Company Information

Privacy Policy, Effective: August 1, 2023

  • Bali Customized Tours owns and operates a service that enables users to find, curate and book travel experiences in Bali. In this Statement, these are collectively referred to as our “Services”.

    The information that you and others entrust us with enhances our ability to provide more relevant, personalized, and helpful Services. We know that sharing your personal information with us is based on trust. We take your trust in us seriously and are committed to providing you with helpful information, products, and Services, curated based on the information you have shared with us. Equally, and perhaps more importantly, we are committed to respecting your privacy when you visit our website or use our Services, and being transparent about how we use the information you have entrusted to us. Please review this privacy policy (“Policy”) carefully to learn about our privacy practices.

    This Policy describes how we obtain, use, and process your information – hopefully, in an easily understandable and transparent manner. It informs you of the rights you have, how you can exercise them, and how you can contact us. Please review this Policy carefully to learn about our practices with respect to information and privacy. By visiting our website and business contacts, whether on a computer, phone, tablet, or similar device (each of these is referred to as a “Device”), you acknowledge and confirm that you have read this Policy.

    We offer our Services to users in a number of countries and territories where the laws and customs differ. This Policy provides a general overview of our privacy practices. In addition, sections 12 and 13 of this Statement provide specific information relevant to users residing in certain regions or countries.

    1. Information Collected and Processed
    2. Information Uses and Purposes
    3. Information Sharing
    4. Information Choices
    5. Information on Children
    6. Information Security
    7. Information Deletion and Retention
    8. Cookies
    9. Statement Changes
    10. Contact
    11. Europe and the UK
    12. United States

1. Information Collected and Processed

When you access or use our Services, we collect and process information from and about you to provide the Services in a more personalized and relevant way.

We may also collect, in instances where you have provided it, information about other travelers, including their email address and other travel-related information. If you are sharing information with us about other individuals, you must obtain their consent and ensure that they have understood and accepted how we will use their personal information (as described in this Policy).

2. Information Uses and Purposes

To the extent possible, we want to provide you with relevant content and a tailored experience when you use our Services, and we use information about you to do that, including in the following ways:

Registration and other contracts

  • Manage your enqueries, including to allow you access to and use of our Services
  • Facilitate your bookings
  • Process payments or credits

Improve our Services

  • Post Trip – Use your information for feedback / reviews to enable us to improve our Services where needed

 

Individualization and customization

  • Tailor your experience, including by making inferences about your interests and preferences based on your enquires, and customize our services to you other than our services advertised online

Communication

  • Communicate with you or facilitate communication between you, our partners, and/or affiliates
  • Host your reviews, ratings, photos, videos and other content
  • Customize your experience
  • Respond to your questions and comments

Legal Compliance

  • Resolve disputes or troubleshoot problems
  • Prevent fraud and other potentially prohibited or unlawful activities
  • Comply with relevant laws, respond to legal requests, prevent harm, and protect our rights and the rights of other users
  • Provide payment services, including to detect and prevent money laundering, fraud and security incidents, to comply with legal obligations, and to enforce payments terms of service

3. Information Sharing

In order to provide some of our Services, we may need to share information with certain other third parties, including our group of companies, in the following circumstances:

  • Experience Suppliers and travelers. We may share travelers’ personal information with suppliers of experiences to allow them to fulfil the bookings made through our Services. We may also share personal information of experience suppliers with travelers, including but not limited to where there is a dispute between the two parties.
  • Service Providers. We share information with certain service providers used to facilitate our Services, including to help with transactions.
  • Business Partners. We may share information about you, your Devices and your use of our Services with our trusted business partners. For example, we may share information so that we can facilitate payments for services you may see promoted on the websites of our partners. This sharing is generally pursuant to written agreements which include confidentiality, privacy and security obligations; please note, however, that we do not control the privacy practices of these third-party business partners.

We also may share your information if we believe, in our sole discretion, that such disclosure is necessary:

  • To comply with legitimate and enforceable subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we reserve the right to raise or waive any legal objection or right available to us.
  • To investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of Viator, our customers, or others; and in connection with our Terms of Use and other agreements.
  • In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

4. Information Choices

You have options with respect to the processing and use of your information by us. You can do the following:

  • Choose the way we communicate with you.
  • Choose not to provide us with certain information

5. Information on Children

Our Services are not intended for children, which we consider to be: (i) individuals that are 13 years of age or under, or the age of privacy consent in your jurisdiction; or (ii) when processing data on the basis of a contract, the age of legal capacity to enter into the agreement.

We will only collect or process information belonging to children under very limited circumstances. We might need to collect personal information belonging to children as part of our Service if, for example, the personal information is required as part of an experience-related reservation. We will only collect personal information belonging to children if it is provided by and with consent of a parent or guardian. If we become aware that we have processed the personal information of a child without the valid consent of a parent or guardian, we will delete the personal information.

6 Information Security

We have implemented appropriate administrative, technical, and physical security procedures to help protect your information. We only authorize specific personnel to access personal information and they may do so only for permitted business functions. We also employ firewalls and intrusion detection systems to help prevent unauthorized access to your information. However, we cannot guarantee the security of information from unauthorized entry or use, hardware or software failure, or other circumstances outside of our control.

7. Information Deletion and Retention

We will retain copies of your information for as long as you maintain our services or as necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. In addition, we may retain your information for the duration of any period necessary to establish, exercise or defend any legal rights.

8. Policy Changes

We may update this Policy in the future. If we believe any changes are material, we will let you know by doing one or more of the following: sending you a communication about the changes, placing a notice on the website and/or posting an updated Statement on the website. We will note at the top of this Policy when it was most recently updated. We encourage you to check back from time to time to review the most current version and to periodically review this Statement for the latest information on our privacy practices.

9. Cookies

10. Contact

If you have a data privacy request, such as a request to delete, please send us a request through our contact us page. For general data privacy inquiries or questions concerning our Privacy Policy, please also contact us through our contact page.

11. Europe and the UK

This GDPR Statement applies to persons in the European Economic Area (“EEA”), including those based in the United Kingdom. This GDPR Statement supplements our Policy; however, where the Policy conflicts with the GDPR Statement, the GDPR Statement will prevail as to persons located in the EEA.

Controller of Personal Information and Local Representative

Bali Customized Tours is the data controller of the personal information we collect.

Your rights under GDPR

You have certain rights regarding your personal information. Your rights with respect to your own personal information include the following:

  • The right to request access to your personal information. This enables you to receive a copy of the personal information we hold about you.
  • The right to request correction of your personal information if it is inaccurate. You may also supplement any incomplete personal information we have, taking into account the purposes of the processing.
  • The right to request deletion of your personal information if:
    • your personal information is no longer necessary for the purposes for which we collected or processed them; or
    • you withdraw your consent if the processing of your personal information is based on consent and no other legal ground exists; or
    • you object to the processing of your personal information and we do not have an overriding legitimate ground for processing; or
    • your personal information is unlawfully processed; or
    • your personal information must be deleted for compliance with a legal obligation.
  • The right to object to the processing of your personal information. We will comply with your request, unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal information to establish, exercise, or defend a legal claim.
  • The right to restrict the processing of personal information, if:
    • the accuracy of your personal information is contested by you, for the period in which we have to verify the accuracy of the personal data; or
    • the processing is unlawful and you oppose the deletion of your personal information and request restriction; or
    • we no longer need your personal information for the purposes of processing, but your personal information is required by you for legal claims; or
    • you have objected to the processing, for the period in which we have to verify overriding legitimate grounds.
  • The right to data portability. You may request that we send this personal information to a third-party, where feasible. You only have this right if it relates to personal information you have provided to us where the processing is based on consent or necessity for the performance of a contract between you and us, and the processing is conducted by automated means.
  • You also have the right to lodge a complaint before your national data protection authority.

You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights described in this Policy). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). To the extent you use a third party to submit a data request on your behalf, we may need to take reasonable steps to verify the authenticity of the request. These are security measures to ensure that personal information is not disclosed to any person who has no right to receive it. In an effort to speed up our response, we may also contact you to ask you for further information in relation to your request.

Information Uses and Legal Basis

We will only use your personal information under the circumstances permitted by the law or you.

Pursuant to GDPR, we will use your personal information in one or more of the following circumstances:

Information uses:

  • Registration and other contracts:
    • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Improve our Services and customization:
    • Where it is necessary for our legitimate interests to provide or improve Services, including our interest to provide you improved and personalized Services, and where your interests and fundamental rights do not override those interests.
  • Communication:
    • Where it is necessary for our legitimate interests to communicate with you and your interests and fundamental rights do not override those interests.
    • Where we need your consent for the information use, we will seek your prior consent.
  • Legal Compliance:
    • Where it is necessary to meet our legal obligations.

12. United States

Disclosures

In addition to the further details as described in the Policy, we make the following disclosures:

  • We may collect, disclose, and use the following categories of personal information for our business and commercial purposes: Identifiers/Contact Information, transactional information.
  • We may collect the following categories of sensitive personal information: government identification cards, such as driver’s license; and passport information.
  • We collect and use these categories of personal information for the business and commercial purposes described in Section 2 of this Policy.
  • We may disclose each of these categories of personal information for the commercial and business purposes described in this Policy to the extent permitted by applicable law to the categories of third parties as described in Section 3 of this Policy.
  • We collect these categories of personal information from the sources described in Section 1 of this Policy.

California Privacy Statement

This California Privacy Statement is provided pursuant to California laws. It applies to California residents and supplements our overall Statement with additional disclosures and rights.

Your California rights

California residents may also take advantage of the following rights:

  • You may request, that we disclose to you the categories and specific pieces of personal information that we have collected about you, the categories of sources from which we collected your personal information, our business or commercial purpose for collecting your personal information, the categories of personal information that we have disclosed for a business purpose, any categories of personal information about you that we have sold, the categories of third parties with whom we have disclosed your personal information, and the business or commercial purpose for collecting, if applicable.
  • You may request that we delete your personal information that we maintain about you, subject to certain exceptions. As described in more detail in our Policy, there are some reasons for which we will not be able to fully address your deletion request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, or to comply with a legal obligation.
  • You can request that we correct inaccurate personal information that we maintain about you.

We may need to verify your identity or elements of the request to enable us to process your request. We will take reasonable steps to verify your identity; these verification steps will vary depending on the sensitivity of the personal information and whether you have an account with us. We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to process transactions and facilitate customer requests. We value your privacy and will not discriminate against California residents in response to your exercise of privacy rights.

Multi-State Privacy Statement for Virginia, Connecticut, Colorado

This Multi-State Privacy Statement is provided pursuant to applicable state laws and applies to Virginia, Connecticut, and Colorado residents, and supplements our overall Statement with additional disclosures and rights.

If you are a resident of Virginia, Connecticut, or Colorado you may take advantage of the following rights in accordance with applicable law:

  • Confirmation/Access. You can request to confirm whether we process your personal information. Subject to certain exceptions, you can also request a copy of your personal information you provided to us.
  • Deletion. You can request that we delete personal information we have about you.
  • Correction. You can request that we correct inaccurate personal information we maintain about you.

We will take reasonable steps to authenticate your identity prior to responding to your requests. The authentication process will vary depending on the sensitivity of the personal information and whether you have an account with us.

We may deny certain requests, or fulfil a request only in part, based on our legal rights and obligations.