Alleybookings

1. Introduction

Welcome to Alley Bookings! This Privacy Policy describes how ALLEY BOOKINGS LTD ("Alley Bookings," "we," "us," or "our") collects, uses, processes, stores, shares, and protects your personal information when you access or use our website (www.alleybookings.com), mobile applications, and related services (collectively, the "Platform").

We are committed to protecting your privacy and handling your personal data transparently and securely, in compliance with applicable data protection laws, including the Nigeria Data Protection Regulation 2019 (NDPR) and, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

This Privacy Policy explains:

What personal information we collect.
How we use that information.
The legal basis for processing your information.
With whom we share your information.
How we protect your information.
How long we keep your information.
Your data protection rights.
Information about cookies.
How to contact us.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect different types of information about you, depending on how you interact with our Platform:

Information You Provide Directly:
- Account Information: When you register for an account, we collect information such as your name, email address, phone number, and password.
- Booking Information: When you make a booking for flights, accommodation, events, or tours, we collect necessary details like traveller names, contact information (email, phone), dates of travel/event, destination/venue, frequent flyer numbers (optional), meal preferences (optional), and any special requests. For certain services (like international flights), we may need passport details (name as on passport, number, expiry date, nationality, date of birth).
- Payment Information: When you make a payment, we collect payment details necessary to process the transaction. This typically includes billing address and payment instrument details (like credit/debit card number, expiry date, CVV). Note: Full payment card details are usually processed directly by our secure third-party payment processors (Paystack) and are not stored on Alley Bookings' servers. We may store partial details (like the last four digits and card type) for verification and administrative purposes.
- Communications: When you contact our customer support, provide feedback, participate in surveys, or communicate with us in any other way, we collect the information contained in your communications.
- Profile Information: You may choose to provide additional information in your user profile, such as home address or travel preferences.
- Reviews and Ratings: If you submit reviews or ratings for services booked through our Platform.
Information Collected Automatically:
- Usage Data: We collect information about how you interact with the Platform, such as the pages you visit, the features you use, searches you conduct, bookings you make, the time, frequency, and duration of your activities.
- Log Data and Device Information: We automatically collect log data when you use the Platform, including your IP address, browser type, operating system, device information, access times, pages viewed before and after navigating to our Platform, and crash data.
- Location Information: We may collect approximate location information derived from your IP address or more specific location information if you enable location services on your device (used for features like finding nearby properties or events).
- Cookies and Similar Technologies: We use cookies, web beacons, pixels, and other tracking technologies to collect information about your browsing activities. Please see our Cookie Policy for more details.
Information from Third Parties:
- Suppliers: We may receive information about you from our Suppliers (airlines, hotels, etc.) related to your booking status, changes, or issues.
- Partners: We may receive information from business partners with whom we offer co-branded services or engage in joint marketing activities (subject to your consent where required).

3. How We Use Your Information

We use the personal information we collect for various purposes, including:

To Provide and Manage Our Services:
- Process your bookings for flights, accommodation, events, and tours.
- Create and manage your user account.
- Facilitate payments for bookings.
- Communicate with you about your bookings (confirmations, changes, reminders).
- Provide customer support and respond to your inquiries.
To Improve and Personalise the Platform:
- Understand how users interact with our Platform to improve its functionality, performance, and user experience.
- Personalize your experience by showing relevant listings, offers, or recommendations.
- Conduct analytics and research.
For Marketing and Communications (with your consent where required):
- Send you promotional messages, newsletters, marketing, advertising, and other information that may be of interest to you (you can opt-out at any time).
- Administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities.
To Ensure Security and Prevent Fraud:
- Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
- Verify your identity.
- Conduct security investigations and risk assessments.
To Comply with Legal Obligations:
- Comply with applicable laws, regulations, legal processes, or governmental requests.
- Enforce our Terms of Service and other policies.
- Resolve disputes and protect our rights and property, and the rights and property of our users and third parties.

4. Legal Basis for Processing Personal Information (NDPR & GDPR)

Our legal basis for collecting and using the personal information described above will depend on the specific information and the context in which we collect it. However, we generally rely on the following legal bases:

Performance of a Contract: Processing your personal information is necessary to fulfil our contract with you (e.g., to process your booking and provide the requested services).
Legitimate Interests: We process your information for our legitimate interests (e.g., improving the Platform, preventing fraud, direct marketing of similar services), provided these interests are not overridden by your data protection rights.
Consent: We will obtain your consent for certain processing activities, such as sending direct marketing communications for unrelated services or using non-essential cookies. You can withdraw your consent at any time.
Legal Obligation: We may need to process your information to comply with applicable laws and regulations.

5. How We Share Your Information

We may share your personal information with the following categories of third parties:

Suppliers: We share necessary booking information (your name, contact details, booking specifics, preferences) with the relevant Suppliers (airlines, hotels, event centres, tour operators) to enable them to provide the services you have booked. These Suppliers process your data according to their own privacy policies.
Payment Processors: We share payment information with trusted third-party payment processors (Paystack) to securely handle transactions.
Technology and Service Providers: We use third-party companies and individuals to support our Platform, such as GDS providers (Amadeus, Sabre), flight API providers (Kiwi.com), IT and cloud hosting providers, customer service tools, analytics providers, marketing platforms, and security services. These providers only have access to your information to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.
Business Partners: If you book a service offered jointly with a third party or participate in a co-branded promotion, we may share information with that partner (subject to your consent where required).
Legal and Regulatory Authorities: We may disclose your information if required by law, regulation, legal process (like a subpoena or court order), or governmental request, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your personal information may be transferred as part of the transaction.

6. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than your country of residence, including Nigeria and countries where our Suppliers or service providers are located. These countries may have data protection laws that are different from the laws of your country.

Specifically, when transferring data outside Nigeria, we comply with NDPR requirements. When transferring data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Adequacy Decisions, or your explicit consent, to ensure your data receives an adequate level of protection.

7. Data Security

We implement appropriate technical and organisational security measures designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

Using Secure Socket Layer (SSL)/Transport Layer Security (TLS) encryption for data transmission.
Implementing access controls to limit who can access personal information.
Regularly reviewing our information collection, storage, and processing practices.
Using secure third-party payment processors compliant with PCI DSS standards.
Providing data privacy and security training to our employees.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as for tax, legal, accounting, or reporting requirements).

Generally, this means we will keep your account information for as long as you have an active account with us. Booking information may be retained for a period necessary to handle potential disputes, comply with legal obligations, and for financial record-keeping. When we no longer need your personal information for the purposes it was collected, we will either delete or anonymize it, or if this is not possible (e.g., because it has been stored in backup archives), we will securely store it and isolate it from any further processing until deletion is possible.

9. Your Data Protection Rights

Depending on your location and applicable law (particularly NDPR and GDPR), you may have the following rights regarding your personal information:

Right to Access: Request access to the personal information we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal information.
Right to Erasure (Deletion): Request deletion of your personal information under certain conditions (e.g., if it's no longer necessary for the purposes collected, or if you withdraw consent).
Right to Restrict Processing: Request restriction of the processing of your personal information under certain circumstances.
Right to Data Portability: Request to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
Right to Object: Object to the processing of your personal information based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent as the legal basis for processing.
Right to Lodge a Complaint: Lodge a complaint with the relevant data protection authority (in Nigeria, this is the National Information Technology Development Agency - NITDA).

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and personalize the Platform, analyse usage, and for advertising purposes. For more detailed information about the cookies, we use and how you can manage your preferences, please see our Cookie Policy.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly.

12. AppLinks to Other Websites

Our Platform may contain AppLinks to other websites or services that are not operated by us. If you click on a third-party AppLink, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated policy on the Platform, updating the "Effective Date" at the top, and/or by sending you an email notification. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Platform after any changes constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Alley Bookings LTD
Attn: Data Protection Officer / Legal Department
No. 32 Gwarzo Road, Bompai, Kano - Nigeria
Email: privacy@alleybookings.com or legal@alleybookings.com