Sign in or Create an Account
This General Data Protection Regulation ("GDPR") Privacy Notice (the "Notice") is an essential part of the overall Privacy Policy provided by Trips & More More. It specifically outlines how we collect, process, store, and protect personal data of individuals who are located in the European Economic Area ("EEA") and the United Kingdom ("UK"). This Notice applies only to these individuals ("you," "your," or "EEA/UK Individuals"). Any terms that are not defined within this Notice will have the meanings assigned to them in our general Privacy Policy or as defined by the GDPR. In the event of a conflict between this Notice and our general Privacy Policy, this Notice will take precedence for individuals in the EEA and UK.
Trips & More More acts as the data controller of your personal data. This means that we are responsible for determining the purposes and methods of processing the personal data you provide when using our travel booking services, browsing our websites, contacting our customer support, or engaging with any related travel services (collectively referred to as the "Services").
Personal data collected from EEA and UK individuals may be stored on servers located in the United States. We implement appropriate safeguards to ensure that your data remains protected and processed in accordance with applicable data protection laws.
At Trips & More More, we are self-certified under the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the DPF, and the Swiss-U.S. DPF, which provide lawful mechanisms for transferring personal data from the EEA, UK, and Switzerland to the United States. These certifications are designed to offer adequate safeguards under applicable data protection laws. If these frameworks are ever invalidated or deemed insufficient, we will rely on Standard Contractual Clauses (SCCs) approved by the European Commission as alternative legal bases to ensure continued protection of your personal data when transferred to the U.S.
In addition, when we transfer your personal data to non-EEA/UK travel providers—such as airlines, hotels, or car rental services—to fulfill your bookings, those transfers may be based on specific derogations under Article 49 of the GDPR, including:
At Trips & More More, we retain your personal data for periods that are appropriate and proportionate to the nature of our relationship with you, the types of data we collect, and our operational and legal obligations. Our retention practices are designed to support our ability to deliver and improve our services, comply with legal requirements, and protect both you and our business.
The duration for which we keep your personal data depends on several key factors, including:
There is no specific timeline for data retention as per the GDPR. Once personal data is no longer necessary for the purposes above, we securely delete, anonymize, or otherwise render it inaccessible, in accordance with applicable data protection regulations.
At Trips & More More, we take information security seriously and implement a range of technical and organizational measures to protect your personal data against unauthorized access, misuse, loss, or damage. We have a legitimate interest in maintaining robust cybersecurity and in detecting and preventing potential criminal activities or threats to public safety, including unauthorized access to our systems, data breaches, and disruptions to our infrastructure.
To support these objectives, we follow the Payment Card Industry Data Security Standard (PCI-DSS)* and adopt additional industry-recognized security practices, including those aligned with ISO 27001 principles. Sensitive data, such as your credit card details, is encrypted using Secure Sockets Layer (SSL) technology to ensure it is transmitted securely.
In addition, our web servers automatically log technical data to help maintain the security and performance of our digital platforms. This includes information such as your IP address, the web page you requested, the time of your request, the referring URL, browser type, and server response status codes (e.g., a 404 error for a missing page). We use this data to monitor system performance, detect and investigate suspicious activities, and safeguard our website and mobile applications against cyber threats.
Our commitment to data protection ensures that your information is handled responsibly and in compliance with applicable data security regulations.
*Trips & More More is in the process of acquiring the PCI-DSS certificate. We ensure to implement appropriate measures to prevent unauthorized access and fraud related to your credit card information.
Trips & More More may be required to disclose your personal data in response to lawful requests from public authorities, including to meet national security or law enforcement obligations. We also reserve the right to disclose personal data to third parties when mandated by legal or regulatory requirements. This includes, but is not limited to, compliance with court orders, subpoenas, or other lawful processes issued by government agencies. Such disclosures will always be made in accordance with applicable laws and with appropriate safeguards in place to protect your data where possible.
In the event that Trips & More More is involved in a merger, acquisition, sale of assets, corporate restructuring, or similar business transaction, your personal data may be transferred as part of the assets to the relevant successor or acquiring organization. Any such transfer will be conducted in accordance with our existing privacy commitments, ensuring that your personal information continues to be handled securely and in line with the standards set forth in this Privacy Notice and our broader Privacy Policy.
As an individual under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data. These include the right to access, correct, or erase your personal data, as well as the right to object to or restrict its processing. Additionally, you have the right to request a copy of your data or have it transferred to another controller in a structured, commonly used, and machine-readable format under the right to data portability. To exercise any of these rights, please contact us at [email protected] with the subject line “GDPR Notice.”
Under GDPR, if Trips & More More receives a request from your end in order to exercise your rights, then we shall respond to your request without undue delay and within 1 month of receiving the request. We may extend the response time by 2 months for complex or multiple requests. You shall be informed about the extension of the request period within the initial month, else your request will be dealt with free of charge. In case we reject your request, we will inform you of the reason for doing so, and you may file a complaint with the Data Protection Authority in that regard.
You have the right to object to the processing of your personal data based on legitimate interests pursued by Trips & More More. If you object, we will stop processing your data unless we can demonstrate overriding legitimate grounds for processing or if the processing is necessary for the establishment, exercise, or defense of legal claims.
You also have the right to object at any time to the use of your personal data for direct marketing purposes. If you exercise this right, we will no longer use your personal data for marketing. For email marketing and similar channels (e.g., push notifications), you can easily unsubscribe through the “Unsubscribe” link provided or via device settings for push notifications. Alternatively, you can contact us directly at [email protected] with the subject line "GDPR Notice."
Please note, even if you opt out of receiving marketing communications, we may still send you essential administrative messages related to your bookings, which you cannot opt-out of (e.g., booking confirmations).
Under GDPR Article 77, you have the right to file a complaint regarding the processing of your personal data by Trips & More More with a relevant supervisory authority. This could be the authority in the country where you live, work, or where the alleged violation occurred.
Additionally, if applicable, you may exercise your rights as a third-party beneficiary under Trips & More More’s Standard Contractual Clauses.
For more information, you can find the contact details of the data protection authorities in the European Union at:http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Only you—or someone legally authorized to act on your behalf—may submit a request concerning your personal information. For requests involving access, deletion, correction, or in some cases, opt-outs (especially if we suspect fraudulent activity or require additional verification), we must first confirm your identity before processing the request.
To verify your identity, we may ask you to provide enough information for us to reasonably confirm that you are the individual whose personal information we collected or that you are an authorized representative (such as providing a prior booking reference, verification that an agent is authorized, or using an email address you control).
We will use the information you provide solely for the purpose of verifying your request. If we are unable to verify your identity or authority to make the request, we may be unable to fulfill it or disclose the requested personal information.
Please be aware that we may keep a record of your request for our records. Additionally, we reserve the right to charge a reasonable fee or decline to act if a request is found to be excessive, repetitive, or clearly unfounded.
Trips & More More’s services are not intended for individuals under the age of eighteen (18). We kindly ask that minors do not provide personal data to us through any means.
If we plan to process your personal data for a purpose other than the one for which it was originally collected, we will inform you of that new purpose and provide any other relevant details in advance of the processing. Following this update, the information related to the processing activity will be revised or added to this Privacy Policy or elsewhere, and the “Effective Date” at the top of this page will be updated accordingly.
Note: This Data Privacy Framework section applies exclusively to personal data processed in accordance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively referred to as the “DPF”).
Trips & More More complies with the DPF requirements as established by the U.S. Department of Commerce. We have certified to the Department of Commerce that we adhere to:
If any conflict arises between the terms in this privacy policy and the DPF Principles, the DPF Principles will govern.
To learn more about the DPF program and to view our certification, please visit the official website:https://www.dataprivacyframework.gov
Trips & More More is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (“FTC”).
In accordance with the DPF Principles, Trips & More More is committed to resolving complaints concerning your privacy and the handling of your personal data transferred to the United States under the DPF.
If you are a resident of the European Union, United Kingdom, or Switzerland and have a question or complaint, please contact us first at:
[email protected]
Subject line: “Data Privacy Framework”
For unresolved issues, Trips & More More has agreed to cooperate with BBB National Programs Data Privacy Framework Services, a non-profit, independent dispute resolution provider based in the United States and operated by the Council of Better Business Bureaus.
If we do not respond to your complaint in a timely manner or if our response is unsatisfactory, you can file a complaint at:
https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers
This dispute resolution service is provided free of charge.
In certain cases, if your complaint is not resolved through the above mechanisms, you may have the right to invoke binding arbitration for some residual claims. For more details, see Annex I of the DPF here:https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
At Trips & More More, we engage third-party service providers to assist with various business-related functions. When necessary, we may share your personal data with these third parties, but only to the extent required for them to deliver the services on our behalf. These third parties act as our “agents” as defined under the Data Privacy Framework (DPF). Examples of such agents include companies providing hosting services, technical support, database management and backup, information security and fraud prevention, marketing and analytics, and customer support services.
All agents operate under our instructions and are bound by contracts that require them to offer a level of privacy protection at least equal to what is provided under this Privacy Policy and the DPF. These contracts also obligate our agents to notify us if they are no longer able to maintain these protections, at which point Trips & More More will take reasonable steps to address the issue. In addition, we may share your personal data with our affiliates to support business operations, including the marketing, sale, and delivery of services, as described in this Privacy Policy.
In certain situations, we may be required to disclose your personal data in response to lawful requests from public authorities, including those related to national security or law enforcement.
Trips & More More remains responsible under the DPF Principles for personal data it transfers to third parties. If any of our agents processes your personal data in a manner that is inconsistent with the DPF Principles, we may be held liable unless we can demonstrate that we were not responsible for the event leading to the harm.
You have the right to opt out of the disclosure of your personal data to third parties who are not acting as our agents, or before we use your data for a purpose that differs from the original purpose for which it was collected or later authorized. To exercise your opt-out rights, please email us at [email protected] with the subject line “Data Privacy Framework.”
We will not share your sensitive personal data with any third party without first obtaining your explicit opt-in consent. You may provide this consent by emailing us at the address listed above. Please allow a reasonable amount of time for us to process your request.
If you would like to know whether we are processing your personal data under the DPF, you may contact us at [email protected] using the subject line “Data Privacy Framework.” Upon request, we will confirm whether we are processing your data and provide access to it within a reasonable time-frame.
You also have the right to request that we correct, amend, or delete any of your personal data that is inaccurate or processed in violation of our privacy obligations. Please note that access may be limited in cases where the cost or effort to provide it would be disproportionate to the risk to your privacy, or if doing so would violate the rights of another person. In some cases, we may charge a reasonable fee to cover administrative costs related to fulfilling your request. We appreciate your patience while we process your inquiry.
Trips & More More retains personal data processed under the DPF in accordance with our internal data retention policy. We will maintain your data in an identifiable form for as long as necessary to fulfill the purposes for which it was collected.
We may continue processing your personal data beyond that period if it serves important public interests such as archival, literary, journalistic, scientific, or historical research, or statistical analysis—always in accordance with applicable privacy protections. Once those purposes are fulfilled or no longer applicable, your data will either be deleted or de-identified to prevent it from being linked to you.
Trips & More More takes the security and confidentiality of your personal data seriously. We implement appropriate administrative, technical, and physical safeguards designed to protect your information from unauthorized access, misuse, loss, alteration, or destruction. These measures are based on the nature of the data and the risks associated with its processing and are designed to ensure compliance with all applicable laws and regulations.
Contact Us
If you have any questions about this GDPR Notice, or would like to exercise any of your GDPR or DPF rights, please contact us:
Email: [email protected] (Subject: “GDPR Notice”)
Mailing Address:
1841 NE
196TH TER
MIAMI
FL-33179-3645
Please do not include sensitive personal information such as payment details in email correspondence.
