Protecting the personal data of tourists is a responsibility that we take upon ourselves. Here are some of the main measures we take to ensure the security of our tourists' personal data from unauthorized access and disclosure.
Policy documents: We follow the provisions of the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 dated 07/02/2019, as well as the recommendations of the EC General Data Protection Regulation (GDPR)
Minimization: We minimize the amount of personal data (as a rule, a copy of the passport is enough), which we only need:
- to conclude contracts for tour services in accordance with the law
- for the purchase of air and railway tickets
- to apply for visa support
Sometimes, for some active tour programs (cycling, equestrian, speleo tours, heliski, etc.), we request anthropometric data – height, weight, as well as data on the presence of chronic diseases and contraindications to the tour, dietary preferences.
By signing the contract, the tourist by default gives consent to the processing of his personal data necessary for the implementation of the tour.
Access rules: Access is allowed only to those employees who need it to perform their duties and who have been instructed on working with personal data of tourists. We do not store a database of personal data on one server, but save data on the computers of responsible tour managers who work with their specific tourists. The computers are password protected and only the tour manager and the director of tourism have access to them.
Cross-border transfer of personal data: When organizing cross-border tours to provide the necessary services under the contract, we may transfer personal data of tourists to our subcontractors, who also ensure data protection in accordance with internal instructions and laws of their countries.
Data deletion: After the end of the tour and the signing of the act of completed work, we securely delete the data of tourists.
Policy documents: We follow the provisions of the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 dated 07/02/2019, as well as the recommendations of the EC General Data Protection Regulation (GDPR)
Minimization: We minimize the amount of personal data (as a rule, a copy of the passport is enough), which we only need:
- to conclude contracts for tour services in accordance with the law
- for the purchase of air and railway tickets
- to apply for visa support
Sometimes, for some active tour programs (cycling, equestrian, speleo tours, heliski, etc.), we request anthropometric data – height, weight, as well as data on the presence of chronic diseases and contraindications to the tour, dietary preferences.
By signing the contract, the tourist by default gives consent to the processing of his personal data necessary for the implementation of the tour.
Access rules: Access is allowed only to those employees who need it to perform their duties and who have been instructed on working with personal data of tourists. We do not store a database of personal data on one server, but save data on the computers of responsible tour managers who work with their specific tourists. The computers are password protected and only the tour manager and the director of tourism have access to them.
Cross-border transfer of personal data: When organizing cross-border tours to provide the necessary services under the contract, we may transfer personal data of tourists to our subcontractors, who also ensure data protection in accordance with internal instructions and laws of their countries.
Data deletion: After the end of the tour and the signing of the act of completed work, we securely delete the data of tourists.