Legal

Privacy Policy

Last updated: June 1, 2026

At Rainbow Mountain Travel & Tours, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

1. Information We Collect

  • Personal identification: name, email, phone number, nationality, date of birth
  • Travel documents: passport number and expiry date (encrypted and stored securely)
  • Booking information: travel dates, package preferences, group size
  • Payment information: processed securely through third-party payment gateways — we do not store card numbers
  • Usage data: pages visited, time spent, device type, and IP address
  • Communications: emails, WhatsApp messages, and support inquiries

2. How We Use Your Information

  • To process and confirm your bookings
  • To communicate about your trip (confirmations, reminders, documents)
  • To personalize your experience and recommend relevant packages
  • To improve our website and services through analytics
  • To comply with legal obligations
  • To send marketing communications (only with your consent)

3. Information Sharing

  • We share necessary booking details with hotels, guides, and transport providers to fulfill your trip
  • We use Stripe and PayPal for payment processing — they have their own privacy policies
  • We use Google Analytics to understand website usage
  • We do not sell, rent, or trade your personal information to third parties
  • We may disclose information if required by law or to protect our legal rights

4. Data Security

  • All data is encrypted in transit using SSL/TLS
  • Sensitive data (passport, CNIC) is encrypted at rest
  • Access to personal data is restricted to authorized staff only
  • We conduct regular security audits and vulnerability assessments
  • In the event of a data breach, we will notify affected users within 72 hours

5. Your Rights

  • Right to access: request a copy of your personal data
  • Right to correction: update inaccurate or incomplete information
  • Right to deletion: request deletion of your account and data
  • Right to portability: receive your data in a machine-readable format
  • Right to object: opt out of marketing communications at any time
  • To exercise these rights, email privacy@rainbowmountain.pk

6. Cookies

  • Essential cookies: required for the website to function (login, shopping cart)
  • Analytics cookies: help us understand how visitors use our site (Google Analytics)
  • Marketing cookies: used to show relevant ads (only with consent)
  • You can manage cookie preferences in your browser settings

7. Data Retention

  • Account data is retained as long as your account is active
  • Booking records are kept for 7 years for legal and financial compliance
  • Travel documents are deleted 2 years after your most recent trip
  • Marketing preferences are updated immediately upon request

Privacy Questions?

Our Data Protection Officer can be reached at privacy@rainbowmountain.pk. You also have the right to lodge a complaint with your local data protection authority. Visit our Contact page for more options.