Privacy Policy for Indigo Adventures Limited
Introduction
Indigo Adventures Limited (“Indigo Adventures”, “we”, “us” or “our”) is committed to protecting your privacy in accordance with the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and all other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website (indigoadventures.org) or services, and outlines your rights concerning that information. Please read this policy carefully. By using our website or services, you acknowledge that your data will be handled in accordance with the terms described here. If you have any questions or concerns about this policy or how we use your data, you can contact us using the details provided in the “Contact Us” section below.
Scope: This policy applies to personal information collected by Indigo Adventures via our website and related services. This policy does not apply to any third-party websites or services that may be linked to on our site. If our site contains links to external websites or social media features, please note that we are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
Who We Are (Data Controller)
Indigo Adventures Limited is a travel company registered in the United Kingdom (Company No. 16215991). For data protection law purposes, Indigo Adventures Limited is the “data controller” of the personal information collected via this website and our services. You can contact us at info@indigoadventures.org with any questions regarding this policy or your data (see the Contact Us section below for more details).
Information We Collect
We only collect personal information that is necessary for the purposes described in this policy. The types of personal data we may collect include:
Information You Provide Directly: When you fill out forms on our site (such as booking inquiries, tour bookings, newsletter sign-ups, or contact forms), we collect the information you provide. This may include your name, email address, telephone number, postal address, and any other details you submit (for example, your travel preferences, dates of travel, number of travellers, and any specific inquiries or messages). For instance, when you make an inquiry or contact us, you may be asked to provide personal details, such as your name, address, email, and phone number. We will also collect any additional information you choose to provide, such as dietary requirements, medical information or special requests related to a trip (which can be considered sensitive personal data). We only request such sensitive information when necessary (for example, health information to ensure accommodations or activities are suitable for you), and we will obtain your explicit consent, as required by law, before processing these special categories of data.
Booking and Transaction Information: When you book a tour or other travel services with us, we collect the necessary information to process your booking. This can include passport details, date of birth, nationality (if required for travel arrangements), emergency contact information, and payment details. Payment card information (such as credit/debit card numbers) that you provide through our website will be collected via our secure payment processor. We do not store full card details on our servers; any online payments are handled by accredited third-party payment providers for security. We will receive confirmation of your payment and necessary information to verify the transaction (e.g. payment status), but not the sensitive card data itself.
Automatically Collected Information: When you visit our website, specific data about your device and browsing actions is automatically collected through cookies and similar technologies (see "Cookies and Tracking Technologies" below). This includes your IP address, browser type and version, device identifiers, operating system, referring website, and the pages you access on our site, along with the dates and times of access. We collect this technical information to understand how users navigate our site, to troubleshoot and improve our services, and for security monitoring. This data, by itself, typically does not identify you by name. Still, it may be considered personal data when combined with other information (for example, IP addresses can be regarded as personal data under data protection law).
Social Media Information: If you interact with our pages on social media platforms (such as Facebook, Instagram, or Twitter) or use social media login features, we may receive personal data, including your public profile information, from those platforms, subject to the platform’s privacy settings and policies. We do not control or are not responsible for how third-party platforms process your data. Please refer to their respective privacy notices for more information. However, we will handle any information we receive from social networks by this Privacy Policy.
We do not knowingly collect personal data from children under the age of 16. Our website and services are intended for a general audience and are not directed at children. If we become aware that a child under 16 has provided us with personal information without parental consent, we will take steps to delete such information. If you are a parent or guardian and believe we may have inadvertently collected information from your child, please contact us so we can promptly address the issue.
How We Use Your Information
We use your personal information only for legitimate business purposes and in accordance with data protection laws. The primary purposes for which we process your data include:
Providing and Managing Services: We use the information you provide to respond to your inquiries, process your tour bookings or travel service requests, and to fulfil our contractual obligations to you. For example, we will use your contact details to communicate with you about your trip itinerary, to send booking confirmations or invoices, and to notify you of any changes or important updates regarding your travel plans. If you provide special health or dietary information, we will use it to make necessary accommodations for your trip (for instance, informing hotels or our tour guides of your dietary needs).
Communication and Customer Support: We will use your contact information to provide customer support and respond to any questions or concerns you may have. This includes corresponding with you via email, phone, or other channels at your request, and providing you with information you have requested (such as a tour brochure or a quotation for a custom trip).
Marketing and Newsletters: With your consent, we will use your email address (and optionally your name) to send you our newsletter and occasional promotional communications about our latest travel deals, new tour packages, or other updates we think may interest you. You will receive such marketing emails only if you have opted in to receive them (for example, by subscribing to our newsletter or explicitly requesting travel updates). You can withdraw your consent and unsubscribe from our marketing communications at any time (see Your Rights below). Every marketing email from us will include an “unsubscribe” link to opt out, and you can also contact us directly to be removed from our mailing list. We do not send mass marketing emails without consent. If you are an existing customer, we will only send you marketing about similar services, as permitted by applicable laws, or if you have not objected.
Personalisation and Improvements: We may use data about your past interactions with us (e.g. previous trips or inquiries) to personalise the services or offers we provide to you. For example, we might suggest tours similar to ones you’ve shown interest in, or tailor our website content to be more relevant to your interests. We also use the automatically collected technical data and cookies to analyse how our website is used, to troubleshoot performance issues, and to improve the functionality and user experience of our website and services. This helps us ensure the content on our site is presented in the most effective manner for you and your device.
Analytics: We use third-party analytics tools (such as Google Analytics) to collect information about website traffic and user interactions. These analytics services process technical data (like IP address, device information, and browsing actions) to provide us with aggregate reports on site usage and visitor demographics. This information is statistical and does not identify you personally. We utilise these insights to enhance user engagement and refine our website design, content, and marketing strategies. (Please see Cookies and Tracking Technologies for more details on how we use analytics cookies and how you can control them.)
Compliance with Legal Obligations: We may process and retain your personal information as necessary to comply with our legal and regulatory obligations. For example, we maintain records of transactions for accounting and tax purposes, and we may be required by law to collect specific information (such as passport details for international travel bookings or to comply with anti-money laundering regulations when payments exceed certain thresholds). Suppose authorities or law enforcement agencies lawfully require us to share personal data (for instance, for visa processing, customs, security, or fraud prevention purposes). In that case, we will comply as necessary to meet our legal obligations.
Protecting Our Rights and Preventing Misuse: We may process personal data as needed to enforce our terms and conditions and to protect the rights, property, or safety of Indigo Adventures, our customers, and others. This includes using data to detect and prevent fraud or other misuse of our services, as well as to ensure the security of our systems and infrastructure. For example, we may use IP addresses and other identifiers to monitor for unusual or suspicious activity on our website.
We will not use your personal information for purposes that are incompatible with the ones listed above. If we intend to process your data for a new purpose that this Privacy Policy does not cover, we will provide you with a new notice explaining such use and, if required, seek your consent. We do not engage in automated decision-making that produces legal effects concerning you or has a similarly significant impact on you, without human involvement (such as automated profiling or credit decisions made solely by a machine).
Legal Bases for Processing
Under UK and EU data protection laws, we are required to have a valid “lawful basis” for each use of your data. Depending on the specific context, we rely on one or more of the following legal bases:
Performance of a Contract: Most of the personal data we collect from you is processed on the basis that it is necessary for us to provide our services and fulfil our contract with you. When you request a tour booking or travel service from Indigo Adventures, we must process your data (e.g. contact details, traveller information, payment details) to arrange and deliver the travel services you’ve requested. We cannot provide the service without this information.
Consent: We rely on your consent in certain situations, such as when you subscribe to our newsletter or when we process special category data (for example, health information or dietary requirements) that you voluntarily provide for your trip. Where we ask for your consent, you have the right to withdraw it at any time (this will not affect the lawfulness of any processing that happened before you withdrew consent). For instance, if you consent to receive marketing emails, you can opt out later, and we will stop sending them. Likewise, if you provide health-related information, you can request that we delete it after your trip is completed. We will only use your data for the specific purposes you agreed to.
Legitimate Interests: In some cases, we process your data because it is in our legitimate interests to do so as a business, and we have assessed that your rights and interests do not override those legitimate interests. For example, it is in our legitimate interests to respond to general inquiries from potential customers (even if you have not yet booked a tour), to improve our services by analysing how customers use our website, and to secure our website and business against fraud. When we rely on legitimate interests, we will ensure that we consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws. We will not process personal data on this basis if the impact on your fundamental rights and freedoms outweighs our legitimate interests.
Legal Obligation: We will process personal data where it is necessary for compliance with a legal obligation to which we are subject. For example, we may need to retain transaction records for a certain number of years to comply with tax law and financial regulations, or to disclose information if required by a lawful request from government authorities. In such cases, the law is the basis for our processing.
In practice, there may be overlap in bases – for example, if you book a tour, processing your data to complete that booking is based on contract; retaining the booking records for seven years could be both our legitimate interest and a legal obligation (for tax/accounting); and using your email to send you optional marketing afterward would be based on consent or legitimate interest (subject to your opt-out). We will always identify the appropriate basis and ensure we respect your rights under the applicable basis. If you have questions about the legal basis for any specific data processing, please do not hesitate to contact us.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to provide and improve our services. Cookies are small text files that are stored on your browser or device when you visit a website. We use the following categories of cookies on our site:
Necessary Cookies: These cookies are essential for our website to function correctly. They enable core functionality such as security, network management, and accessibility. For example, if our site has a login or booking form that spans multiple pages, necessary cookies would ensure that you stay logged in or that your selections persist as you navigate. You cannot turn off strictly necessary cookies via our consent management tool, as the website cannot function without them. However, these cookies do not collect personal data for marketing purposes.
Analytics and Performance Cookies: We use analytics cookies (e.g., Google Analytics cookies) to collect information about how visitors use our site. This includes data on which pages are visited, how long users stay on the site, how they navigate, and any errors encountered. The information collected is aggregated and anonymised; it does not directly identify you. These cookies help us understand user behaviour and improve our website’s performance and design. We will obtain your consent before setting analytics cookies, in compliance with applicable laws (UK and EU Privacy and Electronic Communications Regulations). You can choose not to allow these cookies and still use our site, though our understanding of how the site is used will be limited.
Functional Cookies: These cookies remember your preferences and choices to provide enhanced, more personal features. For example, they might remember your language or region, or if you filled a form on our site previously, a functional cookie might auto-fill your details to save you time. While not strictly necessary, these cookies enhance your experience. Third-party services may set some functional cookies we use on our site (for example, if we embed a Google Map to show our office location, Google may set a cookie to remember preferences).
Advertising/Tracking Cookies: Currently, Indigo Adventures does not serve third-party advertisements on our website, so we do not use advertising cookies for ad targeting. However, if we partner with advertising or social media networks in the future that set cookies on our site, we will update this policy and seek any required consent. Currently, the only third-party tracking that may occur comes from social media plugins or share buttons on our site. For example, if our website features a Facebook “like” button or Twitter “share” button, those platforms may set their cookies to track that you visited our site or interacted with the plugin. We do not control these cookies; the respective third parties set them.
When you first visit our website, you will be presented with a cookie notice or banner requesting your consent for non-essential cookies (such as analytics). You can manage your cookie preferences at any time by using our website’s cookie settings tool (if available) or by adjusting your browser settings to refuse cookies. All modern browsers allow you to reject or delete cookies. You can usually find these settings in the Options or Preferences menu of your browser. If you choose to turn off cookies entirely, please note that some parts of our website may become inaccessible or not function properly (for example, interactive features that rely on cookies might not work).
For more information on how to manage cookies or to change your preferences after you’ve consented, please see our separate Cookie Policy page (if available) or contact us. To learn more about cookies in general, and how to manage or disable them, you can also visit resources like AboutCookies.org or the UK ICO’s website section on cookies.
How We Share Your Information (Third-Party Service Providers)
We treat your data with care and confidentiality. We do not sell your personal information to third parties. However, to run our business and provide you with our services, we may need to share your information with certain trusted third parties, as outlined below. Whenever we share data, we ensure that the recipient has a legal obligation to handle and protect the data in accordance with applicable privacy laws and use it only for the specified purposes.
Categories of third parties with whom we may share data include:
Travel Suppliers and Partners: As a travel services provider, we frequently collaborate with third-party suppliers to fulfil your bookings. This includes airlines, hotels, resorts, cruise lines, destination management companies, tour guides, transportation providers, travel insurance agencies, and other local partners involved in your itinerary. We share only the necessary personal information with these parties to arrange the services you have requested. For example, suppose you book a tour package through Indigo Adventures. In that case, we will provide the airline with passenger names and passport details to ticket your flights, give the hotel your name (and, in some cases, your contact information or special requirements) to book your accommodation, or inform our local tour operator of the names and nationalities of travellers for guided excursions. These suppliers will use your information solely to deliver the contracted services. Please be aware that each such third-party travel supplier also acts as a data controller for the information it receives (e.g., an airline issuing a ticket has its legal responsibilities to manage your data). We recommend reviewing the privacy policies of the travel providers that apply to your bookings, as they will explain how they handle your data.
Payment Processors: If you pay for a tour or service using a credit/debit card or other electronic payment methods, the payment transaction may be processed by a third-party payment gateway or processor (for example, Stripe, PayPal, or another payment service). These third parties will process your payment details securely in accordance with industry standards and their privacy policies. Indigo Adventures does not receive or store your complete card information; we only get the confirmation that payment was completed (or notice of any issues). We share with the payment provider the necessary transaction details and billing information to charge you (such as your name, contact, and purchase amount). Payment processors are obligated to protect your data and use it only for processing payments and related activities aimed at preventing fraud.
Email and IT Service Providers: We use reputable third-party services to support our business operations and communications. For example, we may utilise an email service provider or marketing platform (such as Mailchimp, Sendinblue, or a similar platform) to send out our newsletters or group emails. If you have subscribed to our newsletter, your name and email address may be stored on a platform to facilitate our communication with you. We also utilise IT hosting providers for our website and cloud storage services to store data securely. These service providers may have incidental access to personal data in the course of providing their services (for example, our website hosting provider stores whatever data passes through the website). We select providers who implement appropriate security measures and commit to confidentiality. They are not permitted to use your data for any purpose other than providing the contracted service to us.
