Privacy Policy

Aitken Spence Travels (Private) Limited (AST) strives to provide an unforgettable island experience by providing customised tour packages in Sri Lanka. At Aitken Spence, we take the privacy of your personal and information very seriously. Our Privacy Policy offers the required information pertaining to your rights and our obligations; it goes onto explain why, how and when we process the personal information / data you provide us. This policy may change from time to time and, if it does, the up-to-date version will always be available on this site. Please make sure that you are aware of the latest version of this Privacy Policy.

  1. What personal information do we collect about you?
  2. We may collect and use various types of personal information about you. Details of this information, together with an overview of the way that we use it and our lawful basis for the processing in each case are set out below.

    1. Enquiries & Bookings
    2. We will collect personal information from you when you make an enquiry or use our ‘Plan Your Trip’ option on our website. The personal information we request you to provide include;

      • Name
      • Contact number
      • Email
      • Address
      • Occupation
      • Nationality
      • Country
      • Planned travel dates
      • Ages of travellers

      This information will be used in order to provide you with information on travel options, provide a quote or contact you; this is done if you have previously made an indication that you want to hear from us. We also collect personal information from you when you make a booking through a Travel Agency (i.e Online or Offline), Distributor / Destination Management Company or one of our Representatives, if that is how you are referred to us.

      • We collect your personal information on our website to provide a quote, as a prerequisite to entering into a contract with you. The information that we collect is required to understand your travel requirements to provide you with the best possible quote.
    3. If you book trips with us either directly or through a Travel Agency (i.e online or offline), Distributor / Destination Management Company or one of our Representatives, we will ask you to provide certain details about your travel arrangements. This is likely to include details of your travel dates, dietary preferences and specific requirements, credit card details, in addition to the information mentioned above.

      We may also ask you for your passport information and weight (confirm with HOD on whether this is captured at the time of booking) if you are booking air travel with us or to arrange visas for Sri Lanka. This will also include details of any other friends or family who are accompanying you as part of your booking. We do not collect personal information relating to children except for their ages. However, passport information relating to children will be collected when arranging air travel and visas to enter Sri Lanka.

    4. This information will be used to assist us to organise your tours and accommodation, make bookings on your behalf and will make sure that you (and any other family or friends who are accompanying you) receive the services and products set out in your itinerary.

      • This information is collected in order for us to fulfil our contract with you and provide the services that you’ve requested.

    5. If you have made an enquiry with us or booked a trip with us directly or through a Travel Agency (i.e online or offline), Distributor / Destination Management Company or one of our Representatives we may make use of your personal data to market-related travel products while in the destination.
      • We may send you e-brochures or publications by post on the basis of our legitimate interests, but you always have a right to object to direct marketing; if at any point you don’t want to receive the brochures or promotions please let us know by sending an email to the contact information provided below.

    6. We may also collect information from you in the following instances
      1. Select optional or paid services while in the destination
      2. Request assistance during the tour
      3. Obtain feedback on the products and services that were provided

      • We collect your personal information for the above purposes on the basis of a legitimate interest to be able to provide you with an unforgettable travel experience.

    7. Outbound Travel
    8. We may also collect personal information for the purpose of obtaining visas for you or your family members. The information collected will be based on the requirements mandated by the respective embassies and may include personal information relating to your net worth, employment, travel insurance and other special category information such as health status.

      • We collect this information with your consent to obtain the required travel documents. However, you can withdraw your previously given consent at any time and request us to withdraw your application.

    9. When Using Our Website

    We may use a third party analytical service provider such as Google for web traffic analysis and reporting:

    1. Google Analytics:
      1. We use Google Analytics to help analyse how you use our website. Through the use of cookies, Google Analytics generates statistical and other information about website use. Information such as an IP address is captured as you browse our website.
      2. If you do not want your website visit information reported by Google Analytics, you have the option of installing the Google Analytics opt-out browser add-on. For more information and details regarding installing or uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.
        • This information is collected on the basis of a legitimate interest to understand website traffic and where our users are accessing our website from.

  3. Do we share your personal information?
  4. Our business works closely with hotels within the Aitken Spence Group and hotel partners that are third party owned and operated hotels, activity providers and transport services. We need to share your personal information with them to be able to provide you with the services you expect.

    We also use Global Payments, a third party payment channel to securely process your credit card payments.

    We ensure only the required amount of personal information is shared with the above partners and that the information is transferred securely. We require all third parties to respect the security of your personal information and to use it only for approved purposes. Our hotel partners will have a direct relationship with you and may require additional personal information during the registration process. Please refer to their Privacy Policy to understand how they collect, use, retain and protect your personal information.

    We do not transfer your personal information outside of Sri Lanka unless you are booking onward travel.

  5. Direct Marketing
  6. We may market certain services relating to your tour while in the destination. If you are a representative or provide travel services, we may send you newsletters or information related to promotions.

    • We do this based on our legitimate interests to ensure you are aware of your options. While we rely on our legitimate interests, we will ensure your rights are protected and if you do not wish to hear from us, please contact the staff member who worked with you on your booking.

  7. How do we protect your personal information?
  8. We take the protection of your personal information very seriously and have implemented organisational, technical, physical and administrative security measures in accordance with standard industry practices. These measures are reviewed and updated regularly to ensure what we have implemented remain appropriate.

  9. How long do we keep your Information?
  10. We retain your personal information for the period required to provide the services you require and to meet other regulatory requirements. For instance, information relating to financial transactions are required to be kept for a specific period of time to meet financial and tax obligations.

    We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed.

  11. What are your rights?
  12. You have certain rights with respect to any personal information that we store. It is within your right to;

    1. Request access to your personal information
    2. Request correction of the personal information that we have stored
    3. Request erasure of your personal information
    4. You can object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party)
    5. Request for the transfer of your personal information to you or to a third party. We will provide to you, or a third party you may have chosen, your relevant personal information in a structured, machine-readable, commonly used format. Do keep in mind that this particular right is only applicable to automated information which pertains to that which you initially gave consent for us to make use of or where we used the pertinent information for the requirement of performing a contract with you.
    6. Request restriction of processing of your personal information
    7. If you send us a request in order to exercise any of the rights which have been mentioned above, we may request you to verify your identity before proceeding; we do this in order make sure that your data is kept secure and protected.

      If you wish to exercise any of the rights set out above, our contact details are shown at the end of this policy.

  13. Who do you contact to report your concerns or to exercise your rights?
  14. If you want to exercise any of your rights, have any concerns or want to submit a complaint regarding this Privacy Policy or the way your personal information is being handled, please email dpo@aitkenspence.lk

    You can also submit a complaint to the UK Information Commissioner or any other applicable EU National Supervisory Authority. We would appreciate the opportunity to address your concerns before you report a complaint to the supervisory authority and therefore we would be grateful if you would contact us before approaching the ICO.