The General Data Protection Regulation (GDPR) is a European regulation that regulates the protection of personal data of EU citizens. The regulation applies to any organization that collects, processes, and stores personal data of EU citizens, including tourist agencies. The Daytours tourist agency collects and processes personal data, so it must ensure that its business practices are GDPR compliant. This includes the following measures:

1. Public policy and practices: The agency has guidelines in its business policies and practices that regulate the processing of personal data. These documents are available to customers.

2. Permission: The agency cannot process personal data of customers without explicit permission. The permission must be given in writing, and the customer must be informed about how their data will be used.

3. Data transfer: The agency may share personal data with third parties only with the customer s consent or if necessary to fulfill an order.

4. Individual rights: GDPR provides individuals with certain rights regarding the processing of their personal data. The agency must provide individuals with the right to access, correct, delete, restrict processing, data portability, and object.

5. Data security: The agency must ensure appropriate technical and organizational measures to protect personal data from illegal or unauthorized access, loss, destruction, damage, or misuse.

6. Data breach notification: In the event of a data security breach that could pose a high risk to the rights and freedoms of individuals, the agency must immediately notify the competent data protection authority and the affected individuals. In accordance with GDPR, tourist agencies must ensure that the personal data they collect and process is processed lawfully, fairly, and transparently, in accordance with the law and good
business practices.

The general terms and conditions for the protection of personal data according to GDPR for the Daytours tourist agency are as follows:

1. General
The tourist agency undertakes to protect the personal data of its customers in accordance with the European Regulation on the Protection of Personal Data (GDPR) and other relevant laws and regulations.

2. Purpose of collecting and processing personal data

The tourist agency collects and processes personal data of customers exclusively for
the purposes for which they were provided. This includes carrying out reservations, selling tourist services, and informing about offers and news (if the customer agrees to it).

3. Legal basis for the processing of personal data
The tourist agency processes personal data of customers based on explicit consent or for the execution of a contract with the customer.

4. Categories of personal data
The tourist agency may process the following categories of personal data of customers: name, surname, address, email address, telephone number, date of birth, passport, payment details, and other data necessary for the provision of tourist services.

5. Sharing personal data
The tourist agency may share personal data with third parties only with the customer s explicit consent or if required by law.

6. Individual Rights
Customers have the right to access, correct, delete, limit processing, data portability, and object to the processing of their personal data. Customers can contact the travel agency to exercise these rights.

7. Data Security
The travel agency provides appropriate technical and organizational measures to protect personal data from unauthorized access, loss, destruction, damage, or misuse.

8. Data Retention Period
The travel agency retains customer s personal data only for as long as necessary to provide tourism services and fulfill legal obligations. After this period, personal data will be deleted.