This policy, together with our Terms and Conditions sets out the basis on which any personally identifiable information and data (“Personal Data”) we collect from you, or that you provide to us, will be processed by us. This policy apples to our websites, applications, tools, promotions, email communications, log-in accounts and other services operated by us.
By using our services, you are deemed to consent to our use of your Personal Data in accordance with this policy.
At Andalusia Travel & Tour (herein after to be referred to as ATTSB), we are dedicated to protecting your privacy and safeguarding your personal, business, and travel information. In fact, we make it our highest priority and it remains to be one of our main commitments to you. We understand that your choice in providing information to us, and we would like to highlight that we use vigorous safeguards and adhere to strict privacy principles to ensure your personal information is protected.
Personal Data Protection Act
The Personal Data Protection Act is an act enacted by the Malaysian Government to protect individual’s personal data in commercial transactions. The PDPA defines personal data as any identified or identifiable from that information or other information in possession of the individual. This includes names, address, IC Number, passport number, email address and other contact details.
According to the PDPA, sensitive personal data consists of information as to the physical or mental health or condition of individual, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence or any other personal data as determined by the Minister by order published in the Gazette.
Commercial transactions mean any transaction of a commercial nature, regardless of whether it is contractual. This includes the collection of personal data of potential customers. Processing personal data is the act of collecting, recording, holding or storing personal data and carrying out any operation or set of operations on the personal data. The PDPA gives you certain rights in relation to your personal data which include, (i) to access your personal data and to correct this information to make sure that the personal data is accurate, complete, not misleading and up-to-date, (ii) to withdraw your consent for disclosing of your personal data for marketing purposes or any other purposes than for the fulfilment of the service you have subscribed for.
If you give consent to ATTSB for marketing purposes, ATTSB may send marketing materials to you via various channels (e.g. email, letters and phone calls etc.). Even with no consent, ATTSB may still use your personal data for purposes of providing the products or services that you have signed up for or fulfilling any other contractual obligations, and for legal or regulatory purposes.
What type of information do we collect?
We collect information provided by you, such as name, email address or password details where you sign-up or contact us to receive or make use of any of our services, for example, where you create a registered account with us. Where you make a booking with ATTSB, you may be asked to provide additional information such as your address, passport number, and credit card or debit card details.
We also collect information provided to us when you connect to our services from third party applications, social networking sites or other websites.
Use of information
We will use the information provided by yourself to
- verify your authorization to access certain features of our services,
- to enable you to access and use the services you have selected,
- to optimize ATTSB services and personalize your visits to our website by remembering location, language as well as previous engagements,
- for system administration purposes, (v) to analyse user behaviour and trends in order to improve and understand how people use our services, where you have requested that we do so or to respond to communications you have sent us,
- where it is necessary to notify you about changes or updates to our services,
- to send booking confirmations and alerts, notifications or newsletters you have subscribed to, including to your mobile device and private number.
- As noted above, you may be asked to provide credit card or other payment information to us or the relevant booking partner when you are making a booking.
Disclosure of your information
We will never sell your Personal Data to third parties, though we may on occasion share or provide your Personal Data to third parties in accordance with this policy or where we are required to do so by law.
We may also disclose your Personal Data if necessary to prevent, detect or prosecute illegal or suspected illegal activities or to prevent other damage or in response to a legal action or to enforce our rights and claims.
We may share your information with select third parties to process your information on our behalf or where necessary in order to deliver the service you have requested. For example, we may disclose your email address to trusted third party companies along with other data collected by us to help identify trends and to tailor our services and any communications we send to you.
Where we run a promotion in conjunction with a third party we may occasionally agree to share the email addresses of participants with the partner running the competition. Where this is the case, it will be clearly stated in the terms of the promotion and you will be asked whether you consent to the use of your data in that way at the point of entry. We have no responsibility for subsequent use or distribution of email addresses by our partners.
Where we direct you to websites of third party travel providers for you to make bookings, we may use your Personal Data to auto-fill selected details within the third party companies website in order to make the booking process easier and more efficient for you.
In addition, we may also disclose your Personal Data where necessary in order to enforce our Terms and Conditions or other agreements. We may also share anonymous aggregated usage information with others.
All Personal Data you provide to us is stored on secure servers. Regardless of location, we ensure that adequate technical and organisational measures are in place to protect the security of your Personal Data. We limit access to your Personal Data to employees who we believe have a legitimate need to come into contact with that information in order to fulfil their role and provide products or services to you.
Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our websites or other services; any transmission is at your own risk. Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorised access.
Cookies and tracking tools
Third party websites
Please be aware that we are not responsible for the privacy practices of any third party websites. When you leave or otherwise cease using our services, we encourage you to read the privacy statements/policies of each and every third party website that collects personal data from you.
In order to provide you with a useful social experience, we may give you the option to export information to third party applications and websites, including social networking sites such as Facebook or Twitter. When exporting such information you may be disclosing your information to the individuals or organisations responsible for operating and maintaining such third party applications and sites and that your information may be accessible by others visiting or using
those applications or sites. We do not own or operate the applications or websites that you connect with and you should review the privacy policies of such websites to make sure you are comfortable with the ways in which they use the information you share with them.
Accessing your Personal Data
In accordance with applicable law, you have the right to find out what Personal Data we hold about you at any time. Where you wish to make such a request, please submit it in writing by writing to us online.
You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise this right by checking certain boxes on the forms we use to collect your data or by contacting us at any time. You can also opt-out of receiving any marketing emails by informing us.
Where you are a user of our sign-in service, you can manage some of your information and personal preferences on our website.
If you have any questions about this policy, please contact us our team and we will do our best to get back to you.