1. Purpose

This Data Privacy Policy explains how Nueva Vista Tour Operator and DMC (“Nueva Vista”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when we provide services as an incoming tour operator and destination management company (DMC) in Armenia on an exclusively business‑to‑business (B2B) basis.

Data Controller:
Nueva Vista Tour Operator and DMC
14 Vardanants street, Office 1
Email: armen@nuevavista.am
Tel: +374 11 541463

When we receive personal data from our B2B partners (e.g. tour operators, travel agencies, MICE agencies, corporate clients), we usually act as independent data controller in relation to the personal data necessary to operate and deliver services in Armenia.

  1. Scope of This Policy

This Policy applies to personal data we process in connection with:

  • Services we provide to our B2B partners and their end travelers/guests.
  • Communication with representatives of B2B partners (e.g. emails, business cards, online forms).
  • Our email communications, and other online tools we may use. Our website, st present, is not enabled to collect any data of visitors.

It does not cover the privacy practices of our B2B partners or of third‑party service providers acting as independent controllers.

  1. Legal Framework

We process personal data in accordance with:

  • The Law of the Republic of Armenia on Personal Data Protection and related regulations.
  • Where applicable, the EU General Data Protection Regulation (GDPR), in particular when we process personal data of individuals located in the European Economic Area (EEA).

Our practices are guided by the GDPR principles of fairness, lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

  1. What Personal Data We Collect

Because we operate B2B only, most of our contacts are legal entities. However, we still process personal data of:

  • Travellers/guests of our B2B partners.
  • Employees and representatives of B2B partners.
  • Suppliers and subcontractors (e.g. guides, drivers, local partners).

We may collect the following categories of personal data, only where necessary:

4.1. Traveler / Guest Data

  • Identification: name, surname, title, gender, date of birth, nationality, passport or ID details (only when required for bookings or legal/immigration purposes).
  • Travel details: itinerary, accommodation details, flight details, booking references, rooming lists.
  • Preferences: dietary preferences, room preferences, language preferences, special requests.
  • Sensitive data (special category): information about health, disability or reduced mobility, allergies, dietary restrictions of medical nature, only where strictly necessary for providing appropriate services (e.g. accessibility, meals, medical assistance).

4.2. B2B Partner and Supplier Data

  • Business contact data of staff: name, job title, business email, business phone, department.
  • Communication data: correspondence, notes from calls or meetings, negotiation and contract information.
  • Payment‑related data: invoicing details, bank account details of legal entities, and limited personal data where sole traders or individual service providers are involved.

4.3. Website / Technical Data (Not applicable)

We are not collecting any technical and other personal data through our website IP address, browser type, device information, access times, referring website, cookies and other usage data.

  1. How We Collect Personal Data

We collect personal data in several ways:

  • Directly from our B2B partners (e.g. booking forms, rooming lists, emails, API integrations, extranets). We are not collecting any data directly from travelers/guests.
  • From suppliers and subcontractors (e.g. guides, hotels) when needed to confirm or deliver services.

We expect our B2B partners to provide personal data in a lawful manner and to ensure that travelers and staff are appropriately informed before their data is shared with us.

  1. Why We Collect Personal Data (Purposes) and Legal Bases

We only process personal data that is adequate, relevant, and limited to what is necessary for the following purposes:

6.1. Service Delivery and Operations

  • Creating, managing, and fulfilling bookings for travel services in Armenia.
  • Communicating itineraries, confirmations, vouchers, and practical information.
  • Coordinating with hotels, restaurants, transport providers, guides, and other local partners.

Legal bases:

  • Performance of a contract or steps prior to entering a contract;
  • Legitimate interests in delivering and managing B2B travel services.

6.2. Customer Support and Communication

  • Responding to inquiries, changes, and cancellations.
  • Assisting in case of incidents, delays, or emergencies.
  • Managing complaints and after‑sales support.

Legal bases:

  • Performance of a contract.
  • Legitimate interests (customer service, business continuity).

6.3. Legal and Regulatory Compliance

  • Complying with immigration, customs, tax, accounting and other legal obligations under Armenian law (e.g. guest registration where required).
  • Responding to lawful requests from authorities.

Legal bases:

  • Compliance with a legal obligation.

6.4. Business Management and Improvement

  • Managing relationships with B2B partners and suppliers.
  • Internal administration, reporting, statistics and analytics (on an aggregated or pseudonymized basis where possible).
  • Ensuring quality control and improving our services.

Legal bases:

  • Legitimate interests (efficient management, quality improvement, network and information security).

6.5. Marketing and Business Development

  • Sending B2B partners service updates, destination information, proposals, and newsletters.
  • Inviting B2B partners to events, fam trips, or workshops.

Legal bases:

  • Legitimate interests (B2B marketing).
  • Consent, where required by applicable law.
    Recipients may opt‑out at any time (see Section 10).

6.6. Sensitive Data (Health / Special Needs)

Sensitive personal data (e.g. health information, disability, allergies) is processed only:

  • When you or our B2B partner voluntarily provide it to us.
  • When strictly necessary to protect vital interests of the traveler or to provide tailored services (e.g. wheelchair assistance, special meals).
  • With explicit consent, where required.

We handle such data with heightened confidentiality and security.

  1. Who Has Access to Personal Data

Access to personal data is restricted to authorized personnel who require it to perform their job duties and are trained in the proper handling and confidentiality of personal data.

We may share personal data with:

  • Internal teams (operations, reservations, accounting, management, customer service) on a need‑to‑know basis.
  • Service providers and local partners necessary to deliver booked services:
    • Hotels and other accommodation providers.
    • Transport providers and drivers.
    • Licensed tour guides and local representatives.
    • Restaurants and activity providers.
    • Event venues and conference providers.
  • Professional advisers (e.g. accountants, auditors, legal advisers) under confidentiality obligations.
  • IT and system providers (hosting, email, CRM, booking systems, payment processors) under data processing agreements.
  • Public authorities when required by law or to protect vital interests (e.g. police, immigration, emergency services).

We do not sell or rent personal data.

All third parties with whom we share personal data are required to:

  • Use the data only for the specified purpose.
  • Apply appropriate technical and organizational measures to protect it.
  • Comply with applicable data protection laws and contractual obligations.
  1. International Data Transfers

As an incoming tour operator in Armenia, we:

  • Process personal data within Armenia.
  • May receive personal data from countries within or outside the European Economic Area (EEA).
  • May use IT systems or service providers that store or process data in other countries.

Where GDPR applies and data is transferred from the EEA to Armenia or to any other country that may not provide the same level of protection, we take appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission, or
  • Other lawful transfer mechanisms under GDPR.
  1. Data Retention

We retain personal data only for as long as necessary to achieve the purposes described above and to comply with legal requirements.

As a general rule:

  • Booking and traveler data: kept for the duration of the trip plus the limitation periods required by Armenian law and applicable accounting/tax regulations (commonly up to 2 years, depending on document type);
  • Health and other sensitive data: kept only as long as strictly necessary for the specific trip/service and then securely deleted or anonymized;
  • B2B contact data (partner representatives, suppliers): stored for the duration of the business relationship and for a reasonable period thereafter for legitimate business purposes (e.g. re‑engagement, record of communication), unless an opt‑out or deletion request is received and no overriding legal obligations exist.

When personal data is no longer required, we securely delete, anonymize, or aggregate it so that individuals can no longer be identified.

  1. Data Security

We take appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, including:

  • Access controls and authentication for electronic systems.
  • Role‑based access, ensuring only trained and authorized staff can access personal data.
  • Secure networks, firewalls, and encryption where appropriate.
  • Secure file storage for any physical documents (locked cabinets and access limits).
  • Procedures for secure disposal or shredding of printed documents once no longer needed.
  • Regular updates and security reviews of our IT systems and policies.
  • Staff training on privacy, confidentiality, and data protection obligations.

While no system can guarantee absolute security, we continuously work to protect the confidentiality, integrity, and availability of personal data.

  1. Your Rights as a Data Subject

Subject to applicable law (including Armenian law and, where relevant, GDPR), individuals whose personal data we process have the right to:

  • Access: request confirmation whether we process their personal data and obtain a copy.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of data where it is no longer necessary, where consent is withdrawn (where applicable), or where processing is unlawful, subject to legal retention requirements.
  • Restriction: request that we limit the processing of their data under certain circumstances.
  • Data portability: receive personal data (that they have provided to us) in a structured, commonly used, and machine‑readable format, where processing is based on consent or contract and carried out by automated means (where applicable).
  • Object:
    • to processing based on our legitimate interests, on grounds relating to their particular situation.
    • to direct marketing at any time (including B2B marketing emails).
  • Withdraw consent: where processing is based on consent, withdraw it at any time (without affecting processing carried out before withdrawal).
  • Lodge a complaint: with the competent supervisory authority.

In Armenia, individuals may contact the Personal Data Protection Agency under the Ministry of Justice of the Republic of Armenia or another competent authority under applicable law.

  1. How to Exercise Your Rights or Contact Us

To exercise any of the rights mentioned above, or for questions about this Policy or our data processing practices, please contact:

Nueva Vista Tour Operator and DMC
14 Vardanants street, office 1.
Email: armen@nuevavista.am
Tel: +374 11 541463

For security reasons, we may need to verify your identity before responding to your request. We aim to respond within the time limits set by applicable law.

If you are a traveler and your booking was made via one of our B2B partners, we may in some cases refer you to your original booking agent to ensure a coordinated and lawful response.

  1. Children’s Data

Our services are not directed to children individually; however, we often handle data of children travelling as part of a group or family (e.g. name, age, date of birth) where this is strictly necessary for bookings, visas, or legal requirements.

Such data is processed with special care and only via the responsible adult, legal guardian, or B2B partner.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our services and operations.
  • Applicable laws and regulatory requirements.
  • Best practices in privacy and data protection.

When we make material changes, we will:

  • Update the “Last updated” date at the top of this Policy; and
  • Inform our B2B partners by appropriate means (e.g. email communication, notice on our website).

We encourage our partners and users to review this Policy periodically.

  1. Summary Statement

We are committed to protecting the privacy and confidentiality of all personal data entrusted to us by our B2B partners, their guests, and our suppliers. We collect only the data that is relevant and necessary to provide and improve our services, store it securely, retain it only for as long as needed, and respect the rights of individuals under applicable data protection laws.

Copyright © 2016-2026 Nueva Vista All Rights Reserved.