Who do you share data with?

Only vetted sub-processors required to operate our business — Google (Analytics, Workspace, Ads), Meta (Pixel), HubSpot (customer follow-up system), Stripe and Razorpay (payments), our booking page (scheduling), WhatsApp Business, AWS and Cloudflare (hosting). Every sub-processor is bound by a data processing agreement.

Who is your Data Protection Officer?

Our DPO is reachable at dpo@traveltradeinsights.com or by post at TravelTradeInsights — Attention: DPO, Dubai, UAE. We respond to all privacy enquiries within 30 calendar days.

Privacy Policy | TravelTradeInsights

Q: What personal data does TravelTradeInsights collect?

We collect contact data (name, email, phone, company), enquiry content (your message, business type, goals, budget range), website behavioural data (pages viewed, referrer, device, anonymised IP) and — only after engagement — client account credentials, ad platform access, customer follow-up system data and traveller PII required to deliver the services contracted.

Q: What are my data rights?

You have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, plus the right to withdraw consent at any time. These rights apply under EU/UK GDPR, UAE PDPL, India DPDP Act and Saudi PDPL. Email privacy@traveltradeinsights.com to exercise them; we respond within 30 calendar days.

Q: How long do you keep my data?

Enquiry data: 24 months from last interaction. Client engagement data: 7 years after engagement end (statutory retention for financial records). Marketing list data: until consent is withdrawn. Anonymised analytics: 26 months. Specifics are in section 8 of this policy.

1. Who we are

"TravelTradeInsights", "we", "us" and "our" refer to TravelTradeInsights FZ-LLC, a company registered in We operate the website at traveltradeinsights.com and provide digital transformation and growth services exclusively to travel and tourism businesses.

For the purpose of EU/UK GDPR, the data controller is TravelTradeInsights FZ-LLC. For UAE PDPL we are registered with the UAE Data Office. For India DPDP we have appointed a Data Protection Officer for Indian subjects. For Saudi PDPL we are registered with SDAIA. Our Data Protection Officer is reachable at dpo@traveltradeinsights.com.

2. The data we collect

We only collect personal data that is necessary to operate our website, respond to enquiries, deliver services to clients, or to comply with our legal obligations. Specifically:

2.1 Data you give us directly

Enquiry data via our forms or email: name, business email, phone (with country code), company name, business type, primary goal, monthly marketing budget range, your message, country of headquarters.
Call booking data via our booking page: scheduled time, time zone, optional pre-call notes.
Newsletter subscription: email address and language preference.
WhatsApp communication: phone number and message content, processed via the WhatsApp Business API.
Career applications: name, contact details, CV/portfolio, role applied for.

2.2 Data we collect automatically

Device and usage data: anonymised IP address (last octet truncated), browser, operating system, device type, referrer URL, pages viewed, time spent, scroll depth.
Cookies: see our Cookie Policy for the full list of cookies, their purposes and durations.

2.3 Data we collect from clients during an engagement

Authorised access credentials to Google Search Console, Google Analytics, Google Ads, Meta Ads Manager, Bing Webmaster Tools, your customer follow-up system (HubSpot, Zoho, Salesforce, Pipedrive), your booking system, tool that updates your availability everywhere and content management system.
Business documents (NDA, MSA, SOW, invoices, BRD, sitemaps, brand guidelines, product catalogues).
Traveller end-user data only where required to deliver a contracted service (e.g. building a customer follow-up system automation, debugging a booking flow). In every such case we act as a data processor on behalf of the client; the client remains the data controller.

3. How we use your data

We process personal data only for the purposes set out below, and only where we have a lawful basis to do so:

To respond to your enquiry — basis: legitimate interest / pre-contractual steps at your request.
To send our newsletter ("Travel Growth Brief") — basis: consent (you can withdraw at any time via the unsubscribe link).
To deliver contracted services to a client — basis: contract performance.
To improve our website using anonymised analytics — basis: legitimate interest, with consent required for non-essential analytics cookies in the EU/UK.
To meet our legal and regulatory obligations (accounting, tax, anti-money laundering, sanctions screening) — basis: legal obligation.
To protect our security (fraud prevention, system integrity, abuse mitigation) — basis: legitimate interest.

We do not sell personal data to third parties. We do not use your data to train third-party AI/smart AI tool models without explicit, written, opt-in consent.

4. Sub-processors and third parties

To operate our business we rely on a vetted set of sub-processors, each bound by a Data Processing Agreement (DPA) or its equivalent. Current sub-processors:

Google LLC — Workspace (email, drive, docs), Analytics 4, Google Ads, Search Console. Data may be transferred to the United States under EU SCCs and the EU-US Data Privacy Framework.
Meta Platforms Ireland Ltd — Facebook/Instagram Ads, Meta Pixel, WhatsApp Business API. EU SCCs apply.
HubSpot Inc. — customer follow-up system, marketing that runs by itself, email broadcast. Data hosted in the EU region where available.
Stripe Inc. / Stripe Payments Europe Ltd — payment processing for non-GCC clients.
Razorpay Software Pvt. Ltd. — payment processing for Indian clients.
our booking page LLC — appointment scheduling.
Amazon Web Services Inc. — primary cloud hosting (regions: eu-west-2 London, me-central-1 UAE, ap-south-1 Mumbai, depending on client location).
Cloudflare Inc. — CDN, DDoS protection, WAF.
OpenAI, Anthropic, Google (Gemini) — used only with enterprise-grade no-trainingconnections; client data inside engagements is never sent to a public consumer-tier smart AI tool.
Slack, Notion, Linear, Figma, GitHub — internal collaboration. Client data shared only when necessary and only inside private workspaces.

A full, up-to-date sub-processor list is available on request to dpo@traveltradeinsights.com.

5. International data transfers

Because we serve clients across 23 countries from a global team, personal data may be transferred outside your country of residence. Where we transfer data out of the EU/EEA, UK, UAE or other regulated jurisdictions, we rely on:

European Commission Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, where applicable;
Adequacy decisions for jurisdictions recognised by the relevant authority;
The EU-US Data Privacy Framework for transfers to certified US recipients;
Explicit consent or contractual necessity for specific defined transfers.

6. Your rights

Under EU/UK GDPR, UAE PDPL, India DPDP Act, Saudi PDPL and other applicable laws, you have the following rights with respect to your personal data:

Right of access — request a copy of the personal data we hold about you.
Right of rectification — ask us to correct inaccurate or incomplete data.
Right of erasure ("right to be forgotten") — request deletion, subject to legal retention obligations.
Right of restriction — limit how we process your data.
Right of portability — receive your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent — at any time, where processing is based on consent.
Right not to be subject to solely automated decisions — with legal or similarly significant effect.
Right to lodge a complaint with your local supervisory authority (e.g. UK ICO, Irish DPC, UAE Data Office, India Data Protection Board, SDAIA).

To exercise any of these rights, email privacy@traveltradeinsights.com. We will verify your identity and respond within 30 calendar days (extendable by up to 60 days for complex requests, with notice).

7. Cookies and tracking

We use a small number of essential, analytics, marketing and preference cookies. Inside the EU/UK, non-essential cookies are loaded only after explicit opt-in. Outside the EU/UK we operate on a notice-and-choice basis. Full details, categories, retention periods and opt-out mechanisms are in our Cookie Policy.

8. Retention periods

Enquiry / prospect data: 24 months from last interaction, then deleted or anonymised.
Newsletter subscribers: until consent is withdrawn; inactive addresses purged after 24 months of zero opens.
Client engagement records (contracts, invoices, deliverables): 7 years after engagement end, for statutory accounting and tax retention.
Career applications: 12 months unless you opt in to our talent pool (then 24 months).
Website analytics (anonymised): 26 months (Google Analytics default).
Backups: rolling 35-day retention, then permanent deletion.

9. Security

We follow industry-standard technical and organisational security measures: TLS 1.3 in transit, AES-256 at rest, single sign-on with MFA, role-based access control, least-privilege provisioning, encrypted laptops, quarterly access reviews, annual penetration tests, ISO 27001-aligned policies and an incident response runbook with a 72-hour breach notification commitment to data controllers.

10. Children

Our services are aimed at travel and tourism businesses. We do not knowingly collect personal data from individuals under 16. If you believe a child's data has been submitted to us, contact privacy@traveltradeinsights.com and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory requirements or services. We will post the updated version on this page with a new effective date and, where the change is material, notify affected users by email.

12. How to contact us

Privacy questions, data rights requests and complaints:

Email: privacy@traveltradeinsights.com
Data Protection Officer (DPO): dpo@traveltradeinsights.com
Post: TravelTradeInsights FZ-LLC, Attention: Data Protection Officer, Dubai 506564, United Arab Emirates.
EU representative: available on request for EU data subjects.
UK representative: available on request for UK data subjects.

Privacy FAQ

What personal data does TravelTradeInsights collect?

Contact data (name, email, phone, company), enquiry content, website behavioural data (anonymised), and — only after engagement — client account credentials, ad platform access, customer follow-up system data and any traveller PII required to deliver the contracted services.

What are my data rights?

Access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent. These rights apply under EU/UK GDPR, UAE PDPL, India DPDP and Saudi PDPL. Email privacy@traveltradeinsights.com; we reply within 30 days.

Who do you share my data with?

Only vetted sub-processors required to operate the business — Google, Meta, HubSpot, Stripe, Razorpay, our booking page, AWS, Cloudflare, WhatsApp Business. Every sub-processor is bound by a Data Processing Agreement. We do not sell data.

How long do you keep my data?

Enquiry data: 24 months. Client engagement records: 7 years (statutory). Newsletter: until you unsubscribe. Career applications: 12 months. Anonymised analytics: 26 months. Backups: rolling 35 days.

Do you use my data to train AI models?

No. We use enterprise-grade no-trainingconnections from OpenAI, Anthropic and Google. Your data is never sent to public consumer-tier smart AI tools and is not used to train any third-party model without your explicit written consent.