Data Protection

1. Objective

The Personal Data Protection Policy informs users, customers, suppliers, employees, and others about the guidelines under which Kantatiry EIRL. (hereinafter “Ktour”) manages and regulates the processing of personal data. This includes the exercise of ARCO rights to ensure privacy, prevent security breaches, and avoid unauthorized access or misuse of data by third parties.

2. Scope

This policy applies to all Ktour personnel whose roles align with its provisions, as well as customers and suppliers involved in passenger, cargo, and institutional transportation services.

3. Definitions

• Data Subject: The individual to whom the personal data belongs.
• Personal Data: Any information about an individual that identifies or makes them identifiable through reasonable means.
• Sensitive Personal Data: Private information about the data subject, such as racial or ethnic origin, income, union membership, or other similar information.
• Database: An organized collection of personal data.
• Database Owner: Ktour and its affiliated companies.
• Data Protection Notice: An electronic item, physical document, or any format provided by Ktour to inform the data subject about data processing before it occurs.
• Consent: The data subject’s explicit, informed, prior, and unequivocal agreement to process their personal data.
• ARCO Rights: Rights protected under Law No. 29733 – Personal Data Protection Law, empowering data subjects to control their personal data:
  • Access: Data subjects can access their information stored in Ktour databases.
  • Rectification: Data subjects can correct inaccurate or incomplete personal data.
  • Cancellation: Data subjects can request the deletion of their data from Ktour databases.
  • Objection: Data subjects can oppose the processing of their personal data.

4. Guidelines

4.1 Governing Principles

Ktour, as the owner of personal databases, complies with the following principles outlined in Law No. 29733:

a. Legality:
Personal data processing must adhere to the law and must not be obtained through fraudulent, unfair, or illegal means.

b. Consent:
The data subject must provide explicit, informed, prior, and unequivocal consent for their data to be lawfully processed.

c. Purpose:
Data must be collected and processed exclusively for the purposes for which consent was given.

d. Proportionality:
The processing of personal data must be appropriate, relevant, and not excessive in relation to its intended purpose.

e. Accuracy:
Personal data must be accurate and reflect the data subject’s reality.

f. Security:
Ktour must implement technical, organizational, and legal measures to ensure optimal data protection, minimizing risks from human or technological actions (e.g., data breaches, tampering).

g. Resource Availability:
Data subjects have access to internal Ktour channels and administrative or judicial avenues to assert their rights if violated.

h. Adequate Protection Level:
For cross-border data transfers, Ktour ensures that the receiving country provides an adequate or comparable level of protection.

4.2 Consent

Ktour must obtain explicit consent from data subjects before processing or transferring their personal data, in compliance with the Personal Data Protection Law.

4.3 Processing of Minors’ Data

Ktour will only process minors’ data with prior consent from their parent(s) or legal guardian(s), who will be responsible for all actions taken by the minor. If unauthorized minors’ data is identified, it will be promptly deleted.

4.4 Data Retention Period

Personal data will be collected, used, and stored only for as long as necessary to fulfill Ktour’s intended purposes.

4.5 Purpose of Data Processing

Ktour processes data for the following purposes:

• Registering and storing customer data for passenger transportation services and commercial communications.
• Managing the Frequent Passenger Program, enabling access to promotions, discounts, and new services.
• Conducting internal reports for institutional transportation services.
• Analyzing user interactions and preferences related to cargo services and advertisements.

4.6 ARCO Rights Requests

Data subjects may exercise their ARCO rights by submitting the request form (download here) to the designated email. If acting through a representative, a notarized power of attorney and identification documents must be provided.

4.7 Non-Discrimination

Data subjects will not face discrimination or unjustified obstacles when exercising their ARCO rights.

4.8 Data Transfers

Ktour will not transfer personal data unless required by administrative, law enforcement, or judicial authorities.

4.9 Delegated Data Processing

Ktour may outsource data processing to authorized and evaluated providers.

4.10 Security Measures

Ktour implements appropriate security measures based on the type of data and ensures compliance with this policy to minimize risks.

5. Responsibility

Ktour owns this policy and reserves the right to update it on the website to comply with legal requirements.