Privacy Policy of Travellizy

Full policy

Owner and Data Controller

Travellizy UK LTD
40 Bloomsbury Way, Lower Ground Floor, WC1A 2SE London, United Kingdom

Owner contact email: support@travellizy.com

Types of Data collected

Among the types of Personal Data that Travellizy collects, by itself or through third parties, there are: Trackers; Usage Data; email address; Universally unique identifier (UUID); Data communicated while using the service; first name; phone number; country; last name; gender; date of birth; address; Camera permission; Storage permission; Photo Library permission; various types of Data; payment info; company name.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using Travellizy.
Unless specified otherwise, all Data requested by Travellizy is mandatory and failure to provide this Data may make it impossible for Travellizy to provide its services. In cases where Travellizy specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by Travellizy or by the owners of third-party services used by Travellizy serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through Travellizy.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Travellizy (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Retention time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Advertising, Heat mapping and session recording, Analytics, User database management, Content commenting, Contacting the User, Remarketing and behavioral targeting, Registration and authentication provided directly by Travellizy, Tag Management, Displaying content from external platforms, Managing data collection and online surveys, Managing contacts and sending messages, Device permissions for Personal Data access, Registration and authentication, Data transfer outside the EU, Data transfer outside of the UK, Commercial affiliation, Handling payments and Selling goods and services online.

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.

Device permissions for Personal Data access

Depending on the User's specific device, Travellizy may request certain permissions that allow it to access the User's device Data as described below.

By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document.
The exact procedure for controlling app permissions may be dependent on the User's device and software.

Please note that the revoking of such permissions might impact the proper functioning of Travellizy.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by Travellizy.

Camera permission

Used for accessing the camera or capturing images and video from the device.

Photo Library permission

Allows access to the User's Photo Library.

Storage permission

Used for accessing shared external storage, including the reading and adding of any items.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

• Advertising

  This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on Travellizy, possibly based on User interests.
  This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
  Some of the services listed below may use Trackers for identifying Users, behavioral retargeting i.e. displaying ads tailored to the User’s interests and behavior, or to measure ads performance. For more information, please check the privacy policies of the relevant services.
  Services of this kind usually offer the possibility to opt out of such tracking. In addition to any opt-out feature offered by any of the services below, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section "How to opt-out of interest-based advertising" in this document.

  Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)

  Hotjar is an analytics service provided by Hotjar Ltd.
  Hotjar honors generic Do Not Track headers. This means your browser can tell its script not to collect any of your data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

  Personal Data processed: Trackers; Usage Data.

  Place of processing: Malta – Privacy Policy – Opt Out.

  Google Ad Manager

  Google Ad Manager is an advertising service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, that allows the Owner to run advertising campaigns in conjunction with external advertising networks that the Owner, unless otherwise specified in this document, has no direct relationship with.
  In order to understand Google's use of data, consult Google's partner policy.
  This service uses the “DoubleClick” Cookie, which tracks use of Travellizy and User behavior concerning ads, products and services offered.  

  Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

  Meta ads conversion tracking (Meta pixel) (Meta Platforms, Inc.)

  Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that connects data from the Meta Audience Network with actions performed on Travellizy. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Meta Audience Network.

  Personal Data processed: Trackers; Usage Data.

  Place of processing: United States – Privacy Policy – Opt out.

  Direct Email Marketing (DEM)

  Travellizy uses the User Data to propose services and products provided by Travellizy or third parties related to the main business of Travellizy.
  Personal data collected: name, physical address, IP address, email address, date of birth.

  AdDefend (AdDefend GmbH)

  AdDefend is an advertising service provided by AdDefend GmbH.

  Personal Data processed: Tracker; Usage Data.

  Place of processing: Germany – Privacy Policy – Opt out.

• Analytics

  The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

  Google Analytics (Universal Analytics) (Google LLC)

  Google Analytics (Universal Analytics) is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of Travellizy, to prepare reports on its activities and share them with other Google services.
  Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

  In order to understand Google's use of Data, consult Google's partner policy.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy – Opt Out.

• Commercial affiliation

  This type of service allows Travellizy to display advertisements for third-party products or services. Ads can be displayed either as advertising links or as banners using various kinds of graphics.
  Clicks on the icon or banner posted on the Application are tracked by the third-party services listed below, and are shared with Travellizy.
  For details of which data are collected, please refer to the privacy policy of each service.

  Admitad (Admitad GmbH)

  Admitad is a commercial affiliation service provided by Admitad GmbH.

  Personal Data processed: Tracker; Universally unique identifier (UUID); Usage Data.

  Place of processing: Germany – Privacy Policy.

• Contacting the User

  Contact form (Travellizy)

  By filling in the contact form with their Data, the User authorizes Travellizy to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

  Personal Data processed: country; email address; first name; phone number.

• Content commenting

  Content commenting services allow Users to make and publish their comments on the contents of Travellizy.
  Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
  If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.

  Facebook Comments (Facebook, Inc.)

  Facebook Comments is a content commenting service provided by Facebook, Inc. enabling the User to leave comments and share them on the Facebook platform.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

• Device permissions for Personal Data access

  Travellizy requests certain permissions from Users that allow it to access the User's device Data as described below.

  Device permissions for Personal Data access (Travellizy)

  Travellizy requests certain permissions from Users that allow it to access the User's device Data as summarized here and described within this document.

  Personal Data processed: Camera permission; Photo Library permission; Storage permission.

• Displaying content from external platforms

  This type of service allows you to view content hosted on external platforms directly from the pages of Travellizy and interact with them.
  This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

  Google Maps widget

  Google Maps is a maps visualization service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, that allows Travellizy to incorporate content of this kind on its pages.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

• Handling payments

  Unless otherwise specified, Travellizy processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. Travellizy isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

  Apple Pay (Apple Inc.)

  Apple Pay is a payment service provided by Apple Inc., which allows Users to make payments using their mobile phones.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

  Google Pay (Google Ireland Limited)

  Google Pay is a payment service provided by Google Ireland Limited, which allows users to make online payments using their Google credentials.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

  PayPal (PayPal Inc.)

  PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: See the PayPal privacy policy – Privacy Policy.

  Payment by bank transfer (Travellizy)

  In the event that the chosen payment method is a direct bank transfer to the current account indicated by Travellizy, the Owner will collect the payment details of the User, i. e. the current account number of the sender, the SWIFT code, the bank and the name of the sender. Such data will be collected and processed exclusively within the transaction and for billing purposes only.

  Personal Data processed: company name; first name; last name; payment info; physical address.

  LiqPay

  LiqPay - is a payment service that allows Users to make online payments using a mobile phone, Internet, and payment cards all over the world.
  Personal Data processed: various types of Data as specified in the terms and conditions of the service.
  Place of processing: See the terms and conditions of the service.

  EasyPay

  EasyPay is a payment service provided by the group of companies EasySoft LLC, Financial company “Abekor" LLC, IPS (Internal payment System) Finansovy Svit, Kontraktovy Dim LLC, which allows Users to make online payments.
  Personal Data processed: various types of Data as specified in the privacy policy of the service.
  Place of processing: See the EasyPay privacy policy – Privacy Policy.

• Heat mapping and session recording

  Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
  Some of these services may record sessions and make them available for later visual playback.

  Hotjar Heat Maps & Recordings (Hotjar Ltd.)

  Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
  Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

  Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.

  Place of processing: Malta – Privacy Policy – Opt Out.

• Managing contacts and sending messages

  This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
  These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

  SendPulse

  SendPulse is a multi-channel marketing platform used for communications either through email or through messages. SendPulse collects the User's data (e.g. contact details and content of messages) during communication.
  Personal Data collected: email address, phone number, physical address, IP address, name, age.

• Managing data collection and online surveys

  This type of service allows Travellizy to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users.
  The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form.

  These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g. managing contacts, sending messages, analytics, advertising and payment processing.

  Facebook lead ads

  Facebook lead ads is an advertising and data collection service provided by Facebook, Inc. or by Facebook Ireland Ltd, depending on how the Owner manages the Data processing, that allows form-based ads to be shown to Users pre-populated with Personal Data from their Facebook profiles, such as names and email addresses. Depending on the type of advertisement, Users may be requested to provide further information.

  Form submission results in the collection and processing of these Data by the Owner under this privacy policy, and only for the specific purpose outlined on the form and/or inside this privacy policy, where provided.

  Users may exercise their rights, at any time, including the right to withdraw their consent to the processing of their Data, as specified in the section containing information about User rights in this privacy policy.

  Personal Data processed: Cookies.

  Place of processing: United States – Privacy Policy – Opt out; Ireland – Privacy Policy – Opt out.

  Enquiz

  Enquiz is a survey builder and data collection platform. Personal data collected: email address, phone number, name.

• Registration and authentication

  By registering or authenticating, Users allow Travellizy to identify them and give them access to dedicated services.
  Depending on what is described below, third parties may provide registration and authentication services. In this case, Travellizy will be able to access some Data, stored by these third-party services, for registration or identification purposes.
  Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.

  Google OAuth (Google Ireland Limited)

  Google OAuth is a registration and authentication service provided by Google Ireland Limited and is connected to the Google network.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

  Sign in with Apple (Apple Inc.)

  Sign in with Apple is a registration and authentication service provided by Apple Inc. In cases where Users are required to provide their email address, Sign in with Apple may generate a private relay address on behalf of Users that automatically forwards messages to their verified personal email account - therefore shielding their actual email address from the Owner.

  Personal Data processed: email address; first name; last name; phone number.

  Place of processing: United States – Privacy Policy.

  Facebook Authentication (Facebook Ireland Ltd)

  Facebook Authentication is a registration and authentication service provided by Facebook Ireland Ltd and is connected to the Facebook social network.

  Personal Data processed: Tracker; various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

• Registration and authentication provided directly by Travellizy

  By registering or authenticating, Users allow Travellizy to identify them and give them access to dedicated services. The Personal Data is collected and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the service requested by the Users.

  Direct registration (Travellizy)

  The User registers by filling out the registration form and providing the Personal Data directly to Travellizy.

  Personal Data processed: address; country; date of birth; email address; first name; gender; last name; phone number.

• Remarketing and behavioral targeting

  This type of service allows Travellizy and its partners to inform, optimize and serve advertising based on past use of Travellizy by the User.
  This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
  Some services offer a remarketing option based on email address lists.
  In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

  Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

  Facebook Remarketing (Facebook, Inc.)

  Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of Travellizy with the Facebook advertising network.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy – Opt Out.

  Google Ads Remarketing

  Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, that connects the activity of Travellizy with the Google Ads advertising network and the DoubleClick Cookie.

  Users can opt out of Google's use of Trackers for ads personalization by visiting Google's Ads Settings.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.

• Selling goods and services online

  This type of service helps the Owner to sell goods, provide services or monetize online content. To this end, the services listed below may for instance allow the Owner to process payments, set up subscription models, track orders, and manage deliveries.

  Agency services

  As part of its main activity of mediation in the field of tourism, Travellizy collects and transfers personal data to the carrier or service provider for the conclusion or performance of a contract concluded in the interest of the User.
  Personal data collected for the purpose of making a payment may relate to a credit card, a bank account used for cashless payments, or any other stipulated payment method. The nature of the Data that the Application collects depends on the payment system used.
  The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by Travellizy depends on the booked service.
  
  Personal Data processed: various types of Data.

• Tag Management

  This type of service helps the Owner to manage the tags or scripts needed on Travellizy in a centralized fashion.
  This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.

  Google Tag Manager

  Google Tag Manager is a tag management service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing.

  Personal Data processed: Usage Data.

  Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

• User database management

  This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to Travellizy, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving Travellizy.
  Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on Travellizy.

  Intercom

  Intercom is a User database management service provided by Intercom R&D Unlimited Company or by Intercom Software UK Limited, depending on how the Owner manages the Data processing.
  Intercom can also be used as a medium for communications, either through email, or through messages within Travellizy. Intercom Messenger may use Trackers to recognize and track Users behavior.

  Personal Data processed: Cookies; Data communicated while using the service; email address; Universally unique identifier (UUID); Usage Data; various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy; United Kingdom – Privacy Policy.

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

• Browser Fingerprinting

  Browser Fingerprinting creates an identifier based on a device's unique combination of characteristics (e.g. IP address, HTTP header, browser properties etc.), that allows to distinguish the User from other Users, thereby enabling to track the User's browsing behavior across the web. Browser Fingerprinting does not have an expiration date and cannot be deleted.

• localStorage

  localStorage allows Travellizy to store and access data right in the User's browser with no expiration date.

• Preference Cookies

  Preference Cookies store the User preferences detected on Travellizy in the local domain such as, for example, their timezone and region.

• The Service is not directed to children under the age of 13

  Users declare themselves to be adult according to their applicable legislation. Minors may use Travellizy only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use Travellizy.

• sessionStorage

  sessionStorage allows Travellizy to store and access data right in the User's browser. Data in sessionStorage is deleted automatically when the session ends (in other words, when the browser tab is closed).

Cookie Policy

Travellizy uses Trackers. To learn more, Users may consult the Cookie Policy.

Transfer of Personal Data outside of the European Union

Data transfer to countries that guarantee European standards

If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out according to an adequacy decision of the European Commission.
The European Commission adopts adequacy decisions for specific countries whenever it considers that country to possess and provide Personal Data protection standards comparable to those set forth by EU data protection legislation. Users can find an updated list of all adequacy decisions issued on the European Commission's website.

Other legal basis for Data transfer abroad

If no other legal basis applies, Personal Data shall be transferred from the EU to third countries only if at least one of the following conditions is met:

• the transfer is necessary for the performance of a contract between the User and the Owner or of pre-contractual measures taken at the User’s request;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the User between the Owner and another natural or legal person;
• the transfer is necessary for important reasons of public interest;
• the transfer is necessary for establishment, exercise or defence of legal claims;
• the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;
• the data transferred is sourced from a public register created under the law of the country that the data originates from;
• subject to further conditions, the Owner has a compelling legitimate interest to perform a one-off transfer of Personal Data.

In such cases, the Owner shall inform the User about the legal bases the transfer is based on via Travellizy.

Transfer of Personal Data outside of the United Kingdom

Data transfers according to a UK adequacy regulation

If this is the legal basis, the transfer of Personal Data from the UK to third countries may take place according to a so called “adequacy regulation” of the UK Government.

The UK Government adopts adequacy regulations for specific countries or territories whenever such countries or territories guarantee Personal Data protection standards comparable to those set forth by UK data protection legislation. Users can find an updated list of all adequacy regulations on the website of the Information Commissioner’s Office (ICO).

Other legal basis for Data transfer abroad (UK)

If no other legal basis applies, Personal Data shall be transferred from the UK to third countries only if at least one of the following conditions is met:

• the transfer is necessary for the performance of a contract between the User and the Owner or of pre-contractual measures taken at the User’s request;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the User between the Owner and another natural or legal person;
• the transfer is necessary for important reasons of public interest;
• the transfer is necessary for establishment, exercise or defence of legal claims;
• the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;
• the data transferred is sourced from a public register created under UK law;
• subject to further conditions, the Owner has a compelling legitimate interest to perform a one-off transfer of Personal Data.

In such cases, the Owner shall inform the User about the legal bases the transfer is based on via Travellizy.

Further information for Users in Brazil

This section of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running Travellizy and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).
This section applies to all Users in Brazil (Users are referred to below, simply as “you”, “your”, “yours”), according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy.
This part of the document uses the term “personal information“ as it is defined in the LGPD.

The grounds on which we process your personal information

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:

• your consent to the relevant processing activities;
• compliance with a legal or regulatory obligation that lies with us;
• the carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments;
• studies conducted by research entities, preferably carried out on anonymized personal information;
• the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
• the exercising of our rights in judicial, administrative or arbitration procedures;
• protection or physical safety of yourself or a third party;
• the protection of health – in procedures carried out by health entities or professionals;
• our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and
• credit protection.

To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.

Categories of personal information processed

To find out what categories of your personal information are processed, you can read the section titled “Detailed information on the processing of Personal Data” within this document.

Why we process your personal information

To find out why we process your personal information, you can read the sections titled “Detailed information on the processing of Personal Data” and “The purposes of processing” within this document.

Your Brazilian privacy rights, how to file a request and our response to your requests

Your Brazilian privacy rights

You have the right to:

• obtain confirmation of the existence of processing activities on your personal information;
• access to your personal information;
• have incomplete, inaccurate or outdated personal information rectified;
• obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
• obtain information on the possibility to provide or deny your consent and the consequences thereof;
• obtain information about the third parties with whom we share your personal information;
• obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;
• obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in art. 16 of the LGPD apply;
• revoke your consent at any time;
• lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
• oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
• request clear and adequate information regarding the criteria and procedures used for an automated decision; and
• request the review of decisions made solely on the basis of the automated processing of your personal information, which affect your interests. These include decisions to define your personal, professional, consumer and credit profile, or aspects of your personality.

You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

How to file your request

You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.

How and when we will respond to your request

We will strive to promptly respond to your requests.
In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.

In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.
You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.
In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.

In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request — except in cases where such communication is proven impossible or involves disproportionate effort on our side.

Transfer of personal information outside of Brazil permitted by the law

We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:

• when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;
• when the transfer is necessary to protect your life or physical security or those of a third party;
• when the transfer is authorized by the ANPD;
• when the transfer results from a commitment undertaken in an international cooperation agreement;
• when the transfer is necessary for the execution of a public policy or legal attribution of public service;
• when the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.

Additional information for Users in Brazil

Transfer of personal information outside of Brazil to countries that guarantee the same protection standards as LGPD

We can transfer your personal information outside of the Brazilian territory, if the destination country, or the international organization which receives the personal information, provides an adequate level of protection of the personal information according to the ANPD.
The ANPD authorizes such transfers whenever it considers that country to possess and provide personal information protection standards comparable to those set forth by the LGPD, having taken into account the following:

• the general and sectoral rules of the legislation in force in the country of destination or in the international organization;
• the nature of the personal information subject to the transfer;
• the compliance with the general principles on the protection of the personal information and on the rights of the individuals as set forth in the LGPD;
• the adoption of suitable security measures;
• the existence of judicial and institutional guarantees for the respect of personal information protection rights; and
• any other pertinent circumstance related to the relevant transfer.

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of Travellizy or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, Travellizy may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, Travellizy and any third-party services may collect files that record interaction with Travellizy (System logs) or use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within Travellizy and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.