Privacy Policy

Last Updated May 2026

Roza Tour ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit rozatour.com or use our services. We comply with the EU General Data Protection Regulation (GDPR), Algerian data protection law, and other applicable regulations.

1. Information We Collect

Personal Data You Provide

• Name, email, phone number
• Passport details (only when required for visa support)
• Payment information (processed securely by PayPal/Stripe — we never store full card numbers)
• Travel preferences and special requirements

Data Collected Automatically

• IP address, browser type, device information
• Pages visited, time spent on site
• Cookies (see Cookie Policy below)

2. How We Use Your Data

• To process your tour booking and visa application
• To communicate with you about your trip
• To improve our services and website
• To send marketing emails (only with your explicit consent — you can unsubscribe anytime)
• To comply with legal obligations (tax records, government reporting)

3. Who We Share Data With

We share data only with:

• Hotels, transport providers, and certified guides involved in your tour
• Algerian Ministry of Tourism (for visa processing only)
• Payment processors (PayPal, Stripe) for transactions
• Email service providers for booking confirmations

We never sell your data to third parties.

4. Your Rights Under GDPR

If you are a resident of the European Economic Area, you have the following rights:

• Right of access: request a copy of your personal data
• Right to rectification: correct inaccurate data
• Right to erasure: request deletion of your data ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing for marketing purposes
• Right to withdraw consent at any time

To exercise any of these rights, email privacy@rozatour.com. We respond within 30 days.

5. Data Retention

We keep your booking data for 7 years (legal requirement for tax records). Marketing data is deleted within 30 days of unsubscribe. Visa-related documents are deleted within 90 days of trip completion.

6. Data Security

We protect your data with: SSL encryption (HTTPS) on all pages, encrypted database storage, restricted access to authorized staff only, regular security audits, and PCI-DSS compliant payment processing.

7. Cookies

We use cookies to:

• Remember your language and currency preferences (functional cookies)
• Analyze site traffic via Google Analytics (analytics cookies)
• Show you relevant content (preference cookies)

You can manage cookies through our cookie banner or your browser settings. Refusing cookies may limit some site features.

8. International Data Transfers

As an Algerian company serving international travelers, your data may be processed in Algeria. We ensure adequate protection through standard contractual clauses approved by the European Commission.

9. Children

Our services are not intended for children under 16. We do not knowingly collect data from minors without parental consent.

10. Contact Us

Data Protection Officer: privacy@rozatour.com

Roza Tour, M'sila, Algeria

You also have the right to lodge a complaint with your local data protection authority.

11. Updates

We may update this policy. Changes will be posted on this page with a new "Last updated" date. Material changes will be notified via email to active customers.