Privacy And Data Protection / Updated July 2026

Privacy Policy (Passport Data Protection)

This page explains what traveler data we collect, why we may request passport materials, how we limit sharing, and how personal data is handled throughout inquiry, permit, and trip-planning workflows.

Operational Reminder

Please do not send full passport copies or other sensitive documents until our team asks for them. Website inquiry content is not a final booking commitment, and document requests should always follow a real operational need.

Collect only what is needed

We ask for identity, permit, travel, and contact details only when they are genuinely required for inquiry handling, permit preparation, booking support, safety planning, or legal compliance.

Use passport data carefully

Passport copies and identity details are requested only when operationally necessary, especially for permit preparation, transport coordination, hotel check-in support, and document matching.

Limit retention and sharing

We aim to keep personal data only for as long as it is needed for operational, legal, accounting, safety, or dispute-handling purposes, and we limit sharing to the parties who need it.

01 / What this page covers

Purpose and scope of this privacy notice

This page explains how Starbright Tibet Journeys handles inquiry data, passport data, permit documents, travel-planning information, and related communication records. It applies to information you send through website forms, direct messages, email threads, or booking discussions that originate from this website.

  • This website is an inquiry and planning channel, not a promise that a trip will proceed exactly as shown on the site.
  • If you move from general inquiry into actual permit or booking work, additional operational data may be requested later and only when needed.
  • Please do not send full passport scans, visa pages, or other sensitive files until our team specifically asks for them for an operational reason.

02 / Data we may collect

Categories of personal data

The exact data we need depends on the stage of your inquiry or trip. We do not need the same information for a first question as we do for a permit file.

  • Basic inquiry details such as name, email, WhatsApp or phone contact, nationality, preferred travel month, traveler count, route interests, and message content.
  • Travel-operation details such as arrival city, timing preferences, accommodation preferences, emergency contact information, and any practical requirements relevant to routing or support.
  • Permit and identification details such as passport bio-page information, passport number, date of birth, nationality, visa status, and supporting document files where required for permit or transport handling.
  • Safety-related details that you voluntarily provide, such as altitude concerns, mobility constraints, or other trip-relevant health information needed to plan responsibly.

03 / Why we use the data

Operational purposes for processing

We use personal data to answer your inquiry, design a route, assess permit practicality, coordinate suppliers, and support safe trip operations. We do not ask for passport-grade information just to send marketing copy.

  • To reply to travel requests, refine itinerary options, and prepare written trip proposals.
  • To assess whether a proposed route is operationally realistic and whether permit timing, regional access, or document sequencing may be an issue.
  • To prepare, check, submit, coordinate, or support permit and document workflows when a traveler asks us to proceed with actual trip planning or operations.
  • To coordinate hotels, transport, guides, and emergency-response planning where traveler identification or practical support details are genuinely required.
  • To keep records needed for payment support, accounting, compliance, after-travel issues, complaint handling, or legal defense where appropriate.

04 / Passport data protection

How we treat passport copies and other sensitive files

Passport data creates a higher privacy risk than ordinary inquiry text, so it should be handled more cautiously. We treat those files as operational documents, not casual correspondence.

  • We request passport copies only when there is a genuine permit, booking, transport, hotel, or identity-matching reason to do so.
  • Access to passport files should be limited to staff and operational partners who need the data for permit processing, booking support, compliance, or safety execution.
  • We try to avoid collecting unnecessary extra data beyond the passport bio page or other specifically requested documents.
  • If you send documents that were not requested, we may delete them, ask you to resend the correct file, or decline to use them until the purpose is clear.

05 / Sharing and disclosure

Who may receive your information

We do not treat traveler data as something to circulate freely. Sharing is restricted to the parties reasonably involved in handling your inquiry, permit process, confirmed trip operations, or mandatory compliance obligations.

  • Licensed travel-operation partners, local coordinators, guides, drivers, hotels, and transport providers when the data is needed to operate the requested service.
  • Permit-processing or authority-facing channels when documents are required to seek access, route approval, or identity verification.
  • Payment, accounting, legal, insurance, or dispute-resolution support where reasonably necessary.
  • We do not sell passport data or ordinary inquiry data as a separate commercial product.

06 / Security and retention

How long we keep data and how we protect it

We seek to store personal data in a way that is proportionate to the sensitivity of the information and the operational need for keeping it. Retention periods can differ depending on whether the data relates to a general inquiry, a permit file, a confirmed trip, or a later complaint or accounting issue.

  • We aim to keep general inquiry records only for as long as they remain operationally useful for trip planning, relationship follow-up, or legitimate business administration.
  • Permit and passport files are reviewed periodically and should be deleted, anonymised, or archived more restrictively once they are no longer needed for the trip, after-travel support, legal defense, accounting, or compliance purposes.
  • We use reasonable organisational and technical safeguards to reduce the risk of unauthorized access, misuse, loss, alteration, or accidental disclosure.
  • No online system or file-transfer method can be promised to be risk-free, so travelers should send documents only through the channels we request and only when needed.

07 / Your choices and requests

Access, correction, deletion, and objections

Depending on where you are located and the circumstances of the processing, you may be able to ask us to provide a copy of your personal data, correct inaccurate information, delete data we no longer need, or limit certain uses that are not strictly necessary.

  • If you believe we are holding inaccurate passport or contact information, tell us as soon as possible so operational files can be corrected before permits or bookings are affected.
  • If you want us to review or delete data, contact us through your active trip conversation, the website inquiry channel, or the WhatsApp contact shown on the site and clearly mark the request as a privacy request.
  • We may need to retain some records where they remain necessary for legal compliance, accounting, fraud prevention, complaint handling, or defense of legal claims.

Privacy Requests

How to contact us about personal data

If you need us to correct, review, or delete traveler data, contact us through your current trip conversation, the inquiry form on this website, or the WhatsApp channel shown on the site. Please identify the request clearly so it can be routed to the correct operational contact.