Back

Privacy Policy

Last Updated: January 21 2026

HevalTrip Inc. (“HevalTrip,” “we,” “us,” “our”) operates www.hevaltrip.com (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with the Platform and our services.

We recognize that privacy and trust are foundational to our Kurdish community. This policy is designed with your rights and protections in mind, reflecting current privacy best practices and legal standards.

1. Scope and Applicability

This Privacy Policy applies to all users of the HevalTrip Platform, including visitors, registered members, and individuals whose information we process on behalf of others. If you are under 18 years of age, you should not use this Platform.

International Users: Users from outside the United States should be aware that their information will be transferred to, stored in, and processed in the United States. By using HevalTrip, you consent to this transfer. We comply with applicable international privacy regulations, including GDPR and similar laws, to the extent they apply.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

Name, email address, phone number, date of birth
Profile information (profile picture, bio, heritage region, cultural interests)
Login credentials (we do not store passwords in plain text)
Payment and billing information (for travel bookings)

Travel and Community Information:

Travel preferences, planned destinations, travel dates, and budget
Group preferences, cultural interests, and community involvement
Cultural background, language preferences, and religious affiliations
Photos, posts, comments, and other user-generated content

Communications:

Messages sent to other community members
Support requests, feedback, and inquiries
Responses to surveys and community research

2.2 Information Collected Automatically

Device and Usage Information:

Internet Protocol (IP) address and device identifiers
Browser type, version, and operating system
Pages visited, time spent on pages, links clicked
Referral source and exit pages
Device type and mobile network information
Crash logs and system activity

Cookies and Similar Technologies:

Session cookies (temporary, deleted when browser closes)
Persistent cookies (remain on device for specified period)
Web beacons and pixel tags
Local storage and similar mechanisms
Third-party analytics and advertising cookies

Geolocation Information:

Approximate location based on IP address
Precise location (only if you enable this feature in settings)
Location history within the Platform

2.3 Information from Third Parties

Social Media Integration:

Public profile information when you connect social accounts (Facebook, Google, LinkedIn)
Friend lists (only if you authorize invitations)
Email address and public profile picture
Cultural or interest-related information you’ve made public

Payment Processors:

Billing address and transaction history
Credit card information (handled by PCI-compliant third parties; HevalTrip does not store full card numbers)

Third-Party Partners and Data Brokers:

Aggregated community data and travel trend information
Demographic and interest information (for marketing purposes)

Other Users:

Information about you provided by other community members (tags in photos, mentions in posts)

2.4 Mobile App Permissions and Installation

When you download and install the HevalTrip mobile app, the app requests certain permissions from your device to enable core functionality and services. These permissions may include access to:

Location Services: To provide location-based travel matching and community discovery features. You can disable location access at any time through your device settings, though this may limit certain app functionality.
Contacts and Calendar: To facilitate group travel organization and event coordination among community members (optional; you control whether to grant this access).
Camera and Photos: To upload profile pictures and travel photos to your account and share content with the community.
Push Notifications: To receive updates about community events, travel matches, messages, and platform announcements.
Device Information: Access to device identifiers, operating system version, and mobile network information for service delivery, security, and analytics purposes.

Your Control: You can review and modify app permissions at any time through your device’s Settings app. Be aware that restricting certain permissions may reduce app functionality. Revoking location or camera permissions, for example, will prevent location-based matching or photo uploads, respectively.

Data from App Stores: When you download the HevalTrip app from the Apple App Store or Google Play Store, the respective app store operator collects download information, including your app store account email, a unique device ID, the download timestamp, and device information. HevalTrip does not control this collection. App store privacy policies apply to their data practices.

3. Legal Basis for Processing (GDPR Compliance)

We process your personal information based on the following legal grounds:

Contractual Necessity: Processing required to provide Platform services and fulfill travel bookings
Legitimate Interest: Improving services, fraud prevention, security, community safety
Consent: Marketing communications, optional analytics, optional sharing of sensitive information
Legal Obligation: Compliance with law enforcement requests, tax obligations, regulatory requirements
Vital Interest: Protection of health, safety, or physical integrity in emergency situations
Public Task: Community safety and dispute resolution

4. How We Use Your Information

4.1 Core Service Delivery

Creating and maintaining your account
Processing travel bookings, payments, and reservations
Matching you with compatible travel companions based on preferences
Organizing and promoting community events and cultural experiences
Facilitating communications between community members
Customer support and technical assistance

4.2 Platform Improvement and Analytics

Understanding user behavior and Platform usage patterns
A/B testing and feature optimization
Identifying trends in the Kurdish diaspora community
Developing new features and services
Conducting research on community travel needs and cultural interests

4.3 Marketing and Communications

Sending promotional materials about travel deals and community events
Community newsletters and cultural updates
Personalized recommendations based on your preferences and activity
Special offers for members
Re-engagement campaigns if you become inactive

4.4 Safety and Legal Compliance

Preventing, detecting, and responding to fraud and security threats
Enforcing our Terms of Service and other agreements
Protecting against malicious, deceptive, or illegal activity
Responding to legal requests from law enforcement or courts
Maintaining audit trails for compliance purposes
Verifying user identity to prevent unauthorized access

4.5 Anti-Fraud and Abuse Prevention

To maintain a secure and trustworthy community platform, we use your information to detect, investigate, and prevent fraud, spam, fake accounts, and other forms of abuse:

IP and Device Analysis: We log and analyze IP addresses, device identifiers, and device fingerprints to detect patterns of suspicious activity, unauthorized access attempts, and multiple fraudulent accounts operating from the same device or network.
Behavioral Monitoring: We monitor account behavior for anomalies such as rapid-fire messaging, unusual login patterns, bulk account creation, and other indicators of automated abuse or scamming.
Keyword Filtering: Messages and public content are automatically scanned for keywords and phrases commonly associated with solicitation, fraud, illegal activity, and spam. Content flagged by these systems may be reviewed by our moderation team but is not permanently stored solely for this purpose.
User Reports and Investigation: We retain and investigate user-submitted reports of suspicious, deceptive, or fraudulent behavior. Investigation data may be retained for 12 months or longer if legal proceedings are initiated.
Phone Number Tracking: Previous phone numbers associated with suspended or terminated accounts are retained in anonymized form to prevent bad-actor re-registration, though these records cannot be linked back to verified user identities.

Data used for fraud and abuse prevention is essential for platform security and may be retained longer than standard retention periods when necessary to investigate ongoing issues or prevent re-offense.

4.6 Community and Social Features

Displaying your profile information to other community members (based on your privacy settings)
Creating community directories and group listings
Publishing your posts, comments, and contributions
Organizing group travel experiences and cultural gatherings
Community moderation and dispute resolution

4.7 Legitimate Business Interests

Conducting business analytics and market research
Assessing Platform performance and user satisfaction
Developing and improving our products and services
Protecting our legal rights and assets

5. Sensitive Personal Information

Certain information is subject to heightened protection:

Sensitive Data Categories:

Cultural or religious affiliation
Heritage region or ethnic origin
Political opinions or affiliations
Health or disability information
Sexual orientation or gender identity
Biometric data (if used for authentication)
Financial information

Our Practices:

We collect sensitive information only when necessary and with your explicit consent
Sensitive data receives enhanced security protections
You can limit who sees sensitive information through privacy settings
We do not sell or share sensitive information with third parties without separate consent
We retain sensitive data only as long as necessary

6. Sharing of Information

6.1 Within the Community

Other Registered Users:
Your profile and shared information are visible to other community members based on your privacy settings. You control:

Who can see your profile
Which information is publicly visible vs. limited to friends
Whether your posts and activity are discoverable

Your participation in community directories

6.2 Third-Party Service Providers

We share information with vendors who provide essential services:

Category	Types of Vendors
Payment Processing	Credit card processors, payment gateways, fraud prevention services
Cloud Infrastructure	Hosting providers, database services, backup providers
Analytics	Google Analytics, Mixpanel, Amplitude, community analytics platforms
Communications	Email service providers, SMS services, push notification platforms
Customer Support	Help desk software, ticketing systems, survey platforms
Marketing	Email marketing platforms, advertising networks, social media partners
Security	Cybersecurity firms, fraud detection services, identity verification
Legal & Compliance	Accounting firms, law firms, compliance consultants

Contractual Obligations: All third-party vendors are bound by written data processing agreements that:

Restrict data use to specified purposes
Require appropriate security measures
Prohibit sale or unauthorized sharing
Include audit and inspection rights
Require notification of breaches
Specify data deletion timelines

6.3 Legal Requirements and Enforcement

We may disclose information without consent when required by law or to:

Legal Process: Respond to subpoenas, court orders, warrants, or legal proceedings
Law Enforcement: Assist federal, state, or local law enforcement investigations
Regulatory Bodies: Comply with regulatory agencies or government requests
Public Safety: Prevent imminent physical harm, death, or serious injury
Rights Protection: Defend against legal claims, establish legal rights, or protect property
Fraud Prevention: Investigate, prevent, or address fraud, security, or technical issues
Terms Enforcement: Enforce our Terms of Service and other agreements

Important: We will notify you of legal requests unless legally prohibited from doing so.

6.4 Corporate Transactions

In the event of merger, acquisition, bankruptcy, asset sale, or similar corporate transaction:

Your information may be transferred as part of the transaction
We will notify you and provide opt-out rights where legally possible
A successor company will remain bound by this Privacy Policy

6.5 Aggregated and Anonymized Information

For any sharing not covered above, we will obtain your explicit consent first.

6.6 Your Consent

We may share aggregated, anonymized statistics with:

Researchers and academics
Marketing and analytics partners
Investors and business partners
Industry associations

This information does not identify individuals and is used to understand community trends, improve services, and advance cultural research.

7. Cookies, Tracking Technologies, and Advertising

7.1 Cookies and Local Storage

Types of Cookies We Use:

Type	Purpose	Duration
Essential/Functional	Authentication, security, basic site operation	Session or 1 year
Performance/Analytics	Usage patterns, Page performance, Error tracking	1-2 years
Preference	Language, display settings, saved preferences	1-2 years
Marketing/Advertising	Personalized ads, retargeting, ad effectiveness	1-2 years

Cookie Consent:

We obtain your consent before placing non-essential cookies
You can withdraw consent at any time through cookie settings
Some features may not work properly if you disable essential cookies

7.2 Do Not Track (DNT)

We recognize DNT browser signals, but browser DNT standards are not yet uniform. You can manage tracking preferences through:

Browser privacy settings
Cookie consent preferences
Your HevalTrip account privacy settings

7.3 Third-Party Advertising

Third parties, including Google, Facebook, and other advertising networks, may place cookies on your device for:

Targeted advertising based on your interests
Measuring ad effectiveness
Creating audience segments
Remarketing (showing ads on other websites)

Your Controls:

Opt out through Google Ad Settings: https://adssettings.google.com
Opt out through Facebook Ad Settings: https://www.facebook.com/ads/preferences
Use Your Online Choices: https://www.youronlinechoices.com

8. Data Retention

8.1 General Retention Periods

Data Type	Retention Period	Reason
Active Account Data	Duration of account + 1 year	Service provision, legal requirements
Transaction Records	7 years	Tax, accounting, fraud prevention
Analytics Data	2 years	Service improvement, trend analysis
Cookies	1-2 years (see cookie types)	Performance, advertising
Log Data	90 days	Security, troubleshooting
Deleted Account Data	30 days backup retention	System recovery, then deletion
Marketing Lists	Until opt-out	Compliance with preferences

8.2 Extended Retention

We may retain data longer when:

Required by law (tax records, regulatory compliance)
Necessary for legal proceedings or claims
Data is anonymized or aggregated
You have not requested deletion

8.3 Legitimate Reasons for Extended Retention

Fraud investigation or prevention (3 years)
Tax compliance (7 years)
Securities regulations (7 years)
Dispute resolution (statute of limitations period)

8.4 Backup and Data Integrity

To protect our systems and ensure data recovery capabilities:

- Backup Cycles: We maintain automated backup copies of your data to protect against system failures, data loss, and security incidents. Backup copies are retained separately from our primary database.
- Backup Retention: Backup copies are automatically overwritten and permanently deleted after 14 days. When you delete your account, associated backup data is scheduled for deletion and typically removed within this 14-day cycle.
- Log File Deletion: System and application log files that may be contained in backup copies are automatically purged when backups are overwritten. Log files are also deleted when an account is fully terminated.
- Data Integrity Protection: Your personal information is protected both in active databases and in backup systems through encryption (AES-256 at rest) and secure SSL/TLS connections (minimum TLS 1.2) for all data transmission.
- Recovery Procedures: If data deletion is requested, we initiate immediate deletion from our primary systems. Complete removal from all backup systems typically occurs within the 14-day backup retention cycle. Some data may take up to 4-6 weeks to be fully removed from all cache layers and archived systems if they are part of extended retention obligations.

9. Your Privacy Rights and Control

9.1 Access and Portability (GDPR, CCPA, Similar Laws)

Right to Access: You can request a copy of your personal information by contacting privacy@hevaltrip.com. We will provide:

All personal data we hold about you
Purpose of processing
Recipients of your data
Retention period
Your rights regarding the data

Right to Portability: You can request your information in a portable, machine-readable format (JSON, CSV) suitable for transfer to another service.

Response Timeline: We will respond within 30 days (or legally required timeframe).

9.2 Correction and Accuracy

Right to Rectification: You can:

Update your profile information through account settings
Correct inaccurate personal information
Request corrections for incomplete data
Request we correct information held by third parties

9.3 Deletion and Right to Be Forgotten

Right to Erasure: You can request deletion of your information when:
- Data is no longer necessary for its original purpose
- You withdraw consent
- You object to processing based on legitimate interest
- Data was unlawfully processed
- Deletion is required by law
Important Limitations:
- We may retain data if legally required
- We cannot delete publicly posted content (comments, posts) posted by others
- Transaction records necessary for accounting/tax purposes may be retained
- Data necessary to comply with legal obligations will be retained

9.4 Restriction and Objection

Right to Restrict Processing: You can request we limit processing to:

Storage only (no active use)
Accuracy verification
Legal claim establishment
Pending deletion decision

Right to Object: You can object to processing based on:

Legitimate interest
Marketing and profiling
Automated decision-making
Direct marketing (easy opt-out available)

9.5 Automated Decision-Making and Profiling

We use automated systems to:

Recommend travel matches and community groups
Detect fraud and suspicious activity
Personalize content and advertising

Your Rights:

You have the right not to be subject to automated decision-making with legal effects
You can request human review of automated decisions
You can object to profiling at any time

9.6 Exercise Your Rights

To Submit Privacy Requests:

Email: privacy@hevaltrip.com
Mail: HevalTrip Inc., Privacy Officer, [Address]
Phone: [Contact Number]
Online: www.hevaltrip.com/privacy-requests

10. Data Security and Breach Response

10.1 Security Measures

We implement industry-standard security controls:

Technical Measures:

End-to-end encryption for sensitive data in transit
AES-256 encryption for data at rest
Secure HTTPS connections (TLS 1.2+)
Regular security audits and penetration testing
Firewalls and intrusion detection systems
Multi-factor authentication (MFA) options

Administrative Measures:

Restricted access (need-to-know basis)
Employee background checks
Confidentiality agreements with all staff
Regular security training
Access logs and audit trails

Physical Measures:

Secure data center facilities
Visitor access controls
Surveillance and monitoring
Environmental controls

10.2 Important Disclaimer

No guarantee of absolute security: While we employ reasonable security measures, no transmission over the internet is 100% secure. We cannot guarantee absolute security of your information. You use the Platform at your own risk.

Your responsibility: You are responsible for:

Maintaining password confidentiality
Not sharing account credentials
Reporting suspicious activity immediately
Using secure devices and networks

10.3 Data Breach Notification

In the event of a confirmed data breach affecting personal information:

We will:

Conduct prompt investigation
Notify affected individuals within 72 hours (or as legally required)
Notify relevant regulatory authorities as required by law
Provide clear, plain-language information including:
- What data was compromised
- What actions we’re taking
- What actions you should take
- Available support resources
- How to contact us with questions

Exceptions to notification:

- Data was encrypted or otherwise secured and key not compromised
- Risk to individuals is low

Data cannot be traced to individuals (truly anonymized)

11. International Data Transfers

11.1 Data Storage Location

Regardless of your location, your information is stored on servers in the United States where our central database is operated. This means your data will be transferred to, stored in, and processed in the US.

11.2 International Transfers (GDPR Compliance)

For users in the European Union, UK, or equivalent jurisdictions:

Transfer Mechanisms:

Standard Contractual Clauses (SCCs)
Adequacy decisions (where available)
Binding Corporate Rules (if applicable)
Your explicit consent

We maintain Transfer Impact Assessments to evaluate risks and implement supplementary safeguards as required by law.

11.3 GDPR-Equivalent Protections

For international transfers, we ensure:

Privacy-by-design principles
Data minimization practices
Strong encryption standards
Limited retention periods
Clear legal bases for processing

12. Third-Party Links and Services

12.1 External Websites

The Platform may contain links to third-party websites, including:

Travel booking services (hotels, airlines, car rentals)
Payment processors
Social media platforms
Travel guides and information sites

Important Disclaimer:

We do not control third-party websites
We are not responsible for their privacy practices, content, or security
Each third party has its own Privacy Policy and Terms
We recommend reviewing their policies before sharing information

12.2 Social Media Integration

When You Connect Social Accounts:

We access only publicly available information
You authorize access through platform permissions
You can revoke access at any time through your social account settings
Social media platforms have their own privacy policies

When You Invite Friends:

We access your friend list only to send invitations
Your friends’ information is used solely for sending invitations
We do not store friend lists after sending invitations (unless they join)

13. Children and Minors

13.1 Age Restrictions

HevalTrip is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

13.2 Parental Notification

If we become aware that a minor has provided personal information:

We will delete the information promptly
We will terminate the account
We will notify parents/guardians if identifiable

Parents/Guardians: If you believe your child has used HevalTrip, please contact privacy@hevaltrip.com immediately.

14. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

14.1 Categories of Information We Collect

We collect the following categories of personal information (in the last 12 months):

Identifiers: name, email, phone, IP address, account ID, device ID
Commercial Information: purchase history, travel bookings, payment information
Internet Activity: browsing history, search history, clicks, pages viewed, time spent
Location Information: IP-derived location, precise location (if enabled), travel destinations
Sensory Information: photos, videos, audio messages (if applicable)
Professional Information: work history, professional affiliations (if shared)
Education Information: educational background (if shared)
Inferences: Profiles reflecting preferences, characteristics, interests, behavior

14.2 Right to Know

You have the right to request:

What personal information we collect
How we use it
Who we share it with
How long we retain it

14.3 Right to Delete

You can request deletion of personal information collected from you, subject to certain exceptions.

14.4 Right to Opt-Out

You have the right to opt-out of:

Sale of personal information
Sharing for cross-context behavioral advertising
Automated decision-making with significant effects

How to Opt-Out:

Submit request to privacy@hevaltrip.com
Use “Do Not Sell” or “Opt-Out” link on website
Authorized agent may submit on your behalf

14.5 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights through:

Denying services or benefits
Charging different prices or rates
Providing lower quality service
Suggesting you receive different terms

Legitimate exceptions: We may offer financial incentives that reasonably relate to value provided.

14.6 Right to Correct

You can request correction of inaccurate personal information.

14.7 Request Verification

When you submit a request, we will:

Verify your identity using reliable methods
Respond within 45 days (may extend 45 more days if complex)
Provide information in portable, machine-readable format

15. Additional U.S. State Privacy Laws

Similar rights may apply if you reside in Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Michigan, Mississippi, Montana, New Hampshire, New Jersey, Ohio, Rhode Island, Tennessee, Texas, Utah, Vermont, or Virginia. We treat residents of these states consistently with the highest applicable standards.

16. Marketing and Communications

16.1 Email and Direct Marketing

Marketing Communications:
We may send you promotional emails about:

New features and services
Travel deals and special offers
Community events and cultural gatherings
Newsletter and cultural updates
Personalized recommendations

16.2 Opt-Out Mechanisms

You can unsubscribe by:

Clicking the “unsubscribe” link in any marketing email
Adjusting preferences in your HevalTrip account settings
Emailing privacy@hevaltrip.com with request
Texting STOP to opt out of SMS (where applicable)

Important: You may continue receiving:

Service-critical notifications (account security, policy changes)
Transactional emails (booking confirmations, receipt)
Legal notices and required disclosures

16.3 Personalized Advertising

We may use your information to:

Show targeted ads based on interests
Create audience segments for retargeting
Measure ad effectiveness
Develop marketing strategies

To Control:

Use browser cookie controls
Adjust ad preferences on advertising platforms
Opt out through Your Online Choices: com

17. Community Safety and Moderation

17.1 Community Guidelines Enforcement

To maintain a safe, respectful community, we may:

Monitor content for violations of our Terms of Service
Remove content violating community guidelines
Suspend or terminate accounts engaged in:
- Harassment, discrimination, or hate speech
- Fraud or scams
- Illegal activity
- Violation of others’ rights
Retain data related to safety violations for enforcement

17.2 Dispute Resolution

Through your account settings, you can:

Update personal information anytime
Modify privacy settings
Adjust communication preferences
Download your information
Control profile visibility

8. Data Retention

18.1 Account Control

Data Type	Retention Period	Reason
Active Account Data	Duration of account + 1 year	Service provision, legal requirements
Transaction Records	7 years	Tax, accounting, fraud prevention
Analytics Data	2 years	Service improvement, trend analysis
Cookies	1-2 years (see cookie types)	Performance, advertising
Log Data	90 days	Security, troubleshooting
Deleted Account Data	30 days backup retention	System recovery, then deletion
Marketing Lists	Until opt-out	Compliance with preferences

18.2 Account Deactivation

You can temporarily deactivate your account:

Account becomes invisible to others
You cannot use Platform features
Information is retained for reactivation
Can reactivate anytime

18.3 Account Deletion

To permanently delete your account:
- Submit request to privacy@hevaltrip.com
- Include account email/username
- Confirm deletion request (irreversible)
Deletion Process:
- Account deleted within 30 days
- Personal information deletion begins immediately
- May take 4-6 weeks for complete removal from all systems/backups
- Some data may be retained per retention policy above

18.4 Post-Deletion

After deletion:

Other users cannot access your account
Public posts/comments may remain (attributed to “Deleted User”)
Cannot reactivate deleted accounts
Some aggregate/anonymized data may be retained

19. Privacy Policy Updates

19.1 Changes to This Policy

We may update this Privacy Policy to:

Reflect changes in our practices
Respond to new legal requirements
Improve clarity and transparency
Address emerging privacy concerns
Incorporate community feedback

19.2 Notification of Changes

When we make material changes:

We will post updated policy on this page
Update the “Last updated” date
Send notice to registered users (email or Platform notification)
Provide 30-day notice period for significant changes

19.3 Your Acceptance

Your continued use of the Platform after changes constitutes acceptance of the updated policy. If you do not agree with changes, you should discontinue using HevalTrip.

20. Dispute Resolution and Complaints

20.1 Internal Complaint Process

To file a complaint:

Email privacy@hevaltrip.com with:
- Description of concern
- Relevant details (dates, account information)
- Desired resolution
- Your contact information
We will:
- Acknowledge receipt within 3 business days
- Investigate within 30 days
- Provide written response explaining actions taken
- Offer appeal process if unresolved

20.2 Regulatory Complaints

If dissatisfied with our response, you may file complaints with:

EU/EEA Users:

Your local Data Protection Authority
Supervisory Authority in your member state
Information: https://edpb.ec.europa.eu/about-edpb/board/members_en

California Residents:

California Privacy Protection Agency: https://cppa.ca.gov
California Attorney General: https://oag.ca.gov

Other US Residents:

State Attorney General
Federal Trade Commission (FTC): https://reportfraud.ftc.gov

20.3 Independent Review

For users subject to GDPR, you have the right to lodge a complaint with a supervisory authority without exhausting internal remedies first.

21. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for:

Monitoring compliance with this policy
Responding to privacy inquiries
Conducting impact assessments
Investigating complaints

Contact DPO:
Email: dpo@hevaltrip.com
Mailing Address: [Address]
Response Time: Within 15 business days

22. Contact Us

22.1 Privacy Questions and Requests

For questions, concerns, or to exercise your rights:

Email (Preferred):
privacy@hevaltrip.com

Mailing Address:
HevalTrip Inc.
Privacy Department
[Street Address]
[City, State, ZIP]
[Country]

Phone:
[Phone Number]
Hours: [Business Hours]

Online Portal:
www.hevaltrip.com/privacy-requests

22.2 Response Timeframe

We commit to responding to all privacy inquiries within:

Email: 5 business days
Data Subject Access Requests: 30 days (or legal requirement)
Complaints: 30 days with investigation update

22.3 Authorized Representatives

You may designate an authorized agent to submit requests on your behalf by:

Providing written authorization
Having agent include power of attorney
Submitting with your identity verification

Conclusion

Your trust is essential to our mission of bringing the Kurdish diaspora community together. This Privacy Policy reflects our commitment to transparency, security, and respect for your fundamental right to privacy.