At Rainbow Mountain Travel & Tours, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.
1. Information We Collect
Personal identification: name, email, phone number, nationality, date of birth
Travel documents: passport number and expiry date (encrypted and stored securely)
Booking information: travel dates, package preferences, group size
Payment information: processed securely through third-party payment gateways — we do not store card numbers
Usage data: pages visited, time spent, device type, and IP address
Communications: emails, WhatsApp messages, and support inquiries
2. How We Use Your Information
To process and confirm your bookings
To communicate about your trip (confirmations, reminders, documents)
To personalize your experience and recommend relevant packages
To improve our website and services through analytics
To comply with legal obligations
To send marketing communications (only with your consent)
3. Information Sharing
We share necessary booking details with hotels, guides, and transport providers to fulfill your trip
We use Stripe and PayPal for payment processing — they have their own privacy policies
We use Google Analytics to understand website usage
We do not sell, rent, or trade your personal information to third parties
We may disclose information if required by law or to protect our legal rights
4. Data Security
All data is encrypted in transit using SSL/TLS
Sensitive data (passport, CNIC) is encrypted at rest
Access to personal data is restricted to authorized staff only
We conduct regular security audits and vulnerability assessments
In the event of a data breach, we will notify affected users within 72 hours
5. Your Rights
Right to access: request a copy of your personal data
Right to correction: update inaccurate or incomplete information
Right to deletion: request deletion of your account and data
Right to portability: receive your data in a machine-readable format
Right to object: opt out of marketing communications at any time
To exercise these rights, email privacy@rainbowmountain.pk
6. Cookies
Essential cookies: required for the website to function (login, shopping cart)
Analytics cookies: help us understand how visitors use our site (Google Analytics)
Marketing cookies: used to show relevant ads (only with consent)
You can manage cookie preferences in your browser settings
7. Data Retention
Account data is retained as long as your account is active
Booking records are kept for 7 years for legal and financial compliance
Travel documents are deleted 2 years after your most recent trip
Marketing preferences are updated immediately upon request
Privacy Questions?
Our Data Protection Officer can be reached at privacy@rainbowmountain.pk. You also have the right to lodge a complaint with your local data protection authority. Visit our Contact page for more options.