Endless Travel (Endless Determination Ltd) maintains a database with the registration of its customers/visitors and this information is stored for 20 years, after the first contact. The data presented in this database are entirely the data provided by the customers themselves at the time of their booking or later requests for booking purposes and it is collected under the terms approved by the National Data Protection Commission by Endless Travel, the entity responsible for the file, with headquarters at Rua Tomás António Gonzaga nº1 – 5ºesq 2675-240 Odivelas.
When the customer makes a reservation or a booking on this website, Endless Travel automatically registers certain personal data that the customer consented. The type of data saved will be information such as “name”, “contact” and/or “email address”. In some cases, we may need more sensitive personal data such as: “citizen’s card number and/or passport number”. All information about personal data requested serves exclusively to organize the requested tours or tourist services. All personal data provided will be treated as being of a “sensitive” nature and, therefore, deserve the utmost respect and care from Endless Travel.
Regarding online bookings, the customer can make the payment by credit card VISA/Mastercard online. For this reason, the customer will be redirected to the Stripe website, a partner and certified entity that processes payments, where you will be asked to enter your card details. Consequently, Stripe and our bank are the only entities that process the data of the customer’s card and guarantee the transmission of encrypted data. Endless Travel only receives the information with the result of the authorization and instructions to proceed with the order.
In no circumstances we can ask about philosophical or political beliefs, party or trade union affiliation, religious belief, private life and racial or ethnic origin, as well as data on the health or sexual life (including genetic data) of customers. When you are organizing the requested trip, the customer can provide us with other important information, such as dietary requirements and food intolerances, medical conditions, disabilities or other special information similar to previous ones, in order to ensure that specific needs are met.
Thus, Endless Travel guarantees that it has implemented and will continue to develop the mandatory measures of technical and organizational nature to ensure the security of the data that is provided, in order to prevent its alteration, loss, unauthorized treatment and/or access, being aware of the sensitive nature of the data stored and the risks to which they are exposed.
If the customer wishes to exercise the rights of access, rectification, cancellation or opposition that the GDPR grants them, it can do it through the website or send an email to info@endless.tours
Endless Travel also reserves the right to collect personal data in the following circumstances: if the user responds to a promotion through this website, if he completes a questionnaire, subscribes to the newsletter or other Marketing material, reports a problem, among other situations similar to the previous ones. In this case, we may keep a record of your email address, with the option of “unsubscribe”. Or, alternatively, you can send us an email to info@endless.tours.
Personal data obtained by outsourced sources
In addition to this data provided by the user/customer, we may receive information from other suppliers and certified partners, to whom we point the responsibility to ensure the full compliance with the privacy policies required by the GDPR:
– if you book one of our programs through a travel agent or third-party tour operator, certain personal data (as applicable to your booking) will be shared with Endless Travel in order to provide the services that the customer has requested (even if this commercial relationship doesn’t come to an end);
– if the customer provides us feedback through a social media channel or other feedback tool or software, the feedback (but not the personal data) will be processed by that company and shared with Endless Travel.
– if you contact Endless Travel at [+351] 211 246 307 our telephone management software partner keeps a record and shares the information exclusively with Endless Travel. The data collected are: “telephone/mobile number”, “date” and “duration” of the call, “network information”. If you contact us through any of the phones/mobile phones available in the company, your number may be associated with your booking/request (if there is no business relationship, the number will be forgotten);
– if you contact Endless Travel through the conversion window on the website (Zendesck Chat/WhatsApp), this partner will retain the history of your conversations with Endless Travel through this software, the number of visits to the website, the page of the website where you are, your computer system, IP location and duration of your visit to the website. This guarantees to share solely with us the personal data of our users.
– we may also record your visits to this website, including (but not limited to) traffic data, location data, IP address, operating system, and browser type. These are statistical data about the actions and the navigation standards of our users and does not identify any individual.
When a customer fills out a form on our website and/or ends the booking process with Endless Travel, some personal information provided will need to be transmitted, processed and stored by relevant third-parties, such as:
– travel partners such as airline companies, airports, hotels, insurance companies and ground support agents, tour or fluvial operators, among other touristic services suppliers related to the request. Some of these third parties may be located outside the European Economic Area, and these organizations may not be subject to the same level of control as the European GDPR;
– data and technology management partners that enable us to administer the services we provide (external CRM for organizing/monitoring leads and for improving the experience of customers; and Optitravel – billing tool agency management software);
– credit card or ATM payment facilitators, which help us to process customer payments and to assist us in detecting and preventing fraudulent payments or bookings (Redunicre, Stripe, IfThenPay, EasyPay and Pagtur);
– email Marketing platforms, ensuring the encryption of our databases, which include subscriber “name” and “email address”;
– government agencies or other authorities in Portugal (or in other countries) in order to ensure the safety of one’s own and other passengers. At this point we include immigration, border control, security and anti-terrorism officials. Even if it is not mandatory to provide information to these authorities, we may exercise our right to assist them when we deem it appropriate.
Some personal data obtained by registering on our website or given by customers who have established a business relationship with Endless Travel will need to be processed and stored in secure and certified systems, as a result of a combination of our own protected systems and supplier’s reliable systems.
The personal data that we store are treated with the legally required degree of protection to guarantee its security and prevent its alteration, loss, treatment or unauthorized access. For this purpose, we use backups in Google Drive and Network Attached Storage (NAS), a device that stores and shares data from multiple computers that can be accessed remotely.
The registrations on our website are also encrypted, following GDPR standards, in peripheral control technical infrastructures, namely by network firewalls, private circuits and VPNs that comply with security requirements. The computer servers are located in a data center operator, which performs a digital information protection service of the hosted servers. The service includes backup of files, their conservation according to the defined policy and the restore at Endless Travel’s request.
Endless Travel hereby commits itself to:
– safeguard the personal data provided to it by means of legally enforceable security measures of a technical and organizational nature that guarantee its security, thus avoiding its alteration, loss, treatment or unauthorized access, in accordance with the technology used at any given moment, the nature of the data and the possible risks to which they are exposed;
– use or apply the data obtained exclusively for the purposes duly authorized and for which the customer consented;
– ensure that data are handled only by workers whose intervention is necessary for allowing the service, and they are bound by the duty of secrecy and confidentiality. If the the information needs to be disclosed to third parties, they are obliged to preserve confidentiality.
If you do not make a booking or ask a request with Endless Travel, we will only send you information and offers by email if you subscribe our newsletter (double opt-in), to receive our information and/or promotions. In this way, only users who have expressly agreed to receive marketing material will be in these databases.
This personal data (“name” and “email address”) is shared with a secure and certified external platform, from which we manage the database and send out Email Marketing. We will not share this data to third-parties with whom we do not have protocol, which do not guarantee us the security and encryption of the database and which are not Email Marketing and Marketing Automation companies. We imply to our partners the strict follow-up of the GDPR standards, the confidentiality of the stored data and it is clearly forbidden to divulge them.
If you choose not to receive more Marketing information, you can unsubscribe from the newsletter and, consequently, it will be automatically erased from our databases for Marketing purposes.
When you make a booking with Endless Travel, submit a request for availability, or fill out another form on our website, your personal information will be retained to ensure that we offer the best possible service. Thus, we maintain the personal data for as long as necessary, in order to use your information as established in this Privacy Policy. It means, therefore, up to 20 years in relation to bookings/requests or marketing communications (or such other time as may be necessary for our legal and auditing purposes or required by law).
Any user or customer that provided your personal data has several rights with respect to the information that you have granted, in accordance with the RGDP law, such as:
– right to access your personal information: at any time, you have the right to request access to your personal data maintained by Endless Travel, free of charge. We may require proof of identity and sufficient information about your interactions with us, in order to find your information. If someone makes the request on your behalf, that person will have to provide written and signed confirmation that you have been given authority. We reserve the right of not providing you with a copy, if it includes personal information of other people or if we have a legitimate reason to retain it;
– right to correct and update your personal information: the accuracy of your information is important to us. Thus, at any time, you may change your name or email address (or other relevant personal information) by sending us an email to info@endless.tours or by contacting us (+351 211 246 307);
– right to withdraw consent: at any time, the customer/user can revoke their consent and prohibit us from using his/her data. If you wish to withdraw your consent to receive any direct marketing by which you have previously consented, you may remove your subscription by clicking the unsubscribe button on our newsletters. Alternatively, you can send us an email to info@endless.tours or get in touch with us. If you wish to withdraw your consent for the processing of any special category of special data, you must contact our team (info@endless.tours or +351 211 246 307). We advise that if you want us to stop processing this information during your booking or trip, this means that we may not be able to provide all or part of the services you requested. Consequently, if we have to cancel your reservation or other bookings, you may have to pay the respective cancellation fee;
– right to delete your personal information or restrict its processing: you may request us to remove your personal information from our systems by email or in writing. Since we have no legitimate reason (legal and commercial basis) to continue processing or maintaining your personal information, we will make reasonable efforts to fulfill your request as quickly as possible. While we may not permanently remove your information as quickly as you wish (for software delays or other similar issues), you may request to restrict the processing of your data. If the processing is restricted, we can only use your personal information if we have your prior consent or if we are legally authorized to do so. In order to simplify the removal of your personal data, we are developing a tool that allows the automatic removal of it;
– right to transfer your personal information to a structured data file: at any time, you can ask us to send your personal data directly to another service provider. And we will do so if this is technically possible for us. We reserve the right of not providing a copy of your personal information if it contains personal data of other people or if we have another licit reason to withhold such information;
– right to make a complaint: at any time, and if you wish, you can make a complaint with the data protection regulator if you believe that your legal rights have been violated or when you have reasons to believe that your personal information is being used in a way that does not comply with the law. If you wish to contact us about this Privacy Policy, you can send an email to info@endless.tours. We will analyze carefully your complaint and we will answer you as quickly as possible.
While we do our best to protect your personal data, and always acting according with strict GDPR standards, the transmission of information over the Internet is not entirely secure. Therefore, we cannot totally guarantee the security of your data transmitted to our website. When we receive your information, we take all reasonable and legal steps to mantain your personal information protected and to try to prevent any unauthorized access, use or loss of your data, implementing appropriate security measures and limiting access, including internal access. All information that you provide is stored on our secure servers and any payment transaction will be encrypted using TLS technology. We do not store customer card data, and when we give a password (personal and non-transferable) to a customer to access a reserved area of our website, he must save it and he will be responsible for keeping this password confidential.
In addition, if we detect any breach or suspicion about the violation of personal data, we will notify the competent authorities immediately, as required by law.
We are part of the Endless Group and Endless Luxe Travel. A Portuguese Tour Operator specialized in charming and luxury travel experiences