PRIVACY POLICY 

This Privacy Policy is designed to help you to understand how Blue Morpho S.A., a limited  company formed in Iquitos, Peru (“BMT”, “we”, “us”, or “our”), collects, uses and discloses the information you provide us. 

Scope 

This Privacy Policy applies to the use of: 

• The www.bluemorphotours.com website and its subdomains, regardless of the  medium from which the Site is accessed by a user (e.g., via a web or mobile browser or  application) or media form related, linked, or otherwise connected to thereto (the  “Site”); 
• Any events hosted by us, whether such events are open to the public or are by invitation  (collectively, the “Events”); and 
• Products, services, applications or software offered through the Site (“Services”) (unless  a separate privacy policy is expressed to apply to such Services) (collectively, the “Site”). 

By using the Site, signing up for Events or Services or providing us with your Personal  Information, you agree to this Privacy Policy and consent for us to collect, hold, use and disclose  your Personal Information in accordance with this Privacy Policy, which is incorporated into our  Terms of Website & Service Use by this reference. The Terms of Website & Service Use can be found at the footer of our Site. If you do not agree with our Privacy Policy or our Terms of  Website & Service Use, you may not register for an account and must discontinue use of the  Site and Services. 

Changes to our Privacy Policy 

We reserve the right to change this Privacy Policy at our sole discretion at any time. Any  revision to this Privacy Policy will be posted at the link in the footer of our Site (i.e., this  webpage that you are currently viewing) or elsewhere on the Site. You will know if the Privacy  Policy has changed since the last time you reviewed it by checking the “Date of Last Update”  section below. It is your obligation to periodically visit our Site to review any changes that may  be made to this Privacy Policy. By continuing to use our Site after changes to the Privacy Policy  have been posted, you are confirming that you have read, understood and agree to the latest  version of the Privacy Policy. Your continued use of our Site constitutes your agreement to be  bound by any such changes to this Privacy Policy. If you do not agree with this Privacy Policy,  you are not authorized to use our Site and your sole recourse is to not use our Site. 

Domicile and Hosting of the Site 

The Site is hosted via Hostinger located in Brazil. If you are visiting the Site from a country  outside of Brazil, please note that you are transferring your personal data to Brazil and by  providing your personal data you consent to that transfer and to our use of that information in  accordance with this policy.

However, where required to perform services for you or for our wider businesses purposes, the  information that we hold about you may be transferred to, and stored at, a destination outside  Brazil. It may also be processed by staff operating outside Brazil who work for us or for one of  our service providers. We will take all steps reasonably necessary to ensure that your personal  information is treated securely and in accordance with this privacy policy. We may transfer data  to countries outside Brazil, which Brazil does not consider to have an adequate data protection  regime in place. Where we do this, we will ensure that appropriate safeguards are put in place. 

When you provide personal data to us, you consent to the processing of your data in Brazil, the  EU or in any other country were we may need to process data. You acknowledge that the laws  of the country where your data is processed may treat your information in a manner that may  

be substantially different from the treatment required under laws of other countries and  jurisdictions. If you do not want your information transferred as per the above, you should not  share your information with us, or make use of this Site. To the extent allowed by the law of the  country in which you are located, you expressly waive any right you may have to require us to  treat your identifying information in accordance with the laws of any country or jurisdiction  other than Ireland. However, the foregoing waiver may not be legally binding in some  countries. To the extent it is not legally binding in the country in which you are located, this  foregoing waiver does not apply to you and is severed from the remaining policy, leaving the  rest intact. 

Age Restriction 

We are committed to protecting children’s privacy in the interactive online world. This Site is  not designed for or targeted at individuals under the age of 18. We do not knowingly or  intentionally collect or maintain information about anyone under the age of 18. 

What is Personal Information? 

Personal Information generally means any information relating to an identified or identifiable  natural person as may be collected or processed by us and includes “Personal Data” as defined  in the General Data Protection Regulation (“GDPR” and other applicable law). When you visit our Site, you may provide us with two types of information: 

• Information you voluntarily disclose that is unique and identifiable to you; and • Information that may be collected automatically when you use our Site that may  identify you (collectively, the “Personal Information”). 

Information We Collect When Voluntarily Offered 

The following Personal Information is collected only when voluntarily offered and solely for  purposes that are clearly identified on our Site. 

• Contact and account information, such as your first and last name, e-mail address,  mailing address, telephone number, and other contact information you may provide us. • Account security information, which may mean your username, password, and security  information. 
• Financial transaction information, which means payment information, such as your  credit card and other card information, other account and authentication information  and billing contact details. Note that upon your initiation of a financial transaction, the 

banks you use to transfer money to us will provide us with your basic personal  information, such as your name and address, as well as your financial information, such  as your bank account details. 

• Communication information, which means the contents of the communications and  correspondence between us, whether by email, via comments, through your submission  of an online form, or when you otherwise contact us. We may retain, use and disclose  the content of your messages together with your e-mail address and our responses. 
• Event information, which means information voluntarily provided to us when registering  for an event, such as event screening information and event preferences. • Other Identifying information, which means identifying information your computer  provides us when you voluntarily decide to visit our Site such as your IP address, device  name and device ID, MAC address, GUID, coarse location and fine location (when linked  to other information that may identify you). 

We collect the above Personal Information when voluntarily offered or after obtaining your  consent when you: 

• Create an account; 
• Sign up for events or services; 
• Complete a newsletter, product or informational subscription form; 
• Complete a voluntary survey or provide feedback or comments; 
• Communicate with us for on-going support services; or 
• Participate in other direct interactions offered by our Site. 

What Information is Collected Automatically? 

When you use our Site or are logged into your account, we may automatically collect  information from your devices. We reserve the right to collect the following information: • Server Log Information: We collect server log information when you use our Site, which  may include (but is not limited to) your login details, the date and time of visits, the  pages viewed, your IP address, time spent at our Site and the websites you visit just  before and just after our Site. 

• Device Information: We collect information about the computer or mobile device you  use to access our Site, including the hardware model, operating system and version, the  web browser you use, and other device identifiers. 
• Information Collected by Cookies and Other Tracking Technologies: We and our service  providers (such as analytics providers and advertising services) use various technologies  to collect information when you interact with our Site, including cookies and web  beacons. Cookies are small data files that are stored on your device when you visit a  website, which enable us to collect information about your device identifiers, IP  address, web browsers used to access the Site, engagements with advertisements and  similar, pages or features viewed, time spent on pages, mobile app performance and  links clicked. Web beacons are graphic images that are placed on a website or in an  email that is used to monitor the behavior of the user visiting the website or sending the  email. They are often used in combination with cookies. 

Lawful Basis for Processing 

We only process Personal Information where we have a lawful basis for doing so, such as the  following:

• User consent – This is where you have given us explicit permission to process Personal  Information for a given purpose. For example, if you complete one of our general  enquiry forms, we would ask for your consent if we wanted to use your Personal  Information for any other purpose. You have the right to withdraw this consent at any  time. You can manage your preferences within your account or by contacting us at the  email address specified below. 
• Contractual necessity – This is where we have to process Personal Information to meet  our contractual obligations. 
• Legal obligation – This is where we have to process Personal Information in order to  comply with the law. For example, we process and retain customer invoice information  to comply with financial regulations. 
• Protecting vital interests – This is where we have to process Personal information in  order to protect the vital interests of the data subject or of another natural person. • Public interest – This is where we have to process Personal Information in the  performance of a task carried out in the public interest or in the exercise of official  authority vested in the controller. 
• Legitimate business purposes – This is where we have a legitimate interest, as a  business, to process Personal Information. For example, where we are aware of  copyright infringements on our Site, it is in our legitimate interests as a business to  identify those responsible. We take due care to balance our interests against your right  to privacy. 

Use of Personal Information 

We will only use Personal Information for the purposes outlined above, which can include the  following situations: 

• Creating and managing your account; 
• Answering your inquiry or responding to a communication from you; 
• Providing you with the information or products or services that you have requested or  that we think may be of interest to you; 
• Communicating with you about news, projects, products, services, events and other  information we think will be of interest to you; 
• Developing new products or services; 
• Providing, maintaining, delivering or improving our Site or the products or services  provided through our Site; 
• Analyzing and tracking data to determine the usefulness or popularity of certain content  and to better understand the online activity of our Site users; 
• Monitoring and analyzing trends, usage and activities in connection with our Site; • Sending you technical notices, support or administrative notifications; • Detecting, investigating and preventing fraudulent transactions or unauthorized or  illegal activities; 
• Conducting Research and Analysis; 
• Protecting our rights and property and those of others; 
• Fulfilling our legal or regulatory requirements; 
• Linking, connecting or combining Information we collect from or about you with other  Information; and
• Carrying out any other purpose or reason for which the Information was collected. 

Sharing of Information 

We will only share Information about you in the following ways: 

1. With your consent or at your instruction or under any other lawful basis for processing; 2. Certain information you may choose to share may be displayed publicly, such as your  username and any content you post when you use interactive areas of our Site like our  online forums; 
2. Social media providers (where you have a login in via social media account); 4. With third parties or service providers that perform work for us; 
3. With our current or future parent companies, affiliates, subsidiaries and with other  companies under common control or ownership with us or our offices internationally; 6. In connection with a merger or sale of our company assets, or if we do a financing or are  involved in an acquisition or any other situation where information may be disclosed or  transferred as one of our business assets; 
4. In response to a request for information if we believe disclosure is in accordance with,  or required by, any applicable law, regulation or legal process; 
5. If we believe your actions are inconsistent with our user agreements or policies, or to  protect the rights, property and safety of One Universe or others; and 
6. With third parties where aggregate Information is disclosed which cannot be reasonably  be used to identify you. 

Aggregated and De-identified Information Held About You 

Aggregated Information or de-Identified Information does not identify you individually; it helps  us to analyze patterns among groups of people. We process and share Aggregated Information  or De-Identified Information in several ways, for example: 

• For the same reasons as we share Personal Information: 1) with your consent; 2) for a  legitimate business purpose; 3) to fulfill a contraction obligation; and 4) to fulfill a legal obligation; 
• With business partners to help develop and market programs, products or services and  present targeted content (including targeted advertising); 
• With business partners to conduct analysis and research about customers, website and  app users; or 
• With third-party ad-servers to place ads (including ads of our business partners) on  various websites and apps, and to analyze the effectiveness of those ads. Your Rights 

Under data protection laws, you have rights as an individual in relation to the personal data we  hold about you. These rights include: 

• The right to object to direct marketing – your preferences, including in relation to direct  marketing, can be found in your account; 
• The right to access and transfer the personal data that we process about you, under  certain conditions; 
• The right to request the deletion of your personal data; 
• The right to request a manual review of automated data handling about you;
• The right to request the rectification of your personal data – you can manage some of  this information in your account; 
• The right to restrict or object to processing, under certain conditions; • The right to raise a complaint or objection with a supervisory regulatory authority; • You can exercise these rights through your account or by contacting us at the email  address specified below. 

Protection of Personal Information 

We are committed to ensuring that your information is secure. In order to prevent  unauthorized access or disclosure, we take reasonable steps to protect the security of the  information communicated through our Site. We have put in place suitable physical, electronic  and managerial procedures to safeguard and secure the information we collect online. Most web browsers are set to accept cookies as a default. You may wish to opt out by turning  off cookies (please refer to the help menu on your browser); however, switching off cookies  may restrict your use of our Site. You may also opt out of receiving promotional  communications from us at any time by following the instructions in those communications. If  you opt out, we may still send you non-promotional communications, such as technical notices,  support or administrative notifications or information about your account (if any). When we receive certain types of sensitive information such as the financial information  provided when placing an order using our automated shopping cart, visitors are automatically  redirected to a secure server. Strict security measures are in place, on our website, with our  credit card processing company, and in our physical facilities, to ensure that information we  collect from you is not accessible to third parties, and that it is protected from loss, misuse, or  alteration. 

All payment information provided to the Site via the Internet is transmitted using SSL (Secure  Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically  encrypt, or scramble, data before you send it to us. We also encrypt our entire Website and  protect information by placing it on a secure portions of our Website that is only accessible by  certain qualified employees. 

Unfortunately, however, no data transmission over the internet is 100% secure. While we strive  to protect your information, we cannot guarantee or warrant the security of such information.  No computer security system is entirely foolproof and the Internet is not a secure method of  transmitting information. As a result, we do not assume any responsibility for the data you  submit to or receive from us through the Internet or for any unauthorized access or use of that  information and we cannot and do not guarantee that information communicated by you to us  or sent to you by us will be received or that it will not be altered before or after its transmission  to us. You agree to not hold us and our respective past, present and future employees, officers,  directors, contractors, consultants, equity holders, suppliers, vendors, service providers, parent  companies, subsidiaries, affiliates, agents, representatives, predecessors, successors and  assigns (collectively, the “AAIP Parties”) liable for any loss or damage of any sort incurred as a  result of any misappropriation, interception, modification, deletion, destruction or use of  information provided through our Site. 

Social Sharing Features

Our Site may offer social sharing features, links to social media and other integrated tools. Your  use of such features enables the sharing of information with your contacts or the public,  depending on the settings you use with the entity that provides the social sharing feature or  social media. Please visit the privacy policies of the entities that provide these features to  obtain more information about the purpose and scope of data collection and the processing of  such data by such entities. 

How Long Do We Keep Your Information? 

We will keep your Personal Information only for as long as we need to deliver our products and  services, unless we are required to keep it for longer periods because of law, regulation,  litigation or regulatory investigations. When your Personal Information is no longer necessary  for our business, legal or regulatory needs, we will take reasonable steps to securely destroy  such information or permanently de-identify it. For more information about our retention  periods for Personal Information, please contact us at the email address listed below. 

Hyperlinks and Third-Party Sites 

This Site may contain links to other third party websites that may collect personal information  about you, including through cookies or other technologies. If you link to another website, you  will leave this Site and this Privacy Policy will not apply to your use of and activity on those  other websites. You should consult these other websites’ privacy policies as we have no control  over them and are not responsible for any information that is submitted to or collected by  these third parties. 

Who is Responsible – Contact Us 

Blue Morpho SA is responsible for the processing of your information as data controller. If you have any questions, comments, or complaints, or would like to access or correct your  Personal Information and privacy preferences, please contact the designated Data Protection  Officer, Danika Vela, at: 

By email: 

[email protected]

In writing: 

Avenida Guardia Civil 515 

Iquitos, Peru 16007 

Date of Last Update: April 13th 2023 

©2023 Blue Morpho SA