SGA EXPEDITIONS – SACRED GOLDEN ANDES
Address: Peru, Cusco, Calle San Andres N° 218
RUC: 20613793136
Email: info@sgaexpeditions.com
This Personal Data Processing and Protection Policy regulates the collection, storage, use, circulation, deletion, and all other operations related to the personal data of our guests, clients, users, suppliers, and third parties, in compliance with Law No. 29733 – Personal Data Protection Law and its Regulation (Supreme Decree No. 003-2013-JUS).
For the purposes of this policy, the following definitions apply:
Authorization: Prior, express, and informed consent from the data subject for the processing of personal data.
Database: Organized set of personal data in any format or medium.
Personal data: Any information related or linkable to an identified or identifiable individual.
Data subject: Natural person whose data is subject to processing.
Processing: Any operation or set of operations regarding personal data (collection, storage, use, circulation, deletion, processing, transfer, transmission, etc.).
Privacy notice: Written or electronic communication informing the data subject of this policy, purposes, and methods to exercise rights.
Public data: Information available in public sources (civil registry, public documents, gazettes, etc.).
Sensitive data: Data affecting privacy or whose misuse may cause discrimination (health, racial origin, religious beliefs, political opinions, sexual life, biometric data, union membership, and similar).
Transfer: Communication of personal data to a different controller, inside or outside the country.
Transmission: Communication of personal data to a processor acting on behalf of the controller.
Controller: SGA EXPEDITIONS, as the entity determining the purposes and means of processing.
Processor: Third party processing data on behalf of the controller under contract.
SGA EXPEDITIONS applies the following principles:
Purpose: Processing must pursue legitimate, specific, and explicit purposes previously informed.
Lawfulness: Processing must comply with the law and require authorization unless legally exempt.
Proportionality & minimization: Only necessary data shall be collected.
Quality: Data must be truthful, relevant, updated, and verifiable.
Transparency: Data subjects may know what data is processed and for what purpose.
Security: Technical, administrative, and human measures will ensure protection.
Confidentiality: Information will be handled with confidentiality by authorized staff.
Restricted access: Only authorized personnel and necessary third parties may access non-public data.
Data subjects have the right to:
a) Access, free of charge, the personal data processed by SGA EXPEDITIONS.
b) Request the update, correction, deletion, or inclusion of data.
c) Know the purposes of the processing.
d) Revoke consent when processing violates principles, the law, or the authorization.
e) Object to processing for legitimate reasons.
f) Request proof of the authorization granted.
g) File complaints before the National Authority for Personal Data Protection.
SGA EXPEDITIONS undertakes to:
Guarantee all rights of data subjects.
Implement and maintain appropriate security measures.
Keep copies of granted authorizations.
Inform data subjects of the purpose of data collection and use.
Maintain truthful, accurate, and updated data.
Respond to inquiries and claims according to this policy.
Report security breaches to the competent authority when required.
Sign contracts with processors ensuring data protection.
Avoid using data for new purposes without renewed authorization.
Identify and flag data under dispute or claim.
Authorization is not required when:
a) Requested by public authorities or courts in the exercise of their functions.
b) Data is public.
c) There are medical or health emergencies.
d) Processing is allowed by law for historical, statistical, or scientific purposes, using anonymization when necessary.
e) Required by civil registry or other legal obligations.
Rights may be exercised by:
The data subject, proving identity.
Legal representative or agent, with documentation.
Successors, in case of death.
Parents or legal guardians for minors.
Manage reservations and provide tourism services (transportation, lodging, guides, tickets).
Issue invoices and comply with accounting, tax, and fiscal obligations.
Respond to requests, inquiries, complaints, and claims.
Process payments, refunds, and compensations.
Prevent fraud, money laundering, or illicit activities.
Comply with requirements from public, police, or judicial authorities.
Send promotional, commercial, and marketing communications.
Participation in loyalty or rewards programs.
Conduct market research, statistical analysis, audits, and service improvements.
Share data with providers, banks, insurers, or partners strictly for service execution.
The data subject may accept or deny additional purposes without affecting the primary service.
Processing of minors’ data will occur only when:
Authorization is granted by parents or legal guardians.
Processing protects the best interest and rights of the child.
Sensitive data is not collected unless legally justified and authorized.
Data may be shared only with:
The data subject or their representative.
Public entities or courts by legal mandate.
Providers, tourism operators, banks, insurers, and necessary third parties (with contractual guarantees).
Processors under contract.
Auditors or external advisors for compliance purposes.
SGA EXPEDITIONS will obtain free, prior, express, and informed consent through physical or digital forms, contracts, checkboxes, or similar mechanisms.
Separate consent will be requested for commercial or marketing purposes.
Authorization may be collected physically or electronically.
Evidence of authorization (date, channel, purpose) will be stored.
Revocation may be requested via gerencia@sgaexpeditions.com
and will apply prospectively.
SGA EXPEDITIONS will adopt reasonable and updated security measures, including:
Logical and physical access controls.
Encryption when necessary.
Backup management.
Password policies.
Staff training.
Contractual clauses with processors.
Users are informed of the inherent risks of Internet transmission.
Third-party validation or verification of data requires prior authorization unless legally exempt.
SGA EXPEDITIONS will avoid using data for unauthorized commercial purposes.
Send inquiries to info@sgaexpeditions.com
including: full name, ID, phone, email, and requested information.
Response time: 15 business days, extendable for 8 additional days.
No cost applies.
Claims must be submitted to gerencia@sgaexpeditions.com
with identification and supporting documents.
If incomplete, SGA EXPEDITIONS will request correction within 5 business days.
If no response within 2 months, the claim is considered withdrawn.
Within 2 business days, the database will include “claim in process.”
Book here