bannerincatrailshort

Privacy Policy

Privacy Policy

Last updated: January 2026 Version: 2.0

Your Privacy is Important to Us

At Inca Trail Explorers we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share and protect your information when you use our services.

This policy complies with:

  • Law No. 29733 – Personal Data Protection Law of Peru
  • Supreme Decree No. 003-2013-JUS – Regulation of the Personal Data Protection Law
  • General Data Protection Regulation (GDPR) of the European Union (for EU customers)
  • International privacy best practices

Data Controller: MY PERU DESTINATIONS GROUP S.A.C. Address: Villa la Capullana A10 Cusco, Peru Email: privacidad@inca-trail.pe

  1. Data We Collect
  2. How We Collect Your Data
  3. Legal Basis for Processing
  4. What We Use Your Data For
  5. With Whom We Share Your Data
  6. International Transfers
  7. How Long We Keep Your Data
  8. Security of Your Data
  9. Your Rights
  10. Cookies and Similar Technologies
  11. Minors
  12. Third-Party Links
  13. Changes to This Policy
  14. Contact

 

  1. Data We Collect

We collect different types of information depending on how you interact with us.

1.1 Data You Provide Directly to Us

When making a reservation:

Category

Specific Data

Purpose

Identification

Full name (as appears on passport), nationality, gender, date of birth

Issuance of Ministry of Culture permits

Travel document

Passport number, issuing country, expiration date

Required by Ministry of Culture

Contact

Email, phone/WhatsApp number, postal address (optional)

Communication about your reservation

Health

Relevant medical conditions, allergies, dietary restrictions, medications

Safety during tour, meal preparation

Payment

Payment method, transaction data

Payment processing

Preferences

Chosen segment, special requests, desired date

Service personalization

Emergency

Name and contact of emergency person

Emergency situations

When communicating with us:

Channel

Data Collected

Email

Email address, message content, attachments

WhatsApp

Phone number, message content, shared files

Web form

All completed fields

Phone

Calling number, conversation content (we don’t record calls)

Social media

Username, interaction content

When participating in our tours:

Data

Circumstance

Photographs and videos

Taken during tour by our team

Testimonials

If you provide us with a review or comment

Feedback

Post-tour satisfaction surveys

1.2 Data We Collect Automatically

When you visit our website, we automatically collect:

Data

Description

IP address

Identifier of your internet connection

Device type

Computer, mobile, tablet

Operating system

Windows, macOS, iOS, Android, etc.

Browser

Chrome, Safari, Firefox, etc.

Pages visited

Which sections of our site you visited

Visit time

How long you stayed on each page

Traffic source

How you arrived at our site (search engine, social media, direct)

General location

Country and city (based on IP, not exact location)

Cookies

Identifiers stored in your browser (see Section 10)

1.3 Data from Third-Party Sources

We may receive information from:

Source

Type of Data

Circumstance

Travel agencies

Reservation data from their clients

When you book through an agency

Review platforms

Public reviews

TripAdvisor, Google Reviews

Social networks

Public profile information

If you connect via social networks

Payment services

Transaction confirmation

PayPal, card processors

1.4 Special Categories of Data

Some data we collect is considered “sensitive” and receives additional protection:

Category

Examples

Why We Need It

Health data

Medical conditions, allergies, medications

Safety during tour, emergency response

Religious dietary restrictions

Kosher, Halal

Appropriate meal preparation

We only collect sensitive data:

  • With your explicit consent
  • When necessary to protect your health or safety
  • When you make it public voluntarily

 

  1. How We Collect Your Data

2.1 Directly from You

  • Reservation forms on our website
  • Communications by email, WhatsApp or phone
  • Forms at our physical office
  • Surveys and feedback forms
  • Participation in promotions or contests

2.2 Automatically

  • Cookies and similar technologies when you visit our site
  • Server logs
  • Web analytics tools

2.3 From Third Parties

  • Travel agencies that book on your behalf
  • Payment platforms
  • Social networks (if you choose to connect)
  • Public sources (reviews, directories)

 

  1. Legal Basis for Processing

We process your personal data based on the following legal bases:

3.1 Contract Performance

Activity

Justification

Process your reservation

Necessary to provide service you contracted

Manage permits

Required to execute tour

Communicate about your trip

Necessary to fulfill reservation

Process payments

Necessary to complete transaction

Attend service requests

Part of our contractual obligations

3.2 Consent

Activity

Your Control

Sending newsletters and marketing

Can withdraw consent at any time

Use of photographs in marketing

Can refuse or withdraw consent

Non-essential cookies

Can reject them in settings

Collection of sensitive health data

Explicit consent required

3.3 Legitimate Interest

Activity

Our Legitimate Interest

Your Rights

Improve our services

Offer better experience

Can object

Website usage analysis

Optimize our website

Can object

Fraud prevention

Protect our business

Superior interest

Service communications

Relevant information about your trip

Can object to some

3.4 Legal Obligation

Activity

Legal Requirement

Share data with Ministry of Culture

Required for Inca Trail permits

Keep accounting records

Peruvian tax legislation

Respond to authorities

When legally required

Comply with tourism regulations

MINCETUR/DIRCETUR regulations

 

  1. What We Use Your Data For

4.1 Reservation and Service Management

Use

Description

Process reservations

Confirm availability, manage permits, coordinate logistics

Pre-trip communication

Send confirmations, itineraries, preparation information

Personalization

Adapt services to your needs (diet, health, preferences)

During tour

Passenger list, identification, emergencies

Post-trip

Send photos, request feedback, resolve incidents

4.2 Payments and Accounting

Use

Description

Process payments

Charge for services, issue refunds

Billing

Issue payment receipts

Accounting

Maintain legal financial records

Fraud prevention

Detect suspicious transactions

4.3 Communication

Type

Description

Legal Basis

Transactional

Confirmations, reminders, changes

Contract

Service

Information about your specific trip

Contract

Marketing

Offers, promotions, newsletters

Consent

Surveys

Request feedback

Legitimate interest

4.4 Service Improvement

Use

Description

Analysis

Understand preferences and behavior

Development

Improve tours, website, processes

Training

Train our team

Research

Market studies (anonymized data)

4.5 Legal and Security

Use

Description

Compliance

Fulfill legal and regulatory obligations

Defense

Establish, exercise or defend legal claims

Security

Protect our systems and data

Audit

Internal and external verifications

 

  1. With Whom We Share Your Data

5.1 Mandatory Sharing

Recipient

Data Shared

Purpose

Legal Basis

Ministry of Culture of Peru

Name, passport, nationality, date of birth, gender

Inca Trail permit issuance

Legal obligation

SUNAT

Billing data

Tax compliance

Legal obligation

Authorities

As per legal request

Judicial or administrative requirements

Legal obligation

5.2 Service Providers

We share data with third parties that help us operate:

Provider

Data

Purpose

Protection

Payment processors

Transaction data

Process payments

Confidentiality agreements, PCI-DSS

Email services

Email, name

Send communications

Processing agreements

Hotels (when applicable)

Name, preferences

Accommodation reservations

Commercial agreements

Transportation (train, bus)

Name, passport

Transportation reservations

Commercial agreements

Hosting services

All site data

Web storage

Processing agreements

Analytics tools

Anonymized data

Usage analysis

Privacy settings

5.3 Agencies and Business Partners

Situation

Data Shared

Conditions

If you booked through agency

Reservation confirmation, status

Only what’s necessary

Referral partners

Referral confirmation (without detailed personal data)

For commissions

5.4 We Never Sell Your Data

Inca Trail Explorers does NOT sell, rent or trade your personal data to third parties for their own marketing purposes.

5.5 Sharing with Your Consent

We may share your data with additional third parties only if you give us specific consent.

 

  1. International Data Transfers

6.1 Data Location

Your data may be processed in:

Location

Purpose

Peru

Main operations, Ministry of Culture

United States

Some cloud service providers

European Union

Some payment processors

6.2 Protections for Transfers

When we transfer data outside Peru or EU, we guarantee protection through:

Mechanism

Description

Standard Contractual Clauses

Contracts approved by regulators

Adequacy decisions

Countries recognized with equivalent protection

Certifications

Providers with privacy certifications

Explicit consent

When applicable

6.3 For EU Residents

If you are a European Union resident:

  • Transfers outside the European Economic Area are made in accordance with GDPR
  • You can request information about specific safeguards used
  • You have the right to file complaint with your data protection authority

 

  1. How Long We Keep Your Data

7.1 Retention Periods

Data Type

Retention Period

Justification

Reservation and contract data

10 years after tour

Legal tax and commercial obligations

Passport data

5 years after tour

Possible claims, verifications

Service communications

3 years

Query resolution, service improvement

Payment data

10 years

Tax requirements

Health data

Up to 2 years after tour

Possible related claims

Marketing emails

Until you withdraw consent

Active consent

Cookies and browsing data

According to cookie type (see Section 10)

Functionality and analysis

Tour photographs

Indefinite (marketing use)

Legitimate interest, consent

7.2 Retention Criteria

We keep data while:

  • They are necessary for original purpose
  • An active commercial relationship exists
  • Required by law
  • Necessary to defend legal claims
  • We have your current consent

7.3 Data Deletion

When data is no longer necessary:

  • Securely deleted
  • Irreversibly anonymized (for statistics)
  • Physically destroyed (paper documents)

 

  1. Security of Your Data

8.1 Technical Measures

Measure

Description

SSL/TLS encryption

All web communication is encrypted

Sensitive data encryption

Passport and health data encrypted at rest

Firewalls

Protection against unauthorized access

Restricted access

Only authorized personnel access personal data

Secure authentication

Strong passwords, two-factor authentication

Backups

Regular encrypted backups

Monitoring

Detection of suspicious activity

8.2 Organizational Measures

Measure

Description

Internal policies

Documented data handling procedures

Training

Personnel trained in data protection

Confidentiality agreements

All personnel sign agreements

Minimum necessary access

Each employee only accesses what they need

Vendor assessment

We verify third-party security practices

Incident response

Documented plan for security breaches

8.3 What You Can Do

To protect your data:

  • Use strong passwords if you create account
  • Don’t share access credentials
  • Verify you’re on our official site (https://inca-trail.pe)
  • Report any suspicious activity
  • Keep your software and antivirus updated

8.4 Breach Notification

In case of security breach affecting your data:

  • We’ll notify competent authorities within 72 hours
  • We’ll notify you without undue delay if there’s high risk to you
  • We’ll take measures to mitigate damage
  • We’ll document incident and actions taken

 

  1. Your Rights

9.1 Rights You Have

Right

Description

How to Exercise

Access

Know what data we have about you

Request copy of your data

Rectification

Correct inaccurate or incomplete data

Inform us of errors

Erasure (“Forgetting”)

Request deletion of your data

When no longer necessary

Restriction

Restrict how we use your data

In certain circumstances

Portability

Receive your data in structured format

Data provided by you

Objection

Object to processing

For marketing or legitimate interest

Withdraw consent

Revoke consents given

At any time

Not be subject to automated decisions

Not be evaluated only by algorithms

We don’t make this type of decisions

9.2 Additional Rights for EU Residents (GDPR)

If you are European Union resident, you additionally have right to:

  • File complaint with your local data protection authority
  • Be informed of transfers to third countries
  • Receive information in clear and accessible format

9.3 How to Exercise Your Rights

By email: privacidad@inca-trail.pe By postal mail: Inca Trail Explorers – Privacy Cusco, Peru

Information we need:

  • Full name
  • Email associated with your reservation
  • Reservation number (if applicable)
  • Clear description of your request
  • Copy of identity document (for verification)

9.4 Response Times

Request

Response Time

Data access

30 days

Rectification

15 days

Erasure

30 days

Other requests

30 days

Times may be extended in complex cases, with prior notification.

9.5 Requests at No Cost

Exercising your rights is free. However, we may charge reasonable fee if:

  • Requests are manifestly unfounded or excessive
  • Additional copies of data are requested

9.6 Limitations

We may refuse or limit requests when:

  • We cannot verify your identity
  • Request is manifestly unfounded or excessive
  • Affects third-party rights
  • Legal obligation to retain data exists
  • Necessary for defense of legal claims

 

  1. Cookies and Similar Technologies

10.1 What are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us:

  • Remember your preferences
  • Understand how you use our site
  • Improve your experience
  • Show relevant content

10.2 Types of Cookies We Use

Essential Cookies (Always Active)

Cookie

Purpose

Duration

Session

Maintain your active session

Session

Security

Prevent fraud, protect data

1 year

Basic preferences

Language, currency

1 year

These cookies are necessary for site to function and cannot be disabled.

Performance/Analytics Cookies

Cookie

Purpose

Duration

Provider

Google Analytics

Analyze site traffic and usage

2 years

Google

Hotjar

Heat maps, behavior

1 year

Hotjar

Help us understand how site is used to improve it.

Functionality Cookies

Cookie

Purpose

Duration

Chat

Remember support conversations

1 year

Forms

Save form progress

Session

Preferences

Remember chosen settings

1 year

Improve your experience by remembering your choices.

Marketing/Advertising Cookies

Cookie

Purpose

Duration

Provider

Facebook Pixel

Measure ad effectiveness

90 days

Facebook

Google Ads

Remarketing, conversions

90 days

Google

Allow us to show you relevant ads and measure campaigns.

10.3 How to Manage Cookies

On our site:

  • Use our cookie banner to accept/reject categories
  • Access “Cookie Settings” in footer

In your browser:

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Options > Privacy & Security
  • Safari: Preferences > Privacy
  • Edge: Settings > Privacy and services

Consequences of rejecting cookies:

  • Essential cookies: Site may not work properly
  • Analytics cookies: Doesn’t affect functionality, but we can’t improve based on your use
  • Marketing cookies: You’ll still see ads, but less relevant

10.4 Other Technologies

Technology

Purpose

Pixels/Beacons

Measure email opens, ad effectiveness

Local Storage

Store data locally in your browser

Session Storage

Temporary storage during your visit

10.5 Do Not Track

Some browsers have “Do Not Track” function. Currently, there’s no universal standard to respond to these signals, but we respect your cookie settings.

 

  1. Minors

11.1 General Policy

Our services are directed to people over 18 years old. We don’t intentionally collect information from minors under 16 without parental consent.

11.2 Traveling Minors

When a minor participates in our tours:

  • Father/mother/guardian must make reservation
  • Father/mother/guardian provides minor’s data
  • Father/mother/guardian consents to minor’s data processing
  • Minor’s data is treated with same protections as adults’

11.3 Data Collected from Minors

Data

Purpose

Who Provides

Full name

Ministry of Culture permit

Parent/Guardian

Date of birth

Verify eligibility, discounts

Parent/Guardian

Passport

Ministry of Culture permit

Parent/Guardian

Allergies/health

Safety during tour

Parent/Guardian

11.4 Parents/Guardians Rights

Parents or guardians can:

  • Review their minor children’s data
  • Request correction or deletion
  • Withdraw consent (may affect reservation)

 

  1. Third-Party Site Links

12.1 External Sites

Our website may contain links to:

  • Social networks (Facebook, Instagram, TripAdvisor)
  • Payment platforms
  • Tourism information sites
  • Partners and providers

12.2 Responsibility

We are not responsible for privacy practices of third-party sites. We recommend reviewing privacy policies of any site you visit.

12.3 Social Networks

If you interact with us on social networks:

  • Those platforms have their own privacy policies
  • They may collect data about your interaction
  • They may use their own cookies and tracking

 

  1. Changes to This Policy

13.1 Updates

We may update this policy occasionally to reflect:

  • Changes in our practices
  • New services
  • Legal or regulatory changes
  • Industry best practices

13.2 Change Notification

Type of Change

How We’ll Notify You

Minor changes

Update on website

Significant changes

Email to active customers + notice on website

Changes affecting your rights

Direct notification + possible new consent

13.3 Effective Date

The “Last updated” date at beginning indicates when last modified. We recommend reviewing this policy periodically.

13.4 Previous Versions

You can request previous versions of this policy by writing to privacidad@inca-trail.pe.

 

  1. Contact

14.1 For Privacy Inquiries

Email: privacidad@inca-trail.pe Postal mail: Inca Trail Explorers Attn: Privacy Officer Cusco, Peru Phone: +51 921 333 639

14.2 To Exercise Your Rights

Preferred email: privacidad@inca-trail.pe

Include:

  • Full name
  • Contact email
  • Clear description of your request
  • Identity documentation (for verification)

14.3 Complaints

If you’re not satisfied with our response, you can file complaint with:

In Peru: National Authority for Personal Data Protection General Directorate of Transparency, Access to Public Information and Personal Data Protection Ministry of Justice and Human Rights https://www.gob.pe/minjus

In European Union: Your local data protection authority

14.4 Response Time

We respond to privacy inquiries within 15 business days. Complex requests may require up to 30 days.

Summary: The Most Important

Aspect

Our Practice

What we collect

Data necessary for your reservation, communication and safety

Why

Manage your tour, fulfill legal obligations, improve services

With whom we share

Ministry of Culture (mandatory), service providers

We never

Sell your data to third parties

Security

Encryption, restricted access, established protocols

Your rights

Access, rectification, erasure, portability, objection

Contact

privacidad@inca-trail.pe

Effective date: January 2026 Version: 2.0

This Privacy Policy was last reviewed in January 2026.