Who we are

Our website address is: https://yourbestdealguru.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We share your data with our travel partners to complete your requested booking and manage your booking.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Your booking data is kept in our computers for seven years after which it is deleted. Your contact information is kept for 30 years from the last time it was used for booking.

What rights you have over your data

If you have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How We Protect Your Data

We implement a layered security program designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Administrative safeguards

  • Security and privacy training for employees and contractors at onboarding and annually thereafter.

Technical safeguards

  • Encryption in transit (TLS 1.2+) and encryption at rest for databases and backups.
  • Multi‑factor authentication (MFA) for internal admin tools and privileged accounts.
  • Privacy by design: data minimization, pseudonymization where feasible, and short retention periods aligned to business needs and legal requirements.

Physical/operational safeguards

  • Data center protections provided by our hosting providers (e.g., badge‑controlled access, CCTV, 24/7 monitoring).
  • Secure backup and disaster‑recovery procedures with routine restore testing.
  • Logging and monitoring of security‑relevant events, with alerting thresholds for anomalous activity.

Payment security

  • We do not store full payment card numbers on our systems. Payments are processed by [Payment Processor], which is responsible for PCI‑DSS compliant handling of card data. We receive only tokenized references and limited billing details necessary for reconciliation and support.

What Data Breach Procedures We Have in Place

We maintain an incident response plan that defines roles, responsibilities, and timelines for handling suspected or confirmed security incidents.

Detection & triage

  • 24/7 monitoring and alerting across infrastructure, application, and authentication layers.
  • Triage playbooks to assess scope, severity, and likelihood of harm.

Containment & remediation

  • Rapid containment (credential resets, session invalidation, traffic filtering, service isolation).
  • Forensics and root‑cause analysis; eradication of malicious artifacts; patching and hardening.

Notification

  • We will notify affected individuals and, where required, regulators or supervisory authorities without undue delay and within applicable legal timeframes.
  • If your login, basic profile information, or itinerary data is involved, we will contact you via [Email/SMS/Account Notice] with details, steps you can take, and our remediation actions.
  • For customers in jurisdictions with specific breach‑notification rules (e.g., certain U.S. states, EU/UK), we follow those requirements.

Post‑incident review

  • Formal lessons‑learned, control improvements, and policy updates.
  • Additional monitoring and targeted audits where appropriate.

What Third Parties We Receive Data From

In operating a travel agency service, we may receive personal information from third parties to help fulfill your bookings and provide support:

  • Travel suppliers & consolidators (e.g., airlines, GDS/aggregators, hotel partners, tour operators) — reservation status, ticketing confirmations, schedule changes, loyalty numbers, and special‑service requests.
  • Identity & verification partners (if used for fraud prevention or regulatory checks) — confirmation of identity document validity or risk signals.
  • Marketing and analytics partners — campaign attribution, anonymized or pseudonymized audience segments, and performance metrics where permitted by law and your preferences.
  • Customer support platforms — conversation history, call recordings, or ticket metadata when you interact through our support channels.
  • Public and commercial data sources — updated address information, geolocation approximations, or watchlist screening results where legally required and proportionate.

We use this information to complete and manage your bookings, prevent fraud and abuse, provide customer support, and improve our services, all in accordance with this Privacy Policy and our contracts with such providers.

What Automated Decision‑Making and/or Profiling We Do With User Data

We use limited, proportionate automated processing to operate and improve our services. Where required by law, we will provide meaningful information about the logic involved and the significance of these processes, as well as ways to request human review.

Examples

  • Fraud prevention & account security: Risk scoring of transactions and logins (e.g., unusual device or location, mismatched traveler details) to help prevent unauthorized activity. High‑risk transactions may be flagged for manual review or restricted until verified.
  • Operational automation: Automatic itinerary updates, rebooking suggestions for schedule changes, and wait‑list processing.
  • Personalization: Non‑intrusive content and deal recommendations based on your browsing behavior, prior bookings, destination interests, or stated preferences.
  • Marketing optimization: Frequency capping and relevance scoring to reduce irrelevant communications. You can opt out of marketing at any time.

Human review & your choices

  • Any decision with legal or similarly significant effects (e.g., denial of service due to fraud risk) will include human assessment before final action where required by law.
  • You may opt out of certain profiling used for marketing by adjusting cookie preferences or contacting digimarketpartners@gmail.com
  • You may request information about the logic used and seek human review of certain automated decisions where applicable.

Industry Regulatory Disclosure Requirements

Depending on your itinerary, destination, and the services you request, we may be required to disclose certain information to regulators, public authorities, or transportation operators.

Examples of required disclosures

  • Advanced Passenger Information (API/PNR): Airlines and border agencies may require full legal name, date of birth, passport details, nationality, and other data to enable travel and border processing.
  • Sanctions, export control, and anti‑money laundering checks: Where legally required, we may screen bookings against relevant watchlists and disclose information to competent authorities.
  • Public health and safety: Health authorities or carriers may require limited health or contact‑tracing information in response to public‑health directives.
  • Tax and consumer protection authorities: Limited data may be provided to comply with local tax reporting, travel consumer protection, or audit obligations.
  • Law enforcement requests: We may disclose information when legally compelled (e.g., subpoena, court order) or to protect the rights, property, or safety of our customers, employees, or the public, provided such requests are reviewed for scope and compliance.

We disclose only what is necessary and proportionate, maintain records of such disclosures, and, where permitted by law and feasible, notify you of requests involving your data.