Privacy Policy

This Privacy Policy is issued by Oncor Travel LLC ("Oncor Travel," "we," "us," or "our"), a travel agency registered in the State of New York, United States.

Registered address:
418 Broadway St R
Albany, New York 12207
United States

Email: booking@oncortravel.com
Phone: +1 718 717 1528
Website: www.gooncor.com

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, request a quote, book a tour, or otherwise interact with us. By using our website or services, you agree to the terms of this Privacy Policy.

We collect personal information in the following ways:

When you request a quote, complete a booking form, contact us by email or phone, or otherwise interact with us, we may collect:

• Identity information: first name, last name
• Contact information: email address, phone number, mailing address
• Travel preferences: destination, travel dates, number of travelers, budget range, package type, room type, special requests, dietary requirements, and accessibility needs
• Communication preferences: preferred contact method (email, phone, WhatsApp)
• Payment information: credit or debit card details processed through our secure payment processor (we do not store full card numbers)
• Passport and identification details: required for international tour bookings and entry requirements
• Health and accessibility information: only where voluntarily provided and necessary for tour planning (e.g., mobility assistance, dietary restrictions, medical conditions relevant to travel)

When you visit our website, we and our service providers may automatically collect:

• Device and browser information: IP address, browser type and version, operating system, device type
• Usage data: pages visited, time spent on pages, links clicked, referring URLs, and navigation paths
• Cookies and similar technologies: see Section 6 for full details

We may receive information about you from third parties, including:

• Travel partners, airlines, or hotels where a booking is made jointly
• Referral partners who direct you to our services
• Publicly available sources for fraud prevention purposes

We use the personal information we collect for the following purposes:

We will not use your personal information for any purpose that is incompatible with the purposes described above without first notifying you and, where required, obtaining your consent.

Where applicable under data protection law (including for users in the European Economic Area, United Kingdom, and other jurisdictions with similar frameworks), we process your personal data on the following legal bases:

• Contract performance: processing necessary to fulfil a booking or respond to a quote request you have made
• Legitimate interests: improving our website, preventing fraud, and communicating with existing customers about similar products and services
• Consent: sending marketing communications where you have opted in; use of non-essential cookies
• Legal obligation: complying with applicable law, tax obligations, and regulatory requirements
• Vital interests: in rare circumstances involving health or safety emergencies during travel

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information with the following categories of recipients, strictly as necessary:

We work with trusted third-party service providers who process data on our behalf, including:

• Formspree, Inc. — form submission processing for quote requests. Data is transmitted via Formspree's secure servers to our email address. Formspree's privacy policy is available at formspree.io
• Cloudflare, Inc. — website hosting, content delivery, and security. Cloudflare may process request data including IP addresses as part of its service. Cloudflare's privacy policy is at cloudflare.com
• Google LLC — Google Maps embeds and analytics (where applicable). Google's privacy policy is at policies.google.com
• Payment processors — for processing tour payments. Payment card data is handled directly by PCI-DSS compliant payment processors and is not stored on our servers

To fulfil your booking, we share necessary information with airlines, hotels, ground operators, guides, and other travel suppliers. These suppliers are required to handle your data in accordance with applicable privacy law and only for the purposes of delivering the booked services.

We may disclose your personal information if required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

In the event of a merger, acquisition, or sale of all or part of our business, personal information may be transferred to the acquiring entity. We will notify you of any such change via email or a prominent notice on our website.

Our website uses cookies and similar technologies to operate effectively and improve your experience. A cookie is a small text file placed on your device when you visit a website.

You can control and delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and be notified when new cookies are set. Please note that disabling essential cookies may affect the functionality of our website.

For more information on managing cookies, visit allaboutcookies.org.

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Quote requests (not converted to bookings): 24 months from the date of the request
• Booking and customer records: 7 years from the date of travel, in accordance with financial record-keeping requirements
• Marketing communications data: until you unsubscribe or withdraw consent
• Website usage data: up to 26 months
• Passport and travel document copies: deleted within 30 days of the completion of travel

When personal information is no longer required, we will securely delete or anonymise it.

Depending on your location, you may have the following rights with respect to your personal information:

• Right of access: request a copy of the personal information we hold about you
• Right to rectification: request correction of inaccurate or incomplete personal information
• Right to erasure: request deletion of your personal information, subject to certain legal exceptions
• Right to restriction: request that we restrict the processing of your personal information in certain circumstances
• Right to data portability: receive your personal information in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at booking@oncortravel.com or write to us at our registered address. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal information in accordance with applicable law.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• HTTPS encryption for all data transmitted through our website
• Secure form submission processing via Formspree's encrypted infrastructure
• Website hosting through Cloudflare Pages with built-in security protections
• Access controls limiting personal data access to authorised personnel only
• Regular review of our security practices and procedures

While we take reasonable steps to protect your personal information, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach that is likely to result in a risk to your rights and freedoms, in accordance with applicable law.

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at booking@oncortravel.com and we will take steps to delete that information promptly.

For tour bookings involving travelers under 18, personal information is collected only with the knowledge and consent of a parent or legal guardian who is a party to the booking.

Our website contains links to third-party websites, including hotel websites, official government travel advisory pages, airlines, and other travel-related services. This Privacy Policy does not apply to those third-party websites.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to read the privacy policy of any website you visit through a link from our site.

Oncor Travel is based in the United States. If you are accessing our website or services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

When we transfer personal information internationally (including to our service providers such as Formspree and Cloudflare), we take steps to ensure that appropriate safeguards are in place in accordance with applicable data protection law, including where required, the use of standard contractual clauses approved by the relevant data protection authority.

For users in the European Economic Area or United Kingdom, we rely on adequacy decisions, standard contractual clauses, or other approved transfer mechanisms to legitimise international data transfers.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know: the categories and specific pieces of personal information we have collected about you, and how it is used and shared
• Right to delete: request deletion of personal information we have collected from you, subject to certain exceptions
• Right to correct: request correction of inaccurate personal information we hold about you
• Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioural advertising
• Right to limit use of sensitive personal information: to the extent we collect sensitive personal information (such as passport details), it is used only for the purpose for which it was collected
• Right to non-discrimination: we will not discriminate against you for exercising your privacy rights

To exercise your California privacy rights, contact us at booking@oncortravel.com with "California Privacy Request" in the subject line. We will respond within 45 days. We do not sell personal information and have not done so in the preceding 12 months.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify customers with active bookings by email of any material changes
• Where required by law, obtain your consent before applying changes to existing data

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us:

We aim to respond to all privacy-related enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.