Privacy Policy

Statement of Privacy

At Tripsdesk, we prioritize your privacy and are dedicated to safeguarding your personal information. This Privacy Policy details the types of information we may gather when you visit our website or use our services. It explains how we utilize, store, and protect your data, as well as under what circumstances we may share it. By accessing our platform or engaging with our services, you consent to the collection and use of your information as outlined here, ensuring that your travel experiences remain secure and enjoyable.

Summary of Privacy Statement

Do not forget that this is merely a summary of our Privacy Notice. Take a moment to look over all the information. We are committed to addressing the various factors mentioned below:

• How and what types of information we gather and utilize
• When and with whom we share your information
• Your options on how we gather, utilize, and distribute your data
• How to view and amend your information

What's the process for collecting personal information, and what types of information do we collect?

We gather personally identifiable information when you use our websites and apps, including your name, email address, phone number, mailing address, credit card number, and other payment information. Additionally, we gather information about your device, internet connection, and service usage. Although it is pertinent to your use of our app or website, this information does not individually identify you.

We gather personal information as follows:

• Upon giving it to us directly.
• Cookies, IP addresses, web beacons, and other tracking technologies are some of the data we will automatically collect while you explore the website.
• Additionally, we gather information from our business partners and other external sources.

When you create an account on our websites, subscribe to receive offers or information, or use our platform to book a reservation, we collect your personal information. Additionally, when you visit our websites or download and use our apps (with your consent, if applicable), automated technologies such as cookies are placed on your computer to collect this personal information. Furthermore, we receive personal information from Tripsdesk Group affiliates, business partners, and other third parties that enables us to improve our platform and associated products and services, maintain correct records, potentially detect and investigate fraud, and more effectively promote our services.

When is your personal information shared?

Your personal information may be shared for a number of purposes. This includes assisting you in making travel or holiday arrangements, offering assistance while traveling, giving you product and service information, and facilitating communication with travel agencies. In order to abide by the law, we might also share your data. Please review our complete Privacy Statement below for further details on how we manage your personal information.

How We Gather and Utilize Your Personal Data?

Here are specifics regarding:

• What categories of personal information do we gather and utilize
• How we gather and use it
• Why do we gather and use it
• and the legal justifications we apply.

Legal foundations of processing:

The table below enumerates the legal grounds we use to collect and use your personal data.

Finally, we must adhere to one of the following guidelines whenever we collect or use your personal information:

• Consent: This means that you have permitted us to do certain things, such as sending you marketing materials, only when you have provided authorization to do so.
• Legal obligation :This means that we are obligated by law to collect personal data from you or to use it for a specific purpose (for example, using your transaction history to fulfill our tax, financial, and legal obligations).
• Performance of a contract : This means that the personal data is needed to fulfill a contract with you, like making reservations, processing payments, or creating an account at your initiative.

If we need your personal information to comply with a legal requirement or to complete a transaction with you, we will notify you in advance and explain whether or not you are required to supply it (as well as the consequences of not providing it).

Legitimate interest: Your rights (explained below) are not greater than our legitimate interests, which are served by the processing.

Some countries and regions allow us to process personal data for valid reasons. Our legitimate interests (or the legitimate interests of any third party) will typically be to operate or improve our platform and contact you as needed to provide our services, for security verification when you contact us, to respond to your inquiries, to market to you, or to detect or halt illegal activity. When evaluating whether a certain use of your personal data is permissible, we always take into account the potential impact on your rights, even if we believe that the use serves a specific legal purpose. We consider your rights globally when determining how we use your personal information, even though the concept of legitimate interest is restricted to particular countries and regions.

Types of Personal Data We Gather and Utilize

We collect and use personal data for the following purposes:

1. Motives behind Reservations and Platform Use:

• Get travel insurance, expedite your reservation, and verify your identification.
• Offer services pertaining to your account and reservation.
• Create, manage, and update your account on our platform and confirm your user status.
• We will keep track of your search and travel history, preferences for accommodations and travel, and other information pertaining to your use of the platform and services offered by Tripsdesk Group, as detailed in our Privacy Statement.
• You must enable and facilitate payment processing (such as collecting or validating payment details for our various payment models), coupons, and other transactions in order to secure a reservation, confirm a reservation, validate your bank card, expedite check-out, or handle fees, charges, payments, or refunds.
• Oversee loyalty and incentive schemes.
• Gather and present reservation-related reviews.
• We make it simpler and quicker for you to utilize our services with features like allowing you to log in with your account on the websites and online services of specific Tripsdesk Group businesses.

2. Promotional Objectives

• They may contact you through various methods, including text, email, phone calls, mail, in-app messaging, push notifications, or other means for marketing purposes.
• We use information, such as your previous purchases and browsing patterns, to customize our advertising and marketing to your preferences.
• Track and evaluate the effectiveness of our marketing and promotions.
• Plan promotions with giveaways, competitions, and sweepstakes.

3. Customer service issues and communications

• Contact the client (you) via email, phone calls, or text messages to help you with the relevant information about booking changes, travel booking confirmations, emergencies, or other purposes specified in this Privacy Notice section.
• Answer your inquiries, think about your informational possibilities, and provide information

4. For Compliance and Security Reasons

• Encourage security, confirm our clients identities, identify and investigate illegal and fraudulent activity, protect against lawsuits and other liabilities, and manage other risks.
• Respond to requests from law enforcement, courts, governments, public organizations, and other legal authorities, as well as requests that are part of a legal process; protect our rights and interests and those of our users; and abide by applicable laws (such as those governing the sharing of tax data).
• Observe all applicable rules and regulations regarding security, anti-terrorism, anti-bribery, immigration, customs, and other due diligence.
• Perform data analytics, market research, and surveys. Preserve, enhance, investigate, and assess our events, materials, apps, websites, and services.
• For quality assurance, training, dispute resolution, and other purposes outlined in this Privacy Statement, we may track or record calls, conversations, and other interactions with our customer service representatives and other representatives, as well as platform communications between or among partners and travelers.
• Provide us with de-identified, anonymized, or aggregated data so we can use and share it without limitations when permitted.

You can also give your consent for your data to be shared with other users or third parties, published, or shown in public places on the website. Uploading and submitting User Contributions to other individuals entails full responsibility on your part. No security system is perfect or impenetrable, even if we restrict access to particular pages. Additionally, we have no control over the actions of other website users, even if you decide to share User Contributions with them. Therefore, we cannot and will not guarantee that your User Contributions will not be viewed by unauthorized parties.

When you download and visit our websites, technology may automatically collect the following data:

• Usage Information: When you use our website, we might automatically collect logs, location data, traffic statistics, and other communication data. Additionally, we might collect data about the resources you use and access on or through the App.
• Data and Stored Files: The application may also have access to metadata and other data related to other files on your device. Photos, contacts from your address book, videos, and music are a few examples.
• Details of the device: Among the information we may gather from your mobile device and internet connection are your phone number, IP address, operating system, and kind of browser. We may also get information about your mobile network.

Our system uses technologies for automatic data collection:

We may use automatic data collection tools to gather specific information about your device, browsing preferences, and activities while you visit our website. This comprises: Information about your website visits, including traffic trends, logs, location, and other contact information, as well as the resources you use and access.Your IP address, operating system, browser type, and details about your computer and internet connection.

The data that we automatically collect may be combined with personal data that we collect ourselves, obtain from other sources, or acquire in different ways. We may also save the data or combine it with personal data we obtain independently. It enables us to:

• To grow our website and give users a more personalized experience, we need to look at the audience's sizes and behaviors.
• Your feedback on the website will be stored to help us improve it.
• We will be able to recognize you if you come back to our website.

We could employ the following methods to collect data automatically:

Cookies: A cookie is a little file stored on your computer's hard drive as well as in the memory of your smartphone. By selecting the relevant option on your smartphone or browser, you can opt out of accepting browser cookies. However, if you choose to disable this function, you might no longer be able to access the websites. When you visit our website, our system will automatically transmit cookies to your computer if you haven't set your browser to reject cookies.

Flash Cookies:To gather and store information about your preferences and how you visit, use, and traverse our website, some areas may employ locally saved objects. The same browser settings as browser cookies do not control flash cookies.

WEB Beacons: Web beacons are tiny digital files that allow businesses to track website statistics and the number of people who have received emails or visited particular websites.

The following tracking techniques and third-party cookies are used:

Third parties, such as ad networks and servers, content and app providers, analytics firms, the manufacturer of your mobile device, and your mobile service provider provide the Website's features, apps, and content. These organizations could provide services including advertising, money processing, and ticketing.

When you visit our website, these third parties may collect information about you using cookies, web beacons, or other tracking technologies. They might gather data about your online actions over time from a range of websites and online services, including personal data, or they might use the data they get to link it to personal data they already have about you. Depending on your selections, they might use this information to target you with various advertisements or to present you with content based on your interests.

The detection tools and their use by these third parties are outside our control. If you have any questions regarding advertisements or other customized materials, please contact the relevant supplier directly. You can choose not to receive targeted advertising from a number of sources by following the instructions in "Choices about How We Use and Disclose Your Information" below.

How We Utilize Your Information?

• We give a summary of our website and its contents.
• To fulfill your travel bookings and purchases, to update you on your bookings and purchases, and to deliver any information, goods, or services you ask for.
• It is necessary to carry out our obligations and safeguard our rights under any contracts we may have with you, including handling payments, invoices, and debt collection, regardless of any additional objectives you may have specified.
• To keep you informed about any updates or additions we make to our website, app, or any goods or services we provide or deliver to you via it.
• To make it possible for you to engage with the interactive features of our website or app.
• To send you promotional materials that we create and believe you might find appealing to promote our goods and services.
• Any description appropriate may be used to convey the information you give us.
• For whatever other reason, with your approval.

We may show advertisements to our advertisers' target audiences based on the information we have gathered about you. Even though we never reveal your personal information for these purposes without your consent, if you click on or interact with an advertisement, the advertiser may assume that you meet its target requirements.

Details About You Will Be Disclosed

Data that is aggregated about our users or that does not belong to any specific person may be shared without restriction. As stated in this privacy policy, we reserve the right to share any information you provide, including personal data:

• Our whole affiliate and business network facilitates our company operations or the provision of our services to you, including processing payments, communicating flight service notices, adhering to regulations, preventing fraud, and customizing our advertising based on your preferences and interests.
• Additionally, agents, service providers, and other third parties that assist us in operating our business may receive your information from us, but only if necessary to finalize your travel arrangements. Usually, in order to fulfill your trip requirements, we will have to process your personal data through a third party, such as airlines, hotel vendors, car rental companies, and entrance visa or passport authorities.
• If Tripsdesk were to go through a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of its assets, whether as a going concern or in connection with a bankruptcy, liquidation, or similar proceeding, the personal information of our website's users would be transferred to the acquiring company or another successor.
• Remember that they will make an effort to sell you their products and services in order to meet your objectives.
• When you provide us your information, we might potentially use it for other purposes that you might be told about.

With your permission, we may additionally disclose your personal information in order to comply with our legal obligations:

• To respond to any request from the government or regulatory bodies, as well as any court order, subpoena, legal demand, or legal procedure.
• To manage, enforce, or fulfill our Terms of Service and other agreements, as well as for billing and collection purposes.
• If, in good faith, we believe that disclosing the information is necessary to protect the law, prevent or investigate fraud, safeguard your safety, our clients' rights, property, or safety, or any combination of these, in order to reduce credit risk and prevent fraud. This requires sharing information with other businesses and organizations.

Consumer Choices and Rights

You have multiple options for exercising your right to data protection. For instance, you can click the unsubscribe link in our emails or contact our customer support team to opt out of promotional information. See our Privacy Notice to find out more about your options and rights regarding data protection. By adhering to our Cookie Statement, you can also regulate how we utilize non-essential cookies. These are your main rights:

• You can contact us or visit your account at any time to view and inquire about the particular deletion or change of your personal data.
• You can unsubscribe by clicking the UNSUBSCRIBE LINK in your email.
• Please be aware that we may still send you a necessary transactional or account-related message that you cannot unsubscribe from, even if you choose to UNSUBSCRIBE from or opt out of marketing emails.
• You can edit or modify your correspondence at any time.
• If you wish to revoke your permission for the processing of your personal data, you may do so at any time by contacting us using the information provided below.
• Revoking your consent won't affect the legality of any processing that was carried out before your consent, if we handle your personal information on a legal basis other than consent.

Use of Information by Country

It's essential to note that some nations or regions make it straightforward for their citizens to exercise certain rights related to personal data. Although the extra rights differ from nation to nation, the following are some examples:

• Ask for a copy of your personal data.
• Find out why your data is being handled.
• Delete your personal information.
• Manage the processing and usage of your data.
• You have the right to object to the sharing or disclosure of your data.
• Request that your personal information not be sold.
• Learn more about our automated decision-making process and the outcomes.
• Requesting a manual decision-making process is a better option because fully automated decision-making, including profiling, has serious legal ramifications.
• Challenge a choice that was made only by a computer.

Transfer of Data Internationally

Your personal information may be accessed, processed, or transferred to countries other than the one you are presently in. Regarding data protection, the laws in these nations could differ from those in your own. To complete your transaction and for the reasons specified in this Privacy Statement, we may transfer your personal information across international boundaries.

Please note that our platform's servers are located in the United States, while third-party service providers operate in other countries.

Additionally, we may disclose your personal information to parties based in countries other than your current residence. By this Privacy Notice and applicable data protection regulations, we have taken the necessary precautions to ensure that any access, processing, or transfer of your data is secure. No matter where your data is accessed, processed, or transmitted, these protections provide it with a level of security that is at least as high as the comparable local laws in your nation. We will fulfill our responsibilities for cross-border data transfer by adhering to the data protection laws, rules, and guidelines established by the relevant authorities.

It may include completing tasks such as security evaluations and/or certifications, as well as signing contracts with foreign recipients under the standard contract set by the relevant authorities.

A few of the measures we have are listed below.

Framework for EU-US Data Privacy

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (referred to as "the DPF Frameworks"), and the UK Extension to the EU-U.S. DPF have all certified Tripsdesk' wholly-owned U.S. affiliates. Along with liability for personal data from Switzerland, the UK, and the EU, we also promise to adhere to the DPF Framework Principles of Notice, Accountability for Onward Transfers, Data Integrity and Purpose Limitation, Choice, Security, Enforcement, Access, and Recourse. The DPF Framework compliance of these low-cost affiliates is under the purview of the Federal Trade Commission. In addition, if any of our DPF Framework certifications are no longer valid protection for a relevant transfer, we investigate intra-group Standard Contractual Clauses that apply to the transfer of EU personal data to the United States.

When it comes to unresolved complaints regarding how we handle personal data that we receive based on the DPF Frameworks, Tripsdesk U.S. affiliates promise to cooperate and follow the recommendations of the panel established by the UK Information Commissioner's Office (ICO), the Gibraltar Regulatory Authority (GRA), the EU data protection authorities (DPAs), and the Swiss Federal Data Protection and Information Commissioner (FDPIC). In some instances, binding arbitration can resolve DPF Frameworks compliance issues that none of the other DPF Frameworks procedures can handle.

Engagement with the International Cross-Border Privacy Regulations Framework

The Global Cross-Border Privacy Rules System is adhered to by Tripsdesk's privacy rules, which are described in this Privacy Statement. By using this paradigm, enterprises can ensure that personal data shared among participating economies is secure. Please refer to the comprehensive description provided below for additional details about the Global Community-Based Participatory Research (CBPR) system.

Minor

We are unable to ascertain the age of users, and our website and mobile application are not meant for use by minors in accordance with existing data protection regulations. If a minor has provided us with personal information without their knowledge, parents or guardians should contact us (see the Contact Us section below). If we discover that personal information was collected from a minor without their parents' or legal guardians' consent, we will terminate their account.

We may need to collect the personal information of minors in a few uncommon circumstances, as when booking a reservation, buying extra travel-related services, or in other exceptional circumstances (like family-friendly features). We take great care to protect the personal information of minors and strictly adhere to the legality, necessity, clear purpose, openness, transparency, and security criteria when processing it.

If you would like to have the personal information of minors removed or updated, or if you, as the minor's parent or legal guardian, have any questions or concerns about how we protect minors' personal information, please use the Contact Us option below to get in contact with us.

Record Retention

We will retain your personal information in accordance with all applicable laws for as long as it may be required to accomplish the objectives specified in this Privacy Statement, unless the law mandates or authorizes a longer retention period. Your personal information will be de-identified, aggregated, or anonymized if it will be used for analysis or trend analysis over a long period of time.

When we delete your personal information, we follow industry-standard protocols to ensure that it cannot be recovered or accessed. Backup copies of your personal data may be kept on file to prevent unlawful loss of our systems. This personal information will not be available until it is restored, and any information that is not needed will be deleted.

The following standards serve as the foundation for our retention terms:

• The duration of our collaboration with you, any current accounts you may have with businesses in the Tripsdesk Group, and any recent bookings or other platform usage
• Whether we have any legal requirements regarding your personal data, such as keeping records of your transactions with us
• The duration for which we retain your personal data will depend on whether there are any relevant and ongoing legal requirements, such as contractual obligations, litigation holds, statutes of limitations, and regulatory investigations.
• Whether safe system backups require your personal details

Security

We are committed to implementing the necessary security measures to protect the data we collect, and we want you to feel confident using our platform and any related products and services. We take reasonable steps to establish adequate organizational, technological, and physical safeguards to secure the personal data that we collect and process, although no organization can guarantee complete security.

To ensure we gather, keep, and exchange personal data responsibly, by its level of sensitivity or confidentiality, our cybersecurity team implements technical security controls and procedures. We continuously implement and upgrade our security procedures to prevent unauthorized access, loss, alteration, and destruction of your personal information. We have the same exacting standards for our data-handling partners.

In compliance with industry best practices, we have implemented an information security protection system and undergo regular evaluations and certifications, including PCI-DSS certification. In accordance with our information classification and processing criteria, we have implemented the necessary security measures for the entire data collection, storage, processing, usage, transfer, and sharing lifecycle. Additionally, we have implemented several administrative and technological measures to ensure the security of our systems and services, including access controls, VPN, SSL-encrypted transmission, multi-factor authentication, and verification.

We can control and authorize personnel who might have access to your information, and we regularly train employees on information security. You shall be informed in line with applicable data protection rules and regulations in the event of a personal data security incident that could impact your rights and interests. As mandated by the relevant laws and regulations, we shall also notify the appropriate regulatory organizations about the issue at hand.

Contact Us

If you would like more information about how we handle your personal data, or if you have any questions or issues about how we use it, please contact us using the Privacy Section. This area also allows you to exercise your right to view, amend, or request the removal of your personal information.

The website or app you're using has Tripsdesk as its primary data controller, while they may also collaborate with other parties. Click here for additional details about our representative and the data controller(s) or joint controllers (where applicable) for the personal data we handle.

Updates to Statement

For reasons including increased clarity or adjustments to modifications in our services, business practices, or regulatory obligations, we reserve the right to revise this Statement at any time. Unless we must act immediately due to urgent security, legal, or tax requirements, we will give you a reasonable heads-up if we make substantial changes that affect your rights or responsibilities.

Please contact us here if you would like further details on past upgrades.

Data Security

We take the security of your personal data very seriously. Our industry-standard security protocols prevent your personal information from being lost, stolen, accessed by unauthorized parties, altered, used, or disclosed. A firewall protects our secure servers and stores all the data you have provided us. We will use SSL technology to encrypt all financial transactions.

The Internet remains a relatively safe means of sending information. They have taken every precaution to protect it using security measures, but they cannot guarantee the security of any personal information you provide via the Internet. You are solely responsible for any personal information you send. Regarding the security or privacy settings of the Website, we cannot be held accountable for any instances of unauthorized use or access. If we discover or become aware that your personal information has been compromised, we shall send you an email at the current address you provided to us as soon as is reasonably possible given the circumstances or as otherwise required by applicable law. To determine the extent of the breach, restore the integrity of our system, and cooperate with law enforcement, we may, nonetheless, postpone notification for as long as necessary.

Processing your Information

You consent to the transmission, storage, access, and processing of your data in the US and other countries by using our website. The laws governing data protection in these nations can differ from your own and be less stringent. You agree to the possibility that we may disclose your information to third parties in these nations. Our Privacy Statement covers all of this.

Modifications to Our Privacy Statement

Our privacy and data protection policies may need to be adjusted in response to changes in applicable laws, adjustments to our services, and other circumstances. Therefore, the firm has the right to change this privacy statement at any time.

We will update this page whenever we make changes to our privacy statement. Additionally, you must maintain a current, valid, and deliverable email address, even though we work hard to update our website and privacy policy.

For the most recent information, please see "Changes to Our Privacy Policy," since our policy is subject to change at any time. Any changes we make to this policy are presumed to be accepted by you if you continue to use the website. It is recommended that you review the policy regularly for any updates.

We may change the Privacy Policy at any time for a number of reasons, including

• Improving it to increase its transparency or accessibility,
• Respecting the laws, rules, and tax obligations,
• Modernizing our operations or services, and/or

Resolving security issues: Unless we have to make changes right away to meet security, regulatory, or tax requirements, we will provide you with adequate notice if we plan to make significant changes that impact your rights or responsibilities.