Privacy Policy

Privacy Policy

Last Updated: 25th July 2026

Heritage Nomadic UK Ltd. is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your information in line with the UK General Data Protection Regulation (GDPR).

1. Data Collection

We collect personal information only when necessary for the performance of our services. This may include:

  • Full name
  • Contact information (email, phone, address)
  • Travel preferences
  • Passport details
  • Special requirements (e.g., dietary or medical)
  • Payment-related information

2. Use of Your Data

Your data is used exclusively to:

  • Communicate about your travel enquiries and bookings
  • Issue invoices, confirmations, and itineraries
  • Coordinate services with our partners (e.g., Navigeto Travels)
  • Ensure smooth delivery of your tour experience
  • Comply with legal and regulatory requirements

3. Data Sharing

Heritage Nomadic UK Ltd. shares personal data only where necessary and in accordance with the UK General Data Protection Regulation (GDPR).

We may share limited and relevant personal information with:

  • Navigeto Travels (Pvt) Ltd., our trusted Destination Management Company in Sri Lanka, for the purpose of fulfilling your travel arrangements.
  • Service providers (e.g., hotels, transport companies, licensed guides) directly involved in delivering services outlined in your confirmed itinerary.
  • Payment processors or financial institutions, solely for the secure processing of your payments.

All third-party partners are engaged under contractual obligations that include data protection clauses and are expected to handle your information with the same level of care, confidentiality, and compliance required under UK GDPR.

Heritage Nomadic UK Ltd. does not engage in the sale or unauthorized distribution of personal data for any purpose beyond the delivery and management of your travel-related services.

4. Data Security

At Heritage Nomadic UK Ltd., we take the protection of your personal data seriously.
We implement both technical and organisational measures to ensure your information remains safe, including:


  • Secure digital storage with industry-standard firewalls and encryption where applicable.
  • Password-protected systems and role-based access controls to ensure only authorised personnel handle your data.
  • Routine data access reviews to reduce any risk of misuse or unauthorised access.
  • Encrypted communication where necessary (e.g., during online payments or booking submissions).
  • Regular back-ups to protect data integrity and enable restoration in case of any technical fault.

While no system can guarantee absolute security, we continuously assess our data handling processes to meet the standards of the UK GDPR and other applicable regulations.

5. Your Rights Under The UK GDPR

We are committed to protecting your privacy and giving you control over your personal information. Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:


🔹 Access – You can ask us what personal data we hold about you and receive a copy.

🔹 Correction – You can request that we update or correct any inaccurate or incomplete information.

🔹 Deletion – You may ask us to delete your personal data where there is no legal reason for us to keep it (e.g., after your trip is complete and retention period ends).

🔹 Withdraw Consent – If you've previously given us permission to use your data (e.g., for marketing), you can change your mind and opt out at any time.

🔹 Lodge a Complaint – If you're unhappy with how we've handled your data, you have the right to complain to the UK’s Information Commissioner’s Office (ICO): www.ico.org.uk



To exercise any of these rights, simply email us at;

          privacy@heritagenomadic.com
We aim to respond within 30 days.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected — including:

  • Managing your travel booking, communication, and delivery of services
  • Handling customer queries, feedback, or potential disputes after travel
  • Meeting legal and regulatory obligations, such as financial and tax reporting (HMRC)


Retention periods vary depending on the type of data:

  • Travel-related and communication data: Typically retained for up to 3 years after your trip, unless you request earlier deletion.
  • Financial and payment records: Retained for up to 6 years, as required by UK tax and accounting laws.
  • Sensitive documents (e.g., passport copies, medical needs): Retained only for the duration of your travel and securely deleted within 6–12 months after your return.

We regularly review the data we hold and securely delete any personal information no longer required for these purposes.

7. Cookies & Website Tracking


Our website may use cookies to improve user experience. These cookies may:

  • Track session data
  • Save preferences
  • Help analyse website traffic

You can disable cookies in your browser settings at any time.

8. Policy Updates

We may update this Privacy Policy periodically to reflect legal changes or improvements in our data handling. The latest version will always be available on our website.



If you have any questions or concerns about our privacy practices, please contact us via:

privacy@heritagenomadic.com
Heritage Nomadic UK Ltd., United Kingdom