GDPR Compliance

EU Data Protection Commitment

Zephyr Escape complies with the General Data Protection Regulation (GDPR) for all EU residents. We respect your data protection rights and handle your information with care.

Legal Basis for Processing

We process your data based on: (1) Contractual necessity for tour bookings, (2) Legitimate interests in providing customer service, (3) Your consent for marketing communications.

Your Rights Under GDPR

EU residents have specific rights regarding personal data:

Right to Access

You may request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal information at any time.

Right to Erasure

You may request deletion of your personal data, subject to legal retention requirements for bookings and financial records.

Right to Data Portability

You can request your data in a machine-readable format for transfer to another service provider.

Right to Object

You may object to processing of your data for marketing purposes at any time. We will immediately cease such processing.

Data Retention

Booking information is retained for 7 years for legal and accounting purposes. Marketing data is kept until you unsubscribe. Inactive accounts are deleted after 3 years.

International Data Transfers

Your data is stored on Canadian servers. We ensure adequate protection measures for any international data transfers.

How to Exercise Your Rights

Contact our Data Protection Officer at [email protected] with "GDPR Request" in the subject line. Include your full name and the specific right you wish to exercise. We will respond within 30 days.