Privacy Policy

Walz Travels Ltd ("Walz Travels", "we", "us" or "our") is a travel agency incorporated in the United Kingdom (Company registration pending). Our registered office is at 1 Commercial Street, London, E1 6RF. We operate the website walztravels.com and related services including flight booking, hotel booking, private tours, visa assistance and gift vouchers. For any privacy-related queries, contact us at: contact@walztravels.com

We collect information you provide directly to us, including: • Identity data: full name, date of birth, passport number and nationality (required for flight bookings and visa applications) • Contact data: email address, phone number and postal address • Travel data: flight preferences, hotel preferences, travel dates and destination history • Payment data: billing address and payment confirmation (card details are processed by Stripe and never stored by us) • Communication data: messages sent via WhatsApp, email or our contact forms • Technical data: IP address, browser type, device identifiers and usage analytics collected via cookies We do not collect sensitive personal data (such as health data) unless you voluntarily provide it (e.g. dietary requirements or accessibility needs for a tour booking).

We use your information to: • Process and manage bookings (flights, hotels, tours, visa applications) • Verify your identity and confirm travel document requirements • Communicate with you about your booking, itinerary changes and support requests • Send transactional emails (booking confirmations, visa status updates, payment receipts) • Send marketing communications, where you have opted in (you may opt out at any time) • Improve our website, products and services • Comply with legal and regulatory obligations

We process your personal data on the following legal bases: • Contract performance: to fulfil a booking or service you have requested • Legitimate interests: to improve our services, prevent fraud and manage our business • Legal obligation: to comply with financial, tax and travel-industry regulations • Consent: for marketing emails and non-essential cookies (you may withdraw consent at any time)

We share your data only as necessary to deliver our services: • Airlines and Global Distribution Systems (Sabre GDS) — for flight bookings • Hotels and accommodation providers — for hotel reservations • Embassy or visa processing centres — for visa applications • Stripe — for secure payment processing • Resend — for transactional email delivery • Supabase — for secure database hosting (EU region) • Our WhatsApp business support team We do not sell your personal data to third parties for marketing purposes.

We retain your personal data for as long as necessary to: • Provide ongoing services and maintain booking records (typically 7 years for financial records) • Comply with applicable laws and regulations • Resolve disputes and enforce agreements When data is no longer required, we securely delete or anonymise it.

Under UK GDPR and the Data Protection Act 2018, you have the right to: • Access: request a copy of the personal data we hold about you • Rectification: request correction of inaccurate or incomplete data • Erasure: request deletion of your data (subject to legal retention requirements) • Portability: receive your data in a structured, machine-readable format • Restriction: request that we limit processing in certain circumstances • Objection: object to processing based on legitimate interests or for direct marketing To exercise any of these rights, email us at contact@walztravels.com. We will respond within 30 days.

We use cookies to: • Keep you signed in to your Walz Travels account (essential cookies) • Remember your search preferences (functional cookies) • Measure website traffic and performance (analytics cookies via privacy-respecting tools) You can control non-essential cookies through your browser settings. Disabling essential cookies will affect your ability to use the booking platform.

Some of our service providers (such as Sabre GDS) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions) to protect your data.

We implement appropriate technical and organisational measures to protect your personal data, including: • HTTPS encryption for all data in transit • Secure, access-controlled database infrastructure (Supabase) • Payment data handled exclusively by PCI-DSS compliant Stripe • Restricted staff access to personal data on a need-to-know basis

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice on our website. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

For any privacy-related questions, requests or complaints: Email: contact@walztravels.com WhatsApp: +44 7398 753797 Post: Walz Travels Ltd, 1 Commercial Street, London, E1 6RF If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.