Privacy Policy – Kraze Travel

Last updated: 08/02/2026

Kraze Travel (“Kraze Travel”, “we”, “us”, or “our”) is a brand operated by Make It Happen Ltd., a company registered in Malta with Company Registration Number C 9514 (the “Company”, “Data Controller”).

Kraze Travel is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Act (Cap. 586, Laws of Malta), and other applicable data protection laws.

This Privacy Policy applies to all personal data collected through our website, booking systems, forms, communications, social media, and during the provision of our travel services.

1. Data Controller

The Data Controller responsible for your personal data is:

Make It Happen Ltd.
(operating as Kraze Travel)
Company Registration No.: C 9514
Malta

For all data protection matters, you may contact us at:
Email: [insert privacy email]

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Identity & Contact Data

  • Full name
  • Date of birth
  • Nationality
  • Passport details
  • Address
  • Email address
  • Telephone number
  • Emergency contact details

2.2 Booking & Travel Data

  • Trip details and preferences
  • Travel itineraries
  • Payment status (note: payment card details are processed securely by third-party payment providers and are not stored by us)
  • Visa and documentation details (where required)

2.3 Special Category Data (Sensitive Data)

Where necessary for the provision of travel services, we may process:

  • Medical information
  • Dietary requirements and allergies
  • Pregnancy-related disclosures

This data is treated as special category data under GDPR and processed only where strictly necessary and with appropriate safeguards.

2.4 Technical & Usage Data

  • IP address
  • Device and browser information
  • Website usage data (via cookies or analytics tools)

2.5 Marketing & Communications Data

  • Newsletter subscriptions
  • Marketing preferences
  • Consent records
  • Photos and videos where you have provided consent or where taken during tours as outlined in our Terms & Conditions

3. How We Collect Personal Data

We collect personal data:

  • When you book a trip or make an enquiry
  • When you complete forms (online or offline)
  • When you communicate with us by email, phone, messaging platforms, or social media
  • During pre-trip preparation and while providing travel services
  • Through our website (cookies and analytics tools)
  • From third-party suppliers where required to deliver booked services

4. Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

  • Contractual necessity – to perform our contract with you
  • Legal obligation – to comply with legal or regulatory requirements
  • Legitimate interests – to operate and improve our services, ensure safety, prevent fraud, and manage operations
  • Consent – where explicitly required, particularly for:
    • Medical data
    • Marketing communications
    • Use of images for promotional purposes

You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Purpose of Processing

We process your personal data to:

  • Manage and administer bookings
  • Provide travel, accommodation, transport, and activity services
  • Communicate essential trip information
  • Comply with health, safety, and insurance requirements
  • Facilitate visas, permits, and travel documentation
  • Coordinate with third-party suppliers
  • Respond to enquiries and complaints
  • Improve our services and customer experience
  • Carry out marketing activities (where consent has been provided)
  • Comply with legal and regulatory obligations

6. Disclosure of Personal Data

We may share your personal data with:

6.1 Third-Party Suppliers

Including but not limited to:

  • Airlines
  • Hotels and accommodation providers
  • Transport operators
  • Activity and excursion providers
  • Tour leaders and local guides
  • Insurance providers (where applicable)

Only the data strictly necessary for service delivery is shared.

6.2 Service Providers & Sub-Processors

Including:

  • IT and hosting providers
  • CRM and booking systems
  • Email and communication platforms
  • Accounting and administrative service providers

All sub-processors are contractually bound to comply with GDPR and confidentiality obligations.

6.3 Legal & Regulatory Authorities

Where required by law, court order, or regulatory obligation.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that:

  • The destination country is deemed to provide an adequate level of protection, or
  • Appropriate safeguards are in place (such as Standard Contractual Clauses)

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against:

  • Unauthorised access
  • Loss
  • Misuse
  • Alteration
  • Disclosure

Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes for which it was collected
  • Comply with legal, accounting, and regulatory obligations

Medical and special category data is retained for the minimum period required and securely deleted thereafter.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC), Malta

Requests may be submitted in writing to the contact details above. We may require proof of identity before responding.

11. Images, Photos & Videos

In accordance with our Terms & Conditions:

  • Photos or videos may be taken during trips
  • Such material may be used for marketing and promotional purposes
  • You grant Kraze Travel a royalty-free licence to use such content

You may object to the use of identifiable images by contacting us in writing.

12. Cookies & Website Analytics

Our website may use cookies and similar technologies to:

  • Improve functionality
  • Analyse usage
  • Enhance user experience

You can control cookies through your browser settings. Full cookie details may be provided in a separate Cookie Policy.

13. Complaints & Data Protection Issues

If you believe your data has been processed unlawfully or wish to raise a concern, please contact us first so we can attempt to resolve the issue promptly.

You also have the right to lodge a complaint with:
Office of the Information and Data Protection Commissioner (IDPC)
Malta

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time.
Any changes will be effective immediately upon publication.

We recommend reviewing this Privacy Policy periodically.