Comprehensive Privacy and Personal Data Protection Policy
Miro.travel – Destination Management Company (DMC) ~ Powered by DSI Engine.
Personal Data: Information by which a natural person can be identified, directly or indirectly.
Processing: Any operation on Personal Data, whether automated or not, such as collection, registration, organization, storage, modification, consultation, use, communication, transfer, or deletion.
Data Controller: Miro.travel, which determines the purposes and means of processing personal data.
Data Processor: Any natural or legal person that processes data on behalf of the Controller.
This Policy applies to:
- The website www.miro.travel and its subdomains;
- Contact, subscription, reservation forms, or registration for activities;
- Applications, platforms, or third-party integrations (Google Maps, CRMs, WhatsApp Business, Meta, etc.);
- On-site activities (receptions, experiences, events);
- Loyalty programs, surveys, or interaction at fairs and trade events;
- Communications via email, SMS, calls, social networks, or messaging apps.
a) Identification Data:
- Full name, nationality, ID or passport;
- Date of birth, gender, and marital status (where necessary).
b) Contact Data:
- Email address, phone number, postal address.
c) Travel Preferences:
- Origin, destination, travel dates, accommodation type, special requirements, allergies.
d) Financial and Billing Data:
- Card info, account data, payment or reservation history.
e) Digital Data:
- IP address, device type, browser, site behavior, cookies, advertising ID, approximate geolocation (GeoIP).
f) Sensitive Data (only with explicit consent):
- Health, accessibility, medical needs, religious beliefs when impacting service logistics.
g) Data collected on-site:
- Information registered upon arrival, check-in, tours, transport, events, questionnaires.
- Web forms, CRM, messaging tools, apps;
- Service providers, tour operators, booking platforms;
- Direct communication with agents or staff on-site;
- Surveillance cameras in owned or shared facilities;
- Advertising platforms with tracking (Google Ads, Meta).
- Reservation confirmation, administration, and follow-up;
- Logistical execution of services on-site;
- Issuance of invoices, receipts, contracts;
- Contact before, during, and after the trip;
- Legal and regulatory compliance;
- Statistical analysis, operational traceability, and service improvement;
- Promotional content, personalized offers, surveys (with prior consent);
- Fraud prevention, incident or risk management;
- Physical protection of facilities and guests (CCTV).
- Explicit consent;
- Contractual execution;
- Legal compliance;
- Legitimate interest to improve tourism services.
Personal data will be retained:
- Throughout the contractual relationship;
- As long as legal or contractual obligations exist;
- Until the holder requests deletion, unless restricted by law;
- For extended periods in anonymized form for statistical purposes.
Miro.travel implements technical and organizational security measures to:
- Protect data from loss, destruction, unauthorized access, or disclosure;
- Encrypt sensitive data in transit and storage;
- Manage access credentials and internal controls;
- Conduct audits and train staff regularly.
Data may only be shared with:
- Service providers required for execution (hotels, transport, guides);
- Technological platforms under confidentiality agreements;
- Regulatory or judicial authorities as required by law;
- Affiliated or subsidiary companies for administrative/logistical purposes.
In case of international transfers, we ensure adequate mechanisms such as standard contractual clauses or interinstitutional agreements.
You may exercise the following rights:
- Access your personal data;
- Rectify inaccurate or outdated data;
- Delete data when applicable;
- Object to non-essential processing;
- Restrict processing under certain conditions;
- Request data portability where technically feasible.
To exercise your rights, contact us at: [email protected]
We will respond within a maximum of 30 days, unless the request is complex.
Miro.travel may update this Privacy Policy at any time. Changes will be published with an effective update date. Continued use of our services implies acceptance of these changes.
**Data Protection Officer**
📧 [email protected]
🌐 https://miro.travel/contact