If you are a resident of one of many European countries, including the United Kingdom and Switzerland, an important European privacy law (or an equivalent counterpart to it) the General Data Privacy Regulation (the "GDPR") provides you with certain rights, and places certain obligations on companies regarding how your "personal data" (as the GDPR uses that term) is used. We describe those rights and obligations below, and how and in what circumstances we honor them.
We set out our compliance with the GDPR and, to the extent applicable, those other laws, in this section. This notice supplements the information in our Privacy Notice. If you are not located in Europe, different laws may apply; please review our U.S. State Privacy Rights page (if relevant).
GDPR Privacy Rights
Effective as of May 18, 2026
Contents
Introduction Legal Basis Your Rights Exercising Your Rights Questions or ConcernsIntroduction
Legal Basis
The GDPR requires us to tell you about the legal ground we're relying on to process any personal data about you. The legal grounds for us processing your personal data for the purposes set out in Section IV of our Privacy Notice will typically be because:
- You provided your (legally sufficient) consent;
- It is necessary for our contractual relationship, e.g., in order to provide you services or features you've requested and we've promised;
- The processing is necessary for us to comply with our legal or regulatory obligations – for instance, to communicate with you about or to help honor your legal rights; and/or
- The processing is in our legitimate interest. For instance, we may process and share business data collected from our website for our own internal marketing purposes, or other information for purposes of security, data hygiene or validation, in a manner that constitutes a "legitimate interest".
Your Rights
Right to Rectify, Delete, Restrict or Object to the Processing
Your rights to deletion or revocation of consent (sometimes referred to as a right to be forgotten, to restrict processing, or to otherwise object to processing). You have the right to request that we delete your personal data (or where applicable, withdraw your prior consent to our processing of your data). You may also request that we correct or rectify your personal data if it is inaccurate, incomplete or false.
If you request that we delete your personal data, or withdraw your consent, we will customarily retain a copy of your data sufficient to suppress it from our active databases in the future: but if that is not what you wish, you may indicate that to us (in which case your information may be added to our database later, because we will not have "suppressed" it).
Moreover, when we delete your personal data, we may retain it (to the extent legally permissible) for certain important (but narrow) internal purposes such as legal, compliance, accounting or auditing purposes, and in some cases, for security purposes.
Personalized Online Advertising Opt-Outs
You may object to profiling by online advertising platforms with whom we sometimes partner to help generate (and measure or analyze) "personalized" online advertising. These platforms are generally separate third party "controllers" of your data.
You may unsubscribe from marketing and other communications that we may send (on behalf of ourselves or others) by clicking the "opt-out" or "unsubscribe" link in the footer of those emails.
Your Right to Access
In some jurisdictions, you may have the right to request access to a copy of your personal data. When you request access to your personal data, we are required — for privacy and other important compliance reasons — to verify your identity in a legally sufficient manner: if we cannot do so, we will not be able to satisfy your access request.
Please note that as part of the verification process, we may not be able to sufficiently "verify" your identity in a manner sufficient to safeguard against the potential adverse privacy effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another). Because such improper disclosure would likely adversely affect the privacy rights and freedoms of a relevant data subject/consumer, we limit certain personal data we make available.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe your data rights have been violated. In particular, if you are an individual in the European Union, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or of an alleged violation of data protection laws.
Exercising Your Rights
How to Exercise Your Rights
To submit a request to access, rectify, delete, or port your personal data you can submit a request to us by email at [email protected].
Note in the body of the email the specific right you want to exercise. In the subject line, include "<Your State/Country> Consumer Request".
To protect the privacy and security of your personal information, we will attempt to verify your identity before acting on your request. Your request must include details sufficient for us to properly understand, evaluate, and respond to the request.
Please also note that as part of the verification process, we're required to consider:
- the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with; and
- the potential adverse effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another) because such improper disclosure would likely adversely affect the privacy rights and freedoms of the relevant data subject/consumer, we limit certain personal data we make available.
Use of an Authorized Agent
An agent legally authorized to act on your behalf—may make a verifiable request related to your personal information. If you are making a request through an authorized agent, you must provide the authorized agent with written permission to do so, and a power of attorney that fulfills the requirements of the Data Privacy Laws. We may request more information from the authorized agent (or from you) if needed to verify the authorized agent's identity or to avoid any breach of security or instances of fraud.
Minors
We do not knowingly collect personal information of minors (minority age depends on the applicable Privacy Laws) under the age of 13, nor are our Sites or Services developed for, offered to, or directed at children under the age of 13. If you believe that we have collected information of a child under the age of 13, please contact us and we will take appropriate action.
Questions or Concerns
If you have a complaint or concern or question about how we handle your personal data, please contact us at [email protected], and we will seek to address any concerns you may have. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
For personal information covered by this notice and processed in connection with this Site and Services, the controller is iTrip LLC (as described in our Privacy Notice), unless we identify a different controller in a separate notice provided at collection.
For personal information covered by this notice and processed in connection with this Site and Services, the controller is iTrip LLC (as described in our Privacy Notice), unless we identify a different controller in a separate notice provided at collection.