Privacy Policy

INTRODUCTION

  • EXPERIENCIAS MÁGICAS SAC, is a company in the tourism sector dedicated to the sale of tourist services nationwide through service intermediation, which includes: ticket sales, transportation, private transfers, lodging and food services, tourist packages and full days located at Calle Clorinda Matto de Turner No. 305 Int. 301, Urb. Magisterio del Distrito, Provincia y Departamento del Cusco, is obliged to comply with current Peruvian legislation on the protection of personal data, Law No. 29733 on the Protection of Personal Data and its complementary provisions.
  • Therefore, it undertakes to:
  • The collection and use of personal information. o Ensure the quality and security of information. o Respect individuals’ rights regarding information about themselves.
  • EXPERIENCIAS MÁGICAS SAC. is committed to the protection, management, and appropriate processing of the personal data to which it has access in the regular operation of its business. This commitment includes the review and continuous improvement of the organization’s processes to guarantee adequate protection of said personal data and the guidelines established by the company for the collection and processing of personal data to ensure respect for the rights of its owners and compliance with the current regulatory framework. The Policy may be supplemented with additional procedures, regulations, and/or guidelines that develop the provisions of this document, provided they are aligned with its guiding principles.

AIM

The purpose of this document is to establish principles, uniform practices, and responsibilities regarding the processing of personal data in which EXPERIENCIAS MÁGICAS SAC is involved.

 

RANGE

  • This document applies to all processes of EXPERIENCIAS MÁGICAS SAC, which will use personal data of clients intended to be contained in the different databases of EXPERIENCIAS MÁGICAS SAC, and to the processing of these.
  • This Policy must be familiar with and fully complied with by all EXPERIENCIAS MÁGICAS SAC employees and suppliers. For the purposes of interpreting this Policy, the definitions contained in the Law, and in particular those included below, apply.

 

DEFINITIONS

  • Personal data: Any information that identifies a natural person or that can be identified through reasonably available means. For example, national identity document (DNI), passport, physical address, full name. Sensitive data: Personal data consisting of biometric data that can, by themselves, identify the data subject; data related to racial and ethnic origin; economic income; political, religious, philosophical, or moral opinions or beliefs; union membership; and health-related information.
  • Processing of personal data: Any technical operation or procedure, whether automated or not, that enables the collection, recording, organization, storage, storage, processing, modification, extraction, consultation, use, blocking, deletion, communication by transfer or dissemination, or any other form of processing that facilitates access, correlation, or interconnection of personal data. In short, the processing of personal data regulates all possible forms of use and processing of personal data within the organization, from its entry to its eventual deletion or storage.
  • Consent: Prior, free, unequivocal and express authorization that must be granted by the individual to authorize the processing of their personal data.
  • Prior: Must be obtained before collection.
  • Free: It should not be forced or conditioned.
  • Unequivocal and express: There should be no doubt about its manifestation and it must be recorded in some tangible medium. Personal database: An organized set of personal data, automated or not, regardless of the medium, whether physical, magnetic, digital, optical, or other, created, regardless of the form or method of its creation, formation, storage, organization, and access.

COMPLIANCE OFFICERS

  • EXPERIENCIAS MÁGICAS SAC will assign and communicate the corresponding responsibilities to all staff and suppliers for compliance with this Policy.
  • The General Management department within EXPERIENCIAS MÁGICAS SAC will be responsible for annually reviewing this Policy and making the necessary adjustments. This department will also be responsible for answering any questions related to the application and scope of this Policy.
  • Notwithstanding the foregoing, all employees of EXPERIENCIAS MÁGICAS SAC, as well as all suppliers and third parties with whom EXPERIENCIAS MÁGICAS SAC interacts in the course of its regular business and who have access to or process personal data, are subject to compliance with this Policy. Finally, no employee of EXPERIENCIAS MÁGICAS SAC may perform any actions or incur in any omissions on behalf of the Company that constitute a violation of the Law.

CONFIDENTIALITY

  • This Policy will be for the internal and exclusive use of EXPERIENCIAS MÁGICAS SAC and is therefore confidential. Any use other than that indicated is prohibited and must be expressly authorized in writing by General Management.
  • Personal data to which EXPERIENCIAS MÁGICAS SAC employees and related third parties have access or participate in its processing may not be processed or used in any way without the prior consent of the personal data owner, even after the termination of their relationship with EXPERIENCIAS MÁGICAS SAC, except for the exceptions regulated by law.
  • In the case of employees who, due to the nature of their duties, have access to confidential and sensitive personal information, EXPERIENCIAS MÁGICAS SAC will endeavor to develop specific training and awareness-raising activities. Individuals involved in the processing of personal data are required to maintain professional secrecy and confidentiality. This obligation will continue even after their relationship with EXPERIENCIAS MÁGICAS SAC has ended.

BEGINNING

All employees of EXPERIENCIAS MÁGICAS SAC must permanently comply with the principles established in the Law, which we detail below, in the exercise of their duties:

  1. Legality. The processing of personal data by EXPERIENCIAS MÁGICAS SAC will be carried out in accordance with the provisions of the Law. The collection of personal data through fraudulent, unfair, or illegal means is prohibited.
  2. Consent. EXPERIENCIAS MÁGICAS SAC may not process personal data without the prior, express, unequivocal, and free consent of the data subject, as required, except for the exceptions provided by law.
  3. Purpose. EXPERIENCIAS MÁGICAS SAC will collect personal data, clearly indicating the purpose for which it is collected. This purpose must be specific, explicit, and lawful. The personal data processed may not be used for purposes other than or incompatible with those for which it was collected, unless the data subject has given his or her consent. Therefore, EXPERIENCIAS MÁGICAS SAC will implement measures to guarantee:
  4. The collection, storage, and retention of personal data comply with the principles of proportionality and purpose.
  5. The adequate protection of personal data in compliance with appropriate technical and legal security measures. It should be noted that EXPERIENCIAS MÁGICAS SAC may not disclose personal data unless ordered by a reasoned court order or with the authorization of the data subject, subject to the safeguards provided by law. Furthermore, EXPERIENCIAS MÁGICAS SAC may not refuse to provide a public entity with information containing personal data, provided that such request is made in strict compliance with the powers assigned to said entities by current legislation.
  6. Proportionality. All processing of personal data carried out by EXPERIENCIAS MÁGICAS SAC must be adequate, relevant, and not excessive for the purpose for which it was collected.
  7. Quality. The personal data processed by EXPERIENCIAS MÁGICAS SAC must be truthful, accurate, and, to the extent possible, up-to-date, necessary, relevant, and adequate for the purpose for which it was collected. It must be retained in a manner that guarantees its security and only for the time necessary to fulfill the purpose of the processing, respecting the applicable legal retention periods for documents and information.
  8. Security. EXPERIENCIAS MÁGICAS SAC and the third parties it entrusts with the processing of personal data must adopt the necessary and appropriate technical, organizational, and legal measures to guarantee the security of personal data against various risks, such as accidental loss or destruction due to an accident, unauthorized access, covert use, or infection by malware or computer viruses. These measures will be established, communicated, and, if applicable, updated by EXPERIENCIAS MÁGICAS SAC.
  9. Adequate level of protection. If EXPERIENCIAS MÁGICAS SAC makes international transfers of personal data, it must guarantee an adequate level of protection for the personal data being processed, or at least comparable to that provided by law.
  10. Rights of personal data holders EXPERIENCIAS MÁGICAS SAC will have a simple and free procedure to address the rights of personal data holders contemplated in the Law: (i) information, (ii) access, (iii) update, (iv) inclusion, (v) rectification, (vi) deletion, (vii) prevent supply, (viii) opposition and (ix) objective treatment.

Therefore, MAGICAL EXPERIENCES SAC:

  • It will take the necessary measures to inform the owner of the personal data about the rights conferred by the Law.
  • It will adopt measures that allow the owner of the personal data to keep them updated.
  • It will comply with the obligation to promptly address requests and inquiries related to the rights of personal data subjects mentioned above within the legal framework. The following guidelines will apply to the processes for addressing the rights of personal data subjects.
  • The deletion or rectification of personal data will not be permitted when this affects the rights or legitimate interests of EXPERIENCIAS MÁGICAS SAC, its shareholders, employees or directors, or third parties, or when there is a legal obligation to retain personal data.
  • EXPERIENCIAS MÁGICAS SAC may reject certain requests when the disclosure of personal data could compromise or hinder ongoing judicial or administrative proceedings.

TRANSFERS OF PERSONAL DATA

The personal data processed by EXPERIENCIAS MÁGICAS SAC may only be transferred or assigned to third parties for the purposes related to the legitimate interests of the assignor and assignee, and with the prior, express, free, unequivocal, and informed consent of the data subject. Such consent will not be required in cases permitted by law.

COLLECTION OF SENSITIVE DATA

EXPERIENCIAS MÁGICAS SAC will only collect personal and/or sensitive data when strictly necessary and in compliance with the principles of purpose and proportionality. When the collection and processing of such data is derived from compliance with a legal obligation, EXPERIENCIAS MÁGICAS SAC will inform the data subject of this situation prior to collecting it.

DISCLOSURE OF PERSONAL DATA

  1. EXPERIENCIAS MÁGICAS SAC. will not disclose personal data to third parties except when:
  2. It is necessary for the purpose for which the personal data was collected, such as in the provision of services through third parties and suppliers.
  3. The owner of the personal data is informed before disclosure or at the time of collection of the personal data.
  4. The owner of the personal data gives his or her prior and express consent.
  5. Consent is not required by law.
  6. Personal data may be requested by public entities within the scope of their legal powers and responsibilities.
  7. Personal data may be necessary to satisfy the legitimate requirements of a company interested in acquiring any of EXPERIENCIAS MÁGICAS SAC’s operations, with the prior consent of its owner.
  8. Access to personal data is granted to auditors, lawyers, and other professionals bound by professional secrecy.

DELETION OF PERSONAL DATA

Once the processing of personal data has been completed and the principle of purpose has been met, and provided there is no legal mandate or reason justifying retaining the personal data, EXPERIENCIAS MÁGICAS SAC will delete the data from its records. Alternatively, EXPERIENCIAS MÁGICAS SAC may apply dissociation processes or equivalent procedures when, for commercial, statistical, or market analysis reasons, it is appropriate to retain such data. EXPERIENCIAS MÁGICAS SAC will define the respective procedures necessary for the deletion of personal data in a timely manner.

SANCTIONS REGIME

Any employee who violates the provisions set forth in this Policy will be considered a serious offense and subject to disciplinary action. EXPERIENCIAS MÁGICAS SAC will take the disciplinary measures it deems appropriate in cases of noncompliance by employees with the obligations stipulated herein.

DISSEMINATION AND COMPLIANCE WITH THE POLICY

MAGICAL EXPERIENCES SAC will seek to:

  1. That the provisions of this Policy be complied with.
  2. Make this Policy known, observed and respected by each employee.
  3. Publish this Policy in easily accessible locations.
  4. Enter into confidentiality obligations with employees, users, contractors, and third parties who access personal data contained in the databases.
2025 © - all rights reserved