GDPR Compliance & Personal Data Protection

At Waycer Travel, we are fully committed to ensuring the privacy and protection of our users' personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This regulation applies to all individuals within the European Economic Area (EEA) and governs how personal data must be collected, processed, and stored.

1. Lawful Basis for Data Processing

We collect and process personal data only when we have a legal basis to do so, including:

• When the processing is necessary for the performance of a contract (e.g., booking a tour)
• When we have obtained your explicit consent (e.g., newsletter subscriptions)
• When processing is required for compliance with legal obligations
• When necessary for our legitimate business interests and does not override your rights

2. Types of Data We Collect

• Identity data (name, email, phone, passport details)
• Travel details (destinations, dates, preferences)
• Transaction data (payment method, amount)
• Technical data (IP address, browser type, cookies)

We do not collect sensitive personal data (e.g., race, religion, health information) unless explicitly required and with your consent.

3. Your GDPR Rights

If you are located in the EEA, you have the following rights under GDPR:

• Right to Access – You can request access to your personal data.
• Right to Rectification – You can request correction of incorrect or incomplete data.
• Right to Erasure – You can request deletion of your data ("right to be forgotten").
• Right to Restrict Processing – You can request limited use of your data.
• Right to Data Portability – You can request a copy of your data in a readable format.
• Right to Object – You can object to certain types of data processing, including direct marketing.

To exercise any of these rights, please contact us at info@waycertravel.com. We aim to respond to all requests within 30 days.

4. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes we collected it for, including legal, accounting, or reporting requirements.

5. Data Security

We use industry-standard security protocols (including SSL encryption, secure servers, and limited access controls) to protect your data against unauthorized access, disclosure, or misuse.

6. Data Transfers Outside the EEA

If personal data is transferred outside the European Economic Area, we ensure an adequate level of data protection by using legally approved mechanisms such as Standard Contractual Clauses (SCCs) or working with partners who are GDPR compliant.

7. Data Breach Notification

In the event of a data breach that may affect your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by law.

8. Data Protection Officer (DPO)

For any GDPR-related queries or requests, you may contact our Data Protection Officer:

• Email: info@waycertravel.com
• Subject: GDPR Request

Waycer Travel is dedicated to full transparency and responsible data management. By using our services, you agree to this GDPR Compliance Statement and the data practices outlined herein.