01 5622 506568
Menu
01 5622 506568

Privacy Policy

Privacy Policy of Mystic Yunnan International Travel (Hong Kong) Limited

Effective Date: 20/06/2025

1. Introduction Mystic Yunnan International Travel (Hong Kong) Limited (“ChinaMystic,” “we,” “us,” or “our”) is a Hong Kong-registered online travel agency specializing in inbound tourism services, crafting authentic travel experiences in Yunnan for international travelers. This Privacy Policy outlines how we collect, use, secure, disclose, and otherwise process your personal data in compliance with the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulation (GDPR) where applicable, and other relevant data protection laws. By using our website and services, you acknowledge and agree to the practices described in this policy.  

2. Information We Collect To provide you with our travel services and ensure a seamless experience, we may collect the following types of personal data:

  • Identity and Contact Details: Full name, email address, phone number, nationality, date of birth, passport details (number, expiry date, issuing country), visa information (if applicable), and residential address.  
  • Travel Preferences and Booking Details: Information about your travel plans, special requests (e.g., dietary requirements, accommodation preferences, accessibility needs), fitness level or health information relevant to specific activities (especially for high-altitude trips, provided with explicit consent), flight details, itinerary specifics, and feedback or reviews you provide.  
  • Payment Information: Credit/debit card details (processed securely through third-party payment gateways), billing address, and transaction history. We typically do not store full credit card details on our servers.  
  • Technical Data: IP address, device information (type, operating system), browser type and version, location data (if enabled), website usage data (e.g., pages visited, time spent, clicks, booking paths) collected via cookies and similar technologies.  
  • Communications: Records of your correspondence with us, including emails, chat logs, and phone call summaries (if applicable).

3. How We Use Your Information We process your personal data based on lawful grounds, including the necessity to perform our contract with you, your consent (where required), compliance with legal obligations, and our legitimate interests in providing and improving our services. Your information enables us to:  

  • Design, customize, and confirm your travel itineraries and bookings, including arranging necessary permits (e.g., for Tibet or other restricted areas).  
  • Process payments for deposits and final balances.  
  • Communicate with you regarding your booking, inquiries, updates, and provide customer support.  
  • Facilitate reservations and service provision with third-party suppliers (e.g., airlines, hotels, local guides, transport providers).  
  • Personalize your experience on our website and improve our services through analysis of usage patterns (often using anonymized or aggregated data).  
  • Send you marketing communications, newsletters, or promotional offers if you have opted-in (you can opt-out at any time using the instructions provided in each communication).  
  • Ensure the safety and security of our clients and operations.
  • Comply with legal and regulatory requirements, including fraud prevention and response to lawful requests from authorities.  

4. Data Sharing and Disclosure We do not sell your personal data. We may share your information with the following parties only when necessary:

  • Third-Party Service Providers: Hotels, airlines, transport companies, local tour operators, guides, permit-issuing authorities, and other partners essential for fulfilling your travel arrangements. These partners may be located inside or outside Hong Kong.  
  • Payment Processors: Secure third-party payment gateways to process your payments.
  • IT and Technical Support Providers: Companies assisting us with website hosting, data storage, security, and analytics.
  • Legal and Regulatory Authorities: When required by law, court order, or governmental regulation (e.g., Hong Kong authorities, relevant EU regulators if GDPR applies).  
  • Business Transfers: In connection with a merger, acquisition, asset sale, or other corporate restructuring. You will be notified in advance if your data becomes subject to a different privacy policy.  
  • With Your Consent: We may share information for other purposes with your explicit consent (e.g., publishing your reviews or travel stories on our platforms).  

We ensure that appropriate safeguards are in place for any cross-border data transfers, adhering to PDPO, GDPR (e.g., Standard Contractual Clauses, adequacy decisions), or other applicable legal requirements.  

5. Your Data Protection Rights Under applicable data protection laws (including PDPO and GDPR), you have certain rights regarding your personal data, subject to legal limitations:

  • Right to Access: Request a copy of the personal data we hold about you.  
  • Right to Correction (Rectification): Request correction of inaccurate or incomplete data.  
  • Right to Erasure (Deletion): Request deletion of your personal data when it is no longer necessary for the purposes collected, or based on other legal grounds. Note that we may need to retain certain information for legal or administrative purposes (e.g., financial records ).  
  • Right to Object: Object to the processing of your data for certain purposes, such as direct marketing.  
  • Right to Restrict Processing: Request the restriction of processing under certain circumstances.  
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format to transfer it to another service provider.  
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.  

To exercise these rights, please contact us using the details in Section 11. We aim to respond to verifiable requests within a reasonable timeframe (typically 30 days).  

6. Data Security We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:  

  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption for data transmission.  
  • Strict access controls, including role-based permissions and authentication measures.  
  • Network security measures like firewalls and intrusion detection systems.  
  • Regular security assessments and updates.
  • Staff training on data protection and privacy obligations. While we strive to protect your data, no system is 100% secure, and we cannot guarantee absolute security.  

7. Cookies and Tracking Technologies Our website uses cookies (small text files stored on your device) and similar technologies for various purposes:

  • Essential Cookies: Necessary for core website functionality, like managing sessions, user authentication, and processing bookings.  
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics), allowing us to improve performance and user experience. This data is typically aggregated and anonymized.  
  • Preference Cookies: Remember your settings and preferences (e.g., language, currency) for a more personalized experience.  
  • Marketing/Third-Party Cookies: May be used by us or third-party partners (e.g., advertising networks, social media platforms) to deliver relevant advertisements or enable social features. These are subject to the third parties’ own privacy policies. You can manage your cookie preferences through your browser settings, although disabling certain cookies may impair website functionality.  

8. Data Retention We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. General retention periods include:  

  • Booking Data: Retained as necessary to provide the service and for a period afterward to handle inquiries or feedback, and as required by law (e.g., financial records usually for 7 years in Hong Kong ).  
  • Account Data: Retained while your account is active or as needed to provide services. You can request account deletion.  
  • Marketing Data: Retained until you withdraw your consent (opt-out).  
  • Legal Obligations: Data may be retained longer if required for legal claims, audits, or regulatory compliance.  

9. Third-Party Links Our website may contain links to third-party websites or services (e.g., payment gateways, social media sites). We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal data.  

10. Children’s Privacy Our services are not directed at children under the age of 18 (or the relevant age of majority). We do not knowingly collect personal data from children without appropriate parental consent. If you believe we have collected data from a child inadvertently, please contact us immediately.  

11. Updates to This Policy We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by posting the updated policy on our website and updating the “Effective Date,” or via email if appropriate. Your continued use of our services after such changes constitutes your acceptance of the revised policy.  

12. Governing Law This Privacy Policy is governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region.  

13. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: Email: [email protected]