Galapagos a la Carte | Online Tour Agency

LEGAL

Terms and Conditions

Insurance Notice

Galapagos a la Carte (hereinafter called the "Company") is an online tour agency that offers activities, tours, trips, accommodation and other services (collectively, the "Services") and in packages/bundles (the "Services packages") in The Galapagos Islands and Ecuador operated by Galapagos a la Carte Galacarte S.A. with VAT number/R.U.C. 2091761222001, a company headquartered in The Galapagos Islands in Ecuador. You (the "Client"), a person with over 18 years old, with the capabilities (physical and economical) to travel, make a reservation/booking and pay for our Services.

By clicking any submitting button ("Send", "Book", "Book Now", "Confirm", "Pay and Confirm", "Pay Balance", etc.) you signify your assent to these Terms of Use. In case of disagreement, please close this website and DO NOT click on it.

1. Eligibility: Use of our website and services is restricted to individuals who are 18 years of age or older and who have the legal, physical, and financial capacity to travel, make reservations, and enter into binding agreements.

2. Use of Services: Eligible users may browse, reserve, and book Services or Service Packages through our website, web applications, or authorized kiosks. All reservations are subject to availability and confirmation.

3. Website Content and Modifications: We reserve the right to modify or remove any part of our website or services at any time without prior notice. This includes but is not limited to pricing, service descriptions, images, functionality, and legal terms.

4. Acceptance of Terms: By interacting with our booking systems or submitting any forms, you confirm that you have read, understood, and agreed to the following:

These Terms of Use
Our Terms and Conditions
Our Insurance Notice
Our Privacy Policy

5. Prohibited Conduct: The Company reserves the right to disregard, reject, or delete any inquiries or booking requests that:

Contain false, misleading, or incomplete information.
Originate from suspicious or invalid email domains.
Include spam or irrelevant content.
Use third-party email accounts without permission.
Contain offensive, discriminatory, or inappropriate language.

6. Restrictions and Enforcement: Any attempt to tamper with, reverse-engineer, or modify the source code, website functionality, or applications will result in immediate dismissal from our services and may be reported to the relevant Ecuadorian authorities.

7. Limitations of Liability:

The Company is not liable for errors, omissions, or misinterpretation of any section of our website, including but not limited to: Deals of the Week, A la Carte services, or Enquiry Packages.
The accuracy of data entered by users is their sole responsibility.
These Terms may be updated at any time without prior notice, and continued use implies agreement to any such changes.
Users cannot alter any term or condition by personal interpretation or intent.

8. Final Acknowledgement: By submitting a booking or inquiry through our platform or authorized channels, you affirm that you understand and accept all terms outlined in this document.

For questions regarding these Terms of Use, please contact our customer service team prior to completing your booking.

«Updated on May 24, 2021»

Terms and Conditions

1. Information: The Company shall make every effort to ensure that the information contained in the Services descriptions on this homepage is as precise and accurate as possible. However, Galapagos a la Carte shall not be liable for any errors or omissions that may, in spite of these efforts, appear on these pages, as well as for any interpretations of, or decisions based on, such information.

2. Commitment of Good Faith: The Company shall endeavor to act in good will and make all efforts within its competence and belief to ensure an enjoyable and safe journey that satisfies the Client and fully meets it expectations and wishes.

3. Reservations/Bookings: A reservation/booking can be made by these different options found on our website and third parties OTAs of our different Services:

Deals of the Week (https://dealsoftheweek.galapagosalacarte.com): +6 tours/activities with reduced prices/tariffs in a that week only with end-closed gap availability.
A la Carte (https://alacarte.galapagosalacarte.com): Build your own tailor-made package with +20 tours/activities, accommodation and services.
Packages (https://packages.galapagosalacarte.com): Packages built by experts made specially for you.
Yacht Santa Fe III (https://yacht.santafegalapagos.com.ec): Four Day Tours to four different non-populated islands in our Yacht Santa Fe III.
E-Mail: Bookings made through e-mails queries and effective through our "a la carte" system.
Kiosk: Bookings made in-situ on kiosk stand in different local establishments such as cafes, restaurants, agencies, etc.
OTAs: Bookings made through Viator/TripAdvisor Experiences, Expedia, Tripaneer, etc.
Travel Agency: your local and favorite local agency.

The reservation/booking request shall become a binding contract between the Client and the Company only upon issuance by the Company of a written confirmation (Voucher or Ticket) of the reservation and a full payment of the Client.

4. Payment: The payment must be done by the following methods:

PayPal - Only accepted for "A la carte" Packages with amounts over a $1,000.00 US Dollars.
Credit Card - Only accepted in Deals of the Week, "A la carte" Packages, Packages in our website, Kiosk, OTAs and Yacht Santa Fe III website.
Wired Bank Transfer.
Cash - Only accepted in our office bookings for Deals of the Week.

All of these payment methods have a fee of 0% and $0.00 US Dollars and there are no discounts for replacing one method with another one. All these payment methods are subject to change.

5. Prices and Tariff Changes: Unless otherwise noted, all prices and tariffs are in US Dollars. The price or tariff can change and vary on our website because of the following reasons:

Providers costs.
Market demand.
Fuel costs.
Government levies.
Taxes.

The prices shown on our website or quoted to the Client it shall not be altered for these reasons once the full Service total price has been fully paid.

6. Cancellation: Cancellations must be submitted in writing and shall be effective only when received by the Company.

For cancellations made 90 days or more before service, all amounts already paid will be reimbursed :: For cancellations made 89 days but more than 70 days before service, a 10% of the total will be charged as penalty fee :: For cancellations made 69 days but more than 50 days before service, a 50% of the total will be charged as penalty fee :: For cancellations made less than 49 days before service, a 100% of the total will be charged as penalty fee.

If the Client fails to arrive or be at the commencement of any Service at the scheduled time and place, or is unable to do so for any reason whatsoever; including the lack of valid travel documents. He/she shall not be eligible for a reimbursement. In the event of occurrences such as natural disaster or any other circumstances beyond control, which completely or substantially prevent, materially adversely affect or otherwise materially impede the Service. In such a case, the Company will not reimburse any amounts already paid, according to the actual Tourism Law in Ecuador.

*Policies vary between service providers, we will consult with them first upon any cancellation request, and charge you with the penalty fee that they stipulate.

**Transaction fees may apply.

7. Changes/Modifications: The Client can request only once, a modification of the package (after confirmation), including the commencement date/destination, that do not materially affect the total price of all services, the fixed itinerary of the Company; being subject to availability to any change/modification.

*Policies vary between service providers, we will consult with them first upon any modification request, and charge you with the penalty fee that they stipulate

8. Cancellations/Modifications by the Company: In the event of unforeseeable events and circumstances beyond control of the Company such as war, epidemics, natural disasters, Galapagos National Park modification, Ecuadorian government dictation, etc., dangerous occurrences, which could put the lives of any Service or Services participants at risk, the effects and consequences of which cannot be commercially reasonably mitigated or prevented, as well as delays and deviations caused by weather conditions (heavy rains, thunderstorms, fires, etc.); then the Company reserves an exclusive right to change any travel arrangements, cancel the entire package or in particularly itemized Services, either directly from its headquarters or indirectly by the decision of its tour guides and/or group leaders.

If the entire Service or individual Services are cancelled prior to the Service date, the Company shall notify the Client at the earliest possible date those cancellations/modifications :: The Company reserves an exclusive right to modify/change or cancel any travel arrangements of Services either directly from its headquarters or indirectly by the decision of its tour guides and group leaders. In such a case, all Services dates and itineraries shall be altered or cancelled by the Company without the Client being entitled to any reimbursement of amounts already paid to the Company.

9. Obligations of the Client: The Client shall commit to:

Comply with the Ecuadorian laws, especially The Galapagos National Park Rules, requirements and formalities of local police, health and other public authority.
Act in a courteous manner towards the Company's and our service providers employees, guides and representatives and obey the instructions of the tour guide and/or group leader during the Service package or individual Services.
Behave in an environmentally friendly manner and take care of the nature surrounding you.

10. Insurance: The Client is highly recommended to obtain appropriate international insurance valid during the entire stay in Ecuador, providing necessary travel coverage including but not limited to return expenses, medical expenses and expenses arising out of cancellation and/or modification, loss of luggage, accident and repatriation. The Company shall not be liable whatsoever for any consequences that may arise out of the Client's failure or negligence to obtain such insurance. Find out more about our Insurance Notice here.

11. Assumption of Risk and Liability Release: Participating in the Services organized by the Company may involve the risk of injury from hazards and dangers associated with such activities as hiking in difficult rocky trails, swimming, snorkeling, scuba diving, etc., including but not limited to injuries resulting from slipping or falling on uneven terrain and rocky trails, injury or illness resulting from exposure to sun, windy or other weather conditions, as well as animals attacks. By making a reservation with the Company, the Client affirms that it has considered these risks, that it participation in the package organized by or involving the Company is entirely it choice, and that it agrees to freely accept and fully assume all such risks as well as any other risks involved in participating in the Service package or Services organized by the Company and the possibility of any resulting injury, loss or damage.

The Client and its beneficiaries agree to release, waive and discharge the Company and all of its employees, guides, service providers employees and representatives from and against any and all presently existing and/or future liabilities, damages, actions and claims relating to or arising from any Service, occurrence or event involving the Company, or relating to or arising from any action or omission by the Company or by any employee, guide, service provider employee, or representative of the Company, regardless of whether such action or omission constitutes negligence. The Client and its beneficiaries further agree to indemnify and hold harmless the Company and all of its employees, guides, service provider employee and representatives from and against any loss, damage, liability and expense incurred by the Company as a result of the Client's participating in the Services organized by or involving the Company.

12. Health/Medical Condition of the Client: The Client confirms and represents to the Company that it is in good health and does not suffer from any serious medical condition that may be aggravated by participating in the Services, some of which may be physically demanding. If the Client becomes unable to complete the Service due to intentionally undisclosed health conditions, it shall not be entitled to seek any compensation whatsoever from the Company.

13. Limitation of Responsibility: The Company reserves the right to limit its own responsibilities according to the Law and regulations currently effective in Ecuador.

14. Disputes and Limitation of Damages: In the event of a dispute, the Company and the Client shall endeavor to seek an amicable and faithful agreement. If the Parties fail to reach such agreement, the dispute shall be referred to the Ecuadorian court and shall be governed solely by Ecuadorian Law. The Client may submit a claim within 30 days from the completion of the Service package or individual Services. Claims submitted after this deadline shall not be considered. However, no claim against the Company arising out of, or relating to, these Terms and Conditions, the package and its Services, or events or omissions that occur during or in connection with the package or Service, shall exceed the amount actually paid by the Client to the Company for the Services. The Company shall not be liable for any damages or losses other than damages or losses that are actually incurred and already paid for by Client, nor shall the Company be liable for any consequential damages, future damages, lost profit, lost opportunity, mental anguish, or pain and suffering.

«Updated on May 24, 2021»

Privacy Policy for the Protection of Personal Data

1. General Information

I. Definitions. - For the purposes of this manual and policies, the following terms are defined:

Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data. As a rule, authorization must be requested from the data subject, except as described in the law.
Privacy Notice: Verbal or written communication, in physical, digital, or visual media, generated by the Controller, addressed to the Data Subject for the Processing of their personal data. It informs them about the existence of the information processing policies that apply to them, how to access them, and the purposes of the Processing intended for the personal data.
Database: Organized set of personal data subject to Processing.
Sensitive Data: Data that affects the privacy of the Data Subject or whose improper use could lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, promotion of interests of any political party, or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
Private Data: Data that due to its intimate or reserved nature is relevant only to the Data Subject.
Public Data: Data that is not semi-private, private, or sensitive. By its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial judgments that are not subject to confidentiality.
Semi-Private Data: Data that is not intimate, reserved, or public, and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, such as financial and credit information of commercial or service activities.
Processor: Natural or legal person, public or private, who, by itself or in conjunction with others, carries out the Processing of personal data on behalf of the Data Controller. They receive the delegation to process the data under the terms determined by the controller. They must ensure that there is authorization and that the Processing will be carried out for the informed and accepted purposes.
Data Controller: Natural or legal person, public or private, who, by itself or in conjunction with others, decides on the database and/or the Processing of data. They define the purposes and essential means for the processing of data, including those who act as source and user, and the duties assigned to them respond to the principles of data management and to the rights of privacy and habeas data of the data subject. The data controller is the one who must request and keep the authorization containing the express consent of the data subject for the processing of their data, as well as clearly inform them of the purpose thereof.
Data Subject: Natural person whose personal data is subject to Processing.
International Transfer of Personal Data: When the Data Controller and/or Processor of personal data, located in Ecuador, sends information or personal data to a recipient, who in turn is responsible for the processing and is located outside the country.
International Transmission of Personal Data: Communication of personal data within or outside the territory, aimed at carrying out Processing by the Processor on behalf of the Controller.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

II. Principles. - In the development, interpretation, and application of the general regime for the protection of personal data, the following guiding principles will be applied in a harmonious and comprehensive manner:

Principle of Legality in Data Processing: The Processing referred to in this law is a regulated activity that must comply with what is established in it and in other provisions that develop it.
Principle of Purpose: Processing must obey a legitimate purpose according to the Constitution and the Law, which must be informed to the Data Subject.
Principle of Freedom: Processing can only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate relieving the consent.
Principle of Veracity or Quality: Information subject to Processing must be truthful, complete, accurate, current, verifiable, and understandable. The Processing of partial, incomplete, fragmented data, or data that may lead to error is prohibited.
Principle of Transparency: Processing must guarantee the right of the Data Subject to obtain from the data controller or processor, at any time and without restrictions, information about the existence of data concerning them.
Principle of Access and Restricted Circulation: Processing is subject to limits arising from the nature of personal data, provisions of this law, and the Constitution. In this sense, Processing can only be done by persons authorized by the Data Subject and/or by persons provided for in this law. Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to Data Subjects or third parties authorized in accordance with this law.
Principle of Security: Information subject to Processing by the Data Controller or Processor referred to in this law must be handled with the technical, human, and administrative measures necessary to provide security to the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use or access.
Principle of Confidentiality: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks comprising the Processing has ended and may only provide or communicate personal data when it corresponds to the development of activities authorized by this law and on the terms thereof.
Principle of Privacy and Good Name: Information subject to Processing by the Data Controller or Processor must be evaluated within the canons of respect for the privacy and good name of the data subjects. The Processing of data that violates these principles is prohibited, except as permitted by law.

2. Responsible for Personal Information Databases

The Company with VAT and ID (R.U.C.) 2091761222001, with registered office in the city of Puerto Ayora, Ecuador, constituted by Public Deed executed on February 13, 2017, before Notary Public No. 1 of Quito, Dr. Jorge Machado Cevallos, and registered in the Mercantile Registry of Santa Cruz on March 13, 2017.

Address: Charles Binford Avenue 574 and Juan Montalvo

e-mail: admin@galapagosalacarte.com

Phone Number: (05)-2526419

I. Processing and Controllers of Personal Information Databases. - Personal data is collected, stored, organized, used, circulated, transmitted, transferred, updated, rectified, deleted, and managed in proportion to the purpose or purposes of each database. These may be processed manually and automatically, which is informed to the data subject at the time of granting their authorization. The information collected in the databases may be provided to the data subjects, their heirs, or legal representatives; to public or administrative entities exercising their legal functions or by court order; and to third parties authorized by the data subject or by law. The data controller manages the data by applying a risk management model to ensure the security and confidentiality of the information in compliance with this manual.

Personal data of children and teenagers: The Company does not collect personal data from children and/or adolescents. However, if obtained, they will be subject to processing exceptionally, according to legal parameters when it comes to publicly available data or data that may affect the best interests of minors under 18 years of age. In any case, the processing must comply with the following parameters: respond and respect the best interests of children and/or adolescents and ensure respect for their fundamental rights. Authorization required to process personal data of children and/or adolescents must come from their legal representative. However, the child may be heard and give their opinion, which will be valued considering their maturity, understood as the level of understanding of an issue and the evaluation of its consequences. All controllers and processors processing personal data of children and/or adolescents must ensure the proper use thereof. Likewise, families and society must ensure that the controllers and processors of personal data of children and/or adolescents comply with the obligations required by law.
Sensitive Data: Sensitive data will be processed exceptionally, being only allowed for processing under the following conditions:
- The data subject, under the principle of freedom, has given explicit authorization for such processing, except in cases where authorization is not required by law.
- Processing is necessary to safeguard the vital interests of the Data Subject and they are physically or legally incapacitated. In these events, legal representatives must give authorization.
- Processing refers to data that are necessary for the recognition, exercise, or defense of a right in a judicial process.
- Processing is carried out within the framework of legitimate activities and with due guarantees by a foundation, NGO, association, or any other non-profit organization, whose purpose is political, philosophical, religious, or union, provided that the data processing refers exclusively to their members or to people who maintain regular contact with them due to their objective. In these cases, the data may not be provided to third parties without the consent of the data subject.
- Processing refers to data that are necessary for the adoption of precautionary measures by public health agencies, control or evaluation of health risks, or authentication of health services.
- Processing is necessary for historical, statistical, or scientific research purposes. In this case, the data may not be provided to third parties without the consent of the Data Subject.

3. Purposes of Processing Personal Information Databases: The personal data collected must respond to the legitimate purposes established by the Constitution and the Law, for which they must require prior knowledge and authorization from the owner for the processing of the same, which must be requested at the time of data collection, except in situations where the law omits authorization.

I. Customers and Website. – Sales, market research, communication, registration, accreditation, consolidation, organization, updating, insurance, measurement, customer service, credit risk management, processing, legal defense and management of the actions, collection and capture of data, dissemination of advertising and technical information and contact information for products and services, promotions, advertisements and management of the actions, information and activities in which The Company clients are related or linked, it could be in a physical location, or in our websites and subdomains: www.galapagosalacarte.com, www.galapagosdealsoftheweek.com, www.galapagosseaways.com, www.bookanytourgalapagos.com

When we collect information:
- Make a reservation/booking from any of our channels
- Fill out our contact form
- Fill out our customer service form
- e-mail or call us

Collected information purposes:
- To issue Set Sail Permit of any vessel, document required by Ecuadorian Navy/Harbor Master
- To customize your experience
- To be used in your vouchers/tickets and other customized online instruments
- To improve our websites, its sections and web applications
- To improve customer service
- To communicate with you
- To verify transactions (payments)

We do not process any credit card, this is managed by PayPal, Payyo (via Trekksoft) or OTAs according to the case.

II. Workers, Pensioners and/or Beneficiaries. - Relationship, selection, linkage, communication, registration, accreditation, consolidation, organization, updating, assurance, processing, investigation, training, authorization, reporting, statistics, planning, improvement, analysis, processing, auditing, legal defense and management of the actions, information and activities in which workers, pensioners and their families are related or linked with The Company.

III. Contractors and/or Suppliers or Providers. - Communication, registration, consolidation, organization, updating, processing, control, accreditation, auditing, statistics, monitoring, reporting, maintenance, commercial risk management, security, legal defense and management of actions, information and activities in which contractors and their employees are related or linked to The Company.

IV. Community and Areas of Influence. - Relationship, communication, development, registration, updating, consolidation, accreditation, formalization, execution, dissemination, assurance, organization, processing, control, legal defense and management of the actions, information and activities in which the community and civil society in general are related or linked with The Company.

V. Surveillance Cameras and Security Checkpoints. - Collection, registration, control, legal defense, for the purpose of security regarding the people, property and facilities of The Company.

4. Rights of the Data Holders/Owners: The following are the rights of the holders/owners of personal data:

To know, update and rectify their personal data regarding the Data Controllers or Data Processors. This right may be exercised, among others, with regard to partial, inaccurate, incomplete, fragmented data that may lead to error, or data whose processing is expressly prohibited or has not been authorized under the terms of the Constitution of the Republic and other laws that may apply (or, failing that, with the norms that regulate, add to, execute, complement, modify, suppress or repeal it).
Request proof of the authorization granted to the Data Controller, except when it is expressly excluded as a requirement for the Processing, in accordance with the provisions of the Constitution of the Republic and other laws that may apply (or, failing that, with the regulations that regulate, add to, execute, complement, modify, suppress or repeal it).
Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been given to your personal data.
Submit complaints to the corresponding authorities in Ecuador for violations of the provisions of the Constitution (or, failing that, with the regulations that regulate, add to, execute, complement, modify, suppress or repeal it).
Revoke the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or deletion will proceed when the corresponding authorities of Ecuador have determined that in the Treatment the Responsible or the Person in Charge has incurred in conducts contrary to the Law (or in its absence with the norms that regulate, add, execute, complement, modify, suppress or repeal it) and/or the Constitution. The request for deletion of the information and the revocation of the authorization will not proceed when the Holder has a legal or contractual duty to remain in the database or the responsible party has the legal or contractual duty to continue with the treatment.
Access free of charge to your personal data that have been subject to Treatment. The holder can consult free of charge his personal data:
- At least once every six months.
- Every time there are substantial modifications of the guidelines for the treatment of the information that motivates him to make new consultations.
Public rectification by The Company, as a measure of reparation for violation of a duly proven right. The rectification may be carried out by any means of publicity that The Company has available to carry out its communications.

5. Duties of Data Controllers and Processors: The Company, in its capacity as Data Controllers and Processors must always ensure the comprehensive and effective exercise of the right to data protection, by:

Guaranteeing the right of data access to the Data Subject.
Requesting and retaining a copy of the authorization provided by the Data Subject under the conditions stipulated by Law.
Properly informing the Data Subject about the purpose of data collection and their rights.
Keeping data secure to prevent unauthorized alteration, loss, consultation, use, or access.
Ensuring that data provided to the Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
Updating data and informing the Processor of any changes to maintain data accuracy.
Correcting data when it is inaccurate and notifying the Processor.
Supplying the Processor only with data that is authorized for processing by Law.
Demanding that the Processor respects data security and privacy conditions.
Handling inquiries and complaints as specified by Law.
Adopting an internal manual of policies and procedures to ensure compliance with the law, especially for handling inquiries and complaints.
Informing the Processor when data is under dispute by the Data Subject.
Providing information to the Data Subject about the use of their data upon request.
Notifying the data protection authority of any security breaches or risks to Data Subject information.
Following instructions and requirements from the competent authority.
Complying with The Company’s contingency plan for managing security incidents.

6. Procedure: Data subjects who require consultation, updates, rectification, or deletion of their personal data should submit a request through the channels provided by GALACARTE S.A. for receiving such requests. The rights of data subjects can be exercised by the data subject themselves, their successors, who must prove their status; by the representative and/or attorney of the Data Subject, with prior accreditation of representation or empowerment; or by stipulation in favor of or for another.

For consultation requests, the response must be provided within ten business days from the date of receipt. If the request cannot be addressed within this period, the interested party will be informed of the delay reasons and the date the request will be addressed, which shall not exceed five additional business days beyond the initial term.

For requests for updates, rectification, or deletion, or in cases of alleged non-compliance with any duties by the data controllers or processors of The Company’s personal data, a complaint can be submitted following this procedure:

The complaint should be submitted to the Data Controller or Data Processor through the contact channel provided by The Company, including the identification of the Data Subject, description of the facts leading to the complaint, address, and accompanying documents. If the complaint is incomplete, the interested party will be required to correct the deficiencies within five days of receipt. If the required information is not provided within two months from the request date, it will be understood that the complaint has been withdrawn. If the recipient of the complaint is not competent to resolve it, it will be transferred to the appropriate party within two business days, and the interested party will be informed.
Upon receiving a complete complaint, a legend stating, "complaint in process" and the reason for the complaint will be included in the database within two business days. This legend will be maintained until the complaint is resolved.
The maximum period to address the complaint is fifteen (15) business days from the day after receipt. If it is not possible to address the complaint within this period, the interested party will be informed of the reasons for the delay and the date the complaint will be addressed, which shall not exceed eight (8) additional business days beyond the initial term.

7. Information Security: The Company employs information protection measures through comprehensive security mechanisms, including firewalls, antivirus software, access controls, and management of controls and profiles, as outlined in the organization's Code of Ethics. All information in the various systems is backed up daily using incremental backups. Remote server access is protected by various access control devices like firewalls.

Output data from information systems is validated through best practices implemented in each process. Additionally, the organization's users have specialized tools that allow them to encrypt information at will. Each detected incident or vulnerability is treated individually. The Company constantly updates its antivirus software and maintains automated security policies.

The Data Controller will promptly inform the data protection authority of any security breaches and risks in managing data subjects' information.

We have SSL certificates in all our websites to maintain your information secure. Our servers are well protected by our hosting provider.

8. Security Incident Response Committee: The Company has an interdisciplinary committee responsible for studying, measuring, controlling, monitoring, and reporting potential security incidents. This committee handles cases preventively or correctively to ensure compliance with data protection policies.

9. Transfers and Transmissions: The Company may only carry out the international transfer of personal data when the recipient country or international organization provides an adequate level of protection for the rights of data subjects. In the absence of such protection, The Company must obtain the express, prior, and informed consent of the data subject for the international transfer.

10. Your Consent: By using any of our websites, physically booking or purchasing our services, entering information in our web forms and clicking any submission button ("Send", "Book", "Book Now", "Confirm", "Pay and Confirm", "Pay Balance", etc.) you signify your assent to this Privacy Policy for the Protection of Personal Data.

«Updated on Nov 25, 2023»

Insurance Notice

1. The Company does not provide The Client with accident, life or trip insurance for any Services booked with us.

2. It is highly recommended by The Company that The Client should get/purchase a travel insurance. When acquiring one, specify what type of tours/activities planned to do and the trip will be in Ecuador, Galapagos.

3. Please read the potential risks:

Hikes with big lava rocks and difficult trails.
Cramps when swimming.
Thick vegetation.
Easy to get lost, disorientation.
Wild animal accidents.

4. Please read our recommendations:

Always read carefully each activity or tour description so you can have a better idea of the level of difficulty or physical demand of each one.
Choose your activities or tours according to your age, physical or medical condition.
Ask first for directions to locals or any authority deputy before going to an activity or tour outside your booked Services.
Do not go alone to any touristic spot away from town.
Always tell somebody you are going or planning to do each day.
Book certified and legal activities or tours only.

«Updated on Jun 2, 2021»