Privacy Policy
Last updated: January 2026 Version: 2.0
Your Privacy is Important to Us
At Inca Trail Explorers we are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share and protect your information when you use our services.
This policy complies with:
Data Controller: MY PERU DESTINATIONS GROUP S.A.C. Address: Villa la Capullana A10 Cusco, Peru Email: privacidad@inca-trail.pe
We collect different types of information depending on how you interact with us.
1.1 Data You Provide Directly to Us
When making a reservation:
Category | Specific Data | Purpose |
Identification | Full name (as appears on passport), nationality, gender, date of birth | Issuance of Ministry of Culture permits |
Travel document | Passport number, issuing country, expiration date | Required by Ministry of Culture |
Contact | Email, phone/WhatsApp number, postal address (optional) | Communication about your reservation |
Health | Relevant medical conditions, allergies, dietary restrictions, medications | Safety during tour, meal preparation |
Payment | Payment method, transaction data | Payment processing |
Preferences | Chosen segment, special requests, desired date | Service personalization |
Emergency | Name and contact of emergency person | Emergency situations |
When communicating with us:
Channel | Data Collected |
Email address, message content, attachments | |
Phone number, message content, shared files | |
Web form | All completed fields |
Phone | Calling number, conversation content (we don’t record calls) |
Social media | Username, interaction content |
When participating in our tours:
Data | Circumstance |
Photographs and videos | Taken during tour by our team |
Testimonials | If you provide us with a review or comment |
Feedback | Post-tour satisfaction surveys |
1.2 Data We Collect Automatically
When you visit our website, we automatically collect:
Data | Description |
IP address | Identifier of your internet connection |
Device type | Computer, mobile, tablet |
Operating system | Windows, macOS, iOS, Android, etc. |
Browser | Chrome, Safari, Firefox, etc. |
Pages visited | Which sections of our site you visited |
Visit time | How long you stayed on each page |
Traffic source | How you arrived at our site (search engine, social media, direct) |
General location | Country and city (based on IP, not exact location) |
Cookies | Identifiers stored in your browser (see Section 10) |
1.3 Data from Third-Party Sources
We may receive information from:
Source | Type of Data | Circumstance |
Travel agencies | Reservation data from their clients | When you book through an agency |
Review platforms | Public reviews | TripAdvisor, Google Reviews |
Social networks | Public profile information | If you connect via social networks |
Payment services | Transaction confirmation | PayPal, card processors |
1.4 Special Categories of Data
Some data we collect is considered “sensitive” and receives additional protection:
Category | Examples | Why We Need It |
Health data | Medical conditions, allergies, medications | Safety during tour, emergency response |
Religious dietary restrictions | Kosher, Halal | Appropriate meal preparation |
We only collect sensitive data:
2.1 Directly from You
2.2 Automatically
2.3 From Third Parties
We process your personal data based on the following legal bases:
3.1 Contract Performance
Activity | Justification |
Process your reservation | Necessary to provide service you contracted |
Manage permits | Required to execute tour |
Communicate about your trip | Necessary to fulfill reservation |
Process payments | Necessary to complete transaction |
Attend service requests | Part of our contractual obligations |
3.2 Consent
Activity | Your Control |
Sending newsletters and marketing | Can withdraw consent at any time |
Use of photographs in marketing | Can refuse or withdraw consent |
Non-essential cookies | Can reject them in settings |
Collection of sensitive health data | Explicit consent required |
3.3 Legitimate Interest
Activity | Our Legitimate Interest | Your Rights |
Improve our services | Offer better experience | Can object |
Website usage analysis | Optimize our website | Can object |
Fraud prevention | Protect our business | Superior interest |
Service communications | Relevant information about your trip | Can object to some |
3.4 Legal Obligation
Activity | Legal Requirement |
Share data with Ministry of Culture | Required for Inca Trail permits |
Keep accounting records | Peruvian tax legislation |
Respond to authorities | When legally required |
Comply with tourism regulations | MINCETUR/DIRCETUR regulations |
4.1 Reservation and Service Management
Use | Description |
Process reservations | Confirm availability, manage permits, coordinate logistics |
Pre-trip communication | Send confirmations, itineraries, preparation information |
Personalization | Adapt services to your needs (diet, health, preferences) |
During tour | Passenger list, identification, emergencies |
Post-trip | Send photos, request feedback, resolve incidents |
4.2 Payments and Accounting
Use | Description |
Process payments | Charge for services, issue refunds |
Billing | Issue payment receipts |
Accounting | Maintain legal financial records |
Fraud prevention | Detect suspicious transactions |
4.3 Communication
Type | Description | Legal Basis |
Transactional | Confirmations, reminders, changes | Contract |
Service | Information about your specific trip | Contract |
Marketing | Offers, promotions, newsletters | Consent |
Surveys | Request feedback | Legitimate interest |
4.4 Service Improvement
Use | Description |
Analysis | Understand preferences and behavior |
Development | Improve tours, website, processes |
Training | Train our team |
Research | Market studies (anonymized data) |
4.5 Legal and Security
Use | Description |
Compliance | Fulfill legal and regulatory obligations |
Defense | Establish, exercise or defend legal claims |
Security | Protect our systems and data |
Audit | Internal and external verifications |
5.1 Mandatory Sharing
Recipient | Data Shared | Purpose | Legal Basis |
Ministry of Culture of Peru | Name, passport, nationality, date of birth, gender | Inca Trail permit issuance | Legal obligation |
SUNAT | Billing data | Tax compliance | Legal obligation |
Authorities | As per legal request | Judicial or administrative requirements | Legal obligation |
5.2 Service Providers
We share data with third parties that help us operate:
Provider | Data | Purpose | Protection |
Payment processors | Transaction data | Process payments | Confidentiality agreements, PCI-DSS |
Email services | Email, name | Send communications | Processing agreements |
Hotels (when applicable) | Name, preferences | Accommodation reservations | Commercial agreements |
Transportation (train, bus) | Name, passport | Transportation reservations | Commercial agreements |
Hosting services | All site data | Web storage | Processing agreements |
Analytics tools | Anonymized data | Usage analysis | Privacy settings |
5.3 Agencies and Business Partners
Situation | Data Shared | Conditions |
If you booked through agency | Reservation confirmation, status | Only what’s necessary |
Referral partners | Referral confirmation (without detailed personal data) | For commissions |
5.4 We Never Sell Your Data
Inca Trail Explorers does NOT sell, rent or trade your personal data to third parties for their own marketing purposes.
5.5 Sharing with Your Consent
We may share your data with additional third parties only if you give us specific consent.
6.1 Data Location
Your data may be processed in:
Location | Purpose |
Peru | Main operations, Ministry of Culture |
United States | Some cloud service providers |
European Union | Some payment processors |
6.2 Protections for Transfers
When we transfer data outside Peru or EU, we guarantee protection through:
Mechanism | Description |
Standard Contractual Clauses | Contracts approved by regulators |
Adequacy decisions | Countries recognized with equivalent protection |
Certifications | Providers with privacy certifications |
Explicit consent | When applicable |
6.3 For EU Residents
If you are a European Union resident:
7.1 Retention Periods
Data Type | Retention Period | Justification |
Reservation and contract data | 10 years after tour | Legal tax and commercial obligations |
Passport data | 5 years after tour | Possible claims, verifications |
Service communications | 3 years | Query resolution, service improvement |
Payment data | 10 years | Tax requirements |
Health data | Up to 2 years after tour | Possible related claims |
Marketing emails | Until you withdraw consent | Active consent |
Cookies and browsing data | According to cookie type (see Section 10) | Functionality and analysis |
Tour photographs | Indefinite (marketing use) | Legitimate interest, consent |
7.2 Retention Criteria
We keep data while:
7.3 Data Deletion
When data is no longer necessary:
8.1 Technical Measures
Measure | Description |
SSL/TLS encryption | All web communication is encrypted |
Sensitive data encryption | Passport and health data encrypted at rest |
Firewalls | Protection against unauthorized access |
Restricted access | Only authorized personnel access personal data |
Secure authentication | Strong passwords, two-factor authentication |
Backups | Regular encrypted backups |
Monitoring | Detection of suspicious activity |
8.2 Organizational Measures
Measure | Description |
Internal policies | Documented data handling procedures |
Training | Personnel trained in data protection |
Confidentiality agreements | All personnel sign agreements |
Minimum necessary access | Each employee only accesses what they need |
Vendor assessment | We verify third-party security practices |
Incident response | Documented plan for security breaches |
8.3 What You Can Do
To protect your data:
8.4 Breach Notification
In case of security breach affecting your data:
9.1 Rights You Have
Right | Description | How to Exercise |
Access | Know what data we have about you | Request copy of your data |
Rectification | Correct inaccurate or incomplete data | Inform us of errors |
Erasure (“Forgetting”) | Request deletion of your data | When no longer necessary |
Restriction | Restrict how we use your data | In certain circumstances |
Portability | Receive your data in structured format | Data provided by you |
Objection | Object to processing | For marketing or legitimate interest |
Withdraw consent | Revoke consents given | At any time |
Not be subject to automated decisions | Not be evaluated only by algorithms | We don’t make this type of decisions |
9.2 Additional Rights for EU Residents (GDPR)
If you are European Union resident, you additionally have right to:
9.3 How to Exercise Your Rights
By email: privacidad@inca-trail.pe By postal mail: Inca Trail Explorers – Privacy Cusco, Peru
Information we need:
9.4 Response Times
Request | Response Time |
Data access | 30 days |
Rectification | 15 days |
Erasure | 30 days |
Other requests | 30 days |
Times may be extended in complex cases, with prior notification.
9.5 Requests at No Cost
Exercising your rights is free. However, we may charge reasonable fee if:
9.6 Limitations
We may refuse or limit requests when:
10.1 What are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us:
10.2 Types of Cookies We Use
Essential Cookies (Always Active)
Cookie | Purpose | Duration |
Session | Maintain your active session | Session |
Security | Prevent fraud, protect data | 1 year |
Basic preferences | Language, currency | 1 year |
These cookies are necessary for site to function and cannot be disabled.
Performance/Analytics Cookies
Cookie | Purpose | Duration | Provider |
Google Analytics | Analyze site traffic and usage | 2 years | |
Hotjar | Heat maps, behavior | 1 year | Hotjar |
Help us understand how site is used to improve it.
Functionality Cookies
Cookie | Purpose | Duration |
Chat | Remember support conversations | 1 year |
Forms | Save form progress | Session |
Preferences | Remember chosen settings | 1 year |
Improve your experience by remembering your choices.
Marketing/Advertising Cookies
Cookie | Purpose | Duration | Provider |
Facebook Pixel | Measure ad effectiveness | 90 days | |
Google Ads | Remarketing, conversions | 90 days |
Allow us to show you relevant ads and measure campaigns.
10.3 How to Manage Cookies
On our site:
In your browser:
Consequences of rejecting cookies:
10.4 Other Technologies
Technology | Purpose |
Pixels/Beacons | Measure email opens, ad effectiveness |
Local Storage | Store data locally in your browser |
Session Storage | Temporary storage during your visit |
10.5 Do Not Track
Some browsers have “Do Not Track” function. Currently, there’s no universal standard to respond to these signals, but we respect your cookie settings.
11.1 General Policy
Our services are directed to people over 18 years old. We don’t intentionally collect information from minors under 16 without parental consent.
11.2 Traveling Minors
When a minor participates in our tours:
11.3 Data Collected from Minors
Data | Purpose | Who Provides |
Full name | Ministry of Culture permit | Parent/Guardian |
Date of birth | Verify eligibility, discounts | Parent/Guardian |
Passport | Ministry of Culture permit | Parent/Guardian |
Allergies/health | Safety during tour | Parent/Guardian |
11.4 Parents/Guardians Rights
Parents or guardians can:
12.1 External Sites
Our website may contain links to:
12.2 Responsibility
We are not responsible for privacy practices of third-party sites. We recommend reviewing privacy policies of any site you visit.
12.3 Social Networks
If you interact with us on social networks:
13.1 Updates
We may update this policy occasionally to reflect:
13.2 Change Notification
Type of Change | How We’ll Notify You |
Minor changes | Update on website |
Significant changes | Email to active customers + notice on website |
Changes affecting your rights | Direct notification + possible new consent |
13.3 Effective Date
The “Last updated” date at beginning indicates when last modified. We recommend reviewing this policy periodically.
13.4 Previous Versions
You can request previous versions of this policy by writing to privacidad@inca-trail.pe.
14.1 For Privacy Inquiries
Email: privacidad@inca-trail.pe Postal mail: Inca Trail Explorers Attn: Privacy Officer Cusco, Peru Phone: +51 921 333 639
14.2 To Exercise Your Rights
Preferred email: privacidad@inca-trail.pe
Include:
14.3 Complaints
If you’re not satisfied with our response, you can file complaint with:
In Peru: National Authority for Personal Data Protection General Directorate of Transparency, Access to Public Information and Personal Data Protection Ministry of Justice and Human Rights https://www.gob.pe/minjus
In European Union: Your local data protection authority
14.4 Response Time
We respond to privacy inquiries within 15 business days. Complex requests may require up to 30 days.
Summary: The Most Important
Aspect | Our Practice |
What we collect | Data necessary for your reservation, communication and safety |
Why | Manage your tour, fulfill legal obligations, improve services |
With whom we share | Ministry of Culture (mandatory), service providers |
We never | Sell your data to third parties |
Security | Encryption, restricted access, established protocols |
Your rights | Access, rectification, erasure, portability, objection |
Contact |
Effective date: January 2026 Version: 2.0
This Privacy Policy was last reviewed in January 2026.
