Flora & Fauna – Privacy Policy

Last updated: 1st November 2025

1. About this Policy

Flora & Fauna (“we”, “us”, “our”) takes its data protection and privacy responsibilities seriously. Please read the following Privacy Policy to understand how we use and protect the personal information you provide to us, or we collect when you use our services (including via this website and booking platform). We hope this helps you make an informed decision about sharing personal information with us.

We may update this Privacy Policy from time to time in order to stay current with legal requirements and reflect our business practices. You are responsible for reviewing it periodically and informing yourself of any changes. If we make significant changes, we will seek to inform you by a prominent notice on the website or (where applicable) email.

2. Who is Flora & Fauna?

For the purposes of data protection laws (including, where applicable, GDPR or other applicable data-privacy regimes), the controller of personal information you provide to us via our website or booking platform is Flora & Fauna Travels.

In this policy, references to “Flora & Fauna”, “we”, “us” or “our” mean the legal entity specified above and any of our affiliates, partners, agents or service providers acting on our behalf in providing the Website, booking services, travel packages, payment processing, marketing or related support services.

3. Scope of this Policy

This Privacy Policy applies to all personal data processed by us in connection with:

– your use of our website [www.florafaunatravels.com] (the “Website”), including browsing, account creation, newsletter subscription, booking enquiries and payments;
– your booking and participation in any eco-tourism travel package, wildlife tour, or related service that we offer;
– any offline or online interactions you have with us (for example via email, telephone, web chat, forms, social media, in-person) where personal information is collected;
– our marketing, research, analytics, feedback and customer-service functions; and
– our dealings with third-party service providers, partners, affiliates, travel providers, payment gateways, agents or other contractors acting on our behalf.

This policy does not apply to the practices of third-party websites or services that are not operated by us or on our behalf. We encourage you to read the privacy policies of such third parties before you disclose your personal information to them.

4. What information do we collect about you?

We collect various categories of personal and non-personal information depending on your interactions with us. Below is an overview:

Information you provide to us

When you make an enquiry, create an account, book a tour, subscribe to our newsletter or otherwise communicate with us, we may collect:

  • Full name, title, date of birth, gender (if applicable), nationality;
  • Postal address, email address, telephone/mobile number;
  • Passport or travel document details (including nationality, city of birth, passport number, issue/expiry dates) when required for travel booking or visa support;
  • Billing address, credit-card or payment card information (typically processed by our third-party payment gateway) and other payment/bank account information where applicable;
  • Emergency contact details (name and contact number) when you are part of a tour group;
  • Travel insurance details, health or medical information (including pre-existing conditions, medication requirements, food allergies or dietary requirements, disability information) where required for the safe execution of your tour;
  • Travel preferences, prior travel experience, special requests (for example accessibility needs, preferred room type, special diet) and other information you provide as part of your booking;
  • Information required for visa or immigration purposes (depending on destination) including for example marital status, employment/education history or social media profile links in some cases;
  • Newsletter subscription details, competition entries, contact preferences, promotional opt-in or opt-out choices;
  • Feedback, survey responses, reviews, comments, and other content you submit to us.

Automatically collected and technical information

When you use our Website, we may automatically collect certain technical or behavioural data such as:

  • Your IP address, device type, browser type and version, operating system, language settings, time zone;
  • The web pages and content you access, time and date of your visit, length of visit, clickstream data, referring/exit URLs;
  • Cookies, web-beacons, tracking technologies, analytics (such as Google Analytics) and advertising identifiers;
  • Location data (if you permit via your device/browser), website usage patterns, session IDs and other metadata.

Information from third parties

We may receive information about you from third-party sources, including:

  • Affiliate partners, booking agents, travel agents, accommodation and transport providers, local tour operators;
  • Payment processors and fraud-prevention services;
  • Social-media platforms if you link your account or choose to share your data;
  • Publicly-available data or third-party data-enhancement services;
  • Our group or affiliated companies, or other third-party service providers acting on our behalf.
    We may combine these data with information we already hold about you.

5. Why do we collect your information? (Purposes and legal basis)

We collect, hold and process your personal information for a variety of purposes, including:

  • To provide you with eco-tourism travel packages, manage your bookings and travel itinerary, including flight, accommodation and transport arrangements;
  • To administer your account, user profile, booking history and communications;
  • To comply with contract obligations between you and us (for example, when you make a booking, the processing of your personal data is necessary for the performance of that contract);
  • To respond to your enquiries, handle feedback, complaints and customer-service matters;
  • To send you updates, confirmations, invoices, travel documents and important notices relating to your booking;
  • To deliver marketing communications, promotions, newsletters and offers (where you have given your consent or where permitted by law);
  • To personalise and improve our Website, services, user experience and travel-offerings by analysing user behaviour, preferences and trends;
  • To conduct market research, surveys and feedback and monitor trends in our travel business;
  • To comply with legal and regulatory obligations (for example, visa requirements, tax, audit, safety and security, fraud prevention, risk management);
  • To protect our vital interests or those of others (for example in a medical emergency or life-threatening situation);
  • To pursue our legitimate interests (such as improving our business, website security, preventing fraud, managing risk), as long as such interests are not overridden by your rights and freedoms.

Your personal information will only be processed under a lawful basis which may include: contract performance, consent, legitimate interests, vital interests or legal obligation, depending on the context.

Providing your personal information to us is voluntary. However, failing to provide certain required information may mean we are unable to fulfil your booking or provide parts of our service (for example: if you do not provide your name and contact details we may not be able to secure accommodation or transport).

6. How do we collect your information?

We collect information via:

  • Online booking forms, enquiry forms, account registration, newsletter subscription forms on our Website;
  • Direct communication with you by email, phone, SMS, web chat or in person;
  • Payment gateway or third-party payment processor interfaces;
  • Feedback, surveys, competitions, user-generated content;
  • Social-media account linking (where you choose to do so) and user-preference centres;
  • Information passed to us by our group, affiliates, travel agents, tour operators, accommodation providers or other partners (for example if a friend/relative books on your behalf or names you as emergency contact).
    We may act on instructions of the named booking contact in certain circumstances without seeking separate confirmation from you (for example amendments to a booking made by your agent/friend on your behalf).

7. Sharing your information

We may share your personal data with third parties in order to provide our services, and for other lawful business purposes. These third parties include:

Travel service providers

  • Airlines, hotels, resorts, transport companies, tour operators, local guides, visa-service companies, destination management companies who require your personal information to confirm and fulfil bookings;
  • Local transfer providers, activity providers, travel-insurance providers.

Payment and financial service providers

  • Third-party payment gateways, banks, credit-card processors, fraud-prevention and risk management services.

Technology, hosting and support vendors

  • Website-hosting companies, IT infrastructure, application-service providers, analytics and data-processing vendors, email-service providers, CRM platforms, marketing-automation platforms.

Marketing, research and analytics partners

  • Companies supporting our marketing campaigns, loyalty programmes, surveys, user-experience research, social-media platforms, competition or promotional partners.

Within Flora & Fauna group

  • Our affiliates, parent companies, subsidiaries or other members of our group (if applicable) in order to provide unified services and improve our offerings.

Legal / regulatory / safety / business-asset transfers

  • Government or regulatory authorities, courts, law-enforcement agencies in connection with legal obligations;
  • In connection with a merger, acquisition, sale of assets or financing transaction involving Flora & Fauna Travels (your personal data may be transferred as part of the business asset);
  • In case of a threat to life, health or safety we may share your information with medical or emergency personnel.

Aggregated or anonymised data

  • We may share aggregated, de-identified information about our users or website usage for analytics, benchmarking or marketing purposes.

We do not sell your personal information to any third party under any circumstances.

8. International Transfers

Because we operate globally and engage with partners, service providers and affiliates in multiple jurisdictions, your personal data may be transferred to, stored in or processed in countries outside your place of residence (including jurisdictions with different data-protection laws).
Where such transfers occur, we will ensure adequate safeguards are in place (for example standard contractual clauses, binding corporate rules, or other lawful mechanisms) or that a valid derogation applies under applicable law.
You have the right to request details of the safeguards we use. If you are in the EEA, UK or other relevant jurisdiction, you may request a copy of such safeguards.

9. Retention of your information

We will retain your personal data only for as long as is necessary for the purposes for which it was collected (including providing our services, complying with legal or accounting obligations, resolving disputes or enforcing our agreements).
When the personal data is no longer required, it will be securely deleted or anonymised.
In certain circumstances we may retain data for a longer period if required by legal/regulatory requirements (for example tax or audit) or if we reasonably believe litigation or claims may arise.

10. How we keep your information secure

We are committed to protecting your personal information and have implemented appropriate technical, organisational and physical security measures to protect your data from unauthorised access, alteration, disclosure or destruction. These may include encryption, secure servers, restricted access, regular security reviews, intrusion detection systems, backups and audit trails.
In the event of a data breach that affects your personal information, we will notify you and/or the relevant regulator as required by applicable laws.

While we take all reasonable steps to secure your data, you should be aware that no system is 100% secure and you should take care when transmitting information to us via the Internet.

11. Cookies & tracking technologies

We use cookies, web-beacons and other tracking technologies on our Website for a variety of purposes, including:

  • enabling essential website functionality;
  • analysing website usage and improving user experience;
  • measuring and delivering relevant advertising and content;
  • enabling social-media features and sharing.
    We work with third-party analytics and advertising networks (such as Google Analytics) which may place cookies or other tracking technologies and collect data about your use of our Website (including your IP address, device identifiers and usage data).
    You may set your browser or device to refuse all or some cookies or to alert you when cookies are being placed. If you disable or refuse cookies, some parts of our Website may not function properly.
    For further details, see our separate Cookies Policy.

12. Marketing & Other Interactions

We may use your personal information for marketing purposes, in accordance with applicable laws and with your prior consent (where required). Such uses include:

  • Sending you promotional offers, newsletters, travel-package alerts, discount deals, competitions and partner offers (if you have opted in).
  • Personalising our communications based on your preferences, travel history, interests and device usage.
  • Evaluating the success of marketing campaigns, user engagement, lead generation and remarketing.
  • Conducting competitions, surveys, feedback requests, referral programmes or other promotions.

You may opt-out of marketing communications at any time by following the unsubscribe link in emails or by contacting us at info@florafaunatravels.com with your marketing preference request.
If you link your Flora & Fauna account with a social-media account (e.g., Facebook, X) you may permit data exchange between us and that provider; you can at any time choose not to share that data via your account settings or preferences.

13. Photos, Videos & User-Generated Content

When you participate in one of our tours or use our services, you may be photographed or video-recorded by Flora & Fauna staff, local tour leaders, other participants or partner operators.
If you do not wish to be photographed or included in video content, please inform your tour leader or contact us in advance. Any photo or video we take may only be used for marketing or promotional purposes with your prior consent.
On occasion we may engage professional photographers for promotional content; we will inform participants in advance and you have the right to opt-out of being included. Please note we cannot control images taken by fellow participants.

14. Your Rights

Depending on your country of residence and applicable data-protection laws, you may have rights to:

  • Request access to the personal data we hold about you;
  • Request correction or update of your inaccurate or incomplete data;
  • Request deletion or erasure of your personal data (“right to be forgotten”), subject to certain conditions;
  • Request restriction or object to processing of your data in certain circumstances (including profiling, direct marketing or legitimate-interest processing);
  • Withdraw consent previously given (for example, for marketing) where processing is based on consent;
  • Request portability of your data to another service provider in a commonly-used machine-readable format (if applicable);
  • Lodge a complaint with a data-protection authority or supervisory body.

To exercise any of these rights, please contact us at info@florafaunatravels.com. We may request proof of identity and additional information to verify your request. We will respond within relevant legal time-frames.
In some cases we may decline a request, for example where legal exemptions apply; if so, we will inform you of the reason.

15. Children’s Privacy

Our website and services are not intended for children under 18 years of age. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a child under 18 has provided us with personal information, we will delete it. If you believe a child has provided us data, please contact us at info@florafaunatravels.com.

16. Third-Party Links & Widgets

Our Website may contain links to third-party websites, social-media features or widgets (for example a “share” button). These external services may collect or share data about you. We do not control those third-party websites or services and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party site you visit.
If our Website includes third-party widgets (e.g., Facebook like button), the widget may collect your IP address and which page you visited before setting a cookie; your interactions with such features are governed by the third party’s own privacy policy.

17. SMS/ Messaging Services (if applicable)

If you opt in to receive SMS or other mobile-messaging marketing from us (for example, booking reminders, deal alerts), you agree to receive recurring messages and standard message/data rates may apply. Consent for SMS marketing is not a condition of any booking or service.
You may opt-out at any time by replying “STOP” to a message or by contacting us. For “HELP”, you may contact our support. Please note that messages may travel via third-party networks or infrastructure not under our control, and we do not accept liability for the practices of mobile carriers or third-party messaging platforms.

18. Retention of Your Data

We keep your information only as long as needed for the purposes for which it was collected, including fulfilling your booking, providing travel services, accounting, legal or tax requirements, resolving disputes or facilitating feedback. Where required by law we may keep records for longer (for example tax-/audit-related retention). When personal data is no longer needed, we will either securely delete it or anonymise it.

19. How We Keep Your Information Secure

We are committed to the security of your personal information. We maintain physical, technical and administrative safeguards to protect your data from unauthorised access, use, modification or destruction. Our security measures may include firewall protection, encryption of stored data, secure payment processing (via PCI-DSS compliant providers), access controls, regular testing and monitoring of our systems, and incident-response protocols. In the event of a data-breach that affects your personal information in a way which might cause you or others harm, we will notify you and applicable authorities as required by law.

20. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements or technological developments. When we do, we will revise the “Last updated” date at the top and post the updated policy on our Website. We encourage you to re-visit this page periodically. If we believe a change is significant, we will provide a more prominent notice or email you (if you are subscribed) of the change.

21. Contact Us

If you have any questions, concerns or complaints about this Privacy Policy or our personal-data practices, you may contact:

Flora & Fauna
Email: info@florafaunatravels.com.
Website: www.florafaunatravels.com
Address:  Flora & Fauna Travels, 113/1C/10, Pinnwala, Madapatha, Piliyandala, Colombo, Sri Lanka
Attention: Data Protection Officer

Copyright © 2026 Flora & Fauna Travels