US USD

Privacy Policy

Comprehensive Data Protection Standards & Transparency Report

Effective Date: March 19, 2024 | Version 2.1

At orientatrips.com, we operate with a "Privacy by Design" philosophy. This policy outlines our rigorous standards for data collection, processing, and protection in compliance with global regulations.

1. Introduction and Scope

This Privacy Policy applies to all services provided by orientatrips.com ("we," "us," or "our"), including our website, mobile applications, and API integrations. We act as a data controller for the information collected through our platform. By using our services, you acknowledge the practices described herein.

2. Information We Collect

2.1 Personal Identification Information

We may collect personal information that you voluntarily provide, such as your name, email address, and contact details when you subscribe to our newsletter, create an account, or contact support.

2.2 Automated Data Collection (Log Files)

Our servers automatically record information sent by your browser ("Log Data"). This includes:

  • Internet Protocol (IP) Address: Used for regional localization and security monitoring.
  • Browser Fingerprinting: Browser type, version, and language settings to optimize UI rendering.
  • Path Analysis: The specific pages of our site that you visit, the time and date of your visit, and the time spent on those pages.
  • Referrer Headers: The website you visited immediately before arriving at orientatrips.com.

2.3 Search and Intent Data

To improve our recommendation engine, we process search parameters including origins, destinations, dates, and passenger counts. This data is typically pseudonymized and used for aggregate market analysis.

3. Cookies and Tracking Technologies

We use a combination of "first-party" and "third-party" cookies to enhance functionality:

  • Essential Cookies: Necessary for core site functionality (e.g., CSRF protection, session management).
  • Performance Cookies: We utilize Google Analytics and Mixpanel to understand user behavior. These tools collect data in an anonymous form.
  • Ad-Tech Integration: We may use pixels from platforms like Meta or Google to measure the effectiveness of our marketing campaigns.

You can manage cookie preferences through your browser settings, though some features may become unavailable.

4. Data Usage and Processing Legal Basis

We process your data based on the following legal frameworks:

  • Contractual Necessity: To provide the search services you request.
  • Legitimate Interest: To improve our platform, prevent fraud, and maintain security.
  • Consent: For marketing communications where you have explicitly opted in.

5. Data Sharing and Third-Party Disclosure

We do not sell your personal data. However, sharing is necessary in specific scenarios:

  • Redirect Partners: When you click "Book", we pass necessary intent parameters to the airline or travel agency to facilitate your booking.
  • Service Providers: Cloud hosting (e.g., AWS/Google Cloud), email delivery services, and security vendors.
  • Legal Compliance: We may disclose data if required by a court order or to protect the safety and rights of our users.

6. International Data Transfers

As a US-based company with global users, your data may be transferred to and processed in the United States. We ensure that such transfers comply with Standard Contractual Clauses (SCCs) and provide an equivalent level of protection to that guaranteed by the GDPR and UK Data Protection Act.

7. Your Legal Rights

Depending on your jurisdiction (e.g., EU, UK, California, Virginia), you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain conditions.
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Opt-Out: Specifically regarding the "sale" or "sharing" of personal information (CCPA/CPRA).

8. Data Security and Retention

We employ End-to-End Encryption (E2EE) for sensitive data in transit and AES-256 encryption at rest. We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, typically not exceeding 24 months for inactive records unless required by tax or legal obligations.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will take immediate steps to delete the information.

10. Contact and Data Protection Officer (DPO)

For any privacy-related inquiries or to exercise your rights, please contact our Data Protection Team:

Email: privacy@orientatrips.com
Address: Data Privacy Office, orientatrips.com, New York, NY, USA.