Privacy Policy
Last updated: March 2026
Condor Trails is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and what rights you have.
Condor Trails is a trading name of a business owned and operated by Aleksander Canchaya, based in Dublin, Ireland. We are the data controller for the personal data described in this policy.
This policy complies with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and the Irish Data Protection Act 2018.
Data Protection Contact: info@condortrails.com
1. Personal Data We Collect
We collect different types of personal data depending on how you interact with us:
1.1 When You Enquire or Contact Us
- Full name
- Email address
- Phone number
- Country of residence
- Travel preferences and interests
- Any information you voluntarily include in your message
1.2 When You Make a Booking
In addition to the above, we collect:
- Passport details (name as on passport, number, expiry date, nationality) — required for booking flights, hotels, permits, and entry documentation
- Date of birth
- Dietary requirements and medical conditions (only where relevant to your trip and voluntarily disclosed)
- Emergency contact details
- Travel insurance policy details
- Payment information (processed securely; we do not store full card details)
1.3 When You Visit Our Website
- IP address and approximate location
- Browser type and device information
- Pages visited, time spent, and referral source
- Cookie data (see Section 8: Cookies)
1.4 When You Subscribe to Our Newsletter
- Email address
- Name (if provided)
- Email engagement data (opens, clicks) for improving our content
2. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Responding to enquiries and providing travel quotes | Legitimate interest / Pre-contractual steps |
| Fulfilling your travel booking (flights, hotels, permits, guides) | Contractual necessity |
| Processing payments | Contractual necessity |
| Communicating trip details, updates, and travel documents | Contractual necessity |
| Sharing data with local operators to deliver your trip | Contractual necessity |
| Sending marketing emails and travel inspiration (opt-in only) | Consent |
| Improving our website and services | Legitimate interest |
| Complying with tax, legal, and regulatory obligations | Legal obligation |
3. Who We Share Your Data With
We only share your personal data where it is necessary to fulfil your booking or where we are legally required to do so. We share data with:
- Local tour operators and ground agents in Peru, Bolivia, Argentina, Chile, Colombia, Ecuador, the Dominican Republic, and Mexico — to coordinate your itinerary, accommodation, guides, and transport
- Airlines and transport providers — for booking flights and transfers
- Hotels, lodges, and accommodation providers — for reservations
- Government and permit authorities — where required for entry permits, park passes (e.g. Inca Trail permits), or visa documentation
- Payment processors — to securely handle transactions
- Professional advisors — accountants, legal counsel (only as required)
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
4. International Data Transfers
To fulfil your travel booking, your personal data (including passport details, dietary requirements, and contact information) may be transferred to countries outside the European Economic Area (EEA), including but not limited to:
- Peru, Bolivia, Argentina, Chile, Colombia, and Ecuador
- Dominican Republic and Mexico
These countries may not have data protection laws equivalent to those in the EU/EEA. Where we transfer your data outside the EEA, we protect it by:
- Using Standard Contractual Clauses (SCCs) approved by the European Commission where applicable
- Ensuring our partners have appropriate security measures in place
- Only transferring the minimum data necessary to deliver the services you have booked
By making a booking, you acknowledge and consent to these necessary international transfers for the purpose of fulfilling your trip.
5. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking records, invoices, and financial data | 7 years after the trip | Irish tax and legal requirements |
| Passport details | Deleted within 6 months of trip completion | No longer needed after travel |
| Enquiry data (no booking made) | 2 years after last contact | Legitimate interest in follow-up |
| Marketing consent and newsletter subscriptions | Until you withdraw consent | Based on your ongoing opt-in |
| Website analytics data | 26 months | Google Analytics default retention |
When data is no longer needed, we securely delete or anonymise it.
6. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can ask us to correct any inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — You can request that we delete your personal data, subject to any legal obligations requiring us to retain it.
- Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
- Right to object — You can object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent — Where processing is based on your consent (e.g. marketing emails), you can withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, contact us at info@condortrails.com. We will respond within 30 days of receiving your request, in accordance with GDPR requirements.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
7. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:
- Encrypted communications (SSL/TLS) on our website
- Secure storage of sensitive documents
- Access controls limiting data access to authorised personnel only
- Regular review of our security practices
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
8. Cookies
Our website uses cookies — small text files stored on your device — to help us provide and improve our services.
8.1 Essential Cookies
These are necessary for the website to function properly. They include cookies that remember your theme preference (light/dark mode) and maintain session state. You cannot opt out of essential cookies as they are required for core functionality.
8.2 Analytics Cookies
We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect anonymous usage data, including:
- Pages visited and time on site
- Referral sources (how you found us)
- Approximate geographic location (country/city level)
- Device and browser type
This data is aggregated and anonymised. It helps us improve our website content and user experience. Google Analytics data is retained for 26 months. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
8.3 No Marketing or Third-Party Tracking Cookies
We do not use marketing cookies, retargeting pixels, or third-party tracking cookies. We do not serve advertisements on our website.
9. Third-Party Links
Our website may contain links to external websites (such as airlines, hotels, TripAdvisor, or social media platforms). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to read the privacy policies of any external website you visit.
10. Children's Privacy
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. Where a booking includes minors, the accompanying parent or legal guardian is responsible for providing any necessary personal data on their behalf and for ensuring they consent to this policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If we make material changes that affect how we process your existing personal data, we will notify you via email where possible.
12. Contact Us
If you have any questions about this Privacy Policy, want to exercise your data protection rights, or have concerns about how we handle your data, please contact us:
Condor Trails — Data Protection
Email: info@condortrails.com
Phone: +353 85 760 4985
Web: condortrails.com
Dublin, Ireland