Privacy Policy
Asik Travel takes your privacy seriously. This policy explains what we collect, why, how long we keep it, and the rights you have. We follow the EU General Data Protection Regulation (GDPR) and Indonesia's Personal Data Protection Law (UU No. 27/2022).
Last updated: 2026-06-09
Who we are
Asik Travel is operated by PT Asik Travel Indonesia, registered in Bali, Indonesia. When this policy says "we" or "us" it means PT Asik Travel Indonesia. For privacy questions, write to info@asiktravel.com. We are the data controller for any personal data you give us through asiktravel.com.
What we collect
When you book a trip we collect your name, email, phone number, nationality, travel dates, passenger details (including any dietary or accessibility needs you choose to share), and payment confirmation data from PayPal or Wise. We do not store full card numbers — the payment provider handles those.
When you contact us we keep the message and your contact details.
When you use the site we collect technical data: IP address, browser, device, pages visited, and (only with your consent) analytics cookies. See our Cookie Policy for the full list.
Why we use it
Bookings: to confirm and operate your trip, share your details with the local operator running it, and meet our tax and accounting obligations under Indonesian law.
Communication: to reply to enquiries and send service messages (booking confirmation, itinerary changes, refund updates).
Marketing: to send our newsletter, but only if you opt in. You can unsubscribe with one click in any newsletter.
Analytics: to understand which pages help travelers and which to fix. We use Google Analytics 4 with IP anonymisation and only after you give consent.
Legal basis (GDPR Article 6)
Contract: processing your booking (Art. 6(1)(b)).
Legal obligation: keeping payment records as required by Indonesian tax law (Art. 6(1)(c)).
Consent: marketing emails and analytics cookies (Art. 6(1)(a)). You can withdraw consent any time.
Legitimate interest: site security, fraud prevention, replying to direct messages (Art. 6(1)(f)).
Who we share data with
Tour operators running your trip — only the data they need to host you (name, dates, dietary notes, emergency contact).
Payment providers — PayPal (PayPal Pte. Ltd., Singapore) and Wise (Wise Payments Ltd., UK) for the payment itself. Each has its own privacy policy.
Email provider — Resend (Resend, Inc., Delaware US) for confirmation and service emails.
Analytics — Google Analytics 4 (Google Ireland Ltd.) for anonymised usage data, only with your consent.
Hosting and infrastructure — Cloudflare (Cloudflare, Inc., US) for the website itself.
We do not sell your data. Ever.
International transfers
Your data may be processed outside Indonesia or the EEA — for example by our hosting (US, EU edge), email (US), and analytics (EU/US) providers. For EU/UK personal data, we rely on Standard Contractual Clauses where the destination country does not have an adequacy decision. For Indonesian personal data, transfers comply with UU No. 27/2022 article 56.
How long we keep it
Booking and payment records: 10 years (Indonesian tax retention requirement).
Enquiry messages with no booking: 24 months.
Newsletter subscriber list: until you unsubscribe, then deleted within 30 days.
Analytics: 14 months in GA4, then aggregated only.
Server logs: 90 days.
Your rights
You can ask us to: see the data we hold about you, correct it, delete it, restrict how we use it, or send it to another provider in a portable format. EU/UK residents also have the right to object to processing based on legitimate interest, and to complain to a supervisory authority (e.g. your national DPA). Indonesian residents have equivalent rights under UU No. 27/2022 and can complain to the Personal Data Protection Agency.
To exercise any right, email info@asiktravel.com. We reply within 30 days.
Children
Our site is for adults planning trips. Children may travel as part of a booking made by their parent or guardian, but we do not knowingly collect personal data directly from anyone under 16. If you believe a child has given us data, tell us and we will delete it.
Security
All traffic is encrypted (HTTPS). Payment data never touches our servers — it goes straight to PayPal or Wise. Access to our internal systems is restricted, logged, and two-factor protected. No system is perfect, but we will tell you within 72 hours if a breach affects you.
Changes to this policy
When we change this policy materially we will email subscribers and post a notice on the site for 30 days. Routine updates (typos, contact info) are shown in the "last updated" date below.
Contact
PT Asik Travel Indonesia Jl. Sunset Road No. 88, Seminyak, Bali 80361, Indonesia info@asiktravel.com WhatsApp: +62 813 9937 783