Privacy Policy

1. Introduction

Shiny Shift Limited ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at shiny-shift.com, use our services, or interact with us in any other way.

By using our website or services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our website or services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Name and contact information (email address, phone number, postal address)
• Booking and reservation details
• Payment information (processed securely through third-party payment processors)
• Communication preferences
• Special requirements or dietary restrictions for tours
• Marketing and communication preferences

2.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information, including:

• IP address and location data
• Browser type and version
• Operating system
• Pages visited and time spent on our website
• Referring website addresses
• Device information and identifiers

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about our cookie usage, please refer to our Cookie Policy.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Provision

• Processing and managing tour bookings and reservations
• Providing customer support and responding to inquiries
• Sending booking confirmations and important service updates
• Facilitating payment processing

3.2 Communication

• Sending marketing emails and newsletters (with your consent)
• Responding to your questions and comments
• Providing information about our services and special offers

3.3 Website Improvement

• Analysing website usage to improve user experience
• Conducting research and analytics
• Troubleshooting technical issues
• Protecting against fraud and security threats

3.4 Legal Compliance

• Complying with applicable laws and regulations
• Protecting our rights and the rights of others
• Investigating and preventing fraudulent activities

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications)
• Contract: When processing is necessary for the performance of a contract with you (e.g., providing tour services)
• Legal Obligation: When we need to comply with legal requirements
• Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving our services, provided these interests are not overridden by your rights and freedoms

5. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

5.1 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our website and providing our services, including:

• Payment processors
• Email marketing platforms
• Website hosting providers
• Analytics services
• Customer support platforms

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes, such as:

• Court orders or subpoenas
• Law enforcement investigations
• Compliance with regulatory requirements

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity, subject to appropriate safeguards.

6. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Employee training on data protection practices
• Secure data centres and hosting environments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the type of information and the purpose for which it was collected:

• Booking Information: Retained for 7 years for tax and accounting purposes
• Marketing Preferences: Retained until you withdraw consent or request deletion
• Website Analytics: Anonymised data may be retained indefinitely for research purposes
• Communication Records: Retained for 3 years for customer service purposes

8. Your Rights Under GDPR

If you are a resident of the European Union, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request copies of your personal data that we hold.

8.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data.

8.3 Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

8.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances.

8.5 Right to Data Portability

You have the right to request transfer of your personal data to another organisation or directly to you.

8.6 Right to Object

You have the right to object to our processing of your personal data under certain circumstances.

8.7 Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure that any such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant authorities
• Certification schemes and codes of conduct

10. Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes indicates your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.