Privacy policy.

Your privacy matters to us. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it. We are committed to handling your information with care and in compliance with applicable data protection law, including the EU General Data Protection Regulation (GDPR).

Who We Are

Wanderlustre Travels is operated by Ana Santos, an independent travel advisor based in Lisbon, Portugal, operating as an independent affiliate of Fora Travel, Inc. For the purposes of data protection law, Ana Santos is the data controller in respect of the personal data collected through this website and in the course of providing travel planning services.

Contact: For any privacy-related questions or requests, please reach out via our contact page.

What Data We Collect

Data you provide directly

  • Identity data: full legal name, date of birth, passport or government-issued ID details (for booking purposes)

  • Contact data: email address, phone number, mailing address

  • Travel preferences: travel history, destination interests, dietary requirements, accessibility needs, and any other preferences you share during planning

  • Payment data: credit or debit card details (processed securely via Fora Travel — we do not store card numbers ourselves)

  • Communications: any information you share with us by email, via our contact form, or through our trip request form

Data collected automatically

  • Usage data: IP address, browser type, pages visited, time spent on site, and referral source — collected via Squarespace's built-in analytics

  • Cookie data: see our Cookies section below

Data we do not collect

We do not knowingly collect personal data from children under the age of 13. We do not collect special category data (such as health or medical information) unless you voluntarily provide it in connection with accessibility or dietary requirements for your trip.

Why We Collect It & Our Legal Basis

Under GDPR, we are required to have a lawful basis for processing your personal data. The table below sets out what we use your data for and the legal basis we rely on in each case.

Purpose Legal Basis Providing travel planning services and booking travel on your behalfPerformance of a contractProcessing payments for travel servicesPerformance of a contractCommunicating with you about your booking, itinerary, or any changesPerformance of a contractSharing your data with travel suppliers (hotels, airlines, tour operators, etc.) to fulfil your bookingPerformance of a contractSending you travel inspiration, newsletters, or promotional content (via Flodesk)Consent — you may withdraw at any time by clicking "unsubscribe" in any emailImproving our website and understanding how visitors use itLegitimate interests (to operate and improve our business)Complying with legal obligations (e.g. record-keeping, responding to legal requests)Legal obligation

We will never use your personal data for purposes that are incompatible with those listed above without first obtaining your consent.

Who We Share Your Data With

We do not sell your personal data. We share it only where necessary to provide our services or comply with legal requirements, with the following categories of recipients:

  • Travel suppliers (hotels, airlines, cruise lines, tour operators, transfer providers, etc.) — to fulfil your booking. Each supplier has its own privacy policy.

  • Fora Travel, Inc. — our host agency, which processes payments and supports booking administration on our behalf. Fora is based in the United States.

  • Tern — our CRM and itinerary management platform, used to manage your trip details and client records.

  • Squarespace — our website platform, which collects usage data and hosts our contact and trip request forms.

  • Flodesk — our email marketing platform, used to send newsletters and our free travel guide to subscribers who have opted in. Flodesk is based in the United States.

  • Legal or regulatory authorities — where required by law or to protect our legal rights.

International Data Transfers

Because our host agency (Fora Travel), email platform (Flodesk), and some travel suppliers are based in the United States, your personal data may be transferred to and processed in the US, which is outside the European Economic Area (EEA).

Where such transfers occur, we rely on appropriate safeguards to protect your data, including Standard Contractual Clauses (SCCs) approved by the European Commission, or we transfer data only to organisations that participate in recognised adequacy frameworks. If you would like more information about the safeguards in place for any specific transfer, please contact us.

Cookies

Our website uses cookies — small text files stored on your device — to help the site function and to understand how visitors use it. The cookies on this site are set by Squarespace (our website platform) and may include:

  • Strictly necessary cookies: required for the website to function (e.g. session management). These cannot be disabled.

  • Analytics cookies: used to understand visitor behaviour in aggregate (e.g. pages visited, time on site). No personally identifiable information is collected.

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of this website. For more information on how Squarespace uses cookies, please visit squarespace.com/privacy.

How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:

  • Client booking records (including passport copies and itinerary details): retained for 5 years after your last trip, to comply with legal and financial record-keeping obligations, then securely deleted.

  • Email correspondence: retained for 3 years after our last interaction, then deleted.

  • Marketing data (newsletter subscribers): retained until you unsubscribe, after which it is removed from our active mailing list within 30 days.

  • Website analytics data: retained in aggregate form in accordance with Squarespace's data retention policies.

Your Rights

Depending on where you are located, you may have the following rights regarding your personal data. EU/EEA residents have these rights under GDPR; US residents may have similar rights under applicable state law (e.g. CCPA for California residents).

  • Right of access: you may request a copy of the personal data we hold about you.

  • Right to rectification: you may ask us to correct inaccurate or incomplete data.

  • Right to erasure: you may ask us to delete your personal data where there is no compelling reason for us to continue holding it.

  • Right to restrict processing: you may ask us to pause processing your data in certain circumstances.

  • Right to data portability: you may request a copy of your data in a structured, machine-readable format.

  • Right to object: you may object to processing based on legitimate interests or for direct marketing purposes.

  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are based in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) at cnpd.pt.

Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. These include storing sensitive files (such as passport copies) in password-protected, access-controlled systems, and using reputable third-party platforms with their own security standards.

While we take these precautions seriously, no method of transmission over the internet is entirely secure. If you have concerns about the security of your data, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "last updated" date at the bottom of this page. We encourage you to review this policy periodically. Where changes are material, we will notify active clients by email.

Questions & Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch via our contact page. We are happy to help.

Last updated: April 2026