Privacy Policy

Last updated: December 2025

1. Introduction and Legal Framework

GoLife Travel Agency ("GoLife," "we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with the legal framework of the Republic of Peru.

Our practices are governed by the following primary legislation:

• The Political Constitution of Peru: Article 2 recognizes the fundamental right to privacy and personal data protection.
• Personal Data Protection Law No. 29733 (PDPL): The principal law regulating data processing in Peru.
• Supreme Decree No. 016-2024-JUS (The New Regulation): The updated regulation that develops and clarifies the PDPL, with key provisions effective from March 30, 2025.
• The Peruvian Civil Code (Legislative Decree 295): Provides general legal principles applicable to contractual relationships and obligations.
• Law No. 32323 (Amending the Consumer Protection Code): Regulates unsolicited commercial communications.

This policy applies to all personal data we process through our website, booking platforms, customer service channels, and any other interaction you have with GoLife, whether you are in Peru or abroad.

2. Definitions

• Personal Data: Any information about a natural person that identifies them or makes them identifiable through reasonable means.
• Sensitive Data: Data that, by its nature, requires special protection, such as biometric data, racial or ethnic origin, political, religious, or philosophical convictions, health data, and sexual life information.
• Data Subject ("Titular"): The natural person to whom the personal data pertains.
• Data Controller ("Titular del banco"): GoLife, as the entity that determines the purpose and means of processing personal data.
• Processing: Any operation performed on personal data, including collection, recording, organization, storage, modification, consultation, use, and deletion.

3. Principles of Data Processing

In accordance with Articles 4 through 11 of Law No. 29733, we adhere to the following principles in all our data processing activities:

• Lawfulness: We process data only as permitted by law and never through fraudulent or illicit means.
• Consent: We obtain your prior, express, informed, and unequivocal consent for processing, unless another legal basis applies.
• Purpose: We collect data for specific, explicit, and lawful purposes, which are communicated to you at the time of collection. We will not process your data for incompatible secondary purposes.
• Proportionality: We only process data that is adequate, relevant, and not excessive for the intended purposes.
• Quality: We strive to ensure that the data we process is truthful, accurate, and, where necessary, kept up to date.
• Security: We implement appropriate technical, organizational, and legal measures to protect your data against unauthorized access, loss, or alteration.
• Remedy: We guarantee that you have effective administrative and judicial channels to enforce your rights.

4. Information We Collect

We collect information necessary to provide our travel agency services, which may include:

• Identification and Contact Data: Full name, national ID (DNI) or passport number, nationality, date of birth, email address, phone number, and physical address.
• Booking and Travel Data: Travel itinerary preferences, flight and accommodation details, payment information (processed securely by certified third parties), dietary requirements, and special assistance requests.
• Communications Data: Records of your interactions with our customer service, emails, and inquiries.
• Technical Data: IP address, browser type, device information, and cookies collected when you visit our website (see our Cookie Policy for details).

We will never request to photograph your National ID Document (DNI) for purposes such as delivery confirmation, as this practice has been deemed disproportionate and a violation of the principle of purpose by the National Authority for Personal Data Protection (ANPD).

5. Legal Basis and Purposes for Processing

We process your personal data based on the following legal grounds:

• Your Consent: For sending marketing communications about new tours, promotions, and travel offers. You may withdraw your consent at any time.
• Contractual Performance: To manage and fulfill your travel bookings, process payments, and provide the contracted services.
• Legal Obligation: To comply with tax, immigration, and consumer protection laws applicable in Peru and your travel destinations.
• Legitimate Interest: To improve our website and services, prevent fraud, and ensure network and information security.

6. Your ARCO+ Rights

You, as the data subject, have the following rights under Peruvian law, collectively known as the ARCO+ rights:

• Access: To request information about whether we are processing your data and to receive a copy of it.
• Rectification: To request the correction of inaccurate or incomplete data.
• Cancellation: To request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent, among other grounds.
• Opposition: To object, for legitimate reasons, to the processing of your data, especially for marketing purposes.
• Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format so you can transfer it to another service provider, where technically feasible.
• Withdrawal of Consent: To withdraw your consent for processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please submit a written request to our Data Protection Officer at the contact details provided in Section 11. We will respond to your request within the legal timeframe established by law.

7. Data Transfers and International Flows

As a travel agency, your data may be transferred to service providers located outside Peru (e.g., international airlines, foreign hotels, global tour operators). By using our services, you expressly authorize these international transfers. We ensure that all such transfers comply with Article 11 of the PDPL, requiring the recipient country to provide an adequate level of data protection or that adequate contractual safeguards are in place.

8. Data Security and Incident Notification

We implement technical and organizational security measures aligned with international standards (such as ISO/IEC 27001) to protect your data. In the event of a security incident that poses a high risk to your rights and freedoms, we are obligated to notify the National Authority for Personal Data Protection (ANPD) within 48 hours of becoming aware of it and, where required by law, to communicate the incident to you, the affected data subject.

9. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by Peruvian law (e.g., tax and commercial documentation laws). Once the retention period expires, we will securely delete or anonymize your data.

10. Marketing Communications and First Contact

We will only send you marketing communications (emails, calls, SMS) if you have given us your prior express consent. In compliance with recent legal developments, we note that the use of personal data obtained from publicly accessible sources for making a "first contact" for marketing purposes is subject to strict regulation and potential restrictions under consumer protection law.

You can opt out of receiving marketing communications at any time by using the "unsubscribe" link in our emails or by contacting us directly.

11. Data Protection Officer and Contact Information

In accordance with the phased implementation schedule of the New Regulation, GoLife will appoint a Data Protection Officer (DPO) by the deadline corresponding to our annual revenue.

For any questions, concerns, or to exercise your ARCO+ rights, please contact us:

• Email: [email protected]
• Mailing Address: Calle Cruz Verde 305, Arequipa, Peru

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. The updated version will be posted on our website with a new "Last Updated" date. We encourage you to review this policy periodically.

By using GoLife's services, you acknowledge that you have read and understood this Privacy Policy.