Privacy Policy

1. Introduction

Alwaz Travel London, operated by Nex Pro Travels Limited, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

By using our website and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Data Controller Information

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity Data: Full name, title, date of birth, passport details, nationality
• Contact Data: Email address, telephone number, postal address, WhatsApp number
• Financial Data: Payment card details, billing address, transaction history
• Travel Data: Booking details, travel preferences, special requirements (dietary, accessibility, medical)
• Technical Data: IP address, browser type, device information, cookies, usage data
• Marketing Data: Your preferences for receiving marketing communications, newsletter subscriptions
• Communication Data: Records of correspondence, chat transcripts, voice call recordings (with consent)

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide travel services: Process bookings, arrange flights, accommodation, Umrah and Hajj packages, visa assistance, and relocation services
• To communicate with you: Send booking confirmations, travel updates, customer support responses
• To process payments: Handle transactions securely through our payment processors
• To comply with legal obligations: Meet regulatory requirements, prevent fraud, respond to legal requests
• To improve our services: Analyze website usage, conduct customer satisfaction surveys, develop new features
• To send marketing communications: Share exclusive offers, travel tips, newsletters (only with your consent)

5. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill our travel service contracts with you
• Legal Obligation: Compliance with UK and international travel regulations, tax laws, and anti-money laundering requirements
• Legitimate Interest: Fraud prevention, network security, business analytics, and service improvement
• Consent: Marketing communications, cookies (non-essential), and optional data collection

6. Data Retention Periods

We retain your personal data only for as long as necessary:

• Booking and transaction records: 7 years (UK tax and accounting requirements)
• Marketing consent records: Until you withdraw consent or 3 years of inactivity
• Website analytics and cookies: Up to 26 months
• Customer support communications: 3 years after case closure

After the retention period expires, we securely delete or anonymize your data.

7. Sharing Your Data with Third Parties

We may share your personal data with trusted third parties to deliver our services:

• Airlines and travel providers: To complete flight bookings and travel arrangements
• Hotels and accommodation providers: To secure your reservations
• Payment processors: To process secure transactions (e.g., Stripe, PayPal)
• Visa and immigration services: To assist with visa applications
• Technology service providers: Website hosting, email services, CRM systems, analytics tools
• Legal and regulatory authorities: When required by law or to protect our legal rights

All third parties are contractually obligated to protect your data and use it only for the specified purposes.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device.

Types of cookies we use:

• Essential cookies: Required for website functionality (e.g., session management, security)
• Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics)
• Marketing cookies: Track your activity to deliver personalized advertisements

You can manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality.

9. Your Data Protection Rights

Under UK GDPR and EU GDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ('Right to be Forgotten'): Request deletion of your data in certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)

10. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months and will inform you accordingly.

11. Right to Lodge a Complaint with the ICO

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK's supervisory authority:

12. International Data Transfers

Some of our service providers and travel partners are located outside the UK and European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Adequacy decisions: Transfers to countries deemed adequate by the UK or EU
• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Binding Corporate Rules: For transfers within multinational organizations

For more information about international transfers, please contact us.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• SSL/TLS encryption for data transmission
• Secure payment processing through PCI-DSS compliant providers
• Regular security audits and vulnerability assessments
• Access controls and staff training on data protection
• Secure backup and disaster recovery procedures

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children without parental consent. If you believe we have collected data from a child, please contact us immediately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: