Privacy Policy

1. Introduction

The Travel Tech Company ("T3C", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This comprehensive Privacy Policy explains in detail how we collect, use, disclose, transfer, store, and safeguard your information when you visit our website located at www.thetraveltech.company (the "Website"), use our software-as-a-service (SaaS) products including TravelHub and Nexus (the "Services"), or interact with us in any other way.

This Privacy Policy applies to all users of our Website and Services, including visitors, customers, partners, and any other individuals who interact with T3C. By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

We are committed to complying with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and other relevant privacy laws in jurisdictions where we operate.

2. Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). The types of Personal Information we collect depend on how you interact with us and our Services.

2.1 Information You Provide Directly

We collect Personal Information that you voluntarily provide to us when you:

• Create an Account: When you register for an account, we collect your name, email address, company name, job title, phone number, password (which is encrypted), and any other information you choose to provide.
• Request a Demo or Contact Us: When you request a demo, contact our support team, or fill out contact forms, we collect your name, email address, company name, phone number, job title, and any message or inquiry you submit.
• Use Our Services: When you use TravelHub or Nexus, we collect information necessary to provide the Services, including API credentials, integration configurations, usage data, and any content you upload or process through our Services.
• Subscribe to Communications: When you subscribe to our newsletters, marketing emails, or other communications, we collect your email address and preferences.
• Participate in Surveys or Feedback: When you participate in surveys, provide feedback, or respond to questionnaires, we collect your responses and any Personal Information you choose to include.
• Make Payments: When you make payments for our Services, we collect billing information including credit card details, billing address, and payment history. Payment processing is handled by third-party payment processors, and we do not store full credit card numbers.
• Attend Events: When you register for or attend our webinars, conferences, or other events, we collect your name, email address, company information, and attendance records.

2.2 Information Automatically Collected

When you visit our Website or use our Services, we automatically collect certain information about your device and how you interact with us:

• Device Information: We collect information about your device, including IP address, browser type and version, operating system, device identifiers, mobile network information, and device settings.
• Usage Information: We collect information about how you use our Website and Services, including pages visited, time spent on pages, links clicked, search queries, features used, and the date and time of your activities.
• Location Information: We may collect approximate location information based on your IP address or device settings. We do not collect precise geolocation data without your explicit consent.
• Log Data: Our servers automatically record information ("log data") created by your use of our Services, including IP address, browser type, referring/exit pages, request and response times, error logs, and other technical information.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior and preferences. For more details, see Section 9 below.
• API Usage Data: When you use our API services, we collect information about API calls, including request and response data, timestamps, error rates, and performance metrics.

2.3 Information from Third-Party Sources

We may receive Personal Information about you from third-party sources, including:

• Business Partners: We may receive information from our business partners, suppliers, or customers who use our Services.
• Social Media Platforms: If you interact with us on social media platforms, we may receive information from those platforms in accordance with their privacy policies.
• Service Providers: We may receive information from third-party service providers who assist us in providing our Services, such as payment processors, analytics providers, and customer support platforms.
• Public Sources: We may collect information from publicly available sources, such as company websites, public directories, and professional networking sites, to verify or supplement information you provide.
• Integration Partners: When you connect third-party services to our Services, we may receive information from those services in accordance with your authorization and their privacy policies.

2.4 Sensitive Personal Information

We generally do not collect sensitive Personal Information (such as race, ethnicity, religious beliefs, health information, or biometric data) unless you voluntarily provide it or it is necessary for providing our Services. If we collect sensitive Personal Information, we will handle it in accordance with applicable laws and with your explicit consent where required.

3. How We Use Your Information

We use the Personal Information we collect for various business purposes, including:

3.1 Providing and Improving Our Services

• Create, maintain, and manage your account and user profile
• Process and fulfill your requests for our Services, including API access, integrations, and content mapping
• Provide customer support, respond to inquiries, and resolve technical issues
• Monitor and analyze usage patterns to improve our Services' functionality, performance, and user experience
• Develop new features, products, and services based on user needs and feedback
• Conduct research and analytics to understand how our Services are used
• Ensure the security and integrity of our Services and prevent fraud, abuse, and unauthorized access

3.2 Communication

• Send you transactional communications, such as account confirmations, service updates, and billing notifications
• Respond to your inquiries, comments, and support requests
• Send you marketing communications about our Services, new features, promotions, and events (with your consent where required)
• Notify you about changes to our Services, Terms of Service, or this Privacy Policy
• Send you technical notices, security alerts, and administrative messages
• Invite you to participate in surveys, beta testing, or user research

3.3 Business Operations

• Process payments, manage billing, and prevent fraudulent transactions
• Manage our business relationships with customers, partners, and suppliers
• Comply with legal obligations, enforce our Terms of Service, and protect our legal rights
• Conduct audits, investigations, and compliance reviews
• Facilitate business transactions, such as mergers, acquisitions, or asset sales
• Maintain records for accounting, tax, and regulatory compliance purposes

3.4 Personalization and Analytics

• Personalize your experience by showing relevant content, features, and recommendations
• Analyze usage patterns to understand user behavior and preferences
• Measure the effectiveness of our marketing campaigns and website content
• Conduct A/B testing and other experiments to improve our Services
• Generate aggregated, anonymized reports and statistics

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your Personal Information based on the following legal bases:

• Contractual Necessity: We process your Personal Information to perform our contract with you, such as providing our Services, processing payments, and managing your account.
• Legitimate Interests: We process your Personal Information for our legitimate business interests, such as improving our Services, preventing fraud, ensuring security, and conducting business operations. We balance these interests against your privacy rights and will not process your information if your interests override ours.
• Consent: We process your Personal Information based on your explicit consent, such as for marketing communications or optional features. You can withdraw your consent at any time.
• Legal Obligation: We process your Personal Information to comply with applicable laws, regulations, court orders, or government requests.
• Vital Interests: We may process your Personal Information to protect your or another person's vital interests, such as in emergency situations.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your Personal Information to third parties for their marketing purposes. We may share your Personal Information in the following circumstances:

5.1 Service Providers

We share Personal Information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
• Payment processors and billing services
• Customer relationship management (CRM) platforms
• Email and communication service providers
• Analytics and data analytics platforms
• Customer support and helpdesk services
• Security and fraud prevention services
• Marketing and advertising platforms
• Content delivery networks (CDNs)

These service providers are contractually obligated to protect your Personal Information and use it only for the purposes we specify. They are not permitted to use your Personal Information for their own purposes.

5.2 Business Partners

We may share Personal Information with our business partners, suppliers, or customers when necessary to provide our Services or facilitate business relationships. For example, if you use our Services to integrate with a third-party platform, we may share relevant information with that platform to enable the integration.

5.3 Legal Requirements

We may disclose Personal Information if required by law, regulation, court order, or government request, including:

• Responding to subpoenas, warrants, or other legal process
• Complying with tax, regulatory, or reporting obligations
• Protecting our rights, property, or safety, or that of our users or others
• Investigating potential violations of our Terms of Service
• Preventing fraud, abuse, or illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your Personal Information may be transferred to the acquiring entity or new owner. We will notify you of any such change in ownership or control of your Personal Information.

5.5 With Your Consent

We may share your Personal Information with third parties when you explicitly consent to such sharing, such as when you authorize an integration with a third-party service.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This information may be used for research, analytics, or other business purposes.

6. Data Security

We implement comprehensive technical and organizational security measures designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6.1 Technical Safeguards

• Encryption: We use industry-standard encryption (TLS/SSL) to protect data in transit and encryption at rest for sensitive data stored in our systems.
• Access Controls: We implement strict access controls, including multi-factor authentication, role-based access, and regular access reviews to ensure only authorized personnel can access Personal Information.
• Network Security: We use firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access.
• Secure Development: We follow secure coding practices and conduct regular security assessments and penetration testing.
• Data Backup and Recovery: We maintain regular backups and disaster recovery procedures to ensure data availability and integrity.
• API Security: We implement API authentication, rate limiting, and monitoring to protect our API services.

6.2 Organizational Safeguards

• Employee Training: We provide regular security and privacy training to all employees who handle Personal Information.
• Confidentiality Agreements: All employees and contractors are bound by strict confidentiality agreements.
• Incident Response: We maintain an incident response plan to promptly address and mitigate security incidents.
• Vendor Management: We carefully vet and monitor third-party service providers to ensure they maintain appropriate security measures.
• Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities.

6.3 Your Role in Security

You play an important role in protecting your Personal Information. We recommend that you:

• Use a strong, unique password for your account
• Enable multi-factor authentication when available
• Keep your account credentials confidential and do not share them with others
• Log out of your account when using shared or public devices
• Notify us immediately if you suspect any unauthorized access to your account
• Keep your devices and software updated with the latest security patches

7. Data Retention

We retain your Personal Information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• Business Needs: We retain information as long as necessary to provide our Services, maintain your account, and fulfill our contractual obligations.
• Legal Requirements: We retain information as required by applicable laws, regulations, or court orders, such as tax records, financial records, and legal compliance documentation.
• Dispute Resolution: We may retain information longer if necessary to resolve disputes, enforce our agreements, or protect our legal rights.
• Legitimate Business Interests: We may retain certain information for legitimate business purposes, such as improving our Services, preventing fraud, or maintaining security.

When we no longer need your Personal Information, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws. If you request deletion of your Personal Information, we will delete it within a reasonable timeframe, subject to legal retention requirements.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your Personal Information. We will honor these rights in accordance with applicable laws.

8.1 General Rights

You may have the right to:

• Access: Request access to your Personal Information and receive a copy of the data we hold about you.
• Correction: Request correction of inaccurate or incomplete Personal Information.
• Deletion: Request deletion of your Personal Information, subject to legal retention requirements.
• Portability: Request transfer of your Personal Information to another service provider in a structured, commonly used format.
• Objection: Object to processing of your Personal Information for certain purposes, such as direct marketing.
• Restriction: Request restriction of processing of your Personal Information in certain circumstances.
• Withdraw Consent: Withdraw your consent to processing where we rely on consent as the legal basis.
• Opt-Out: Opt out of the sale or sharing of Personal Information (where applicable).

8.2 How to Exercise Your Rights

To exercise your privacy rights, please contact us using the information provided in Section 16 below. We will respond to your request within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request to protect your privacy and security.

You may also be able to exercise certain rights through your account settings or by using opt-out mechanisms we provide, such as unsubscribe links in marketing emails.

8.3 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny you goods or services, charge you different prices, or provide you with a different level or quality of services for exercising your rights.

9. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect and store information about your interactions with our Website and Services. This section provides detailed information about our use of these technologies.

9.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners. Cookies can be "persistent" (remain on your device until deleted or expired) or "session" (deleted when you close your browser).

9.2 Types of Cookies We Use

• Essential Cookies: These cookies are necessary for the Website to function properly. They enable core functionality such as security, network management, and accessibility. You cannot opt out of essential cookies.
• Performance Cookies: These cookies collect information about how you use our Website, such as which pages you visit most often. This data helps us improve the Website's performance and user experience.
• Functionality Cookies: These cookies allow the Website to remember choices you make (such as language preferences) and provide enhanced, personalized features.
• Targeting/Advertising Cookies: These cookies are used to deliver advertisements relevant to you and your interests. They also help measure the effectiveness of advertising campaigns.
• Analytics Cookies: These cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously.

9.3 Third-Party Cookies

We may also use third-party cookies from service providers such as Google Analytics, marketing platforms, and social media networks. These third parties may use cookies to collect information about your online activities across different websites. We do not control these third-party cookies, and you should review their privacy policies to understand how they use your information.

9.4 Managing Cookies

You can control and manage cookies in various ways:

• Browser Settings: Most browsers allow you to refuse or accept cookies, delete existing cookies, or set preferences for certain websites. You can usually find these settings in your browser's "Options" or "Preferences" menu.
• Opt-Out Tools: You can use opt-out tools provided by third-party analytics and advertising providers, such as Google Analytics Opt-out Browser Add-on.
• Do Not Track: Some browsers offer a "Do Not Track" feature that signals to websites that you do not want to be tracked. However, there is no standard for how websites should respond to this signal, and we do not currently respond to Do Not Track signals.

Please note that disabling cookies may affect the functionality of our Website and Services, and some features may not work properly.

10. Third-Party Services and Links

Our Website and Services may contain links to third-party websites, services, or applications that are not owned or controlled by T3C. This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices or content of third-party websites or services.

When you click on a link to a third-party website or service, you will be subject to that third party's privacy policy and terms of service. We encourage you to review the privacy policies of any third-party websites or services you visit.

Our Services may integrate with third-party services, such as payment processors, analytics platforms, and cloud storage providers. When you use these integrations, your Personal Information may be shared with these third parties in accordance with their privacy policies and your authorization.

11. International Data Transfers

T3C is a global company, and your Personal Information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer Personal Information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries outside these regions, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection
• Other legally recognized transfer mechanisms

By using our Services, you consent to the transfer of your Personal Information to countries outside your country of residence, including the United States and other countries where we operate.

12. Children's Privacy

Our Website and Services are not intended for children under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect Personal Information from children under 16. If you are a parent or guardian and believe that your child has provided us with Personal Information, please contact us immediately, and we will take steps to delete such information from our systems.

If we become aware that we have collected Personal Information from a child under 16 without verifiable parental consent, we will take steps to delete that information as quickly as possible.

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

13.1 Right to Know

You have the right to request that we disclose:

• The categories of Personal Information we have collected about you
• The categories of sources from which we collected your Personal Information
• The business or commercial purpose for collecting or selling your Personal Information
• The categories of third parties with whom we share your Personal Information
• The specific pieces of Personal Information we have collected about you

13.2 Right to Delete

You have the right to request deletion of your Personal Information, subject to certain exceptions, such as when we need to retain information for legal compliance or business purposes.

13.3 Right to Opt-Out

You have the right to opt out of the sale or sharing of your Personal Information. We do not sell Personal Information, but we may share it with service providers and business partners as described in this Privacy Policy.

13.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny you goods or services, charge you different prices, or provide you with a different level or quality of services.

13.5 Right to Correct

You have the right to request correction of inaccurate Personal Information we maintain about you.

13.6 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We will require proof of authorization and verification of your identity before processing requests from authorized agents.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

14.1 Your Rights

• Right of Access: You have the right to obtain confirmation as to whether we process your Personal Information and to access that information.
• Right to Rectification: You have the right to have inaccurate Personal Information corrected and incomplete information completed.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your Personal Information in certain circumstances.
• Right to Restrict Processing: You have the right to request restriction of processing of your Personal Information in certain circumstances.
• Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.
• Right to Object: You have the right to object to processing of your Personal Information for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.

14.2 Data Protection Officer

If you have questions or concerns about our data processing practices, you may contact our Data Protection Officer at the contact information provided in Section 16.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last updated" date
• Sending you an email notification (if you have provided an email address)
• Displaying a prominent notice on our Website or through our Services
• Other methods as required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your Personal Information. Your continued use of our Website or Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If we make material changes that significantly affect your rights or how we use your Personal Information, we will obtain your consent where required by applicable law.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority or supervisory authority.

16.1 Supervisory Authorities

If you are located in the EEA, UK, or Switzerland, you can find contact information for your local supervisory authority at:

• EEA: European Data Protection Board
• UK: Information Commissioner's Office (ICO)
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

17. Additional Information

17.1 Data Controller

The Travel Tech Company is the data controller responsible for your Personal Information. Our registered address and contact information are provided in Section 16 above.

17.2 Processing Purposes

We process your Personal Information for the purposes described in Section 3 of this Privacy Policy. We do not use your Personal Information for purposes that are materially different from those disclosed in this Privacy Policy without your consent.

17.3 Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, except as necessary to provide our Services (such as fraud detection) or with your explicit consent.

17.4 Special Categories of Personal Information

We do not intentionally collect special categories of Personal Information (such as information about race, ethnicity, political opinions, religious beliefs, health, or biometric data) unless you voluntarily provide it or it is necessary for providing our Services. If we process special categories of Personal Information, we will do so in accordance with applicable law and with your explicit consent where required.