PRIVACY POLICY

We provide planning-only travel services for Raja Ampat. This policy explains what personal data we collect, why we collect it, how we use it and your rights.

• Inquiry form data you submit: name, email, country/time zone, trip dates/window, trip length and budget, dive certifications/experience (if applicable), preferences (homestay/resort), regions of interest, sea-state tolerance, priorities, must-sees, optional medical/dietary notes, and whether you want booking management or rush delivery.
• Scheduling: when you book a call, Calendly collects your name, email and booking details.
• Payments: when you pay invoices, Stripe or Wise processes your payment. We do not store card or bank details.
• Communications: emails and call notes relevant to your inquiry or project.
• Usage data and cookies: basic technical logs and analytics as described below.

• To respond to inquiries and deliver services (contract).
• To improve our site and protect against fraud/abuse (legitimate interests).
• To send optional updates you request (consent).
• To comply with legal and tax obligations (legal obligation).

To assess fit, prepare proposals/quotes, schedule calls, deliver itineraries and documents, provide support, process invoices and improve our services.

We do not sell your personal data.

• Website hosting and backups: our web host stores this site and server logs.
• Forms and email: our WordPress form plugin stores submissions; email sent via our SMTP/email provider.
• Scheduling: Calendly (scheduling and reminders).
• Payments: Stripe and/or Wise (invoicing and payment processing).
• Analytics: Plausible (privacy-friendly, no cookies by default) or Google Analytics (cookies; consent-based if enabled).
• Maps/files: Google Maps/Drive to create and share itinerary maps and documents.

Processors act on our instructions and under contract.

Some processors may store data outside the EEA/UK. Where applicable, transfers rely on adequacy decisions or Standard Contractual Clauses.

• Inquiry data: up to 12 months.
• Client records, invoices, and related documents: up to 5 years for admin/tax.

You may request deletion earlier where legally permissible.

We use SSL, access controls and reputable processors. No method is 100% secure, but we take reasonable steps to protect your data.

You can request access, correction, deletion, restriction, or portability of your personal data, and object to processing. You can withdraw consent at any time for consent-based processing.

You may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet): www.datatilsynet.no.

To exercise rights, contact: Sara.getilli@travelrajaampat.com.

Necessary cookies keep the site functioning.

If we use Plausible Analytics, it is cookieless and does not collect personal data.

If we use Google Analytics (GA4), cookies may be set. We display a consent banner where required and only load analytics after consent. You can manage preferences via the banner or your browser.

Embedded content (e.g., maps, videos) may set cookies by their providers.

Our services are not directed to children under 16. Please do not submit children’s data.

Third-party sites have their own privacy policies. We are not responsible for their practices.

We may update this policy. The latest version will appear on this page with a new effective date.

• Data Controller: itinerariesAI Getilli, Oslo, Norway.
• Email: Sara.getilli@travelrajaampat.com.