Privacy Policy

Last updated: August 2022

Pelago takes your privacy seriously where we deal with your personal information. This means information that identifies you personally such as your name, payment information, contact details or data that can be linked with such information in order to identify you directly or indirectly (“Customer Data”).


This Privacy Policy sets out the basis on which any of your information will be collected, stored and used by us and reflects our commitment to maintain the confidentiality of your information and to provide you with the best possible experience. This Policy applies to your interactions with us, including by using our websites, mobile applications (our “Platforms”) or any of the services we provide to you.


References to “Pelago”, “we”, “us”, “our” in this Policy mean Encounters Pte. Ltd, a company registered in the Republic of Singapore with company number 201928502W and a registered office at 25 Airline Road, Airline House, Singapore 819829. We are a member of the Singapore Airlines group.


For the purposes of the General Data Protection Regulation (“GDPR”) and other applicable data protection laws, we are the data controller. Our data protection officer can be contacted at dpo@pelago.co. Our representative in the European Union is the Netherlands office of Singapore Airlines Limited, registered at Evert van de Beekstraat 1, The Base A, 1118CL Schipol, Netherlands.


If you have booked a Service that is supplied or operated by any Experience Provider (e.g. entry into an attraction, or a reservation for a walking tour), such other Experience Provider(s) are also a “data controller” where relevant under applicable law. You may access the privacy policies of the Experience Providers via their own websites or request a copy of the same from them directly.


If you are located in the European Economic Area (“EEA”), please ensure you have read and understood this Privacy Policy before continuing to use our Platforms and any other services we provide.


If you are located outside of the EEA and to the extent permitted by applicable law, by clicking 'Sign Up' and/or continuing to use our services, you signify that you have read and understood Pelago's Privacy Policy, Terms of Use and Cookie Policy, and provide your consent to Pelago for the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy, Terms of Use, and Cookie Policy.

Summary

What information do we collect?

We collect information when you interact with us for the provision of our services or through interactions with our Platforms. The information we collect is either information you give to us, information we collect automatically, information we receive from third parties or information you provide about other people.


This will include information such as your contact details, travel information and credit card details when you sign up for an account and when you purchase Services on our Platforms. We also collect information about your preferences from your interactions with other SIA Group products and services, and from specific requests you make as relevant to our interactions with you (for example, if you link your KrisFlyer account to your Pelago Account). Click here for more information.

How will we use the information collected?

We use your information in a number of ways. This is generally to deliver any products or services you have requested for or signed up to, to administer your Pelago Account, to keep you informed and to improve your customer experience and the quality of our Platforms and services. In some instances, we use this information to send you marketing communications we think are relevant to you, but we only do this where it is lawful to do so, or you have given your consent to receiving this information. You have the right to object to us sending you such information at any time. Click here for more information.

Who do we share the information with?

We share your data with Experience Providers who provide the Services. We also share your data with our third-party service providers, to the extent necessary for them to provide their services, such as payment processors. We use these third parties’ services solely to process or store your information for the purposes described in this policy. We also share your information with related group companies, and government bodies as required by applicable laws. Please note that if we are acquired by a third party or enter into any kind of merger or business sale, your information where required will be shared with the relevant party. Click here for more information.

Where do we process the information?

Our servers are located in Singapore. We may also transfer your information to our third-party service providers in other locations worldwide. For EEA or Swiss residents, where we transfer your information outside these countries, we ensure adequate security measures and safeguards are put in place in accordance with applicable law. Please contact us to find out more about the safeguards we have in place for transfers outside the EEA and Switzerland. Click here for more information.

How long do we keep the information?

We retain your information for as long as it is necessary to fulfill the purpose for which it was collected, for the legal or business purposes of Pelago, or as required by applicable laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. Click here for more information.

How can I exercise my rights over the information?

By law, you have a number of rights (subject to certain conditions) when it comes to your information. Further details and advice about your rights can be obtained from the data protection regulator in your country. 

Dispute resolution

If you have any concerns or complaints, please contact us here. You also have the right to lodge a complaint with the data protection regulator in your country if you have any concerns or complaints you feel we are unable to resolve. For EEA and Swiss residents, please see here for contact details for all the data protection authorities within the EEA and here for the Swiss data protection regulator.

Notification about changes to privacy policy

We will amend this Privacy Policy from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including by displaying a banner on our website. Click here for more information.

1. The types of Customer Data we collect

The types of Customer Data that we collect depends on the circumstances of collection and on the nature of the service requested or transaction undertaken. We collect and process your information in the following ways:

Information you give us directly

• personal information that can be used to identify an individual, such as name, gender, country of residence, or nationality;• contact information, such as email address, phone numbers;• payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date;• information on your other activity and purchases made through our Platforms;• information on bookings you have made on our website or mobile application;• your customer preferences, such as likes, dislikes, page views, places that you would like to visit or other service preferences;• information you choose and/or consent to submit when you use features on our Platforms or other online facilities; and• information we receive from other sources e.g., other SIA group entities, or our page on social media websites and our contractual partners.

Where you disclose personal data of another person to us, including but not limited to situations where you make bookings on behalf of another person, you undertake to ensure that the individual whose Customer Data is supplied to us approves of you sharing this information with us for our use in line with this Policy.

Information we collect automatically

We collect certain information by automated means, such as cookies (and similar technologies such as pixels and web beacons) whenever you use our Platforms. This includes device and technical information such as IP addresses or other unique identifiers, active cookies (or similar technologies), mobile carrier, time zone setting, operating system and platform, information on actions taken on our Platforms (including bookings you have made). Please see our cookie policy for more information on our use of cookies (and similar technologies).

Information we collect from third parties

We collect Customer Data from your authorised representatives. This includes persons whom you have authorised and persons who have been validly identified as acting on your behalf pursuant to our security procedures. This will generally be information you have authorised them to provide us with.We may receive your Customer Data from other entities within our group of companies who you interact with or have a relationship with. This includes Singapore Airlines Limited, Scoot Tigerair Pte. Ltd. (“Scoot”), Tradewinds Tours & Travel Private Limited, and KrisShop Pte. Ltd.. This information is shared with us only in accordance with the provisions of these entities privacy policies and (where applicable) any consents you have given to the sharing of your information.We may receive Customer Data from third parties which are located in various countries. This includes, but is not limited to, travel agents, SIA Group partners and other contractual parties, and our service providers.
Please note that we use Customer Data to derive Statistical Data, such as the number of users. This is processed and stored purely for analytical purposes and is entirely anonymous. This information will not be stored to your customer record and will only be aggregated for statistical analysis so that we can better understand our customers’ profile and improve our service offering.

Special categories of information or "sensitive personal data"

Certain categories of Customer Data, such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under certain applicable laws, including the GDPR.


Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because you have made certain requests in connection with your booking arrangements that reveal or suggest something about you that could be considered “sensitive personal data", or if you otherwise choose to provide such information to us.


For example, if you request specific medical assistance from us and/or an Experience Provider, e.g. the provision of a wheelchair, this may reveal that you have a particular medical condition.


Where we process such sensitive personal data, we ensure we have obtained your explicit consent to such processing or that such processing is necessary for reasons of substantial public interest in accordance with applicable law. Please contact us to find out more about any potential processing of your sensitive personal data.

2. Why we collect Customer Data

The collection of the following types of Customer Data is mandatory to enable us to fulfill your orders on our Platforms. These types of Customer Data are marked as mandatory during booking. If you do not provide this information, we will not be able to provide you with our services and/or products required.


• Booking details, e.g. first/given name, last/family name.

• Contact details, e.g. email address, phone numbers.

• Payment details, e.g. the name on the credit or debit card, the credit or debit card number, expiry date and card verification value on the credit or debit card, and billing address which will be transmitted to our payments processors.


Additional information may be mandatory depending on the nature of the Service booked, e.g. your gender or age. These mandatory fields will be made clear when you make a booking.


The failure to supply the following types of Customer Data will result in (i) us being unable to update you on our latest products and/or launches; and/or (ii) your inability to enter or participate in contests, promotions or redemption activities organised by us:

• Contact Information, e.g. email address, phone numbers; and

• Country of residence.

3. How we use your Customer Data

If you are an EU or Swiss resident, we are required to disclose the legal basis for processing your data under the GDPR and the Swiss Data Protection Act. We are also required to disclose the purposes for processing your data under certain applicable laws, including the Singapore Personal Data Protection Act. We will use the Customer Data in the following ways:


In accordance with our Terms of Use and in performance of any contract we have with you, we will use the Customer Data to:

• process and assist you with any transactions related to your booking (e.g. making a booking, providing services related to the booking, fulfilling such booking and investigating potential fraudulent transactions);

• notify you about changes to our Platforms and any Service (this may be via multiple communication channels as applicable);

• maintain your account;

• facilitate your transactions and services;

• enable you to log in using your account on any of the Platforms hosted by us; and

• send you updates and other account-related information.


As it is in our legitimate interests to be responsive to you, to provide customized services and marketing, and to ensure the proper functioning of our products, services and organization, we will use your Customer Data to:

• improve our Platforms and ensure content from the Platforms is presented in the most effective manner for you and your device;

• administer the Platforms, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest of improving service delivery;

• send you direct marketing communications concerning our products and services where you have purchased any of our products/services or where you have made enquiries for this purpose. We will only send you these communications where you have not objected to receiving such communications from us and in line with your marketing preferences.

• send you customer feedback surveys by email where you have purchased any of our products or services. You can opt-out of receiving these surveys at any time by contacting us;

respond to your enquiries, requests or feedback;

• enforce our terms, conditions and policies;

• allow you to participate in interactive features of the Platforms, when you choose to do so;

• customise our products and services to you;

• personalise the content you see on our Platforms and the websites and mobile applications of the SIA Group;

• process any personal data we collect via cookies (necessary for your use of our Platforms) we place on the device you use to access our Platforms. Please see our cookie policy for more information on our use of cookies (and similar technologies);

• keep the Platforms safe and secure;

• aggregate Customer Data into anonymised statistical data (such as number of users who have booked a particular Service), which we will use for statistical analysis so that we can better understand our customers’ profile and improve our service offering;

• to customise the direct marketing communications we send to you based on criteria we create using the Customer Data we hold on you (in line with this privacy policy) e.g. sending you targeted marketing on places you would like to visit, based on your responses to optional questions on our Platforms, and your prior travels. Please note that this is a form of profiling and if you are an EU or Swiss resident, you can object to this profiling and opt-out of receiving such targeted marketing. For more information on this right, click here; 


With your consent, we will use your Customer Data to:

• process any personal data we collect from you via your consent to us setting cookies on the device you use to access our Platforms. Please see our cookie policy for more information on our use of cookies (and similar technologies);

• send you marketing and promotional materials in relation to products and services offered by us, the SIA Group and service partners, as well as our appointed agents.; 

• retarget you with Pelago advertisements across multiple websites you visit, leveraging the cookies we have in place on your device. The effect of this is that where you go to a different website after visiting the Pelago website, you may see tailored Pelago advertisements on these websites. Please see our cookie policy for more information on our use of cookies (and similar technologies);

• retarget you with Pelago advertisements across multiple websites you visit, leveraging the cookies other SIA Group companies have in place on your device. The effect of this is that where you go to a different website after visiting the relevant SIA Group company website, you may see tailored Pelago advertisements on these websites. We only do this where you have consented to the relevant SIA Group company sharing your cookie information with us for these purposes. Please see our cookie policy for more information on our use of cookies (and similar technologies).; 

• serve you with customized advertising from SIA and/or our group companies that is relevant to you on social media platforms. We use audience targeting technologies to do this. For example, we may display interest-based advertising to you when you are using Facebook through a tool offered by Facebook called the Custom Audience tool. This tool allows email addresses to be hashed locally on our browser and then sent to Facebook. There, the email addresses are matched against Facebook’s existing list of Facebook users' hashed IDs and the matches are added to our Custom Audience for advertising. The matched and unmatched hashes are then deleted. 


You have the right to withdraw your consent at any time by contacting us at dpo@pelago.co, referencing: Pelago Privacy Policy. Please bear in mind that this will not affect the lawfulness of the processing carried out based on your consent prior to your withdrawal of consent.


Where we have a legal obligation, we will use your Customer data:

• to comply with any applicable legislation;

• to comply with court orders;

• to comply with orders from applicable regulatory bodies.

4. Disclosure of your Customer Data

We will share your information where you give us express permission to share your information in the course of your relationship with us from time to time.


To the extent it is mandatory under applicable laws, we will only share your Customer Data with third parties set out in this section after we have obtained your prior written consent which, for the avoidance of doubt, you hereby provide to us by continuing to use our services. You may withdraw your consent to our disclosure of your Customer Data to third parties at any time. Please note that where you withdraw such consent, we may not be able to continue providing you with our services.


We will share your Customer Data with selected third parties in the situations set out below:

• our Experience Providers so that they can fulfil and manage their Services you booked through us. Where Customer Data is shared with such Experience Providers, the Customer Data will be used by that Experience Provider in accordance with their respective privacy policy;

• advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;

• our Platform service providers, so that the services of the interactive features you choose to use may be provided to you and subject to stringent undertakings of privacy and confidentiality; and

• analytics and search engine providers that assist us in the improvement and optimisation of the Platforms.


We will share your Customer Data with any of the entities within the SIA Group, in the situations set out below and in accordance with this Policy: 


For the purposes of fulfilling our contract with you, including to:

• Fulfill bookings; and

• Manage users where there are issues with the Services and provide necessary assistance and services; 


As it is in our legitimate interests to be responsive to you, and to provide customized services and marketing, including to:

• Respond to complaints or compliments received by us from users;

• Provide an enhanced customer experience and personalize offers to users;

• Anticipate the servicing needs of users;

• Understand users better through analytics and research (including marketing research) to support personalization;

• Contact users about updates, surveys, and offers on and relating to our loyalty programs;


For the purposes of assisting other entities within the SIA Group to provide relevant services to you and to understand more about you. We do this only where this is necessary for the performance of services you have requested or where you have consented to such sharing and in line with your marketing preferences. For example, if you have booked a Service in a particular country, an entity within the SIA Group may use this information to understand more about the sorts of travel services you are likely to be interested in; and


For the purposes of undertaking targeted direct marketing and other forms of marketing or advertisement, including marketing or advertisements for entities within the SIA Group, provided we have the consent of the recipient and in line with the individuals marketing preferences. 


We will disclose your Customer Data to law enforcement agencies, public or regulatory authorities, securities commissions or other organisations for security and health, if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

• comply with any applicable legal obligation, process or request;

• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;

• detect, prevent or otherwise address security, health, fraud or technical issues; or

• protect the rights, property, health or safety of us, our users, a third party or the public as required or permitted by law (including exchanging Customer Data with other companies and organisations for the purposes of fraud protection and credit risk reduction).


We will also disclose your Customer Data to third parties:

• in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets;

• if we or substantially all of our assets are acquired by a third party, in which case Customer Data held by us about our customers will be one of the transferred assets; or

• to comply with any applicable legal obligations, processes or requests (such as disclosing Customer Data to executors in response to court orders).


We will disclose Customer Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorized or required by law. We also reserve the right to share Customer Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entities. Further, we will disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

5. Transfer of information overseas

Our offices are based in Singapore. Customer Data will be transmitted to data storage facilities where we keep our central records. Customer Data will be transferred to our offices and appointed agents, including contact centre agents, in Singapore and around the world in connection with our performance of the contract with you.


This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside the European Economic Area ("EEA"), and Switzerland, and in particular to Singapore where we have data centres.


We will transfer Customer Data to Experience Providers. The Customer Data will also be processed by staff operating outside the EEA and Switzerland who work for us, for our suppliers or our business partners. Such staff are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. The Customer Data is transferred outside the EEA and Switzerland on the basis that it is necessary for the performance of our contract with you. 


If you are an EEA or Swiss resident, where we transfer Customer Data outside the EEA and Switzerland, this is done on the basis that it is necessary for the performance of our contract with you, and to the extent this is not the case, any such transfer is carried out subject to recipients of this Customer Data entering into the European Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate. 

6. Non-EEA and Non-Swiss data subject rights

If you are not a resident in the EU (Switzerland excluded), you may have certain rights in relation to the Customer Data we hold about you, which we detail below.

Access

You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.


Where permitted by law, we reserve the right to charge a reasonable administrative fee for this service. In exceptional circumstances, we reserve the right to deny you access to your Customer Data and may provide an explanation as required by applicable laws.


Exceptional circumstances include (to the extent allowable under applicable law) where:

• an investigating authority or government institution objects to us complying with a customer’s request;

• the information may, in the exercise of our reasonable discretion and/or assessment, affect the life or security of an individual; and

• data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.

Correction

You have the right to correct any Customer Data held about you that is inaccurate. For Pelago Account members, you may correct any Customer Data by logging into your account.

Erasure

You may request that we erase the Customer Data we hold about you in the following circumstances:

• you believe that it is no longer necessary for us to hold the Customer Data we hold about you;

• you wish to withdraw your consent and there is no other ground under which we can process the Customer Data;

• you no longer wish us to use the Customer Data we hold about you in order to send you promotions, special offers, marketing and lucky draws; 

• you believe the Customer Data we hold about you is being unlawfully processed by us; or

• where you are otherwise granted the right to make such a request under applicable law.


Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.


Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g. for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of services to you as we will not be aware of your preferences.


Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.

Feedback and Complaints

If you have any concerns, feedback or complaints about the use and/or sharing of your Customer Data, we are open to receiving your feedback or complaints.

Exercise of Rights

To exercise any of your rights, please contact dpo@pelago.co, referencing: Pelago Privacy Policy. For Pelago Account members you may correct any Customer Data by logging into your account.

7. EEA and Swiss data subject rights

If you are a resident in the EU or Switzerland, you may have certain rights in relation to the Customer Data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. To exercise any of your rights, please contact dpo@pelago.co, referencing: Pelago Privacy Policy, or follow the procedures we have detailed in the relevant sections below..


Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact dpo@pelago.co, referencing: Pelago Privacy Policy.


In the event that you wish to make a complaint about how we process your Customer Data, please contact us and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to lodge a complaint with your data protection authority.

Access

You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.


If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.


We may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption applies.

Portability

You have the right to receive a subset of the Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.


The relevant subset of Customer Data is data that you provide us with your consent (please see here for the types of Customer Data we process on the basis of your consent: How we use your Customer Data) or for the purposes of performing our contract with you (please see here for the types of Customer Data we process on the basis of our contract with you: How we use your Customer Data).


If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party. We also may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person).

Correction

You have the right to correct any Customer Data held about you that is inaccurate. Please note that whilst we assess whether the Customer Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.


For Pelago Account members and KrisFlyer members, you may correct any Customer Data by logging into your account.

Erasure

You may request that we erase the Customer Data we hold about you in the following circumstances:

• you believe that it is no longer necessary for us to hold the Customer Data we hold about you;

• we are processing the Customer Data we hold about you on the basis of your consent (please see here for the types of Customer Data we process on the basis of your consent: How we use your Customer Data), and you wish to withdraw your consent and there is no other ground under which we can process the Customer Data;

• we are processing the Customer Data we hold about you on the basis of our legitimate interest and you object to such processing (please see here for the types of Customer Data we process on that basis: How we use your Customer Data). Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Customer Data;

• you no longer wish us to use the Customer Data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or

• you believe the Customer Data we hold about you is being unlawfully processed by us.

Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.


Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g. for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of services to you as we will not be aware of your preferences.


Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.


For Pelago Account members and KrisFlyer members, you may correct any Customer Data by logging into your account.

Restriction

You have a right to require us to stop processing the Customer Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Customer Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).


You may request we stop processing and just store the Customer Data we hold about you where:

• you believe the Customer Data is not accurate, for the period it takes for us to verify whether the Customer Data is accurate;

• we wish to erase the Customer Data for compliance with applicable laws but you want us to just store it instead;

• we wish to erase the Customer Data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or

• you have objected to us processing Customer Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Customer Data whilst we determine whether there is an overriding interest in us retaining such Customer Data.

Objection

At any time you have the right to object to our processing of Customer Data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Customer Data for that purpose.


If you are located in the EU, you also have the right to object to our processing of Customer Data about you and we will consider your request in other circumstances as detailed below. Please contact us at dpo@pelago.co with the relevant details, referencing: Data Subject Rights.


You may object where we are processing the Customer Data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing (please see here for the types of Customer Data we process on that basis: How we use your Customer Data). 


Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. 

8. Retention

We will retain Customer Data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. This includes standing requests which contain sensitive personal data about yourself, e.g. a standing request that you wish to only receive halal meal suggestions. You can amend your standing request at any time to change your preferences in the future.


If you opt-out or withdraw your consent to marketing, we will remove you from our marketing database.


When determining the relevant retention periods, we will take into account factors including:

• our contractual obligations and rights in relation to the Customer Data involved;

• legal obligation(s) under applicable law to retain the Customer Data for a certain period of time;

• statute of limitations under applicable law(s);

• our legitimate interests where we have carried out balancing tests (please see here for the types of Customer Data we process on the basis of our legitimate interests: How we use your Customer Data

• (potential) disputes; and

• guidelines issued by relevant data protection authorities.


Otherwise, we securely erase or anonymize your Customer Data where we no longer require your information for the purposes collected.

9. Accuracy

We need your assistance to ensure that your Customer Data is current, complete and accurate. As such, please inform us of changes to your Customer Data by submitting your updated particulars to us (see Section 14). If you are a Pelago Account member you may update your Customer Data at any time by logging on to your account.


We will also request Customer Data updates from you from time to time. As detailed above, your booking information will be disclosed to Experience Providers to allow them to provide the Services as booked by you. As such, it is important to ensure that the Customer Data contained in your booking information is current, complete and accurate.

10. Security safeguards

We take the protection of your Customer Data seriously, but unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Customer Data, we cannot guarantee the security of your Customer Data transmitted through the website or mobile application; any transmission is at your own risk.

11. Other websites and services

We may, from time to time, provide you with links to other websites for your convenience and information. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You access these websites at your own risk and we are not responsible for these websites. Whilst we will protect your Customer Data on our website and mobile application, we cannot control or be responsible for the policies of other sites we may link to, or the use of any Customer Data you may share with them. Please note that our Privacy Policy does not cover these other websites, and we would recommend that you are apprised of their specific policies.


In addition, some features on our website and mobile application rely on 3rd party services, including Application Programming Interface (“API”) services provided by Google LLC and/or any of its subsidiary companies (collectively, “Google”). Where you choose use to use any feature on our website or mobile application that relies on a service provided by Google, you consent to the disclosure of information, including Customer Data, necessary for such use to Google, and agree that the information so disclosed may be processed in accordance with the Google Privacy Policy.

12. Minors

Our website and mobile application are not directed at children under the age of 16, and we cannot distinguish the age of persons who access and use the same. If a minor (according to applicable laws) has provided us with Customer Data without parental or guardian consent, the parent or guardian should contact us (see Section 14) to remove the relevant Customer Data and unsubscribe the minor. If we become aware that Customer Data has been collected from a person under the age of 16 without parental or guardian consent, we will delete this Customer Data and, where that minor has an account, terminate the minor’s account.

13. Updates to the Privacy Policy

We will amend this Privacy Policy from time to time, and the updated versions will be posted on our website and mobile application; and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. You are responsible for reviewing the more current version of this Privacy Policy each time you visit our Platforms. If we make any material changes to this Privacy Policy, we will provide notice including by way of a banner on our website. To the extent required under applicable law, your continued use of our Platforms after such changes or modifications constitutes your acceptance of the revised Privacy Policy and if you do not agree to the revised Privacy Policy in such case, please do not use or access or continue to use or access our Platforms.


Subject to applicable laws, the English version of this Privacy Policy will prevail over any version of this Privacy Policy in another language.

14. Contact us

If you have comments, questions or complaints about or requests relating to this Privacy Policy statement, please contact Pelago in writing at the following email address below referencing ‘Privacy Policy’:


dpo@pelago.co referencing: Pelago Privacy Policy

Our Affiliates

© 2023 Encounters Pte. Ltd. All rights reserved. 

Travel Agent License: TA03351