Privacy Policy

This Privacy Policy explains how we collect, use and protect your personal data when you use our website, contact us or book services with Colorido Tours.

1. Controller

Data Controller: Colorido Tours Turkey Turizm Ticaret Ltd. Şti. - Istanbul, Turkey

2. Data Collected

  • Identification data (name, email, phone, nationality, passport details when required for booking)
  • Travel preferences, requested itinerary, travel dates and group details
  • Payment-related data (masked card details via secure providers, transaction identifiers, billing address)
  • Technical data (IP address, browser type, device information, language, approximate location)
  • Usage data (pages visited, forms submitted, source of visit, interaction with emails)
  • Communication history (email, forms, messaging apps) for service fulfillment and quality control
  • Special requests (dietary requirements, accessibility needs) only to organize and adapt the service

3. Legal Basis

Legal bases: contract performance (managing your bookings and enquiries), legitimate interest (service improvement, security, fraud prevention, internal statistics), consent (newsletter and marketing communications, analytics and marketing cookies), legal obligation (tax/tourism regulations, accounting).

4. Purposes

  • Respond to enquiries, quotation requests and custom tour designs
  • Manage bookings, payments, invoices and supplier confirmations
  • Provide customer support before, during and after the trip
  • Send service-related messages (itineraries, changes, alerts and reminders)
  • Improve our website, offers and internal processes through statistics and analytics (where permitted)
  • Comply with legal, accounting and tax obligations in Turkey and other relevant jurisdictions
  • Prevent, detect and investigate fraud, security incidents or abusive behavior
  • With your consent, send you marketing communications, promotions and news about Colorido Tours

5. Sharing

We share only the minimum necessary data with carefully selected suppliers such as hotels, transport companies, local guides, insurance partners, ticket providers and technology partners (for example payment gateways, CRM and email delivery services) strictly for service execution, payment processing, security and communication. We do not sell your personal data to third parties.

6. International Transfers

Depending on your itinerary, your data may be transferred to countries outside your country of residence and, in some cases, outside the EU/EEA. Such transfers are made only when strictly necessary to perform the contract (for example, confirming hotel or flight bookings) or based on appropriate safeguards via contractual clauses and secure providers.

7. Retention

Bookings and invoicing data are generally kept for 10 years to comply with tax and accounting obligations. Enquiries and quotation data are stored for up to 24 months after the last contact if no booking is made. Marketing data is kept until you withdraw your consent or unsubscribe. Technical logs may be kept for a shorter period for security and troubleshooting purposes.

8. Rights

  • Right of access to your personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ('right to be forgotten') under the conditions provided by law
  • Right to restriction of processing in certain circumstances
  • Right to object to processing based on legitimate interests or direct marketing
  • Right to data portability (where technically feasible and applicable)
  • Right to lodge a complaint with the Turkish Data Protection Authority (KVKK) or another competent authority

9. Cookies

Essential cookies keep session and language preferences and are necessary for the basic functioning of the website and booking forms. Analytics and marketing cookies are only used with your consent and can be managed through our cookie banner and your browser settings.

10. Security

We implement appropriate technical and organizational measures such as HTTPS encryption, strict access control, hardened server configuration, frequent software updates, regular backups, limited access on a need-to-know basis, and confidentiality agreements with staff and suppliers to protect your data as far as reasonably possible.

11. Contact

To exercise your data protection rights or send any privacy-related request, contact: info@coloridotours.com

Last updated: 01-03-2026