Legal

Privacy Policy

Last updated: June 2026 | Effective: June 2026

Mintro Travels (“we”, “us”, “our”) is a boutique travel company registered and operating in Sri Lanka. We are committed to protecting the personal information of every traveller who visits our website (mintrotravels.com) or uses our services.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data. By using our website or booking a tour with us, you agree to the practices described in this policy.

Because we welcome travellers from across the world — including the United Kingdom, European Union, Australia and the United States — we have designed this policy to meet the standards of the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable privacy laws.

1. Introduction

See above — this policy applies to all visitors and customers of mintrotravels.com and the services provided by Mintro Travels.

2. Information we collect

Information you give us directly

When you submit a quote request, make a booking, or contact us, we collect:

  • Full name of all travellers in your group
  • Email address and phone number
  • Passport details (name as on passport, nationality, date of birth, passport number and expiry date) — required to arrange visa support, hotel check-in and border formalities
  • Dietary requirements and medical conditions relevant to your journey
  • Travel dates, destination preferences and special requests
  • Payment information — processed securely via our payment partners (we do not store full card details)
  • Any correspondence you send us by email, WhatsApp or through our website

Information we collect automatically

When you browse mintrotravels.com, we automatically collect:

  • IP address and approximate location
  • Browser type, operating system and device information
  • Pages you visit, time spent on each page and referring website
  • Cookies and similar tracking technologies (see Section 7)

Information from third parties

We may receive information about you from:

  • Online Travel Agencies (OTAs) such as Viator or TripAdvisor if you enquire or book via those platforms
  • Payment processors confirming successful transactions
  • Travel review platforms where you have left a public review

3. How we use your information

  • To deliver your tour: Processing your booking, arranging accommodation, transport, guides, visas and other travel services you have requested.
  • To communicate with you: Sending booking confirmations, itinerary documents, pre-departure information, and responding to enquiries.
  • To process payments: Facilitating secure payment transactions through our third-party payment processors.
  • To personalise your experience: Tailoring itinerary proposals based on your preferences, travel history and special requirements.
  • To improve our services: Analysing how visitors use our website and which tours attract interest, so we can improve what we offer.
  • For legal compliance: Meeting our obligations under Sri Lankan law, immigration regulations, and international travel requirements.
  • For marketing (with your consent): Sending newsletters, travel inspiration and promotional offers. You can opt out at any time.

4. Legal basis for processing (GDPR)

If you are based in the United Kingdom or European Economic Area, we process your personal data on the following legal grounds:

  • Contract performance — to fulfil your booking and deliver the services you have requested
  • Legitimate interests — to improve our services, prevent fraud and ensure the security of our systems
  • Legal obligation — to comply with visa, immigration and financial regulations
  • Consent — for marketing communications, where you have explicitly opted in

5. Who we share your information with

  • Service providers: Hotels, guesthouses, transport operators, local guides, activity providers and airlines — to arrange the services included in your tour.
  • Payment processors: Secure third-party payment gateways to process transactions on our behalf.
  • Government authorities: Immigration, customs and border control authorities when legally required, and visa processing agencies on your behalf.
  • Technology partners: Website hosting, CRM and analytics tools that help us operate our business. These partners are contractually obligated to protect your data.
  • Legal requirements: When required by law, court order, or to protect the rights and safety of Mintro Travels, our staff, or our travellers.

We do not sell, rent or trade your personal information to third parties for their own marketing purposes.

6. International data transfers

As a Sri Lanka-based company serving international travellers, your data may be processed in countries outside your country of residence. When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Transfers only to countries with adequate data protection laws
  • Contractual obligations requiring recipients to maintain equivalent protections

7. Cookies and tracking

Our website uses cookies — small text files stored on your device — to provide a better browsing experience. We use:

  • Essential cookies: Required for the website to function correctly, such as remembering your session.
  • Analytics cookies: Google Analytics and similar tools to understand how visitors use our site. These collect anonymous, aggregated data.
  • Marketing cookies: Including the Meta (Facebook) Pixel, to measure the effectiveness of our advertisements and show relevant ads on social media platforms. This requires your consent.

You can control cookies through your browser settings. Disabling some cookies may affect the functionality of our website.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to correct inaccurate or incomplete information
  • Right to erasure — to request deletion of your data, subject to legal retention obligations
  • Right to restrict processing — to ask us to pause using your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests, including direct marketing
  • Right to withdraw consent — for any processing based on your consent, at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Data retention

  • Booking records: 7 years (required for financial and tax compliance)
  • Passport and visa information: Deleted within 12 months of your tour completion
  • Marketing data: Until you withdraw your consent or opt out
  • Website analytics: Anonymised after 26 months
  • General enquiries: 2 years from last contact, unless a booking is made

10. Data security

We use industry-standard security measures including:

  • SSL/TLS encryption for all data transmitted via our website
  • Secure password-protected internal systems with restricted access
  • Regular security reviews and software updates
  • Staff training on data protection practices

11. Children’s privacy

Our website and services are not directed at children under 18. We do not knowingly collect personal information from anyone under 18 years of age without the consent of a parent or guardian.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the “Last updated” date revised accordingly.

13. Contact us — Privacy

Mintro Travels — Data Privacy