SilkPassUZ ("we", "us", "SilkPass") respects your privacy. This policy explains what personal data we collect when you use our website, mobile app and Telegram concierge, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Personal Data Law of the Republic of Uzbekistan.
1. Data we collect
- Account data — name, email, phone, country, language preference.
- Booking data — tour selections, dates, traveller details, payment status.
- Usage data — pages viewed, AI concierge messages, device and approximate location.
- Cookies — see our Cookie Policy.
2. How we use your data
- To provide and improve the SilkPass service (contractual basis).
- To process bookings and payments with our partner operators.
- To deliver AI-generated itineraries and concierge replies.
- To send transactional emails and, with your consent, marketing.
- To meet legal, tax and anti-fraud obligations.
3. Sharing
We share data with vetted operators (only what they need to deliver your booking), payment processors (Stripe, Click, Payme), cloud infrastructure providers, and authorities when required by law. We never sell your data.
4. International transfers
Your data may be processed outside Uzbekistan and the EEA. We rely on Standard Contractual Clauses and equivalent safeguards.
5. Retention
Account data is kept while your account is active and up to 24 months after closure. Booking and tax records are kept for the legally required period (up to 7 years).
6. Your rights
- Access, rectify, port or delete your data.
- Object to or restrict processing.
- Withdraw consent at any time.
- Lodge a complaint with your local Data Protection Authority.
To exercise these rights, email privacy@silkpassuz.com.
7. Security
We use encryption in transit and at rest, role-based access, and Row-Level Security on all customer data. No method of transmission is 100% secure, but we apply industry standards.
8. Contact & DPO
SilkPassUZ — Tashkent, Uzbekistan. Data Protection Officer: dpo@silkpassuz.com.