Policies

Privacy Policy — Bali Fast Tracks

Plain-English privacy policy. We collect only what we need to provide service. We never sell data. We comply with Indonesian PDP Law and GDPR for EU travellers.

Privacy at a Glance

Data collected
Only what's necessary for service: name, passport, flight, contact, payment
Sharing
Indonesian immigration (legally required), airport authority (greeter access), payment processor
Selling
We do not sell data to anyone, ever
Compliance
Indonesian PDP Law (UU 27/2022), EU GDPR, UK DPA 2018
Retention
2 years for active records, 7 years for accounting (Indonesian tax law)
Your rights
Access, correction, deletion, portability, objection

What Data We Collect

Booking data (required)

  • Full name as it appears on passport
  • Passport number (Premium/VVIP for VOA processing)
  • Passport country and expiry date (Premium/VVIP)
  • Flight number and date
  • Email address and phone number / WhatsApp
  • Accommodation address (for transfer)
  • Payment method details (handled by payment processor, we don't store card numbers)

Service delivery data

  • Greeter assignment records (which greeter served which booking)
  • Service timing logs (when greeter met you, when you cleared immigration)
  • WhatsApp conversation history with operations and greeter

Optional data

  • Dietary preferences (lounge / Premium tier only)
  • Special needs (wheelchair, child seat, language preference)
  • Group booking details (for corporate/wedding manifests)

What We Do With Your Data

Operating the service

We use your booking data to dispatch greeters, process VOA paperwork, coordinate transfers, and handle any service issues. This is the primary use.

Communication

We send booking confirmations, e-vouchers, greeter assignments, and service updates by email and WhatsApp. We do not send marketing emails unless you explicitly opt in.

Sharing with third parties — only when necessary

  • Indonesian immigration: passenger names are shared with immigration as required by law for diplomatic-lane access. Passport numbers shared only for VOA processing (Premium/VVIP).
  • PT Angkasa Pura I (airport authority): greeter manifests with passenger names for airport access permits.
  • Payment processor (Stripe / PayPal): they handle card details directly; we receive only confirmation tokens.
  • Accounting / tax authority: aggregated booking data for Indonesian tax compliance (no personal details beyond what's legally required).

What we never do

  • Sell data to anyone
  • Share with marketing platforms
  • Use for advertising profiling
  • Share with insurance companies, employers, or third parties without your explicit consent
  • Retain data after the legal retention period

Your Rights Under Indonesian PDP Law and GDPR

Right to access

You can request a copy of all personal data we hold about you. Email privacy@balifasttracks.com with subject "Data Access Request" and your booking confirmation number. We respond within 30 days.

Right to correction

If your data is incorrect (e.g., misspelled name, wrong flight number), email or WhatsApp us and we update within 24 hours.

Right to deletion

You can request deletion of your data subject to our legal obligations (we must retain accounting records for 7 years under Indonesian tax law). Active service data we delete within 30 days of request.

Right to portability

You can request your data in a portable format (JSON, CSV) for transfer to another provider. We deliver within 30 days of request at no charge.

Right to object

You can object to specific processing (e.g., marketing communication). We honour objections immediately.

Data Security

  • HTTPS-only across all our systems
  • Database encryption at rest (AES-256)
  • Access controls — only authorised operations staff see passenger data
  • Regular security audits
  • Incident response plan with 72-hour breach notification (per GDPR/PDP Law)
  • Payment data: handled by Stripe and PayPal directly, we never store card numbers

Cookies on This Website

Bali Fast Tracks website uses minimal cookies:

  • Essential: session cookie for booking flow
  • Analytics: Google Analytics 4 with anonymised IP
  • No advertising or tracking cookies

You can block analytics cookies via your browser settings without affecting service functionality.

Contact for Privacy Questions

For privacy questions, complaints, or requests:

Privacy Officer
Bali Fast Tracks (PT Juara Holding)
privacy@balifasttracks.com
Jl. Bypass Ngurah Rai, Kuta, Bali 80361, Indonesia

If you are not satisfied with our response, you may escalate to:

  • Indonesia: Komisi Informasi Pusat (Central Information Commission)
  • EU: Your local data protection authority
  • UK: Information Commissioner's Office (ICO)

Last Updated

This privacy policy was last updated on 1 May 2026. Material changes are communicated via email to active customers and posted prominently on this page.

Common Questions

Frequently Asked Questions

No. We never sell data to anyone, for any purpose. Bali Fast Tracks operates a service business, not a data business. Your data is used only to provide the service you booked, share with parties legally required (Indonesian immigration, airport authority for greeter access), and process payments. Nothing else.
Active booking and service data: 2 years from service date. Accounting records: 7 years (required by Indonesian tax law). After these periods, data is permanently deleted. You can request earlier deletion subject to our legal obligations — email privacy@balifasttracks.com.
Yes. We comply with EU GDPR for European travellers, UK DPA 2018 for UK travellers, and Indonesian PDP Law (UU 27/2022) for all travellers. Same rights apply: access, correction, deletion, portability, objection. Email privacy@balifasttracks.com to exercise any right; we respond within 30 days.
Only for VOA processing in Premium and VVIP tiers — we file the e-VOA application on your behalf, which requires passport number per Indonesian government format. Tier 1 Essential bookings do not require passport number; we just need name, flight, and contact details.
We commit to 72-hour breach notification per GDPR/PDP Law. Affected customers are emailed personally with details of what was exposed, what we're doing about it, and what you should do. We have not had a data breach in our operating history (2019–present).