Privacy policy.

Aloria & Co. — Privacy Policy

Last Updated: 2nd December 2025

1. Introduction

Welcome to Aloria & Co.

We are committed to safeguarding your personal data and maintaining your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, purchase our services, complete forms, or communicate with us in any way.

By accessing or using our website or services, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with any part of this policy, please discontinue use of our website and services.

2. Who We Are

Aloria & Co.
A boutique travel-experience and itinerary-design service offering premium itinerary redesigns and digital immersive itinerary presentations.

Operating Location:
We operate remotely from North Macedonia.

Primary Client Regions:
United Kingdom, European Union, United States, and global travel professionals.

Email Contact:
admin@aloriaandco.com

Although based in North Macedonia, we voluntarily comply with UK GDPR, EU GDPR, and major US privacy regulations (including CCPA/CPRA) to meet the expectations of our international clients and ensure the highest standards of data protection.

3. What Data We Collect

We collect personal information in three ways: information you provide directly, information collected automatically, and information collected via cookies/third-party tools.

A. Information You Provide Directly

  • Full name

  • Email address

  • Contact details

  • Business information (if applicable)

  • Notes or details submitted for itinerary redesign

  • Uploaded files (e.g., original itineraries, PDFs, assets)

  • Form submissions (requests, enquiries, feedback, preferences)

  • Payment details processed via secure third-party gateways (we never store card information)

B. Information Collected Automatically

  • IP address

  • Browser type & version

  • Device type

  • Operating system

  • Pages visited & interactions

  • Time spent on pages

  • Referral URLs

Collected via Squarespace Analytics

C. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Enhance website performance

  • Understand visitor behaviour

  • Improve user experience

  • Maintain security

  • Enable form functionality

  • Support payment processing

You may disable cookies in your browser settings at any time. Some features may not function correctly if cookies are disabled.

4. How We Use Your Data

We use your personal data for the following purposes:

A. Service Delivery

  • To process and deliver itinerary redesign services

  • To communicate regarding drafts, revisions, and final files

  • To respond to enquiries and provide customer support

B. Business Operations

  • To operate, maintain, and improve our website and services

  • To monitor performance and troubleshoot issues

  • For internal reporting, analytics, and quality improvement

C. Payments & Verification

  • To securely process transactions through vetted third-party payment providers

D. Marketing (Optional & Consent-Based)

  • To send service updates, newsletters, or promotions
    You will only receive marketing if you have explicitly opted in.

We Do Not:

  • Sell your data

  • Rent your data

  • Share your data for third-party marketing purposes

5. Legal Bases for Processing (UK/EU GDPR)

We process personal data under the following legal bases:

  • Contractual Necessity: Delivering the services you purchase.

  • Consent: When you submit a form or opt in to marketing.

  • Legitimate Interests: Analytics, service improvement, fraud prevention.

  • Legal Obligations: Accounting, taxation, regulatory compliance.

6. Sharing Your Data

We only share data when necessary for delivering our services. Trusted partners may include:

  • Squarespace (website hosting, forms, analytics)

  • Payment processors (Stripe, PayPal, or platforms you enable)

  • Notion (if you receive digital itinerary presentations)

  • Cloud storage providers

  • Email service providers

All providers operate under privacy frameworks aligned with GDPR, UK GDPR, and/or CCPA.

We do not share personal information with third parties for advertising or other marketing purposes.

7. Data Retention

We retain personal data only for as long as necessary:

  • Client project data: 24 months

  • Email communication: 24 months

  • Marketing opt-in data: Until revoked

  • Financial records: 7 years (legal requirement)

You may request earlier deletion (see Section 11).

8. International Data Transfers

Because our clients and systems operate globally, data may be transferred outside your home country.

To ensure protection, we rely on:

  • Standard Contractual Clauses (SCCs)

  • GDPR-compliant service providers

  • Equivalent legal safeguards as required

9. How We Protect Your Data

We implement multiple safeguards, including:

  • Encrypted storage and secure servers

  • Restricted-access systems

  • Strong authentication for internal accounts

  • GDPR-aligned vendor platforms

  • Regular risk assessments

While no system is entirely immune, we take all reasonable steps to secure your information.

10. Your Rights (UK GDPR & EU GDPR)

You have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with a data protection authority

To exercise rights, contact us at:
admin@aloriaandco.com

11. US Privacy Rights (Including CCPA/CPRA)

If you are a US resident in a state with privacy laws (e.g., California), you may have additional rights:

  • Request disclosure of collected data categories

  • Request deletion of personal data

  • Request correction

  • Opt out of data sharing or selling (we do not sell data)

  • Limit use of sensitive personal information (we do not collect SPI)

If you wish to exercise your US privacy rights, email [Insert your email].

12. Children’s Privacy

Our services are not intended for, and we do not knowingly collect data from, individuals under 16 years old.
If we learn that data has been collected from a minor, we will delete it promptly.

13. This Policy & Future Updates

We may update this Privacy Policy from time to time.
The Last Updated date at the top of this page reflects the latest version.

14. Contact Us

For any questions, concerns, or data requests, contact:

Aloria & Co.
Email: admin@aloriaandco.com
Website: www.aloriaandco.com