Privacy Policy

How we collect, use, and protect your personal information

Last updated: 1 December 2024

1. Introduction

deviatrbxu B.V. ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website deviatrbxu.top or use our travel services.

This policy applies to all personal data processing activities conducted by deviatrbxu B.V., registered at Nieuwstraat 237, 3055 IU Rotterdam, Netherlands (KvK: 28573964, VAT: NL137592864B37).

2. Data Controller

Company: deviatrbxu B.V.

Address: Nieuwstraat 237, 3055 IU Rotterdam, South Holland, Netherlands

Email: privacy@deviatrbxu.top

Phone: +31 306309088

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM

3. Information We Collect

3.1 Personal Information You Provide

  • Contact details (name, email address, phone number, postal address)
  • Travel preferences and requirements
  • Booking and payment information
  • Passport and identification details (when required for bookings)
  • Special requirements (dietary, accessibility, medical needs)
  • Communication records (emails, phone calls, messages)

3.2 Information Automatically Collected

  • Website usage data (pages visited, time spent, click patterns)
  • Device information (IP address, browser type, operating system)
  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Location data (when permitted by your device settings)

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Provision (Legal Basis: Contract Performance)

  • Processing and managing travel bookings
  • Arranging flights, accommodation, and other travel services
  • Providing customer support and assistance
  • Managing payments and financial transactions

4.2 Communication (Legal Basis: Legitimate Interest/Consent)

  • Responding to enquiries and providing information
  • Sending booking confirmations and travel updates
  • Marketing communications (with your consent)
  • Customer satisfaction surveys

4.3 Legal Compliance (Legal Basis: Legal Obligation)

  • Compliance with travel industry regulations
  • Tax and accounting requirements
  • Anti-money laundering checks
  • Data retention as required by law

5. Data Sharing and Disclosure

We may share your personal data with:

5.1 Service Providers

  • Airlines, hotels, and other travel suppliers
  • Payment processors and financial institutions
  • Insurance providers
  • Technology service providers (website hosting, email services)

5.2 Legal Requirements

  • Government authorities when required by law
  • Law enforcement agencies for legitimate investigations
  • Regulatory bodies in the travel industry

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

As a travel agency, we may transfer your personal data to countries outside the European Economic Area (EEA) when:

  • Making bookings with international suppliers
  • Processing payments through global payment networks
  • Using cloud-based services hosted outside the EEA

We ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other legally recognised transfer mechanisms.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

  • Booking data: 7 years after travel completion (tax and legal requirements)
  • Marketing data: Until you withdraw consent or 3 years of inactivity
  • Website analytics: 26 months maximum
  • Communication records: 3 years for customer service purposes

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a structured format

Right to Object

Object to processing for certain purposes

To exercise these rights, contact us at privacy@deviatrbxu.top. We will respond within one month of receiving your request.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure payment processing systems
  • Regular backups and disaster recovery procedures

10. Cookies and Tracking

Our website uses cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Information

For any questions about this privacy policy or our data practices, please contact us:

Data Protection Officer

Email: privacy@deviatrbxu.top

Phone: +31 306309088

Address: deviatrbxu B.V., Nieuwstraat 237, 3055 IU Rotterdam, Netherlands

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the Netherlands, you can contact:

Autoriteit Persoonsgegevens (Dutch DPA)

Website: autoriteitpersoonsgegevens.nl

Phone: +31 70 888 8500