This Privacy Notice governs the collection and use of personal data by midoandtolo ("us", "we", or "our") in relation to the use of our websites [www.midoandtolo.com], our marketing and sales activities, our customer service and any other use of your personal data by us or our service providers on our behalf.
This Privacy Notice is addressed to you as a visitor of our websites, an individual contacting us for enquiries or other reasons, a potential or actual customer of midoandtolo, or a recipient of online personalized advertising of our products and services.
Please read this Privacy Notice carefully as it explains what personal data we process, how we use it, who we share it with, and your rights in relation to personal data. It also includes other information regarding our practices regarding the handling of your personal data.
This Privacy Notice governs the processing of personal data that you provide to us, that we collect or receive from you or that we receive from third parties about you. Personal data is any information relating to an identified or identifiable natural person.
We may collect information about you from the following sources:
If you want to know more about this, please see sections 2.1 and 2.2 below.
We collect personal data that you provide to us when you visit our websites, engage with us to provide you with access to our websites and their features, contact us by phone, email or other means, or provide reviews to our products or services. This includes your name, postal and email address, telephone number, other identification details, and your opinions (e.g. in relation to a feedback request). For example, you may provide us with personal data when you:
In addition to personal data you provide to us, we receive information about you that you authorise third parties to provide to us, such as our partners including [booking partners]. This can include information about purchases of touristic packages or tickets that you made with one of our partners, your nationality, your contact details, your preferences as a tourist while on one of our retreats.
We also obtain personal data from third-party service providers in order to verify your identity, to prevent fraud, or to help us identify products and services that may be of interest to you.
We may also collect information about you from public registers or information which is otherwise publicly available.
When you visit our website, we use cookies and other technologies to automatically collect the following information:
However, we do not collect information about you by means of cookies or other technologies where your consent is required by law and you have not consented.
We use your personal data to diagnose problems with our websites or administer our websites, to analyse user traffic to measure use of our websites and to improve the content of our websites and our services as well as to keep our websites safe and secure.
We also use certain information that is collected by third parties via cookies on third parties' websites. For example, we receive information from Instagram or other social media where we have a page / account regarding your interaction with such page / account. We may use this information for analytical purposes e.g. to analyse the effectiveness and results of our social media initiatives.
Legitimate interest. We use your personal data in this way as it is necessary for our legitimate interest to: (a) analyse user traffic so that we can improve our website and meet the needs of visitors to our website; (b) to provide you with access to our website; and (c) monitor how our website is used to detect and prevent fraud, other crimes and the misuse of our website. This helps us to ensure that you can safely use our websites.
Legal obligations. Sometimes the collection of your personal data via cookies or similar technologies is necessary for compliance with legal obligations to which we are subject (e.g. the obligation to ensure the security of our information systems).
Contractual necessity. Sometimes the collection of your personal data via cookies or similar technologies is necessary to provide you with an online service that you have requested (e.g. when you purchase a product on our website we use cookies to track what you put in your basket).
Consent. Where we use cookies or similar technologies for targeted advertising, analytics purposes (or purposes other than the purposes mentioned above), we rely on your consent to place cookies as required under applicable law.
We may need to process personal data to comply with legal and regulatory requirements to which we are subject and/or to defend such claims or exercise our legal rights.
Processing personal data in this way is necessary to ensure compliance with our legal and regulatory obligations. It is also necessary for our legitimate interests to process personal data for the purposes of exercising and defending such claims.
We use your personal data (such as your email address or other contact details) to send you information about our services and other information which may be of interest to you, including events, surveys, updates and other relevant information.
Legitimate interest. Where we are permitted to send you such messages under applicable law, our legal basis for processing your personal data is that it is necessary for our legitimate interests to promote our services and provide you with other information which may be of interest to you. We will not send such messages to you if you have opted out of receiving these.
Consent. Where applicable law requires that you consent to receiving direct marketing communications from us such as by email, phone or post, we will obtain your consent (instead of relying on the legitimate interest above). We will stop sending you such messages if you withdraw your consent.
Please see further information below under "What are your rights?" in relation to your rights to opt out of receiving marketing messages.
We collect and process personal data that you provide to us for the purposes of providing you with the product or service that you have requested (either offline or online). For example, we need your payment card details to process your payment on our websites; and your postal address to deliver the product you have bought. We may also collect personal data further to a sale but in relation to such sale, e.g. for refunds or reimbursements.
Contractual necessity. We need to collect certain information from you in order to conclude the transaction that you have requested, perform our contractual obligations (e.g. product delivery, refunds or reimbursements).
Legitimate interest. Where the processing of your data is not strictly necessary to conclude or perform the sale, we will rely on our legitimate interests to (a) conclude or perform the transaction with you in the most expedite and efficient way; (b) maintain a trusted relation with you, and provide you with seamless and efficient customer service.
We collect information from you or about you (such as online reviews of our services, feedback and reviews following your purchase, comments and 'likes' on our social media pages) to analyse and measure market trends, customer satisfaction, the effectiveness of our campaigns and activities, etc.
Legitimate interest. We rely on our legitimate interest to (a) improve our services, and (b) pursue our mission which is the promotion of travel and tourism with the help of the midoandtolo brand.
Consent. We will normally rely on the legitimate interest above. However, in relation to certain personal data that we may collect from you or about you, or in relation to certain data collection activities, we may opt to rely on your consent instead (where we believe this is more appropriate in the interest of your privacy rights).
We will keep records of your personal data, such as your name, address, account details and marketing preferences, in order to administer our websites and keep our records up to date.
Legitimate interest. We use your personal data in this way as it is necessary for our legitimate interest to keep records of your personal details and update these when necessary. It is also in our legitimate interests to keep records of any correspondence with you. Our customers are important to us and so we need to keep track of your details and preferences.
Legal obligations. In some instances we are required to collect and retain information for compliance with applicable law. For example, we need to record your marketing preferences (e.g. opt out) for compliance with our obligations concerning direct marketing.
The provision of your personal data is necessary when personal data is needed for the purposes of entering into or servicing a contract that you have with us or to receive the products or services or information you request, or for us to comply with applicable law and regulations (see details of this in section 3 above).
Refusal to provide your information may make it impossible for us to provide the products, services or information requested or to fulfil our contractual obligations.
Your personal data is intended for midoandtolo but may be shared with third parties in the following circumstance
We may share your personal data among other offices and locations within our organisation to administer our websites, send you information about products and services that may be of interest to you, provide customer services and conduct the other activities described in this Privacy Notice.
We use other companies, agents or contractors to perform services on our behalf (e.g. marketing) or to assist us with the provision of our websites, services and products to you. We may share your personal data with the following categories of service provider:
We will only provide our service providers with personal data which is necessary for them to perform their services to us or assist us with the provision of our websites, services and products. We require them not to use your information for any other purpose. We will use reasonable commercial efforts to ensure that all our service providers keep your personal data secure.
We may share some personal data with our partners such as travel organizations which collaborate with us for the promotion and sale of touristic services. We will share information with our partners only to the extent this is necessary for the purposes described in this Privacy Notice and we will always ensure that we do so with your consent or another legal basis (as described in section 3 of this Privacy Notice).
We may share personal data with government or other public entities or agencies where this is necessary for specific purposes such as government controls, reporting, public expenditure review and accountability.
In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities in the USA or in other locations where we operate such as Europe). We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
Your personal data is transferred to and processed by us or our service providers which are located in countries outside the European Union and/or European Economic Area ("EEA"). In particular, if you are located in the EEA we will transfer the personal data we collect about you to the USA (where our headquarters is located).
We will take all steps that are reasonably necessary to ensure that your personal data, upon and after transfer, is treated securely and in accordance with this Privacy Notice as well as applicable data protection laws. If you want to know more about our measures (as required by applicable law) in relation to international data transfers, please contact us through the contact form.
To the extent required by the law of your jurisdiction, you may request access to the personal data we maintain about you or request that we correct, amend, delete or block the information by contacting us as indicated below. Where required by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal data, and we will apply your preferences going forward.
You can make a request to exercise any of these rights in relation to your personal data through the contact form.
If you are a resident in the EEA or EU data protection law applies to your personal data, you have the following rights in respect of your personal data (if applicable):
We have implemented technical and organizational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for (a) the purposes described in this Privacy Notice; and (b) in order to perform their jobs, such as providing you with information you request, or notifying you of new products and services. We also maintain certain reasonable physical, electronic, and procedural safeguards to protect the personal information in our possession from loss, misuse, and unauthorised access, disclosure, alteration and destruction, and we review and adjust these safeguards regularly in response to advances in technology.
While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable law.
Please note our websites may, from time to time, contain links to and from other websites, such as the websites of other booking platforms. If you follow a link to any other websites from our website, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy notices of third party websites before you submit any personal data to them.
Where we receive information from social media platforms on how you interact with our initiatives, content and pages on those social media, we take control of and responsibility for this information (as described in other sections of this notice e.g. section 3.1). However, please note that the social media platform remains responsible for its own uses of this information.
If there are any questions or concerns regarding this Privacy Notice, please contact us through the contact form.
We reserve the right to change this Privacy Notice at any time and as permitted by law. We will notify you of material changes to this Privacy Notice by posting the updated Privacy Notice on our websites or as otherwise required by law.
Last updated: [11 May 2024]