Privacy Policy

Data Controller

SimpelTravels Ltd. is the Data Controller for personal data collected through our Services. For privacy-related inquiries, please contact us at privacy@simpeltravels.com.

Legal Basis for Processing (EU/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data on the following legal bases:

• Contract: Processing necessary for the performance of a contract with you (e.g., processing Bookings, delivering Services);
• Consent: Where you have given your consent (e.g., marketing communications);
• Legitimate Interest: Processing necessary for our legitimate interests, provided these do not override your fundamental rights (e.g., fraud prevention, platform security, analytics); and
• Legal Obligation: Processing necessary to comply with legal or regulatory obligations (e.g., AML/CTF requirements, tax obligations).

2.1 Information You Provide

• Contact information: name, address, email address, telephone number, and other contact details;
• Identity information: passport number, passport expiration date, date of birth, nationality, and government-issued identification details;
• Billing and payment information: credit or debit card details, billing address, and payment preferences (note: cryptocurrency payment details are primarily processed by our third-party Payment Processors);
• Booking information: details of Travel Products and Services you have enquired about or purchased, including traveller names, travel dates, destinations, and special requirements;
• Account information: login credentials, profile preferences, and communication preferences;
• Cryptocurrency wallet addresses: where you choose to provide these in connection with transactions or refunds;
• Loyalty programme details: frequent flyer numbers and membership information;
• Health information: only where voluntarily disclosed by you in connection with special travel requirements;
• Customer service information: feedback, survey responses, and correspondence with our support team; and
• Any additional information you provide through your use of our Services.

2.2 Information from Third Parties

We may receive personal information about you from:

• Service Providers: airlines, hotels, activity operators, and car rental providers, for the performance and verification of your Bookings;
• Payment Processors: our third-party cryptocurrency and fiat payment processors, who may provide us with transaction confirmation details, KYC verification status, and payment method information;
• Analytics and advertising partners: information about your interactions with our ads and Services;
• Social media platforms: where you choose to log in or interact with our Services through social media; and
• Publicly available sources: including public blockchain data associated with cryptocurrency transactions.

2.3 Information Collected Automatically

When you access our Services, we automatically collect:

• Device information: device ID, device type, operating system, browser type, screen resolution, and system configurations;
• Usage information: pages visited, features used, time spent on pages, search queries, click data, and navigation patterns;
• Network information: IP address, approximate geographic location, internet service provider, and connection type;
• Referral information: the website that led you to our Services and the website you visit after leaving; and
• Cookie and tracking data: as described in our Cookie Policy.

2.4 Blockchain Data

We may collect data from activity that is publicly visible on blockchains. This may include blockchain addresses and information regarding cryptocurrency transactions, which may then be associated with other data you have provided to us. You acknowledge that blockchain data is inherently public and immutable, and we have no ability to modify or delete data recorded on a blockchain.

3.1 Providing Our Services

• Processing and managing your Bookings for accommodation, flights, activities, car rentals, and travel packages;
• Facilitating payments through our Payment Processors;
• Delivering Booking Confirmations and travel-related communications;
• Managing your account and responding to your enquiries;
• Processing refunds, cancellations, and changes to Bookings; and
• Administering our loyalty programme, referral programme, and SimpelTravels Token ecosystem.

3.2 Compliance and Security

• Complying with anti-money laundering (AML) and counter-terrorist financing (CTF) requirements;
• Conducting identity verification and fraud prevention;
• Complying with applicable legal and regulatory obligations, including BVI law, GDPR, and sanctions screening;
• Monitoring transactions for suspicious activity; and
• Cooperating with law enforcement and regulatory authorities where required.

3.3 Marketing

Where you have given your consent, we may provide you with news, special offers, promotions, and information about products and services we think may interest you. You may withdraw your consent to marketing communications at any time (see Section 10 below).

3.4 Analytics and Improvement

• Analysing how users access and use our Services to improve our platform;
• Conducting research and developing new features;
• Measuring the effectiveness of our marketing and advertising; and
• Creating aggregated, anonymised, or de-identified data for analytical purposes.

3.5 Protecting Rights and Interests

To protect our rights, privacy, safety, and property, and that of our users and the public, and to enforce our Terms and Conditions.

4.1 Service Providers

We share your information with airlines, hotels, activity providers, car rental operators, and other Service Providers as necessary to fulfil your Bookings.

4.2 Payment Processors

We share transaction-related information with our third-party Payment Processors to facilitate cryptocurrency and fiat payments, conversions, and refunds. Your interactions with Payment Processors are also governed by their respective terms of service and privacy policies.

4.3 Our Group of Companies and Employees

We may disclose your information to our employees, subsidiaries, and affiliated companies to perform duties necessary to provide you with our Services.

4.4 Technology and Infrastructure Partners

We share information with our hosting providers (including Render, with servers in Frankfurt, Germany and London, United Kingdom), analytics providers, and other technology partners who assist in operating our platform.

4.5 Legal and Regulatory Disclosures

We may disclose your information where we believe it is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests;
• Enforce our Terms and Conditions;
• Investigate or prevent fraud, security issues, or other potentially illegal activities;
• Protect the rights, property, or safety of SimpelTravels, our users, or the public; and
• Respond to law enforcement requests and comply with court orders.

4.6 Business Transfers

We may disclose your information in connection with a merger, acquisition, sale of assets, bankruptcy proceeding, or similar business transfer.

4.7 No Sale of Personal Data

SimpelTravels does not sell your personal information to third parties.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority without undue delay, and where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33 of the GDPR (where applicable);
• Where the breach is likely to result in a high risk to your rights and freedoms, notify you without undue delay, providing a clear description of the nature of the breach, the likely consequences, and the measures taken or proposed to be taken to address the breach and mitigate its effects, in accordance with Article 34 of the GDPR (where applicable);
• Maintain an internal register of all data breaches, including the facts relating to the breach, its effects, and the remedial actions taken; and
• Cooperate with any supervisory authority investigation and provide any information requested in connection with the breach.

Where we engage third-party service providers who process personal data on our behalf, we require them to notify us immediately upon becoming aware of any personal data breach affecting your information, so that we may fulfil our own notification obligations.

9.1 Third-Party Analytics

We use service providers, such as Google Analytics, to evaluate the use of our Services. These providers may use cookies and other tracking technologies. To opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.

9.2 Third-Party Payment Processors

To use our Services, you may opt to use payment options that utilise third-party Payment Processors, which may facilitate transactions involving Digital Assets or Cryptocurrencies and/or fiat currencies. SimpelTravels does not hold, store, or have custody of any user funds, Digital Assets, Cryptocurrencies, or fiat currency at any time. All payments are processed exclusively by independent third-party Payment Processors, which bear primary KYC, AML, and CTF responsibility for payment transactions. Your interactions with any third-party Payment Processor are governed by their applicable terms of service and privacy policy. Any personal data collected by Payment Processors for KYC purposes is processed under their own data controller obligations and privacy policies.

9.3 Interest-Based Advertising

We may use third-party advertising networks to serve advertisements on our Services and on third-party websites. You may opt out of interest-based advertising by visiting the relevant opt-out pages provided by the Digital Advertising Alliance, the Network Advertising Initiative, or equivalent bodies in your jurisdiction.

9.4 Social Plugins

Our Services may use social plugins provided by third parties (e.g., Google login, Apple login). If you interact with these plugins, information may be shared with the relevant third party.

Blockchain Data Limitation

Please be aware that we cannot edit or delete any personal information that is stored on a blockchain, as we do not have custody or control over any blockchains. Information stored on the blockchain may include transaction data associated with your wallet address.

16.1 European Economic Area and United Kingdom

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, as described in Section 10. You also have the right to lodge a complaint with your local Data Protection Authority. If you are in the EU, you can find your Data Protection Authority at edpb.europa.eu. If you are in the UK, you can contact the Information Commissioner's Office at ico.org.uk.

16.2 BVI Residents

As a BVI-incorporated company, we comply with the data protection requirements applicable under BVI law, including the Data Protection Act, 2021 (as amended). BVI residents may exercise their rights under applicable local law by contacting us at privacy@simpeltravels.com.

16.3 Other Jurisdictions

If you are located in a jurisdiction with specific data protection laws (such as Brazil's LGPD, Australia's Privacy Act, or other applicable legislation), you may have additional rights. Please contact us for further information about your specific rights.