Valdor is built to keep your information private. This page explains, plainly, what that means.
This policy explains how De Laet Consulting GmbH ("Valdor", "we") handles personal data in connection with the website valdor.travel and our advisory relationship with clients. We act in accordance with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
For data-protection matters, please write to the email above. We do not have a statutory obligation to appoint a data protection officer, and have not designated one.
This website sets no cookies, uses no analytics or tracking tools, embeds no social-media pixels, and stores nothing on your device. Fonts and all other assets are served from valdor.travel itself, so simply browsing this site does not transmit your data to any third party.
Like virtually all websites, our hosting provider, Cloudflare, automatically records basic technical server information (such as the requesting IP address, date and time, and pages requested) for the purpose of operating and securing the site. Cloudflare operates a global network, so this technical data may be processed on servers outside Switzerland. It is processed on our behalf, is not used to identify you, and no client or booking data is stored there.
If you write to us, by email or otherwise, we process the information you choose to share, such as your name, contact details, and the content of your message. We use it solely to respond to you and, should you become a client, to arrange your travel.
Where it suits you, we may correspond over WhatsApp. WhatsApp is operated by Meta; messages are carried and processed under Meta's own terms and privacy policy, and their content is encrypted in transit. We keep sensitive information out of it: passports, identification, and payment details are never requested or sent over WhatsApp. For documents of that kind we use a secure upload, described under "Where we keep your data". If such a document reaches us another way, we move it to the secure store and remove it from the conversation.
Delivering a journey requires sharing certain details with the providers and partners involved in your trip. These may include, among others, accommodation, airlines and other transport, tour and activity operators, restaurants, venues, ground services, insurers, and any other supplier whose services form part of your arrangements, together with our travel network partner, Fora Travel, Inc. ("Fora"). The examples given here are illustrative and not exhaustive. Depending on the trip, the information shared may include your name, contact details, travel dates, preferences, and, where relevant, passport, identification, and traveller information for the other people in your party.
When you proceed with bookings, payment is handled through Fora's secure booking platform. With your authorization, your payment card is stored in Fora's payment vault, which is operated by a specialist payment-tokenization provider; Fora and Valdor do not hold your card number in their own systems. The card on file is used to pay for the various components of your trip as they are arranged and booked, of whatever type and wherever located.
For many bookings, charges are made through Fora's platform directly. For bookings with suppliers whose systems are not connected to Fora's platform, your advisor, Maarten De Laet, retrieves your card details from the secure vault in order to enter them with that supplier on your behalf. This means your advisor is able to view your full card details when needed to make such a booking at your direction. Access to the vaulted card is limited to your advisor. You may ask to have your stored card removed at any time by contacting your advisor, or Fora directly at vault@foratravel.com.
Travel is global, and the providers involved in your journey may be located anywhere in the world. This means that your personal and payment data may be transferred to, and processed in, countries outside Switzerland and the European Economic Area, including countries whose data protection laws differ from, and may offer less protection than, those in your home jurisdiction. By asking us to arrange travel that involves such providers, you understand that this transfer is necessary to fulfil your bookings. Where we transfer data, we take steps to protect it in line with the revFADP and, where applicable, the GDPR.
Our travel network partner, Fora Travel, Inc., is based in the United States (228 Park Avenue South, New York, NY 10003), and booking and payment data is processed there as well as in any country where the relevant providers operate. Your relationship with us remains with De Laet Consulting GmbH, which stays responsible for the personal data you entrust to us; Fora processes the booking data within its platform under its own terms and privacy policy, which govern how it handles that information once it is in its systems. We encourage you to read Fora's privacy policy for details of how Fora collects, uses, stores, and protects your data, and of your rights in relation to it.
We share only what is necessary for each arrangement, and only with parties involved in delivering your trip.
The personal data you entrust to us directly, such as our correspondence with you and the documents we hold to arrange your travel, is kept in Google Workspace. We have set its storage region to the European Union, so this data is held at rest within the EU. Google acts as our processor for this purpose and handles the data under its own terms; we limit access to what is needed to serve you. This is separate from the booking and payment data that necessarily travels to Fora and to the providers involved in your trip, described above.
Where we ask you for sensitive documents, such as a passport or identification, we collect them through a secure upload link rather than by email or messaging. The upload service is a managed file store provided by Hetzner Online GmbH and hosted in Germany, within the EU; what you upload is visible only to your advisor, is used only to arrange and book your travel, and is removed on request.
We use an AI assistant (Anthropic's Claude) as a back-office tool, to help us organise our notes and prepare draft documents as we plan a journey. It supports the work; it does not replace it. Every word that reaches you, and every decision about your travel, is made and approved by your advisor. Nothing about you is decided by automated means alone.
We keep what the assistant sees to a minimum. We work with the details of a trip rather than with your identity: where it helps, we use initials or a reference in place of names, and the most sensitive information is never entered at all. Passport and identification details, payment card numbers, and the like stay in the secure systems described above and are not put into the assistant. It is set so that your information is not used to train its models.
Anthropic processes this material on our behalf, under its own terms and privacy policy, and may do so on servers outside Switzerland, including in the United States. As with the other transfers described here, we take steps to protect your information in line with the revFADP and, where applicable, the GDPR. You may ask us how we use these tools, or ask us not to use them in connection with your trip, at any time.
The website is served over an encrypted connection (HTTPS). We treat client information as confidential and limit access to what is necessary to provide our services.
You may request access to the personal data we hold about you, and ask us to correct or delete it. Where GDPR applies, you also have rights to restrict or object to processing, to data portability, and to withdraw consent where processing is based on it. To exercise any of these, write to maarten@valdor.travel.
You also have the right to lodge a complaint with a supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC); in the EU, your local data protection authority.
We may update this policy as our practice develops or as the law requires. The current version is always the one published here.
Last updated: June 2026.