Privacy Policy
Who we are
In this section you should write down the www.souviatravels.com, as well as the name of the company, organization, or individual behind it, and some precise contact information.
The amount of information you are required to show may vary depending on the commercial regulations in your country or region. You may, for example, be required to show your physical address, a registered address, or your company registration number.
What personal data is collected and why
In this section you will need to state what personal data you collect from users of and visitors to the site. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as cookie information.
You should indicate any collection and storage of sensitive personal data, such as diagnostic data.
In addition to listing what personal data is collected, you should indicate why it is collected. These explanations should indicate the legal basis for the collection and storage of the data or the consent given by the user.
Personal data is not created solely by users’ interaction with the site. Personal data is created through technical processes such as contact forms, comments, cookies, analytical data, and third-party incorporation.
By default, WordPress does not collect any personal analytical data from visitors and only collects the data available in the user profile of registered users. However, some of its plugins may collect personal data. You should add the relevant information below.
Comments
In this subsection you should indicate what information is captured through comments. By default, the data collected by WordPress is indicated.
Multimedia
In this subsection you should note what information may be disclosed by users who can upload multimedia files. All uploaded files are usually publicly accessible.
Contact forms
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to inform what personal data is stored and for how long when someone uses a contact form. You could say, for example, that you store this information for a certain period of time for customer support purposes, but that it is not used for marketing purposes.
Cookies
This subsection should list the cookies used by your site, including those set by plugins, social networks and analytics. Cookies installed by WordPress are provided by default.
Analytics data
In this subsection you should note which analytics data packages you use, how users can exclude themselves from data tracking, and a link to the privacy policy of the analytics data provider, if applicable.
By default, WordPress does not collect any analytics data. However, many web hosting accounts do collect some anonymous analytics data. You may also have a WordPress plugin installed that provides analytics services. If so, please add information about that plugin here.
Who your data is shared with
In this section you should name and list all the third parties with whom you share site data, including partners, cloud services, payment processors and suppliers, define which data is shared and why. Link to the privacy policies of these third parties where possible.
By default, WordPress does not share any personal data with anyone.
How long your data is kept
In this section you should explain how long the personal data collected or processed by the site will be kept. Although it is your responsibility to create the schedule of how long each set of data will be kept and why, this information does not have to be listed here. For example, you might want to say that contact form records will be kept for six months, analytics records for a year, and customer purchase records for ten years.
What rights you have over your data
In this section you should explain what rights users have over their data and how they can invoke these rights.
Where your data is sent
In this section you should list all data transfers from your site outside the European Union and describe the means by which this data is safeguarded to data protection standards in Europe. This may include your web hosting, cloud storage, or other third-party services.
European data protection law requires that data about European residents that is transferred outside the European Union is treated with the same standards as if it were in Europe. Therefore, in addition to listing where the data is going, you should describe how you or a third-party provider ensures that these standards are met, whether by an agreement such as a Privacy Shield, model clauses in your contracts or binding corporate rules.
Contact information
In this section you must provide a means of contact for privacy issues. If you are required to have a Data Protection Officer, please provide their name and full contact information.
Additional information
If you use your site for commercial purposes and engage in more complex collection or processing of personal data, you should indicate that information in your privacy policy in addition to the information previously discussed.
How your data is protected
In this section you should explain what measures have been taken to protect user data. This could include technical measures such as encryption, security measures such as two-factor authentication and instruction from data protection professionals. If a privacy impact assessment has been carried out, you can mention it here.
Procedures envisaged in the event of a data breach
In this section you should explain what procedures are in place to deal with data breaches, both potential and actual, such as internal reporting systems, contact mechanisms, or rewards for bug fixes.
From which third parties we receive data
If your site receives user data from third parties, including advertisers, this information must be included in the third-party data section of the privacy policy.
What automated decisions and/or profiling we do with user data
If your site provides a service that includes automated decision making – for example, to allow customers to apply for credit or aggregate their data into an advertising profile – you must indicate that this is taking place and include information about how this information is used, what decisions are made with the respective aggregated data and what rights users have over decisions made without human intervention.
Regulated sector reporting requirements
If you are a member of a regulated industry, or subject to additional privacy laws, you may be required to report this information here.