1. Introduction

HW Travel ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services"). We are committed to ensuring that your privacy is protected in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.

2. Information We Collect

3. How We Use Your Information

• Process and manage your travel bookings
• Provide customer support and respond to inquiries
• Personalize your experience with halal-friendly recommendations
• Send booking confirmations, updates, and travel alerts
• Process payments securely through PCI-DSS compliant providers
• Improve our services and develop new features
• Comply with legal obligations and prevent fraud
• Send marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

• Contractual necessity: Processing required to fulfill your bookings
• Legitimate interests: Improving services, fraud prevention, marketing
• Consent: Marketing communications, cookies, location data
• Legal obligation: Tax compliance, regulatory requirements

5. Information Sharing

We share your information only as necessary to provide our services:

• Travel Providers: Airlines, hotels, tour operators to fulfill bookings
• Payment Processors: Stripe, PayPal for secure payment processing
• Service Providers: Cloud hosting, analytics, customer support
• Legal Requirements: Government authorities when required by law

We do not sell your personal information to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during such transfers.

7. Your Rights

Under applicable data protection laws, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a portable format
• Objection: Object to processing for direct marketing
• Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at [email protected]

8. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS/SSL encryption for data in transit
• Encryption at rest for sensitive data
• PCI-DSS compliant payment processing
• Regular security audits and penetration testing
• Access controls and employee training
• Multi-factor authentication

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Booking data is retained for 7 years for tax and legal compliance. You can request deletion of your data at any time, subject to legal retention requirements.

10. Cookies

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer:

You also have the right to lodge a complaint with your local data protection authority.