GDPR Compliance
Our commitment to protecting your data rights under the General Data Protection Regulation
GDPR Core Principles We Follow
Penguins.travel is committed to complying with the EU General Data Protection Regulation (GDPR) and protecting the rights of our European users.
Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect and how we use it.
Purpose Limitation
We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
Data Minimization
We collect only the data that is adequate, relevant, and limited to what is necessary for our services.
Accuracy
We take reasonable steps to ensure personal data is accurate and kept up to date, and we promptly correct or erase inaccurate data.
Storage Limitation
We retain personal data only as long as necessary for the purposes for which it was collected.
Integrity and Confidentiality
We process data securely, protecting against unauthorized access, loss, destruction, or damage.
Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have specific rights regarding your personal data under the GDPR:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.
Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a portable format and to transmit it to another data controller without hindrance.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes or processing based on legitimate interests.
Right to Withdraw Consent
Where we rely on consent to process your data, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.
Legal Basis for Processing
We process personal data only when we have a legal basis to do so under GDPR. Our legal bases include:
| Legal Basis | Purpose |
|---|---|
| Contract Performance | To provide our services and fulfill our contractual obligations |
| Legitimate Interests | To improve our services, prevent fraud, and conduct analytics |
| Legal Obligation | To comply with legal requirements and regulations |
| Consent | For marketing communications and non-essential cookies |
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. Our DPO is responsible for:
- Monitoring compliance with GDPR and our data protection policies
- Providing advice on data protection impact assessments
- Cooperating with supervisory authorities
- Serving as the contact point for data subjects and authorities
You can contact our DPO at: team@penguins.travel
International Data Transfers
Your personal data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other lawful transfer mechanisms under GDPR
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Inform affected individuals without undue delay if the breach poses a high risk
- Document all breaches and our response actions
- Take steps to mitigate the impact and prevent future breaches
How to Exercise Your Rights
To exercise any of your GDPR rights, please:
- Send a request to team@penguins.travel or team@penguins.travel
- Include your full name, email address, and specific request
- Provide proof of identity if requested (to prevent unauthorized access)
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.
Contact Information
For GDPR-related inquiries, please contact:
Data Protection Officer
Soulution Insights LDA
2785-716 Cascais
Portugal
Email: team@penguins.travel
Privacy Email: team@penguins.travel