Privacy Policy for lonelyolanet.com
1. Introduction
At lonelyolanet.com (“we”, “us”, “our”), we are deeply committed to safeguarding your personal data and upholding your right to privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information, ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our commitment is rooted in transparency, accountability, and a privacy-first approach in all aspects of our digital operations.
2. Scope of This Policy and Role of Data Controller
This Privacy Policy applies to all visitors, users, and customers accessing or using our website at lonelyolanet.com (the “Site”). We act as the data controller for personal data collected through the Site, meaning we determine the purposes and means of processing this data under applicable privacy laws.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Information related to how you interact with the Site, including your IP address, browser type, operating system, device identifiers, duration of visit, and pages viewed. This data is collected to monitor and improve our services and enhance the functionality of the Site.
b. Account Data
Details provided when you create or maintain a user account, such as your full name, email address, postal address, telephone number, and login credentials.
c. Profile Data
Information related to your preferences, purchase history, behavior on the Site, product interests, and curated user content (e.g., saved items and browsing patterns).
d. Communication Data
Records of your interactions with us, including inquiries, support requests, email correspondence, chat transcripts, and other communications.
e. Technical Data
Device-specific data such as language settings, system configurations, hardware models, mobile network information, and software versions.
f. Transaction Data
Details of transactions performed on the Site, including payment history, delivery information, billing method, and transaction timestamps.
g. Preference Data
Your marketing and communication preferences, consent records, survey responses, and choices related to newsletters, promotions, and targeted content.
4. Legal Bases for Processing
We process your personal data based on one or more of the following legal grounds:
– Performance of a Contract: To provide services you request and fulfill our obligations under any agreement with you.
– Legitimate Interests: To improve user experience, ensure network security, and conduct analytics, provided such interests are not overridden by your rights.
– Consent: Where legally required, we obtain your explicit consent for activities such as marketing communications and optional cookies.
– Legal Obligations: To comply with applicable laws, regulations, and legal processes.
5. Your Data Protection Rights
Subject to applicable data protection laws, you have the following rights over your personal data:
– Right of Access: You may request copies of your personal data that we hold.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” you may request deletion of your data under certain circumstances.
– Right to Restrict Processing: You may request that we limit the processing of your data.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
– Right to Object: You may object to data processing based on legitimate interests or for direct marketing purposes.
Requests to exercise these rights can be sent to [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
– Encryption of data in transit and at rest
– Role-based access control and account authentication procedures
– Regular backups and security patching
– Employee training and awareness on data protection practices
Despite these efforts, no online data transmission or storage can be guaranteed to be completely secure. You share your data at your own risk, though we strive to maintain the highest levels of protection.
7. International Data Transfers
If your data is transferred outside of the European Economic Area (EEA) or other jurisdictions with similar regulations, we ensure adequate safeguards are in place. These may include:
– The use of Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules
– Transfers to jurisdictions recognized as providing an adequate level of data protection
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Typical retention periods include:
– Account Data and Profile Data: retained for as long as the account remains active
– Transaction and Payment Data: retained for 7 years for regulatory and financial reporting
– Communication Data: retained for 2 years to handle support and legal inquiries
– Cookie Data: retained according to the lifespan of each cookie type, as specified in our Cookie Policy
Once data is no longer necessary, we securely delete or anonymize it.
9. Cookie Policy
We use cookies and similar technologies to collect Usage, Technical, and Preference Data for the following purposes:
– Essential Cookies: Necessary for the Site to function, such as login and session management
– Functional Cookies: Enhance your experience by remembering your settings and preferences
– Analytics Cookies: Collect data about how visitors interact with the Site to improve performance
– Performance Cookies: Monitor uptime, page load times, and troubleshoot technical issues
10. Cookie Management and Compliance
We provide users with full control over cookie preferences via our cookie consent banner upon first visit, in accordance with GDPR and CCPA requirements. Users may accept or reject non-essential cookies at any time through our Cookie Settings page, accessible from the footer of lonelyolanet.com.
You can also manage cookies directly from your browser by adjusting privacy settings and clearing browsing data.
Under the CCPA, California residents may exercise their right to opt-out of the “sale” of personal data. We do not sell user data in the traditional sense, but still provide an opt-out mechanism to comply with CCPA guidelines. This option is available through our “Do Not Sell My Personal Information” page.
11. Children’s Privacy
We do not knowingly collect or process the personal data of children under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will take immediate steps to delete such information from our records. Parents or legal guardians who believe that their child has submitted data to us may contact us at [email protected].
12. Policy Updates
We may periodically revise this Privacy Policy to address changes in technology, legal requirements, or our business operations. Updates will be posted to this page with a clear indication that changes have occurred. Where significant changes are made, we may notify you via email or through a prominent onsite notice.
We encourage you to review this Policy regularly to stay informed about how we protect your information.
13. Contact Us
For any questions regarding this Privacy Policy or to exercise your data protection rights, you may contact us at:
Email: [email protected]
Website: https://www.lonelyolanet.com/contact
We are committed to maintaining full compliance with all applicable privacy laws and regulations and welcome any feedback or concerns relating to our data practices.