled by authorized third-party processors.

 

E. Communication Data

  • emails;
  • messages sent through forms, WhatsApp, or social media;
  • customer support history;
  • confirmations and acknowledgments of policy acceptance.

 

F. Technical and Usage Data

  • IP address;
  • browser type;
  • device information;
  • operating system;
  • pages visited;
  • access timestamps;
  • cookie and analytics information.

 

G. Optional Sensitive or Special Information

In limited cases, travelers may voluntarily provide health, mobility, dietary, or accessibility-related information necessary to safely deliver a service. We only process such information when reasonably necessary and appropriate for service delivery, safety, or legal compliance.

 

4. Purposes of Data Processing

We process personal data for legitimate business and operational purposes, including:

  • responding to inquiries and requests;
  • preparing quotes, proposals, and itineraries;
  • confirming and managing reservations;
  • coordinating transportation, guides, and local operations;
  • processing payments and verifying transactions;
  • sending confirmations, reminders, updates, and service instructions;
  • providing customer support;
  • preventing fraud and unauthorized transactions;
  • managing cancellations, refunds, and disputes;
  • complying with tourism, tax, accounting, and legal obligations;
  • improving our website, communications, and services;
  • protecting the safety, rights, and legitimate interests of our business, staff, partners, and customers.

 

5. Legal Basis for Processing

Where required by applicable law, our processing of personal data is based on one or more of the following legal grounds:

  • your consent;
  • the need to take steps before entering into a contract;
  • performance of a contract;
  • compliance with legal obligations;
  • our legitimate business interests, including customer service, fraud prevention, service administration, business security, and operational management.

 

6. Data Processing Principles

We process personal data according to the following principles:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimization;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

 

We seek to process only the information that is reasonably necessary for the relevant purpose.

 

7. How Data Is Collected

We may collect data:

  • directly from you;
  • from your authorized travel companion or representative;
  • through contact forms and booking forms;
  • through payment processors and booking communications;
  • through cookies, pixels, and analytics tools;
  • through service providers involved in delivering the booked experience.

 

8. Sharing and Disclosure of Data

We may share personal data only where reasonably necessary, including with:

  • payment processors and financial service providers;
  • guides, drivers, translators, transportation companies, and operational staff;
  • third-party activity providers, farms, venues, restaurants, or experience partners;
  • website hosting providers, email systems, analytics providers, and technical vendors;
  • legal, accounting, tax, or compliance advisors;
  • insurers or dispute-resolution entities where necessary;
  • competent authorities, regulators, law enforcement, or courts where required by law or legal process.

We do not sell personal data as a standalone commercial product.

 

9. International and Cross-Border Processing

As we serve international travelers and may use cross-border communications, payment systems, and service providers, personal data may be processed or transferred internationally.

By using our services, you acknowledge that your information may be transferred to or processed in countries with different legal frameworks for data protection.

 

10. Payment Processing and Fraud Prevention

Payment-related data may be processed by authorized third-party payment processors. We may use transaction records, booking confirmations, communications, and operational records to:

  • verify payment legitimacy;
  • prevent fraud;
  • investigate suspicious transactions;
  • respond to card network inquiries;
  • defend against abusive or fraudulent chargebacks.

 

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including:

  • reservation management;
  • service delivery;
  • support and follow-up;
  • legal, tax, accounting, and regulatory compliance;
  • fraud prevention and dispute handling;
  • enforcement of contractual rights.

 

Retention periods may differ based on the category of data and the applicable legal or operational need.

 

12. Data Security Measures

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, misuse, loss, disclosure, or alteration.

These measures may include:

  • access controls;
  • password protection;
  • limited staff access;
  • secure third-party platforms;
  • reasonable internal handling procedures.

 

However, no data transmission or storage system can be guaranteed to be completely secure.

 

13. Data Subject Rights

Subject to applicable law, individuals may have rights regarding their personal data, including the right to:

  • access their data;
  • request correction of inaccurate data;
  • request deletion where appropriate;
  • object to certain processing;
  • request restriction of processing;
  • withdraw consent where consent is the legal basis;
  • request information about how their data is processed.

Requests may be submitted using the contact information provided below. We may request verification of identity before responding.

 

14. Children’s Data

We do not intentionally process personal data from children acting independently outside the context of a family, guardian, or responsible adult booking. Where a child participates in a service, information may be processed only as reasonably necessary for booking and service administration.

 

15. Third-Party Processors

We may rely on third-party processors to carry out certain functions on our behalf, such as:

  • website hosting;
  • analytics;
  • email communications;
  • payment processing;
  • customer support tools;
  • operational coordination.

Where appropriate, such providers are expected to process data only for authorized purposes and under reasonable confidentiality and security obligations.

 

16. Policy Updates

We may revise this Data Processing Policy from time to time. Any updated version will be posted on this page with the corresponding effective date.

 

17. Contact for Data Processing Questions

If you have any questions, requests, or concerns regarding this Data Processing Policy or the way we process personal data, please contact us:

The Andes Adventure
Colombian Address: Cra 46C #80 sur 155
Email: [email protected]
Phone / WhatsApp: +57 3014138967