Privacy Policy

Introduction

Galenvoy is committed to protecting the privacy of travelers who book railway journeys through our Penang office. This privacy policy explains how we collect, use, store, and protect personal information provided during the booking process and journey participation. By engaging our services, you acknowledge and consent to the practices described in this document.

For questions regarding this policy, please contact us at [email protected].

Data Collection

Information We Collect

We collect the following categories of personal data:

• Contact information: name, email address, phone number, mailing address
• Travel documentation: passport details, nationality, emergency contact information
• Payment information: credit card details processed through secure third-party payment processors
• Dietary requirements and accessibility needs: information necessary to accommodate traveler requirements
• Travel preferences: interests, previous travel experiences, specific requests
• Website usage data: IP address, browser type, pages visited, time spent on site

How We Collect Data

Personal data is collected through:

• Booking forms submitted through our website
• Email and telephone communications with our Penang office
• Pre-departure questionnaires provided to confirmed travelers
• Automated website analytics tools

Use of Personal Data

We use collected personal data for the following purposes:

• Processing and confirming journey bookings
• Communicating journey details, itineraries, and pre-departure information
• Coordinating with Sri Lankan accommodation providers, guides, and transportation services
• Providing customer support before, during, and after journeys
• Processing payments and maintaining financial records
• Sending marketing communications about future journey offerings (with consent)
• Improving our website, services, and journey packages based on feedback and usage patterns
• Complying with legal obligations and protecting our business interests

Data Sharing and Third Parties

We share personal data with the following categories of third parties:

Service Providers

• Sri Lankan accommodation providers (hotels, bungalows, guesthouses) for reservation purposes
• Local guides and tour operators for journey coordination
• Payment processors for secure transaction handling
• Email service providers for communication delivery

Analytics and Website Services

We use Google Analytics to understand website usage patterns. These services may collect anonymized data about site visits, pages viewed, and user behavior.

Legal Requirements

We may disclose personal data when required by Malaysian or Sri Lankan law, or when necessary to protect our legal rights or the safety of travelers and staff.

Data Protection and Security

We implement the following security measures to protect personal data:

• Secure Socket Layer (SSL) encryption for data transmission through our website
• Password-protected access to customer databases and booking systems
• Regular security audits of our systems and processes
• Staff training on data protection and confidentiality requirements
• Secure storage of physical documents containing personal information
• Regular data backups stored in encrypted format

While we implement reasonable security measures, please note that no internet-based system can be completely secure. We cannot guarantee absolute security of data transmitted through our website or stored in our systems.

Data Retention

We retain personal data for the following periods:

• Booking and travel records: seven years from journey completion (for financial and legal compliance)
• Marketing communications consent: until consent is withdrawn
• Website analytics data: 26 months from collection
• Email correspondence: three years from last communication

After these retention periods, personal data is securely deleted or anonymized.

Cookies and Website Tracking

Our website uses cookies and similar tracking technologies to enhance user experience and gather usage data. Types of cookies used include:

• Essential cookies: Required for basic website functionality and security
• Analytics cookies: Help us understand how visitors interact with our website
• Preference cookies: Remember user settings and preferences

For detailed information about our cookie usage, please review our Cookie Policy.

Your Rights

Under Malaysian data protection law (Personal Data Protection Act 2010), you have the following rights:

• Right to access: Request copies of personal data we hold about you
• Right to correction: Request correction of inaccurate or incomplete personal data
• Right to withdrawal of consent: Withdraw consent for marketing communications or optional data processing
• Right to data portability: Request transfer of your data to another service provider where technically feasible
• Right to restriction: Request limitation of data processing in certain circumstances
• Right to deletion: Request deletion of personal data (subject to legal retention requirements)

To exercise these rights, contact us at [email protected]. We will respond to requests within 21 days.

Marketing Communications

We may send marketing communications about new journey packages, special offers, and travel-related content to customers who have:

• Explicitly consented to receive marketing emails during the booking process
• Previously booked journeys with us (existing customer communications)

You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in email communications or contacting [email protected].

Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from individuals under 18 without parental consent. If a parent or guardian becomes aware that their child has provided personal information without permission, please contact us immediately.

International Data Transfers

Personal data collected in Malaysia may be transferred to Sri Lanka for the purposes of journey coordination and service delivery. We ensure that appropriate safeguards are in place when transferring data internationally, including contractual agreements with Sri Lankan service providers regarding data protection standards.

Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices, legal requirements, or business operations. When significant changes are made, we will notify existing customers via email. The "Last Updated" date at the top of this page indicates when the most recent revisions were implemented.

Contact Information

For questions, concerns, or requests regarding this privacy policy or our data protection practices, please contact: