INDALO TRAVEL LLC

Privacy Policy 

Please read this Privacy Policy carefully before using our Website or submitting any personal information.

Last updated: 10/1/2025

Indalo Travel LLC, a Virginia limited liability company referred to in this Privacy Policy as “Indalo Travel”, “we,” “us,” or “our.” We are committed to respecting your privacy and protecting your personal information.  In support of our commitment, we developed this privacy policy (“Privacy Policy”) in order to be transparent about how we collect, use, disclose and safeguard your (and/or the members of your group/traveling party’s) personal information submitted by you at https://www.indalo.travel/   (“Website”), as well as any other media form, media channel (including, without limitation, email), mobile website, mobile application, or call center, related or connected thereto our Website, regardless of whether they directly display or link to this Privacy Policy (individually, a “connected service”, and collectively, “connected services”).  

This Privacy Policy applies to, (i) all connected services relating to Indalo Travel, including all information collected through our connected services; (ii) information collected by us (or on our behalf) but excluding instances where your information is collected under a different Privacy Policy or notice made available to you at the time your information is collected and (iii) information shared with us by third parties for our own use, as well as publicly available information collected by us.

The collection, use, and disclosure (collectively, “processing”) of information described in this Privacy Policy is controlled by Indalo Travel. If you have any questions or concerns about this Privacy Policy or our practices with regards to the information processed under this notice, please contact us using the contact information and methods provided under the Contact Us section below. By using the Website, you are accepting the practices described in this Privacy Policy. These practices may be changed from time to time, but any changes will be posted to our Website and we will take the appropriate steps to inform you consistently of the significance of the changes, and in accordance with applicable law. As it deems necessary, Indalo Travel reserves the right to amend or make revisions to this Privacy Policy at any time and for any reason in its sole discretion. You can see the date the policy was last updated by looking at the “Last updated” date shown at the beginning of this Privacy Policy document. You are encouraged to review the Privacy Policy whenever you visit the site to make sure that you understand how any personal information you provide will be used. Your continued use of our services (including without limitation using our Website or submitting any personal information) after any changes to the Privacy Policy constitutes your consent to said changes.

Note: The privacy practices set forth in this Privacy Policy are for this Website only. If you link to or utilize other websites, you must review the privacy policies posted at those sites.

PERSONAL INFORMATION WE COLLECT. We collect personal information from you in a variety of ways, described as follows:

Information directly provided by you. When you create an account, book a reservation, make a purchase or attempt to make a purchase with us, we will collect certain information from you, including your full legal name, travel preferences, billing address, mailing address, payment information (including credit card numbers), email address, and phone number. 

We may collect other information to assist you with your travel plans including but not limited to, passport number, driver’s license or other government-issued identification number, date of birth, gender, arrival and departure locations and times, airline, hotel or car rental frequent loyalty numbers, known traveler and global entry number, and other related travel information.

Information about your Travel Companions. When you make a reservation for your minor child or someone else through our Website, we will request personal information about that individual. As a parent or legal guardian of said minor child you hereby consent to providing us with their personal information.  In the event you are making a reservation for someone else through our Website, you should obtain the consent of said individual prior to providing us with their personal information. The information You provide will only be available to view and amend through your account. Should your someone else want to amend or delete their information themselves they can contact us directly as described in the Contact Us section at the bottom of this policy.

Information that we collect automatically. When you visit the Website, we may collect certain information about your device, including information about your web browser, IP address, time zone and the cookies that are installed on your device. Additionally, as you browse the Website, we may collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website. We refer to this automatically collected information as “Device Information.”

We collect Device Information using the following technologies:

• “Cookies” are small data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org

• “Log files” track actions occurring on the Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

• “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Website.

Information we collect when you communicate with us via Social Media. If you make use of any of our social media features on our Website or otherwise through a social media provider, we may access information about you via that social media provider in accordance with their privacy policy.

Information we collect when you communicate with us by phone. Calls to and from our agent(s) may be recorded or monitored for quality control purposes, to protect us in the event of a legal dispute and for staff training. Call recordings will be maintained consistent with this Privacy Policy. Any personal information obtained from you during the call will be treated in accordance with the provisions of this Privacy Policy.

Information we collect when you communicate with us through the Website. Any interactions you have with us through our Website, such as chat, may be recorded and monitored for quality control purposes, to protect us in the event of a legal dispute and for staff training. This information will be processed and maintained consistent with this Privacy Policy.

ALL PERSONAL INFORMATION THAT YOU PROVIDE TO US MUST BE TRUE, COMPLETE AND ACCURATE, AND YOU MUST NOTIFY US OF ANY CHANGES TO SUCH PERSONAL INFORMATION. 

HOW WE USE YOUR PERSONAL INFORMATION. We use the information we collect for a variety of purposes supporting our business uses, including the following:

We use your Order Information to make reservations on your behalf and to fulfill orders placed through the Website (including creating an account with us, processing your payment information, making travel reservations, and providing you with invoices and/or order confirmations).  This includes sharing your booking information with other parties so we can fulfil your booking.

Additionally, we use your Order Information to:

• Communicate with you;

• Provide you with travel confirmations and updates for upcoming trips;

• Screen our orders for potential risk or fraud; and

• When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. You are able to opt-out of these communications at any time.

We use the Device Information that we collect to:

1. Help us screen for potential risk and fraud (in particular, your IP address), and

2. more generally to improve and optimize our Website (for example, by generating analytics about how our customers browse and interact with the Website, and to assess the success of our marketing and advertising campaigns).

3. To help us recognize you as a previous visitor and remember any preferences that may have been set while your browser was visiting our site.

4. We may also use this information to display ads and offers that are more relevant to you.

5. We also may allow our service providers to use this information to, for example, help us understand which emails have been opened by recipients and to track the visitor traffic and actions on our site.

You can contact us about updating or accessing your information through our contact information within the Contact Us section at the bottom of this Privacy Policy.

SHARING YOUR PERSONAL INFORMATION. We share your Personal Information with third parties only when necessary to help provide the services described herein above. For example, we share your information with travel providers such as airlines, hotels, car rental, activity providers, rail and cruise lines as required in order to make travel reservations on your behalf. In addition, we share Order Information with our online store provider so that they can process your payments for us. We also may share your information with third-party vendors who provide services or functions on our behalf.

We may share your Personal Information with business partners with whom we may jointly offer products or services, or whose products or services may be offered on our Website. You can tell when a third-party business partner is involved in a product or service you have requested because their name will appear, either alone or with ours. If you choose to access these optional services, we will on occasions share information about you, including your personal information, with those partners.

We share your Personal Information with third party services providers who provide data processing services to us (for example, to support the delivery of; provide functionality on; or help to enhance the security of our Online Services), or who otherwise process personal information for purposes such as credit card processing, business analytics, customer service, marketing, distribution of surveys or sweepstakes programs, and fraud prevention. Where third-party service providers have access to data they will only collect information as needed to perform their functions. They are not permitted to share or use the information for any other purpose.

We also use Google Analytics to help us understand how our customers use the Website--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: .https://tools.google.com/dlpage/gaoptout We may share aggregate or anonymous information with third parties, including advertisers. 

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

HOW WE PROTECT YOUR INFORMATION. We have implemented appropriate technical and organizational data security measures designed to protect the security of any personal information we process from unauthorized access, loss, or misuse.  To the extent appropriate or required by applicable law, these security measures include the following:

• Access to personal information is limited to authorized employees and service providers who need access to perform the activities described in this Privacy Policy on our behalf.

• Personal information is pseudonymized where appropriate or required by law, and sensitive personal information transferred to or stored on any mobile device is encrypted using industry-accepted encryption solutions.

• Personnel engaged in the processing of personal information are informed of the confidential nature of personal information, receive appropriate training on their responsibilities, and are obligated pursuant to our policies to maintain the confidentiality of personal information.

• The effectiveness of our security measures are regularly tested, assessed, and evaluated to ensure the ongoing security of processing systems.

• Internet-connected databases containing personal information are monitored for unauthorized intrusions using network-based and/or host-based intrusion detection mechanisms.

• Service providers and other third parties engaged by us to process personal information on our behalf are contractually obligated to process personal information only on our documented instructions and must provide similar security measures as those used by us or as required under applicable law.

• Cardholder data is safeguarded via PCI DSS compliance. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider's database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.

Although we strive to provide reasonable and appropriate security for the personal information we process, no security system can prevent all potential security breaches.  In particular, email or forms sent using our connected services may not be secure.  You should take special care before deciding to send us information via email and the transmission of personal information to and from our connected services is at your own risk.  Further, if you create an account through our connected services, it is your responsibility to protect your access credentials from unauthorized access or use.

LINKS TO THIRD-PARTY WEBSITES.We are not responsible for and do not endorse the content of third-party websites or resources available through our connected services. This Privacy Policy only applies to our connected services that link to this Privacy Policy.  However, our connected services may contain links to third-party sites or services.  We do not endorse and are not responsible for the content of third-party websites or resources, and our Privacy Policy does not apply to any sites that are not controlled by Indalo Travel, even if you access such sites via a link on our connected services.  You should review the privacy policies and terms of use of any third-party site before providing any information to the controller of such site.

ACCOUNT INFORMATION. If you would at any time like to review or change the information in your account or terminate your account, you can log into your account settings and update your user account.  Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.  However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

BEHAVIORAL ADVERTISING. As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. Please note that we do not have access to or control over cookies or other technologies these third parties may use to collect information about your interests, and the information practices of these third parties are not covered by this Privacy Policy. Some of these companies are members of the Network Advertising Initiative, which offers a single location to opt out of ad targeting from member companies. In addition, you can opt out of targeted advertising using the following links:

FACEBOOK https://www.facebook.com/settings/?tab=ads
GOOGLE https://www.google.com/settings/ads/anonymous
BING https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. Note that if you choose not to receive tailored ads, you may still see general online advertisements.

Changes in Preference and Opting Out of Email Marketing. We comply with the CAN-SPAM Act of 2003 and do not spam or send misleading information. Should you wish to no longer receive communication from us, you have the option of unsubscribing by clicking “unsubscribe” in the bottom of the email we send to you or by contacting us using the details provided under the Contact Us section below.

DO NOT TRACK. Certain browsers may offer you the option of providing notice to websites that you do not wish for your online activities to be tracked for preference-based advertising purposes (“DNT Notice”). Some browsers are, by default, set to provide a DNT Notice, whether or not that reflects your preference. Providing DNT Notice is often touted as a means to ensure that cookies, web beacons and similar technology are not used for preference-based advertising purposes – that is, to restrict the collection of information your online activities for advertising purposes. Unfortunately, given how preference-based advertising works, DNT Notices may not effectively accomplish this goal. For this and a variety of other reasons, with respect to our Website, we do not alter our Website’s data collection and use practices based on browser based DNT Notices. Rather, if you do not wish to participate in preference-based advertising activities, you should follow the opt-out process identified above.

JURISDICTION-SPECIFIC RIGHTS.In some regions and jurisdictions (such as California and other U.S. states, and the European Economic Area), you may have certain additional rights under applicable data protection laws.  To the extent that relevant jurisdictions grant additional privacy rights to individuals, please visit the websites included herein and/or visit your state's official government website to access your specific state’s privacy rights.

IMPORTANT INFORMATION REGARDING MINORS. Our connected services are intended for general audiences.  We are in compliance with the requirements of the Federal Trade Commission’s Children's Online Privacy Protection Act (COPPA), and as such we do not knowingly collect any personal information from children under the age of 13 through our connected services, except after obtaining verifiable parental consent or as otherwise permitted under applicable law.

IF YOU ARE NOT OLD ENOUGH TO FORM LEGALLY BINDING OBLIGATIONS IN YOUR APPLICABLE JURISDICTION, PLEASE TALK TO YOUR PARENTS OR GUARDIANS BEFORE USING OUR ONLINE SERVICES OR PROVIDING YOUR NAME OR OTHER PERSONAL INFORMATION TO INDALO TRAVEL.  YOU CANNOT SUBMIT INFORMATION TO OUR ONLINE SERVICES WITHOUT YOUR PARENT’S OR GUARDIAN’S PERMISSION.  If the parent or guardian of a child believes that their child has provided us with personal information without permission, the parent or guardian should contact us using the details provided under Contact Us below to request access to the information and deletion of such information where required. For more information regarding protecting children’s privacy online visit https://www.ftc.gov/business-guidance/privacy-security/childrens-privacy.

INTERNATIONAL TRANSFERS. We may transfer, store, and process your information in, to, through or with countries other than your own. 

Indalo Travel and our servers are located in the United States. If you are engaging with us from outside the United States, please be aware that your information will be transferred to, stored, and processed by us in our facilities located in the United States and by those third parties with whom we may share your personal information, which third parties may be located in the United States or in other countries.  The level of protection for your information in the United States or such other countries may not be the same as the level of protection in your country.

If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will, however, take all necessary measures to protect your personal information in accordance with this Privacy Policy and applicable law.

In particular, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States and has certified its compliance with it. As such, we are committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Data Privacy Framework, to the Framework’s applicable principles. To learn more about the Data Privacy Framework, visit https://www.dataprivacyframework.gov/Program-Overview. 

Indalo Travel is responsible for the processing of personal information it receives, under the Data Privacy Framework, and subsequently transfers to a third-party acting as an agent on its behalf. With respect to personal information received or transferred pursuant to the Data Privacy Framework, Indalo Travel is subject to the regulatory enforcement powers of the U.S. FTC. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  

EUROPEAN RESIDENTS. If you reside in Europe or your personal information is otherwise covered by the European Union’s General Data Protection Regulation (GDPR) or U.K. Data Protection Act (collectively, “European PrivacyRegulations”), you have additional rights with respect to the collection, use, transfer, and processing of your personal information. For more detailed information please visit https://gdpr.eu/privacy-policy/.

YOUR CALIFORNIA PRIVACY RIGHTS. The California Consumer Privacy Act (California Civil Code Section 1798.83 “CCPA”) provides additional privacy rights to California residents as stated below.

Informative Request. You have the right to know and see what data we have collected about you over the previous twelve months, including:

• The personal information we have collected about you

• The categories of sources from which the personal information is collected

• How any personal information collected is used by us

• The categories of third parties with who we have shared your personal information.

When requested we will share all information collected in the previous twelve months from the date of request. We do not sell any of the personal information we have collected to you to any third party.

Request to Delete. You have the right to request that we delete the personal information we have collected. Under the law, there are a number of exceptions, that include, but are not limited to when the information is necessary for us or a third party to do any of the following:

• Complete your transaction

• Provide you a service we offer

• Fix our system in the case of a bug

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.)

• Protect your security and prosecute those responsible for breaching it

• Comply with a legal obligation

• Engage in scientific, historical, or statistical research in the public interests that adhere to all other applicable ethics and privacy laws

• Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. Additionally, you may appoint an agent to make any above request on your behalf, we may require evidence of such appointment to comply with any requests made by agents. You also have the right not to be discriminated against for exercising any of the rights listed above.

Exercising your rights. To request access to or deletion of your personal information, or to exercise any other data rights under California law, please contact us as per the Contact Us section below to submit any requests for the personal information collected.

Responding to Requests. It is our goal to respond to your request for the collected information or the deletion of the information we have collected within 45 days of receiving that request. If we require more time or unable to comply with your request, we will inform you of the reason and inform you of the extension period for completion in writing.

You may learn more about your rights under California’s privacy laws at https://oag.ca.gov/privacy.

DATA RETENTION. We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).  When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

GOVERNING LAW AND JURISDICTION. This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Virginia, without regard to conflict of law principles. Any controversy or claim arising out of or relating to these terms shall be brought exclusively in a jurisdiction located in the State of Virginia.

CONTACT US.  If you have any questions or comments about this Privacy Policy, or to submit a request or otherwise exercise your privacy rights under this Privacy Policy, please contact us at dana@indalo.travel.