At Smailing Group (“we,” “us,” or “our”), we are committed to protecting the privacy, confidentiality, and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, www.smailinggroup.com (the “Website”), or utilize our global travel services.

By using this Website, you consent to the data practices described in this policy.

1. Information We Collect

To provide seamless, world-class travel solutions, we collect several types of information:

• Personal Identification Information: Name, date of birth, gender, nationality, passport details, national ID, and visa information required for international travel bookings.
• Contact Information: Email address, phone number, billing address, and corporate/company affiliation.
• Travel Preferences & Financial Data: Frequent flyer numbers, dietary restrictions, seating preferences, hotel loyalty programs, and encrypted payment/billing details.
• Technical and Usage Data: IP addresses, browser types, device information, cookies, and data on how you interact with our digital platform to optimize your user experience.

2. How We Use Your Information

We process your personal data for legitimate business purposes, including:

• Fulfilling Travel Bookings: Processing arrangements with airlines, hotels, transport providers, and destination management networks.
• Corporate Travel Management: Providing data-driven insights, itinerary management, and policy compliance for multinational and enterprise clients.
• Customer Support: Delivering our “High Touch” personalized service, handling inquiries, and providing real-time travel updates.
• Platform Optimization: Analyzing website performance, troubleshooting technical issues, and deploying secure digital solutions (“High Tech”).
• Legal Compliance: Fulfilling statutory obligations, audit requirements, and preventing fraudulent transactions.

3. How We Share and Disclose Data

We do not sell your personal data. However, to deliver global travel infrastructure, we may share your information with:

• Primary Travel Suppliers: Airlines, hotels, car rental companies, and local tour operators responsible for fulfilling your travel itinerary.
• Global Strategic Partnerships: Elite global travel management networks (e.g., American Express Global Business Travel) and luxury consortia (e.g., Virtuoso) to ensure seamless service delivery across borders.
• Third-Party Service Providers: Trusted IT partners, payment processors, and data analytics providers who operate under strict confidentiality agreements.
• Legal and Regulatory Authorities: Government bodies, customs, immigration, or law enforcement agencies when required by applicable international or local laws.

4. Cross-Border Data Transfers

As a premier travel ecosystem bridging Indonesia with the global economy, your personal data may be transferred to, stored, and processed in countries outside of your home jurisdiction. We ensure that all cross-border data transfers comply with applicable local and international data protection regulations (such as the Indonesian PDP Law and GDPR) using secure transmission methods and binding legal frameworks.

5. Data Security and Retention

5.1. Security Measures: We implement robust administrative, technical, and physical security measures—including advanced encryption protocols (SSL/TLS) and restricted access controls—to protect your data against unauthorized access, loss, or alteration. 5.2. Retention Period: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, or resolve business disputes.

6. Your Data Privacy Rights

Depending on your country of residence, you possess specific legal rights regarding your personal data, which may include:

• The Right to Access: Requesting a copy of the personal data we hold about you.
• The Right to Rectification: Requesting the correction of inaccurate or incomplete information.
• The Right to Erasure (“Right to be Forgotten”): Requesting the deletion of your data under certain legal conditions.
• The Right to Restrict or Object to Processing: Limiting how we use your information, particularly for marketing purposes.
• The Right to Data Portability: Requesting the transfer of your data to another service provider in a structured format.

To exercise any of these rights, please contact our Data Protection Officer using the details provided below.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking tools to analyze web traffic, remember your login state, and personalize your browsing experience. You can choose to disable or manage cookies through your individual browser settings; however, doing so may limit your ability to use certain features on our platform.

8. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect updates in legal frameworks, technological advancements, or changes in our operational procedures. The “Last Updated” date at the top of this page will always indicate the most recent revision. We encourage you to review this policy periodically.

9. Contact Our Privacy Team

If you have questions regarding this Privacy Policy, wish to file a complaint, or want to exercise your data rights, please contact us at:

• Email: hello@smailingtour.co.id