Privacy Policy
Information document for users of the FraVeRa Journey website.
PRIVACY POLICY – FraVeRa Journey
1. Data controller
The controller of personal data is FraVeRa Journey, a sole proprietorship registered in the Kingdom of the Netherlands, operating as a disclosed travel agent (disclosed travel agent), hereinafter: the Controller.
For matters related to personal data protection you can contact the Controller via the business e-mail address.
2. Scope of processed data
The Controller processes personal data provided by Clients via the website form and in e-mail correspondence.
The scope of processed data may include:
- identification data (first and last name),
- contact data (e-mail address, phone number),
- data related to the planned stay or travel,
- health-related data – only to the extent necessary to prepare an offer and coordinate services.
The Controller does not process excessive data.
3. Purposes of processing
Personal data are processed in order to:
- prepare an individual offer,
- provide agency/intermediary services,
- communicate with the Client,
- coordinate contact with Partners,
- fulfil the Controller’s legal obligations.
The Controller does not run newsletters or mass marketing.
4. Legal bases for processing
Personal data are processed on the basis of:
- Art. 6(1)(b) GDPR – performance of a contract,
- Art. 6(1)(c) GDPR – legal obligations,
- Art. 6(1)(a) GDPR – consent.
Health data are processed on the basis of:
- Art. 9(2)(a) GDPR – explicit consent,
- Art. 9(2)(h) GDPR – organisation of health services.
5. Recipients of personal data
Personal data may be disclosed to:
- Partners providing the Main Services,
- IT and hosting providers,
- e-mail service providers (Google / Gmail).
Data are shared only to the necessary extent.
6. Transfers outside the EU
Data may be processed using tools of providers outside the EU with safeguards compliant with the GDPR.
7. Data retention period
Data are stored:
- for the duration of cooperation,
- after it ends – for the period required by law,
- medical data – only for as long as necessary.
8. Rights of the data subject
You have the right to:
- access your data,
- rectification,
- erasure,
- restriction of processing,
- data portability,
- object to processing,
- withdraw consent.
9. Security measures
The Controller applies technical and organisational measures to protect personal data.
10. Complaints
You have the right to lodge a complaint with the Autoriteit Persoonsgegevens.
11. Final provisions
The Controller reserves the right to update this Privacy Policy.