PRIVACY POLICY

At Itaca Tours Ltd (“Itaca Tours”, “we”, “us”, or “the Company”), we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you interact with our services.

This Policy applies to:

• Visitors and users of www.itacatours.com
• Users of our booking subdomain booking.itacatours.com
• Individuals who contact us via email, telephone, messaging platforms, or social media
• Clients who request or purchase travel‑related services

By using our Sites or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.

Itaca Tours Ltd is incorporated and registered in England & Wales and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a global business, we also process data in accordance with other applicable international privacy frameworks, including the EU GDPR and relevant U.S. regulations. For any questions regarding this Privacy Policy, you may contact us at: privacy@itacatours.com.

Data Controller

For all services provided directly through itacatours.com, the Data Controller is:

Itaca Tours Ltd
Company Number: 16922090
Registered Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
ICO Registration Number: ZC076803
Email: privacy@itacatours.com

For reservations made through booking.itacatours.com, the Data Controller (acting as independent Data Controller) is:

TOR Global Travel S.L.U. (CICMA nº 3750)
Registered Address: Glorieta de Quevedo, 9, 28015 Madrid, Spain

Email: info@tor.travel

TOR independently determines the purposes and means of processing personal data related to bookings made on its platform. Itaca Tours Ltd does not control or manage TOR’s processing activities, although we may receive limited booking information necessary to provide customer support.

For bookings made through affiliate platforms, the Data Controller is:

When you access a travel service through an affiliate link on our website that redirects you to a third‑party provider (such as GetYourGuide, TourRadar, Civitatis, or similar platforms), those companies act as independent Data Controllers. They collect and process your personal data directly on their own websites, in accordance with their respective Privacy Policies.

Itaca Tours Ltd does not control or supervise the data processing carried out by these providers. We may receive limited booking information from them—such as your name, booking reference, service details, and status updates—solely for the purposes of customer support, verification, or commission tracking. We do not receive or store full payment details or any other data beyond what is strictly necessary for these purposes.

We strongly encourage you to review the Privacy Policy of the relevant provider before completing any booking on their platform.

Scope of This Policy

This Privacy Policy applies broadly to all individuals who interact with our websites and services. It covers not only casual visitors who browse our Sites without making a booking, but also registered users, customers who complete reservations, and individuals who submit contact forms, appointment requests, or detailed travel questionnaires. The scope also extends to any personal data that we collect directly from you, as well as information that we process on your behalf through our booking interfaces and affiliated platforms.

Importantly, this Policy applies regardless of your geographical location. Whether you access our Sites from within the United Kingdom, the United States, the European Union, or elsewhere, the same fundamental privacy principles apply. We are committed to ensuring that the handling of your personal data is transparent, consistent, and compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR, and relevant U.S. regulations.

Information We Collect

We collect and process different categories of personal data depending on how you interact with our services. This may include personal identifiers, such as your full name, email address, telephone number, and, where necessary, your postal address when you provide billing or shipping details for invoices, reservations, or travel documentation. In addition, when payments are processed directly through Itaca Tours, we may collect payment and billing data, which may include details of the payment method used (for example, PayPal, bank account information, or credit/debit card details). For security reasons, we never store the full Primary Account Number (PAN) of your credit card, nor do we retain authentication codes such as CVC, CVV, or CID. However, we may store certain transaction details, invoicing information, and your payment history in order to comply with our financial and tax obligations.

When you browse our websites or use our booking platforms, we also collect technical and usage data, such as your Internet Protocol (IP) address, browser type and version, device identifiers, operating system, time zone, and language settings. We monitor website usage information including the pages you visit, access times, referring and exit pages, duration of visits, clickstream data, and interaction with elements of the site. This information helps us understand user behavior, improve the functionality of our websites, and provide a more tailored experience.

Like most online services, we rely on cookies and other tracking technologies to gather data about your online interactions. These may include persistent and session cookies, web beacons, tracking pixels, and local storage mechanisms. Such technologies are used to remember user preferences, analyze site traffic, personalize content, and display advertisements based on your interests. Full details are provided in our separate Cookie Policy.

We may also process third-party data, which refers to information we receive from service providers, affiliates, and partners that facilitate travel bookings on our behalf. This can include booking confirmations, questionnaire responses, or other data required to complete your reservation. In some cases, we may also collect information from publicly available sources or from your interaction with third-party platforms—for instance, if you choose to link your social media account, submit reviews, or share travel content publicly.

By combining these categories of information, we are able to provide our services effectively, ensure secure transactions, and deliver a more personalized and reliable customer experience.

How We Collect Your Information

We obtain personal data through several different channels. Most commonly, information is provided directly by you when you complete and submit forms on our website, such as contact forms, appointment scheduling requests, booking requests, or detailed travel planning questionnaires. Information may also be collected when you create or manage a customer account, when you communicate with us through email, telephone, or live chat, or when you voluntarily provide feedback, surveys, or other user-generated content.

In addition to direct interactions, certain categories of information are collected automatically whenever you visit our websites or interact with our services. This occurs through the use of cookies, tracking pixels, session logs, and similar technologies, which allow us to understand your navigation behavior, record your device details, and enhance the performance of our platforms. Finally, we may also receive information from third parties. These third-party sources include our trusted travel and activity partners, who may share booking details made via affiliate links; payment processors and financial institutions, which provide transaction confirmations and fraud-prevention signals; and analytics or advertising platforms, which may share aggregated or profile data in accordance with applicable laws.

Purposes of Processing

We process personal data for a range of purposes that are essential for the proper functioning of our services. The primary purpose is to facilitate travel bookings and related services, ensuring that reservations are transmitted to the correct providers and confirmed with the necessary details. We also process data to handle payments and invoicing, issuing receipts, and complying with financial recordkeeping obligations.

Another important use of your information is for communications. We contact you regarding reservation confirmations, travel updates, cancellations, modifications, or support inquiries. This may also extend to personalized travel suggestions, newsletters, promotional content, or tailored recommendations, always respecting your preferences and, where required by law, only with your explicit consent.

We use personal data to manage accounts and customer profiles, which allows you to view booking history, store preferences, and benefit from loyalty or promotional programs. Additionally, data is analyzed to monitor traffic and improve our websites, optimize performance, and enhance the user experience.

From a business perspective, personal data is also processed for market research and feedback collection, allowing us to understand customer trends and adapt our services accordingly. Furthermore, data may be used for security purposes, including the detection, investigation, and prevention of fraud, abuse, or suspicious activities. Lastly, we retain and process certain data to ensure compliance with our legal obligations, such as taxation, accounting, and regulatory reporting.

Legal Bases for Processing

The legal basis upon which we process personal data depends on the jurisdiction and the specific context of your interaction. In many cases, processing is based on your consent, such as when you opt in to receive newsletters, marketing communications, or agree to the use of cookies. Another common legal ground is the performance of a contract, since in order to deliver the travel services you request, we must process and transmit your booking data.

We may also rely on our legitimate interests, which include the operation and continuous improvement of our business, fraud prevention, ensuring system and network security, and analyzing website usage to optimize customer experience. Finally, some processing is carried out due to legal obligations, which may include complying with fiscal regulations, fulfilling reporting requirements, or responding to lawful requests from public authorities and courts.

Disclosure and Sharing of Data

We do not sell your personal information. However, in the course of providing our services, we may share your data with carefully selected third parties. These include service providers and affiliates who support our core business operations, such as payment processors, IT service providers, analytics firms, and cloud hosting companies. We may also share data with travel activity providers and partners who are directly responsible for delivering your booked services, such as airlines, hotels, and tour operators.

In certain cases, and only with your consent where legally required, we may share data with marketing and advertising partners to personalize offers and communications. We may also disclose information to professional advisors, auditors, regulatory bodies, or law enforcement agencies where this is necessary to comply with contractual or legal obligations, to protect our rights, or to respond to legal claims.In the event of a corporate restructuring, such as a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, which will continue to respect the commitments outlined in this Privacy Policy. All third parties that receive data from us are contractually required to maintain strict confidentiality and to implement appropriate technical and organizational safeguards to protect your information.

International Data Transfers

Because our services are global in nature, your personal information may be transferred to, stored in, and processed in countries different from your country of residence. This may include transfers between the United Kingdom, the European Union, the United States, and any other locations where our service providers, booking partners, or affiliate platforms operate. For example, data collected through our UK‑based operations may be accessed by our European booking partner, and vice versa, and certain information may be processed by trusted providers located in the United States or other jurisdictions.

Whenever personal data is transferred across borders, we implement safeguards to ensure an adequate level of protection. These may include reliance on adequacy regulations issued by the UK Government or the European Commission, the use of Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs), or other lawful mechanisms recognized under applicable privacy laws. Our goal is to ensure that your data enjoys the same level of protection no matter where it is processed.

Data Retention

We retain your personal data only for as long as is necessary to achieve the purposes for which it was collected, or as long as required by applicable law. In practical terms, this means:

• Information used to provide travel services and reservations will be retained for the duration of the contractual relationship and a reasonable period thereafter to handle any follow-up issues.
• Financial and billing information will be stored for at least five years, in line with standard legal and tax record-keeping obligations.
• Certain data may be retained longer where necessary to comply with legal requirements, resolve disputes, enforce agreements, or defend legal claims.

Once the applicable retention period has expired, we securely delete, anonymize, or aggregate your data so that it can no longer be linked to you.

Cookies and Tracking Technologies

Our Sites use cookies, web beacons, pixels, and similar tracking technologies to improve your browsing experience and support our business operations. These technologies allow us to remember your preferences (such as language or login settings), measure the effectiveness of marketing campaigns, analyze traffic patterns, and optimize website performance.

Cookies can be either session cookies, which expire when you close your browser, or persistent cookies, which remain stored on your device until manually deleted or until they reach their expiration date.

You remain in control of how cookies are used. You can manage your cookie preferences through our Cookie Banner or adjust your browser settings to block or delete cookies. Please note, however, that disabling certain cookies may affect the functionality and usability of the Sites.

Full details are provided in our separate Cookie Policy.

Security Measures

We take data security seriously and apply a combination of administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, loss, misuse, or disclosure. These measures may include encryption, secure server hosting, access controls, and regular monitoring of our systems.

That said, it is important to recognize that no system of data transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. While we continuously strive to enhance our security posture, we cannot guarantee absolute security of information transmitted to or from our Sites.

Your Privacy Rights

Depending on your place of residence and the applicable laws, you may be entitled to a number of privacy rights. These can include the right to:

• Request access to the personal data we hold about you, as well as obtain a copy in a commonly used format.
• Request corrections or updates to ensure that your information is accurate and complete.
• Request the deletion of your data or the restriction of its processing under certain circumstances.
• Withdraw any consent you have previously provided, such as for marketing communications.
• Object to processing activities based on our legitimate interests, including profiling or targeted advertising.
• Request the transfer (portability) of your data to another service provider.
• File a complaint with a supervisory authority if you believe that your rights have been violated.

To exercise these rights, you may contact us at privacy@itacatours.com. We are committed to responding within the timelines established by applicable law, which may vary depending on your jurisdiction.

Minors

Our services are designed and intended for individuals who are 18 years of age or older. We do not knowingly collect or process personal data from children without appropriate authorization. Minors under the age of 18 may only use our services with the explicit and verifiable consent of a parent or legal guardian.

In cases where we become aware that personal data has been collected from a minor without the necessary consent, we reserve the right to take corrective measures, which may include deleting the information from our records, canceling any associated bookings, and restricting access to our Sites or services. Parents or guardians who believe that their child has provided us with personal data without consent should contact us immediately at privacy@itacatours.com so that we can take the necessary steps.

Links to Other Websites

Our Sites may contain links to third-party websites and external resources. These links are provided for your convenience and to enhance your travel planning experience. However, please note that once you leave our Sites, we have no control over the privacy practices or content of those external platforms.

We are not responsible for how third-party websites handle personal data. We strongly encourage you to read and evaluate the privacy policies of any external sites you visit before providing personal information or engaging in transactions with them.

Changes to This Privacy Policy

We may update or amend this Privacy Policy periodically to reflect changes in our business practices, technological developments, or legal requirements. Any modifications will be published directly on our Sites, accompanied by an updated “Last Updated” date displayed at the top of the page.

We encourage you to review this Privacy Policy regularly to remain informed of how we protect your information. Your continued use of the Sites and services following the publication of a revised version constitutes your acceptance of the updated terms. If the changes are significant, we will take additional steps to notify you, such as by sending an email to registered users or displaying a prominent notice on our Sites.

Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy, or if you wish to exercise your data protection rights, you may reach us using the following details:

Itaca Tours Ltd
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: privacy@itacatours.com

We are committed to responding promptly and in accordance with the applicable legal timeframes.

Updated Jan 11, 2026