Privacy Policy

At LINDELA (“we,” “our,” “us”), which refers collectively to Lindela Travel and Tours, Lindela Immigration Visa Consultancy, and other affiliated companies under the LINDELA brand, we place the utmost importance on protecting your personal data and upholding your right to privacy. Whether you are visiting our website at www.lindelatravel.com, availing of our services, or interacting with our team, we are committed to managing your information with the highest standards of integrity, transparency, and care.

This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal information in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, or “An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for This Purpose a National Privacy Commission, and for Other Purposes.”

By accessing our services or engaging with us in any way, you acknowledge that you have read, understood, and agreed to the practices described in this Policy. We encourage you to review it carefully so you are fully aware of how we protect your data and uphold your rights under Philippine law.

In the course of providing our services, interacting with you, or fulfilling legal and contractual obligations, LINDELA may collect, process, and store a variety of personal and sensitive information. The types of data we collect depend on your engagement with our company, whether as a traveller, visa applicant, client, website visitor, or business partner.

We may collect and process the following categories of information:

1. Personal Identification Information
   • Full name
   • Email address
   • Contact numbers (mobile/landline)
   • Home or mailing address
   • Date and place of birth
   • Nationality
   • Civil status
   • Government-issued identification (e.g., passport, UMID, driver’s license)
2. Technical and Device Information
   • IP (Internet Protocol) address
   • Browser type and version
   • Operating system and device type
   • Referral source and search terms used
   • Date/time of access, duration of visit, pages visited, and clickstream behaviour
   • Location data (when enabled by the user’s device)
3. Usage and Activity Data
   • How you interact with our website, services, and social media platforms
   • Pages visited, navigation patterns, and session frequency
   • Downloads, form submissions, and inquiries made
4. Marketing and Communication Preferences
   • Your subscription status to newsletters, alerts, or promos
   • Preferences in receiving updates, offers, and surveys
   • Communication history with our agents and staff (emails, chats, call logs)
5. Lead Generation and Campaign Data
   • Information collected via inquiry forms, marketing ads, landing pages, and social media campaigns
   • Source of lead (e.g., Meta, Google Ads, referrals)
   • Purpose of inquiry (e.g., travel booking, visa consultation)
Note: This data is used exclusively by Lindela Travel and Tours, Lindela Immigration Visa Consultancy, and other authorized entities under LINDELA. We do not sell or share this data with external marketing entities.

6. Travel Document and Visa-Related Data
   • Passport number and validity
   • Visa history and issuance records
   • Country of destination and purpose of travel
   • Required documents submitted for embassy or immigration processing
   • Visa status updates and embassy correspondence
7. Flight and Travel Arrangement Details
   • Airline booking information (flight numbers, travel dates, destinations)
   • Baggage preferences, meal options, and special assistance requests
   • Frequent flyer programs (when applicable)
8. Accommodation and Tour Preferences
   • Hotel or lodging preferences
   • Room type, bed preference, and special requests
   • Tour package selection and itinerary customization
   • Dietary or mobility considerations
9. Currency Exchange and Financial Transaction Data
   • Transaction dates and reference numbers
   • Amounts exchanged, currency pairs, and rates
   • Payment method and source of funds documentation
   • Valid IDs or documents required by financial regulations
Note: Financial and document data are collected only when required to deliver a service and are handled with the utmost confidentiality.

10. Media and Visual Documentation

    Photographs and videos taken during tours, events, or customer engagements, which may include your image, voice, or likeness.

    Note: Any media collected may be used for promotional, marketing, or testimonial purposes only with your explicit consent, as outlined in the “Media Usage” section of this Policy.

We use the personal and sensitive information we collect to deliver our services effectively, ensure a safe and customized user experience, and comply with our legal responsibilities. Your data is handled with the utmost care, used only for legitimate purposes, and never beyond what is necessary or authorized.

Specifically, we use your information for the following purposes:

1. To Provide and Manage Our Services
   • Facilitate visa processing, travel bookings, tour packages, and currency exchange services
   • Process transactions, payments, confirmations, and service-related communications
   • Maintain and update your client account and service records
   • Coordinate with embassies, airlines, hotels, and government agencies when necessary
2. To Improve Our Services and User Experience
   • Analyze usage trends and customer behaviour to enhance our offerings
   • Improve website performance, functionality, and accessibility
   • Customize content and recommendations based on your preferences and previous interactions
3. To Communicate With You
   • Send service updates, reminders, booking confirmations, and advisories
   • Provide newsletters, announcements, promotional offers, and seasonal campaigns
   • Respond to your inquiries, feedback, complaints, and after-service requests
   • Conduct surveys or request testimonials to better understand your experience
4. To Ensure Security and Prevent Fraud
   • Detect, investigate, and prevent fraudulent, unauthorized, or illegal activities
   • Monitor system logs and network traffic for suspicious behaviour
   • Validate identity to prevent misuse or impersonation of client accounts
5. To Comply With Legal and Regulatory Obligations
   • Fulfill requirements under local and international travel laws, immigration policies, financial regulations, and reporting mandates
   • Submit documents to embassies, government agencies, and financial institutions as required by law
   • Cooperate with lawful requests from the National Privacy Commission (NPC), Bureau of Immigration (BI), Bangko Sentral ng Pilipinas (BSP), and other authorities
6. To Assist With Your Travel Arrangements
   • Use your passport, visa, and travel preferences to book flights, accommodations, and tours accurately
   • Coordinate hotel bookings with third-party providers or arrange stays in our private Accommodations, depending on your preferences or travel package.
   • Store and use accommodation preferences (e.g., bed type, dietary needs, accessibility) to ensure a comfortable and personalized stay
   • Manage changes, cancellations, and any requests related to accommodations
   • Share only necessary information (e.g., name, travel dates, special requests) with hotels or lodging partners, in line with their privacy standards
   Note: Whether booking with partner establishments or our in-house accommodations, we ensure your data is shared only on a “need-to-know” basis and processed in accordance with applicable data privacy laws.

7. To Provide Currency Exchange Services
   • Process your currency exchange transactions securely
   • Verify identity in compliance with Anti-Money Laundering (AML) laws and financial regulations
   • Generate official receipts, transaction logs, and audit trails
   Note: We only process your data for the purposes stated above. Should a need arise to use your information for a different purpose, we will seek your explicit consent beforehand, unless otherwise permitted by law.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

1. Service-Specific Data

   All information submitted in relation to visa applications, travel bookings, currency exchange, or related services will be retained only until the service has been fulfilled or completed, unless:

   • Required to be retained by applicable laws or regulations (e.g., immigration audits, financial recordkeeping)
   • Necessary for legitimate business interests (e.g., internal reporting or client history)
   • You provide written consent for extended retention (e.g., for repeat clients or future travel planning)
Note: Once the purpose has been served and the retention period has expired, your data will be securely disposed of in accordance with industry best practices.

2. Media Usage

   Images and videos taken during tours, events, or in connection with our services—such as client testimonials, group photos, or recorded reviews—may be retained and used for promotional and marketing purposes. This is done only with your prior consent, as documented through signed media release forms, verbal agreement (in some cases, recorded), or opt-in declarations.

   You have the right to revoke your consent at any time, in which case we will cease future usage of the media and, where reasonable, remove it from active circulation.

3. Other Retention Periods

   We follow these general retention guidelines, unless legal obligations require otherwise:

   • Client records: Up to 5 years from last transaction or inquiry
   • Financial documents: As required by the BIR or other fiscal agencies (usually 10 years)
   • Employment applications: 1 year unless hired or otherwise agreed
   • Website analytics and cookies: Typically 26 months or shorter, as per platform standards
4. Secure Disposal

   When data is no longer needed, we apply appropriate disposal methods such as:

   • Digital data: Permanent deletion or data wiping from secure servers
   • Physical documents: Cross-cut shredding, incineration, or secure destruction by certified providers
Note: You may request the correction or deletion of your data at any time, subject to applicable retention requirements. Please refer to the section “Your Data Protection Rights” for more information.

At LINDELA, we take data security seriously and apply a multi-layered approach to protect your personal information, whether shared online, in person, or through messaging platforms. We implement a combination of organizational, technical, and physical safeguards to ensure that your data is handled with care, integrity, and confidentiality.

1. Payment Information

   We do not store or retain sensitive payment credentials, such as:

   • Credit or debit card numbers
   • Bank account login details
   • E-wallet PINs or credentials
   • Online banking access information

However, as part of payment verification and transaction tracking, we may temporarily collect and retain:

• Screenshots of bank transfers or e-wallet payments
• Deposit slips, official receipts, or payment confirmations
• Transaction reference numbers submitted through any of our communication channels

These documents are used solely for verification, accounting, and documentation purposes. We:

• Limit access to authorized finance or booking personnel only
• Store them in secure systems or folders with appropriate access controls
• Delete or dispose of them securely once their purpose has been fulfilled or after the required retention periods
Note: We encourage clients to hide unnecessary personal data (e.g., account balance or full account numbers) before submitting payment screenshots.

All digital financial transactions are processed through trusted and secure third-party payment gateways that comply with global security protocols, such as PCI-DSS (Payment Card Industry Data Security Standard).

2. Communication Channels

   To facilitate faster coordination for visa processing, travel arrangements, and customer support, we may communicate with clients through various platforms, including:

   • WhatsApp, Facebook Messenger, Viber, Telegram
   • Email and SMS
   • Google Drive or cloud-sharing platforms (for document submissions)
   • Video conferencing tools such as Zoom or Google Meet (as needed)

   These channels may carry sensitive documents or personal information, such as IDs, visa forms, or proof of payments. We assure clients that:

   • Messaging groups (e.g., WhatsApp group chats for tour coordination) are created for official use only
   • Shared data is accessed only by authorized personnel handling your booking or case
   • All transmitted documents are treated as confidential and temporary, and may be stored only if necessary for the service
   • Secure alternatives (such as encrypted email or private upload links) are available upon request
   Note: While we do our best to use secure channels, we advise clients to send only necessary information and request secure options for sensitive materials when preferred.

3. Organizational and Technical Safeguards

   We apply the following measures to protect your information across all touchpoints:

   • Role-based access control for digital and physical data
   • Non-disclosure agreements (NDAs) are signed by all staff handling personal data
   • Regular training on data privacy and secure information handling
   • SSL encryption across our website and portals
   • Antivirus, firewall protection, secure backups, and system monitoring
   • Secure disposal of outdated physical and digital records (shredding, data wiping)
   Note: to minimize risks and meet evolving data protection standards.

At LINDELA, we value your trust and are committed to protecting your personal data. We do not sell or rent your information. However, to effectively deliver our services and comply with legal obligations, we may share your data under the following circumstances, always with respect for confidentiality and data minimization:

1. Service Providers

   We work with trusted third-party providers who assist us in delivering our services, such as:

   • Payment processors
   • Web hosting and cloud storage services
   • Data analytics platforms
   • Email and SMS delivery tools
   • Document couriers and digital file platforms

   These service providers are contractually obligated to use your information only for the purposes instructed by LINDELA, and to maintain strict security and confidentiality.

2. Travel Partners

   To facilitate your travel and visa services, we may share necessary data with:

   • Airlines and flight operators
   • Hotels, resorts, and other accommodation providers (including our own private lodgings)
   • Tour operators, guides, and transport companies
   • Embassies, consulates, and immigration authorities

   Information is shared only as required to complete bookings, process documents, or coordinate logistics on your behalf.

3. Internal Access and Affiliated Companies

   Within LINDELA—including Lindela Travel and Tours, Lindela Immigration Visa Consultancy, and other affiliated companies—we may share your data internally to:

   • Deliver services efficiently across departments (e.g., bookings, marketing, customer support)
   • Maintain centralized records
   • Improve operations and service coordination

   Access is strictly limited to authorized personnel who have a legitimate business need and are bound by internal data protection protocols.

4. Authorized Representatives

   With your explicit instruction or consent, we may share relevant personal data with an individual or entity acting on your behalf. This may include:

   • A family member (e.g., spouse, parent, sibling) assisting with document submissions or payments
   • An employer or company representative coordinating corporate travel or visa processing
   • A designated agent or travel coordinator handling your arrangements while you’re unavailable
   • A legal representative or guardian (for minors or clients with special circumstances)

   We will always verify the legitimacy of such representation and may request written authorization or proof of identity when appropriate.

   Note: Rest assured that even when acting on your behalf, we only disclose the minimum information necessary to fulfill the purpose and will not grant access beyond what is reasonably required.

5. Professional Advisors and Auditors

   We may share limited data with:

   • External auditors, accountants, or legal counsel
   • Tax and compliance professionals when required for audits, legal reviews, or regulatory compliance

   All such parties are bound by professional confidentiality obligations.

6. Business Transfers

   In the event of a merger, acquisition, reorganization, or sale of LINDELA’s assets or business, your information may be transferred to the acquiring entity. If such a change occurs, we will ensure your data continues to be protected under the terms of this Privacy Policy or a similar standard.

7. Legal and Regulatory Disclosures

   We may disclose your information if required to do so by:

   • Law, subpoena, court order, or government regulation
   • A valid request from the National Privacy Commission (NPC), Bureau of Immigration (BI), Department of Foreign Affairs (DFA), or any other authorized body
   • This applies especially to compliance with immigration laws, travel regulations, and financial reporting requirements.
8. With Your Consent

   In situations not listed above—such as marketing collaborations, feature spotlights, or social media promotions—we will share your information only after obtaining your clear and informed consent.

   Note: We ensure that any sharing of personal data—whether internal or external—is limited, purposeful, and fully aligned with our commitment to privacy, transparency, and legal compliance under the Data Privacy Act of 2012.

At LINDELA, we apply comprehensive and proactive data protection measures to safeguard the confidentiality, integrity, and availability of your personal data. Our internal policies and systems are aligned with the Philippine Data Privacy Act of 2012 and relevant global best practices in data security and privacy management.

We implement the following safeguards:

1. Encryption

   We use industry-standard encryption protocols such as SSL (Secure Sockets Layer) and TLS (Transport Layer Security) to protect data in transit and at rest. This ensures that your personal information—especially sensitive data and documents—is shielded from unauthorized interception or tampering.

2. Access Controls

   Access to personal data is granted only to authorized personnel who require it to perform their duties. We enforce strict access policies, password protection, and system-level authentication measures to prevent unauthorized access or misuse of your data.

3. Data Minimization

   We collect and process only the minimum necessary personal data required for the specified purpose. Regular reviews of our data collection activities ensure that we avoid unnecessary or excessive data gathering.

4. Regular Audits and Monitoring

   We conduct periodic internal audits and system reviews to evaluate our compliance with this Privacy Policy, our internal procedures, and the Data Privacy Act. Our systems are monitored continuously for signs of vulnerabilities, breaches, or suspicious activity.

5. Incident Response and Breach Notification

   We maintain a formal Data Breach Response Plan. In the unlikely event of a data breach, we will:

   • Act swiftly to contain and investigate the breach
   • Notify the affected individual(s) and the National Privacy Commission (NPC) within the timeframes required by law
   • Take remedial actions to reduce harm and prevent recurrence
6. Data Anonymization and Pseudonymization

   Where applicable (e.g., for research, analytics, reporting), we use anonymization or pseudonymization techniques to process data without directly identifying the individual, thereby enhancing your privacy.

7. Data Retention and Secure Disposal

   We enforce a clear data retention schedule based on legal, contractual, and operational requirements. Personal data is retained only as long as necessary and is securely disposed of using appropriate methods such as:

   • Permanent deletion of digital files
   • Cross-cut shredding or incineration of physical documents
8. Employee Training and Awareness

   All LINDELA personnel receive regular training on data privacy principles, responsibilities, and incident handling. We promote a strong culture of privacy and accountability throughout the organization, from onboarding to operations.

9. Third-Party Data Protection Assessments

   We assess the data privacy practices of our third-party service providers before engagement and periodically thereafter. Contracts with partners include data protection clauses that require:

   1. Confidentiality
   2. Security compliance
   3. Non-disclosure and non-use beyond agreed-upon purposes
10. User Control and Transparency

    We respect your right to control your data. Clients are empowered to:

    • Access and review their information
    • Request corrections or updates
    • Request deletion, subject to legal and contractual retention requirements

    We ensure transparency by clearly communicating any changes to this policy and providing accessible channels to raise questions or concerns.

11. Data Protection Officer (DPO)

    LINDELA has appointed a Data Protection Officer (DPO) responsible for:

    • Overseeing compliance with the Data Privacy Act
    • Managing privacy-related concerns and data subject requests
    • Ensuring that privacy standards are upheld across the organization
    • Serving as liaison with the National Privacy Commission
    Note: You may contact our DPO for any concerns regarding your personal data at: dpo@lindelatravel.com

Under the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, you are recognized as a data subject and are entitled to the following rights regarding your personal data. At LINDELA, we are committed to upholding these rights in all our practices.

1. Right to Be Informed

   You have the right to be informed whether your personal data shall be, are being, or have been processed. This includes:

   • The purpose and extent of data collection
   • The methods of processing
   • The identities of data recipients
   • The period for which the data will be stored
   • The existence of automated decision-making or profiling, if any

   We ensure this right through our publicly available Privacy Policy, consent forms, and service agreements.

2. Right to Access

   You have the right to request access to your personal data, including:

   • The specific information collected
   • The source of the data
   • The manner and purpose of processing
   • The identities of third parties with whom your data was shared
   • Automated processing logic, if used to make decisions affecting you

   Requests must be submitted formally and will be processed in accordance with our internal procedures and applicable timelines.

3. Right to Rectification

   You have the right to dispute inaccuracies or errors in your personal data and request immediate correction. This applies to:

   • Misspelled names
   • Incorrect addresses or contact information
   • Outdated passport or visa details
   • Any data that was submitted or recorded in error

   We will take reasonable steps to verify and update records, unless your request is manifestly unfounded or excessive.

4. Right to Erasure or Blocking

   You may request the deletion, suspension, or blocking of your personal data when:

   • The data is no longer necessary for the declared purpose
   • The data is outdated, false, or unlawfully obtained
   • You have withdrawn your consent
   • Continued processing is unnecessary or harmful to your rights

   This right is subject to our legal and regulatory obligations (e.g., compliance with immigration or financial laws).

5. Right to Damages

   You are entitled to seek compensation for any actual damages suffered due to the violation of your data privacy rights, including but not limited to:

   • Unauthorized access, disclosure, or use of your personal data
   • Inaccurate or mishandled personal data that directly resulted in privacy-related harm
   • Breach of confidentiality or failure to uphold proper data protection safeguards
   Note: Please note that this right pertains exclusively to violations of your privacy rights under the Data Privacy Act. Service-related concerns, such as visa denials, travel disruptions, or booking changes, are governed by separate terms and conditions agreed upon prior to availing of our services.

6. Right to Data Portability

   You may obtain a copy of your personal data in a commonly used, structured electronic format and request it to be transmitted to another service provider, if technically feasible. This allows you to reuse your data across platforms or organizations.

7. Right to Object

   You may object to the processing of your personal data, particularly in cases of:

   • Direct marketing and promotional communications
   • Automated decision-making and profiling
   • Data sharing without your consent

   You also have the right to withdraw previously given consent at any time. However, please note that this may affect our ability to continue providing certain services.

8. Right to File a Complaint

   If you believe your data privacy rights have been violated, you may file a complaint directly with the:

   National Privacy Commission (NPC)
   Website: https://privacy.gov.ph
   Phone: +632 5322 1322
   Email: complaints@privacy.gov.ph

   You may also contact our Data Protection Officer (DPO) for any questions, complaints, or data access requests.

9. Right to be notified in Case of a Breach

   In accordance with the Data Privacy Act, you have the right to be timely notified if your personal data is compromised by a breach that is likely to result in a serious risk to your rights and freedoms. We are committed to informing you and the NPC promptly in such situations.

   Note: To exercise any of the rights above, please reach out to our Data Protection Officer at dpo@lindelatravel.com. We may require you to verify your identity before processing your request.

To exercise any of your rights as a data subject under the Data Privacy Act of 2012, you may contact us through the details provided below. These rights include access, correction, erasure, data portability, objection, and the filing of complaints, among others.

We may require you to provide:

• A valid proof of identity (such as a government-issued ID)
• A formal request using our official forms, where applicable
• Additional documentation, depending on the nature of your request (e.g., authorization letter if submitted by a representative)

We commit to responding to all verified and reasonable requests within the timeframes required by law or, where applicable, within 15 to 30 business days. If we are unable to comply immediately, we will provide a written explanation and indicate when we expect to fulfill your request.

By engaging with LINDELA — whether through our website, in-person consultation, email, social media platforms, or other official communication channels — you acknowledge that you have read and understood this Privacy Policy and that you voluntarily give your informed and explicit consent for the collection, use, and processing of your personal data for the purposes stated herein.

This includes, but is not limited to:

• Processing of documents for visa applications, airline ticketing, hotel bookings, and travel-related services
• Use of communication channels (e.g., WhatsApp, Messenger, email) to coordinate services
• Storage of your information during and after the fulfillment of services for documentation, regulatory, or audit purposes
• Use of media (e.g., photos, testimonials) for marketing purposes, when expressly authorized
• Sharing of necessary data with third-party service providers or government agencies as required for your travel or immigration processing

Withdrawal of Consent

You have the right to withdraw your consent to the processing of your personal data at any time. To do so, please contact our Data Protection Officer (DPO) with a formal request.

Upon receipt of your withdrawal:

• We will cease processing your data for the purposes you have specified.
• We will delete or anonymize your data, subject to legal, regulatory, or contractual obligations.
• We will notify applicable third parties to discontinue any further processing, where feasible.

The withdrawal of your consent may affect our ability to continue providing certain services, particularly those that require the use of your personal or sensitive information (e.g., visa application, flight booking, or hotel reservation). In such cases:

We may revise or update this Privacy Policy from time to time to reflect changes in our services, business operations, legal obligations, or data privacy practices. Any such changes will be posted on this page with a clearly indicated “Last Updated” date at the top of the policy.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your personal data.

Your privacy is important to us. At LINDELA, we are committed to handling your personal data with transparency, integrity, and respect. This Privacy Policy is part of our effort to ensure that your trust in us is met with accountability and legal compliance.

By accessing our services, providing your personal information, or continuing to engage with us after any policy updates, you signify your understanding and acceptance of the practices described in this Privacy Policy.

If you have any doubts, we invite you to contact us at any time. We are here not only to guide your journeys but to protect your information along the way.

If you have any questions, concerns, or complaints regarding this Privacy Policy or how we handle your personal data, you may contact us through the details below:

You may also reach out directly to our Data Protection Officer (DPO) for matters related to data subject rights, privacy complaints, or policy clarifications.