Privacy Policy

Effective Date: March 1, 2026

Governed by Dominican Republic Law No. 172-13 on Protection of Personal Data

Contents

Introduction Legal Basis (Dominican Republic)Information We Collect How We Use Your Information Data Sharing & Third Parties Cookies Data Retention Your Rights Under Law No. 172-13 Data Security International Transfers Children's Privacy Changes To This Policy Contact Us

1. Introduction

Turistard ("we", "our", or "us") is a travel agency operating under the laws of the Dominican Republic, including Law No. 172-13 on Protection of Personal Data and Law No. 126-02 on Electronic Commerce, Documents and Digital Signatures. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at https://turistard.com or any of our travel services.

By accessing our website or booking any service, you agree to the practices described in this Privacy Policy.

2. Legal Basis (Dominican Republic)

Our data processing activities are governed by:

•Law No. 172-13 – Protection of Personal Data of the Dominican Republic.

•Law No. 126-02 – Electronic Commerce, Documents and Digital Signatures.

•Law No. 288-05 – Consumer Protection Law.

•Law No. 97-74 & 158-01 – Tourism development and incentive laws.

•INDOTEL Resolution No. 008-2018 on data retention standards.

3. Information We Collect

We collect the following personal information:

•Account data: Full name, email, phone number, date of birth.

•Booking data: Travel dates, destination, number of guests, room requirements, budget.

•Contact messages: Subject, message content submitted via our contact form.

•Technical data: IP address, browser type, device identifiers, cookies.

•Payment data: We do not store card details. Payments are processed by PCI-DSS certified third parties.

4. How We Use Your Information

We use your data exclusively for:

•Service delivery: Processing bookings and coordinating travel services.

•Customer support: Responding to inquiries and resolving issues.

•Account management: Creating and maintaining your user profile.

•Legal compliance: Fulfilling obligations under Dominican Republic tax and tourism law.

•Security: Detecting and preventing fraudulent activity.

•Marketing (with consent): Sending promotional emails only if you have opted in. You may unsubscribe at any time.

We will never sell or rent your personal data to third parties for their own marketing.

5. Data Sharing & Third Parties

We share your data only as necessary with:

•Travel partners & suppliers: Hotels, villa owners, excursion operators – to fulfill your booking.

•Technology providers: Firebase (Google LLC) for authentication and database services.

•Payment processors: PCI-DSS compliant payment gateways.

•Dominican Republic authorities: MITUR, INDOTEL, or other agencies when legally required.

•Professional advisors: Lawyers or auditors under strict confidentiality obligations.

6. Cookies

We use cookies for the following purposes:

•Essential cookies: Required for core site functionality and session management.

•Analytics cookies: To understand traffic patterns (data is anonymized where possible).

•Preference cookies: To remember your language and display settings.

You may manage cookie preferences through your browser. Disabling essential cookies may affect site functionality.

7. Data Retention

We retain your data as long as legally required:

•Account data: Retained for 5 years after account deletion (Dominican tax law).

•Booking records: Retained for 7 years (Dominican commercial law).

•Contact messages: Retained for 2 years for dispute resolution.

•Technical/log data: Up to 12 months.

After the retention period, data is securely deleted or anonymized.

8. Your Rights Under Law No. 172-13

As a data subject, you have the right to:

•Access (Habeas Data): Request a copy of your personal data.

•Rectification: Request correction of inaccurate data.

•Erasure: Request deletion, subject to legal retention requirements.

•Object: Object to processing for marketing or legitimate interest purposes.

•Withdraw consent: At any time, without affecting prior processing.

•Lodge a complaint: With INDOTEL or the relevant Dominican Republic authority.

To exercise your rights, contact us at teamturistard@gmail.com. We respond within 30 calendar days.

9. Data Security

We protect your data with industry-standard measures:

•SSL/TLS encryption for all data in transit.

•Firebase Authentication with secure token management.

•Role-based access controls limiting data access.

•Regular security audits and vulnerability assessments.

•Breach notification procedures per Law No. 172-13.

10. International Transfers

Our platform uses Firebase (Google LLC), which may process data on servers in the United States. Transfers are made under Google’s Data Processing Addendum, which provides safeguards consistent with Law No. 172-13 and international data protection standards.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us at teamturistard@gmail.com and we will delete it promptly.

12. Changes To This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated via our website or by email. Continued use of our services after the effective date constitutes acceptance.

13. Contact Us

Turistard – Data Protection Officer

Email: teamturistard@gmail.com

Website: https://turistard.com/contact

Location: Santo Domingo, Dominican Republic

Questions about this Privacy Policy?

Contact our Data Protection Officer

teamturistard@gmail.com