Introduction:
This Privacy Policy explains how Just Travel Services (owned and operated by Sarbjit Singh Kaur, a self-employed individual based in Spain) collects, uses, and protects your personal data when you use our website or services. We are committed to complying with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection laws (including Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights) gdprhub.eu. By using our site or services, you agree to the collection and use of information in accordance with this Privacy Policy.

Just Travel Services (Sarbjit Singh Kaur, sole proprietor) is the data controller responsible for your personal data. If you have any questions or wish to exercise your data rights, please contact us at:

• Email: contact@torafera.com

• Address: Calle Juan XXIII 22, San Isidro 38611, Santa Cruz de Tenerife, Spain 

We only collect data that is necessary for providing our travel services and improving your experience. This may include:

• Identification and Contact Data: Name, email address, phone number, postal address, and other contact details provided when you inquire or book services.

• Booking Details: Passport information, dates of birth, or other information required to arrange travel (e.g. flight, hotel, or tour booking details).

• Payment Information: We utilize Stripe for payment processing, so your credit/debit card details are collected and processed securely by Stripe (we do not store full payment card numbers on our servers).

• Technical Data: IP address, browser type, and cookies related data collected when you browse our website (see “Cookies and Tracking” below).

• Any Other Information you voluntarily provide to us (for example, special travel requests, preferences, feedback, or survey responses).

We do not intentionally collect any sensitive personal data (such as health, religion, or biometric data) unless it is necessary (for example, if you voluntarily provide medical or accessibility information for a trip). In general, we only gather the information you provide directly to us or that is needed to fulfill your travel request.

How We Collect Data:
Your personal data is collected when you:

• Make a Booking or Purchase: When you book travel services or make a payment on our site, you provide personal and payment information needed to process the transaction.

• Contact Us or Register: When you fill out a contact form, sign up for newsletters, or communicate with us via email or phone, we collect the data you provide.

• Use Our Website: When you browse our site, we use cookies and similar technologies to collect certain technical data automatically (e.g. IP address, device information, browsing actions).

• Third-Party Sources: In some cases, we may receive information about you from third parties – for example, if another person books travel on your behalf, or if we partner with another agency. In such cases, we ensure that the third party has a lawful basis to share your data with us.

Purposes and Legal Bases for Processing:
We process personal data for specific purposes and in accordance with the lawful bases permitted by the GDPR gdpr.eu:

• To Provide and Manage Services (Contractual Necessity): We use your data to arrange travel services you request – such as booking flights, hotels, tours or issuing travel documents. This processing is necessary to perform the contract with you (e.g. using your name and details to book a flight or tour). If you refuse to provide essential data (like your name or payment information), we cannot fulfill your booking or service request, since providing such data is a contractual requirement.

• Payment Processing: Your payment-related data is used to process payments for bookings via our third-party payment processor, Stripe. The legal basis is contract performance (to collect payment for the services you purchase) and our legitimate interest in preventing fraud. Note: Your financial information is handled by Stripe in accordance with their security standards; we only receive confirmation of payment and necessary details (like your billing name or a payment ID).

• Communication: We may use your contact information to communicate with you about your trip, send booking confirmations, itineraries, updates, or respond to your inquiries. This is done to fulfill our contract with you or based on our legitimate interest in providing good customer service.

• Marketing (With Consent): If you opt in, we may use your email to send newsletters or special offers about our travel services. We will only send you marketing communications if you have consented to receive them (e.g., by subscribing to our newsletter). You can withdraw consent at any time. We do not sell or share your data with third parties for their own marketing.

• Legal Compliance: In some cases, we must process data to comply with legal obligations. For example, retaining transaction records for tax/audit purposes, or providing information to law enforcement if required by law.

• Improvement of Services (Legitimate Interests): We may analyze how users interact with our website (using cookies/analytics) to improve our services and user experience. We do this based on our legitimate interest in understanding and improving our offerings. Wherever possible, we use aggregated or anonymized data for analytics to protect your privacy.

We will not use your personal data for any purpose that is incompatible with the original purposes described above without informing you and obtaining a lawful basis (and your consent if required). We do not engage in automated decision-making or profiling that produces legal effects concerning you (all processing of your data involves some form of human oversight or is purely administrative).

Cookies and Tracking Technologies:
Our website uses cookies and similar tracking technologies to provide and improve our services. Cookies are small text files placed on your device to store preferences and information. We use cookies for purposes such as:

• Essential Cookies: To enable core site functionality (e.g., keeping you logged in or remembering items in your cart). These are necessary for the website to operate.

• Analytics Cookies: To understand how visitors use our site (e.g., which pages are visited, how long users stay, etc.) so we can improve performance and content. We may use services like Google Analytics, which collect information anonymously.

• Preference Cookies: To remember your choices (such as language or region selection) to provide a more personalized experience.

Before setting non-essential cookies (like analytics or advertising cookies), we will obtain your consent via our cookie banner in compliance with EU ePrivacy directive and GDPR cookie consent requirements secureprivacy.ai. You have the option to accept or reject non-essential cookies. You can also manage cookies through your browser settings at any time (for details on how to do this, see allaboutcookies.org). Please note that disabling certain cookies may affect the functionality of our site.

Data Sharing and International Transfers:
We treat your personal data with care and confidentiality. We do not share or sell your data to third parties for their own marketing purposes. However, we do share data with certain trusted third parties when necessary to provide our services or comply with law, including:

• Travel Service Providers: To fulfill your travel bookings, we share relevant data with airlines, hotels, tour operators, car rental agencies or other travel suppliers that will be providing services to you. For example, if you book a flight or hotel through us, we will share your name, and possibly passport details or contact info, with the airline or hotel so they can provide the service. These providers will process your data as independent data controllers under their own terms and privacy policies.

• Payment Processor (Stripe): As noted, payments on our site are processed through Stripe. When you make a payment, your payment details (like card number, expiration, CVV) are transmitted directly to Stripe. Stripe may process your data outside the EEA, but is obliged to protect it and has measures in place (such as adherence to GDPR and use of standard contractual clauses for data transfers, if applicable) to ensure your data is secure. We receive limited information from Stripe (confirmation of payment, your name, and the last four digits of your card) for record-keeping.

• Service Providers: We may use third-party service providers for functions like website hosting, email communications, or analytics. These providers may have access to personal data strictly for performing services on our behalf (e.g., our email newsletter platform having your email address to send you our mailings). We ensure these parties are bound by confidentiality and data protection obligations.

• Legal and Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., to comply with a court order, tax law, or regulatory requirement). We may also share data to enforce our terms of service or protect our rights, privacy, safety, or property, or those of others.

International Data Transfers: If we transfer personal data to countries outside the European Economic Area (EEA) (for example, some travel providers or our payment processor’s servers might be in another country), we will ensure appropriate safeguards are in place as required by GDPR gdpr.eu. This may include: transferring to countries that have an “adequacy” decision by the European Commission (meaning they provide adequate data protection), or using standard contractual clauses and other lawful transfer mechanisms approved under EU law. You may contact us for more information on the safeguards for international transfers of your data.

Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements gdpr.eu. For example:

• Travel Booking Data: Information related to your bookings will be kept as long as needed to complete your travel arrangements and thereafter for a certain period in case of any post-trip issues or disputes. Typically, we keep booking records for at least 5 years.

• Account and Contact Data: If you create an account on our site or subscribe to communications, we will retain your data until you delete your account or unsubscribe, or after a period of inactivity.

• Marketing Data: If you have consented to receive marketing emails, we will retain your contact details until you opt-out or withdraw consent.

• Cookies: Cookie data is retained as per the cookie’s expiration or until you delete them. For instance, some cookies may exist for the duration of your session, while others (like preferences or analytics cookies) may persist for weeks or months.

Once the retention period expires or the data is no longer needed, we will securely delete or anonymize your personal data. If complete deletion is not immediately feasible (for example, stored in backups), we will ensure it is isolated and protected until deletion is possible.

Your Data Protection Rights:
We want to ensure you remain in control of your personal data. Under the GDPR, you have the following rights with respect to your data gdpr.eu:

• Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it.

• Right to Rectification: If any of your information is inaccurate or incomplete, you have the right to request correction or completion.

• Right to Erasure: You can ask us to delete your personal data under certain conditions – for example, if it’s no longer necessary for the purposes collected, or if you withdraw consent and no other legal basis exists. This is sometimes called the “right to be forgotten.”

• Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain circumstances (e.g., if you contest the accuracy of the data or the lawfulness of processing, for a period enabling us to verify or resolve the issue).

• Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or to perform a contract, you have the right to request a digital copy in a common format, or ask us to transfer that data to another service provider where technically feasible.

• Right to Object: You may object to our processing of your personal data when it is based on our legitimate interests, including any profiling based on those interests. You also have the right to object at any time to processing of your personal data for direct marketing purposes, in which case we will cease marketing communications.

• Right to Withdraw Consent: If we rely on your consent for any processing (e.g., marketing), you have the right to withdraw that consent at any time gdpr.eu. Withdrawal of consent will not affect the lawfulness of processing done before the withdrawal.

To exercise any of these rights, please contact us at the email or address provided in the Data Controller section. We may need to verify your identity before fulfilling certain requests. We will respond to your request as soon as possible, and in any case within one month as required by GDPR (this may be extended by an additional two months for complex requests, but we will inform you if an extension is needed) gdpr.eu.

Supervisory Authority: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with a supervisory data protection authority. Since we are based in Spain, our lead authority is the Agencia Española de Protección de Datos (AEPD). You can contact the AEPD or your local EU supervisory authority for further guidance. We encourage you to contact us first so we can try to resolve your concerns directly.

Security Measures:
We take the security of your personal data seriously. We implement appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of your information. These measures include using encryption (e.g., HTTPS secure connections on our website), access controls to limit who in our organization can access your data, and secure data storage practices. Our third-party service providers (such as Stripe and hosting providers) are also vetted for strong security practices. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure, and while we strive to protect your data, we cannot guarantee absolute security. In the unlikely event of a data breach that poses a high risk to your rights, we will notify you and the appropriate authorities as required by law.

Children’s Privacy:
Our services are not directed to children under the age of 14. In accordance with Spanish law and the GDPR, children below 14 years of age cannot legally give consent for online services gdprhub.eu. We do not knowingly collect personal information from anyone under 14 without verifiable parental consent. If you are a parent or guardian and believe we have collected a minor’s data without consent, please contact us immediately. We will take steps to remove that information from our records. For minors aged 14 to 17, we strongly recommend parental guidance in using our services, especially when providing personal data or booking travel.

External Links:
Our website may contain links to third-party websites (for example, travel insurance providers, partner services, or informational sites). This Privacy Policy applies only to our own website and services. If you follow links to external sites, please be aware that those sites have their own privacy policies, and we do not accept responsibility or liability for their content or practices. We encourage you to read the privacy policies of any third-party sites you visit through links on our website.

Changes to This Privacy Policy:
We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. When we update our Privacy Policy, we will post the new version on this page and update the “Effective Date” at the top. If changes are significant, we may also notify you by email or by means of a notice on our homepage. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the website or our services after any changes to this Privacy Policy constitutes acceptance of those changes.

Contact Us:
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: Contact@torafera.com

• Address: Calle Juan XXIII 22, San Isidro 38611, Santa Cruz de Tenerife, Spain 

We will be happy to assist you and address any issues to the best of our ability.