This policy covers how We (defined below), as Data Controllers, collect, use, disclose, transfer, store and more generally, process your data.
(1) ITRVL LLC of 1250 Prospect Street, Suite 300, La Jolla, California, 92037, USA, email email@example.com; telephone +1 858 465 4679 Our website www.itrvl.com is the official website for ITRVL LLC; and (2) Wilderness Holdings Limited of Deloitte House, Fairgrounds Office Park, Plot 64518, Gaborone, Botswana, email firstname.lastname@example.org, telephone +267 392 6886, and all its approximately 60 subsidiary and associate companies (which Wilderness Holdings Limited controls, is controlled by, or is under common control with (with control meaning the possession, directly or indirectly, of the power to direct or cause the direction of the management, business and policies of such entity, whether through ownership of voting securities, by contract or otherwise)) (“Wilderness”). The official website used by Wilderness is www.wildernessdestinations.com and agents have access to Wilderness’s online reservations portal found at www.wilderness-window.com.(all of such websites and portal will jointly be referred to below as “Websites”).
We respect your privacy and are committed to maintaining and using your personal information responsibly.
A. The identity and contact details of the Data Controllers The Controllers of the personal data collected through the Websites, each within the limits of the actual processing actually and respectively carried out, are the Companies indicated above.
B. The personal data we process You do not need to be registered to access the Websites. However, some services may require you to register (e.g. to make a reservations, to subscribe to our newsletter service, etc.).
Furthermore, in order to allow normal and efficient navigation and use of the Websites, We will collect some personal data of the users relating to connection and navigation within the Websites (i.e. connection data related to your surfing of the Websites: internet protocol (IP) address, device number/ID, data about your internet connection and service provider, the equipment you use to access the Websites, login data, your browsing history, and other usage and technical details). With reference to the data relating to navigation within the Websites collected through the use of "cookies", please see also paragraph 10 below.
Where necessary, We will obtain your specific consent to the use of the data.
Here are some examples of the type of the personal data we collect directly from you:
Identification data: name, surname, date of birth, age, country of origin, gender, etc., next of kin;
Bank details or information on credit or debit card information (i.e. the credit card holder name, address, card number, expiry date and CVC code), depending on the payment method is chosen;
Personal travel arrangements;
Special categories of data (sensitive data): details of health and medical conditions, disabilities, special requirements such as dietary requests which may disclose your religious beliefs, so as to be able to consider your particular needs in relation to a booking and provide you with the best service for your needs;
Passport details to pass to overseas authorities which require Advanced Passenger Information;
Compliments, queries or complaint on our service and products;
We do not generally collect special categories of personal data about you (or those you are booking for), but where we do, we seek to minimize the collection and use of it and handle it with extra care and protection and adequate security measures. We also share this information with third parties (who help manage our business and deliver services such as those parties who provide wheelchairs at airports) and other companies (who help manage your booking or journey) only when strictly necessary, and – depending on your travelling – we may transfer it globally always applying adequate safeguards in compliance with applicable data protection laws. Where you (or any passenger travelling) provides us with special categories of personal data you agree that you have voluntarily provided such information, and you consent (and the passenger travelling consents) for us to use that information for the purposes for which it was collected.
Also, if you visit one of our local offices you may be monitored by closed circuit television for security purposes. In each case, we do so in compliance with applicable laws
C. Personal data we collect from third parties We collect personal data from third parties who you have authorized to provide your personal data to us (for example, this may be your travel agent or another person making a booking on your behalf, your travel companion, your travel coordinator, our promotion partners, social media and other digital website). We also collect personal data from individuals who may refer you as a friend to our products or services. We ask these individuals to confirm that you are happy to hear from us.
D. Optional nature of your decision to provide personal data Some of the personal data requested on the Websites (such as your first and last name, telephone number and e-mail address) may be marked as “mandatory” [e.g., indicated with an (*)] as they are necessary to access the services granted by the Websites you wish to use (e.g., if you wish to register to the Websites). Failure to provide this data marked as “mandatory” may prevent us from allowing access to the services requested (e.g. if you do not provide your e-mail address, the we will not be able to complete your registration). Failure to provide data marked as “optional” will have no consequence.
You are required to provide only personal data relating to yourself. If personal data of third parties is requested, you acknowledge that you have obtained consent from third parties for processing of the corresponding personal data by us.
E. Purposes of personal data processing We process your personal data in order to: (1) fulfill our contract with you in all of its stages, and/or deal with your booking or intended booking (including processing your booking, sending you your itinerary or other details relating to your booking and so forth); complete your travel arrangements; update you on changes to your travel itinerary,for example, if there is a change to your booking pre travel, if a flight is delayed or cancelled; manage your wider travel or services requirements, for example, liaising with third party travel facilitators or service providers so that they can facilitate your travel arrangements and minimize any disruptions; this includes when you book a holiday package, hotel, car or other service which may be provided by us or third parties with us; process payments for your booking, fulfill requests for refunds; communicate and interact with you at different times throughout your journey; providing you with access to and use of your online account with us; (2) meet our legal and statutory obligations and duties (for instance, in some countries, we are required to provide information to border control, customs and law enforcement officers at ports of entry and exit on your itinerary; tax or accounting duties); (3) meet legal, compliance, regulatory, and crime detection and prevention purposes (for instance, responding to a valid legal claim, summons or regulatory order, and to protect our property, rights, and interests as well as the property, rights and interest of other persons; crime prevention and detection purposes, including the prevention of fraud for online payments, for identity verification, for credit checking and credit scoring purposes and accounting or audit purposes. If you visit one of our local offices, you may be monitored by closed circuit television for security purposes. In each case, we do so in compliance with applicable laws); (4) manage our business such as for systems testing, IT maintenance or development training, benchmarking and performance measurement; (5) capture your interactions with our website and booking journey via tools on our Websites in order to identify errors or issues and ensure your customer experience meets expectations; (6) conduct customer satisfaction surveys so that we can obtain a better understanding of how we can continue to improve the products and services we offer or help us to create new ones. During these surveys we may collect personal data from you relating to your thoughts/comments about your experience with us; (7) provide our customer services and improve the quality of our services (even recording the calls you make to us); (8) respond to your query about any of our products or services, compliments or complaints, or provide you with assistance when you send us an email, call our customer service line, visit a local office or contact us via another form of communication such as through social media or an online chat tool; (9) analyze your preferences and previous travel experiences or transactions for profiling purposes (i.e. to personalize the service and offers you receive and tailoring the way we provide our products or services to you based on your preferences and profile; by communicating with airlines, accommodation providers and other parties that are part of your journey regarding your experience, preferences, compliments or complaints; for improving the products and services we offer or help us to create new ones); (10) send marketing communications and materials.
F. Legal basis for the processing of your personal data We will only collect, process, use, share and store your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because: (1) we need to process your personal data to perform a contract with you or take steps to enter into a contract with you. (see paragraph E (1) above). Moreover for the processing of special categories of personal data strictly necessary to satisfy your particular needs, we will need your explicit consent (see par, E (1) above) (2) we need to process your personal data to comply with a relevant legal or regulatory obligation that we have (see paragraph E (2) above); (3) we need to use your personal data for our legitimate interest as a commercial organization (see paragraph E (3), (4), (5), (6), (7) and (8) above). In all such cases, we will look after your information at all times in a way that is proportionate and that respects your privacy rights; (4) we have your consent to process your personal data for our marketing and analysis of your preferences activities (see paragraph E (9) and (10) above). We remind you that you may at any time freely withdraw your consent by sending an email to email@example.com or by clicking the "unsubscribe" link that you will find at the bottom of our emails which you receive from us, without prejudice for the lawfulness of processing based on consent before the withdrawal.
G. Marketing, profiling and analytics For the purposes no. 9 and 10 above, We may use personal data to let you know about our products and services that we think may be of interest to you. This may be based on your preferences, derived from Cookies, inferred from your interactions with us including on our social media accounts or market research. We may also let you know about our corporate services which we believe may be relevant to you in a professional capacity.
We will only send you direct marketing, whether about us, carefully selected third parties or partners, products or services, in accordance with your marketing preferences and provided that you have given Us your voluntary, specific and informed consent that you may at any time freely withdraw as set out below. We may contact you by email, SMS/text, social media, or through other communication channels that we think you may find helpful.
a) How you can manage your marketing preferences To protect your privacy and to ensure you have control over how we manage marketing interactions with you and provided that you have indicated that you would like to receive it, we will take steps to limit direct marketing to a reasonable level and will only send you communications which we believe may be of interest or relevance to you. At all times, such communications will be in line with your permissions. Such communications may include: (1) telling you about developments in the products and services available through us and those of our selected partners (provided that we will communicate these to you in conjunction with our own marketing); (2) allowing third parties to send you marketing or updates relating to their products or services; (3) newsletters, blogs, vlogs and other information relating to exciting wildlife sightings, upcoming product developments, and news from the bush.
If you unsubscribe completely from our marketing communications we may be unable to notify you of tailored offers to meet your needs. If you do unsubscribe from marketing communications you will still receive operational and service messages from us regarding your booking including where you may not have completed a booking (such as abandoned cart emails or pop-up notices), and responses to your enquiries made to us. b) When and how we undertake profiling and analytics
We use personal data such as your date of birth, gender, country of residence, transactions (for example, payments made with us and flights taken), information derived from Cookies and your preferences and behaviors for profiling. Some of the legitimate purposes we profile personal data include: (1) to obtain a better understanding of what you would like to see from us and how we can continue to improve our services for you; (2) to personalize the service and offers you receive from us, including with invitations to special events; (3) to provide you with tailored content online and optimize your experience of our website; (4) to provide you with tailored advertisements on other websites you visit and social media; (5) to share marketing material we believe may be of interest to you, including from our third party partners; (6) to help us operate our services more efficiently; (7) to authenticate log-ins on our Website and detect and prevent fraud. Such activities and processing will be based only on your voluntary, specific and informed consent. You may at any time freely withdraw your consent by sending an email to firstname.lastname@example.org or email@example.com (as applicable) All our activities of analysis of your data and your preferences will not take place in an exclusively automated manner but will always involve the intervention and evaluation by our employees.
Analytics We aggregate personal data and remove any identifying elements in order to analyze patterns and improve our marketing and promotional efforts, to analyze website use, to improve our content and products and services, to customize our website’s content, layout, products and services, and to support our business operations and we may appoint third parties to do this on our behalf. We gather certain usage information like the number and frequency of visitors to our website. This information includes which webpage you just came from, which webpage you next go to, what browser you are using, your device ID and your IP address (partially obscured in order to prevent any identification). This collective data helps us to determine how much our customers use parts of our website, and do research on our users’ demographics, interests, and behavior to better understand and serve you. One of the ways we do this is by installing and using Cookies on your browser or device.
We also work with social media and other digital websites to provide you with advertisements within those websites. We provide them with your name and contact details (such as your email address or phone numbers). If these social media and digital websites match profile information provided by us with your profile information held by them then they will serve you our advertisements. The social media websites will not identify you or share other personal data in your social media account to us. If you use buttons on our website linked to social media or similar sites (for example, "Like" and/or "Share" buttons), content from our website may be sent back to those sites and, depending on your privacy settings, may be privately or publicly visible (for example, to friends, followers or generally to anyone who has access to your profile page). Such processing will be carried out by Us and the social media platform providers as joint data controllers and will be based on your consent.
H) Sharing your personal data with others
Your personal data will be processed (solely within their respective areas of competence) by persons in charge of the processing expressly authorized by us pursuant to applicable laws. Within the purposes mentioned above (see paragraph E above), your data may come to the knowledge of the following: (1) service providers who help manage our IT and back office systems, detect fraudulent transactions and security incidents, provide customer service center support, manage communications and tailor marketing and advertising; verify payments such as banks and payment card companies; provide internet services; host our facilities and conduct research that assists us with understanding consumer interests; (2) third party advertising and social media website to provide advertising; (3) bank and payment providers to authorize and complete payments; (4) governments, government organizations and agencies, border control agencies, regulators, law enforcement and others as permitted or required by law, in relation to legal requirements that apply from time to time when travelling to or from a particular country, and to generally comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies; (5) third parties whose products or services you are purchasing through our website or offices, or otherwise such as airlines, tourism agencies, hotel, transfer and car hire companies, tour and excursion providers or to travel agents, including if there is a problem with your booking so that your travel agent can resolve it with you.
Such persons have agreed to confidentiality obligations and use any personal data we share with them or which they collect on our behalf solely for the purposes of providing the contracted service to us. Where appropriate, these suppliers have been appointed by the us as data processors according to applicable data protection laws.
J) Transferring personal data globally We sell travel arrangements to destinations around the world, which means your personal data may be transferred and stored in other countries which may be outside your country of residence. Some of these countries are subject to different standards of data protection than your country of residence. Such transfers will be carried out if necessary for the performance of the contract that we have concluded with you or in your interest (e.g. for hotel or airlines reservations, etc.) or according to the applicable laws.
We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law, and we only transfer personal data to another country where: (1) we are satisfied that adequate levels of protection are in place to protect your information (including any personal data); and (2) the transfers are fully managed to protect your privacy rights and interests and are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. Where we transfer your personal data outside our company or to third parties (who help us to provide our products and services), we obtain contractual commitments and obligations from them to protect your personal data; or where we receive requests for information from law enforcement or regulators, we carefully review and validate these requests before any personal data is disclosed. In the event your personal data is transferred to a foreign jurisdiction, it may be subject to the laws of that jurisdiction and we may be required to disclose it to the courts, law enforcement or governmental authorities in those jurisdictions. You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate level of protection of your personal data when this is transferred as mentioned above.
K) How we protect and store your personal data a) Protection of your personal data We have implemented and maintain appropriate technical and organizational security measures, policies and procedures designed to protect the personal data that you share with us and safeguard the privacy of such information. For example, the measures we take include: (1) placing confidentiality requirements on our staff members and service providers, providing them with instructions for lawful data processing activities and appointing them as data processor where appropriate under applicable data protection laws; (2) destroying or permanently anonymizing personal data if it is no longer needed for the purposes for which it was collected; (3) following security procedures in the storage and disclosure of your personal data to prevent unauthorized access to it; and (4) using secure communication channels on our website such as SSL ("secure sockets layer") for transmitting data that is sent to us. SSL are industry standard encryption protocols used to protect online transaction channels. Having said this, even if we take reasonable steps: (i) it is possible for internet-based communications to be intercepted; (ii) without the use of encryption, the internet is not a secure medium and privacy cannot be ensured; and (iii) internet e-mail is vulnerable to interception and forging.
b) Storage of your personal data We keep your personal data for as long as is strictly necessary for the purposes for which it was collected as indicated at paragraph 2 above and in compliance with applicable time limits set forth by applicable laws and with consents granted, if any. Thereafter, the data will be destroyed or anonymized. We will ensure that it is disposed of in a secure manner. In most cases we will destroy your data 7 years after collection in order to comply with local and international rules and regulations. Where no further communication occurs beyond an enquiry or where we are contacted via our website or social media channels, data will be removed not more than 24 months after collection.
In some circumstances we may store your personal data for longer periods of time, for example, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
I) Legal rights available to help manage your privacy Applicable data protection laws grant you certain rights in relation to the processing of your personal data: in order to exercise your rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal data to you. You can exercise your rights by emailing us at firstname.lastname@example.org and email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request within 30 days from the receipt or inform you if we require further information in order to fulfill your request. We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal data You have a right to obtain from us confirmation as to whether or not your personal data are being processed and, where that is the case, request that we provide you with a copy of your personal data; and you have the right to be informed of: (1) the source of your personal data; (2) the purposes, the categories of personal data concerned, legal basis and methods of processing; (3) the data controller’s identity; and (4) the recipients or categories of recipients to whom your personal data have been or may be disclosed, in particular in third countries or international organizations and in such case, the appropriate safeguards relating to the transfer; (5) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (6) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (7) the right to lodge a complaint with a supervisory authority; (8) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to rectify or erase personal data You have a right to request that we rectify without undue delay inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it. You can also request that we erase your personal data at any time. We are not required to comply with your request to erase personal data if the processing of your personal data is necessary for (1) compliance with a legal obligation; or (2) the establishment, exercise or defense of legal claims. If we do erase your data, then we may not be able to provide you with services or access to our website or platform(s).
Right to withdraw your consent You always have the withdraw at any time freely your consent by sending an email to firstname.lastname@example.org or email@example.com without prejudice to the lawfulness of processing based on consent before the withdrawal.
Right to object to the processing (including direct marketing) of your personal data. You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
You can request that we stop contacting you for marketing purposes.
You can request that we do not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
If you have joined our mailing list, you can manage your marketing preferences automatically by clicking the "unsubscribe" link that you will find at the bottom of our emails which you receive from us, or you can unsubscribe by contacting us at firstname.lastname@example.org and email@example.com.
Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred across international borders. We may redact data transfer agreements to protect commercial terms.
Right to restrict the processing of your personal data You can ask us to restrict the processing of your personal data, but only where: (1) its accuracy is contested, to allow us to verify its accuracy; or (2) the processing is unlawful, but you do not want it erased; or (3) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or (4) you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where: (1) we have your consent; or (2) to establish, exercise or defend legal claims; or (3) to protect the rights of another natural or legal person.
Right to data portability
You have the right to receive your personal data or to have them transferred to another data controller in a structured, commonly used and machine-readable format, and to use them for your own purposes within various services.
This right is limited to data collected in the context of the conclusion or execution of a contract with the data subject or on the basis of the data subject's consent
Right to lodge a complaint
Should you consider the processing of your data infringes applicable data protection laws, you may in any event lodge a complaint before the supervisory or regulatory authority of the Country of your habitual residence, place of work or place of the alleged infringement.
Responsibility for damages
Except to the extent prohibited under applicable law, we will not be responsible for any damages suffered by you or any third party as a result of the transmission of confidential or other information disclosed to us through the internet, or that you expressly or implicitly authorize us to make, or for any errors or any changes made to any transmitted information.
13. Data Protection Officers (DPO) iTRVL’s Data Protection Officer (DPO), Mr. Andy Altman, is available if you have any concerns regarding our data processing activities at firstname.lastname@example.org.
Wilderness’ Data Protection Officer, Mr Ulrich Wilgenbus, is available if you have any concerns regarding our data processing activities at email@example.com.
Let’s plan your next journey
When we say we’re there every step of the way, we mean it, literally. From planning the perfect circuit, to private inter-camp transfers on Wilderness Air, and easing you through Customs. We’re with you on the ground, at your side, 24-7, from start to finish. Ready to take the road less travelled? Contact our Travel Designers to plan an unforgettable journey.