Easy Trip Planners Limited (“EaseMyTrip”), the owner and operator of EaseMyTrip.co.uk, acts as the controller of personal data collected from individuals in the European Economic Area (referred to as “EEA Individuals,” “you,” or “your”). This data is gathered through the EaseMyTrip.co.uk website (including both desktop and mobile versions) and our contact centers.
This Privacy Policy outlines our general practices regarding the privacy and security of your personal data. During your use of the Website or when interacting with our contact center agents, you will also receive specific “just-in-time” notifications. These include details about the legal basis for data processing, categories of recipients, retention periods, and more, along with a link to this Privacy Policy.
Unless otherwise defined in this Privacy Policy, all terms are as outlined in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
EaseMyTrip's designated representative in the European Union is Duke's Court Travel, based at Mill House, 216-218 Chiswick High Road, Chiswick, London W4 1PD, UK.
The personal data of EEA Individuals is stored by EaseMyTrip in its data centres located in the United States.
EaseMyTrip holds a valid certification under the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks, in accordance with Article 46(1) of the GDPR, to facilitate the transfer of EEA Individuals' personal data to its U.S. data centers for processing. When sharing this data with agents (such as contact centers or service providers) or other controllers (e.g., airlines, hotel chains, or suppliers) in countries not recognized as having adequate data protection by the European Commission, EaseMyTrip ensures these entities adhere to the Privacy Shield Principles. Additionally, EaseMyTrip may utilize Standard Contractual Clauses to maintain a high level of protection for personal data.
For transfers of personal data to non-EEA travel suppliers required to fulfill bookings or purchases (e.g., flights, hotels, or car rentals), EaseMyTrip relies on specific GDPR Article 49 derogations:
Details about our sales activities and email marketing for customers are available in our Sales Privacy Notice. Additional information about other marketing efforts is provided through relevant “just-in-time” notifications.
We retain your personal information as outlined in our retention policy, unless a longer retention period is required by law, such as for the establishment, defense, or exercise of legal claims. You can access our retention policy, including details about the retention of sales data.
EaseMyTrip has a legitimate interest in ensuring cybersecurity and detecting potential criminal activity or threats to public safety. To achieve this, we implement various technical and organizational measures, which involve processing certain data.
We comply with PCI-DSS standards and adopt additional recognized industry practices, such as ISO 27001. For instance, your credit card information is encrypted using Secure Socket Layer (SSL) technology.
Our web servers log essential details such as your IP address, requested pages, request times, referring URLs, browser details, and the status of requests (e.g., 404 errors for non-existent pages). This data helps maintain the Website, ensure service availability, and protect against malicious attacks on our systems.
EaseMyTrip may disclose personal data in response to lawful requests from public authorities, including those related to national security or law enforcement. Additionally, we may share personal data with other third parties when legally required, such as in response to court orders, subpoenas, or other regulatory demands.
In the event of a merger, reorganization, dissolution, or similar corporate change, or if we sell all or a substantial portion of our assets, the personal data we have collected may be transferred to the surviving or acquiring entity. Any such transfer will comply with our commitments regarding the privacy and confidentiality of personal data, as outlined in this Privacy Policy. These terms will remain binding on EaseMyTrip and its legal successors.
Individuals have the right to:
Individuals have the right to object to the processing of their personal data based on EaseMyTrip's legitimate interest. In such instances, EaseMyTrip will cease processing their personal data unless it can demonstrate compelling legitimate grounds for the processing or if the data is needed for the establishment, exercise, or defense of legal claims. Individuals may also object at any time to the processing of their personal data for direct marketing purposes. In these cases, their personal data will no longer be utilized for that purpose. For direct marketing, individuals can typically exercise this right directly through an 'Unsubscribe' link or similar options (such as device settings for push notifications). However, they can always contact care@easemytrip.co.uk (for instance, to opt-out of profiling) using the subject line "GDPR Notice," or reach out to the address provided below.
Please be aware that if you opt out of receiving direct marketing communications from us, we may still send you essential administrative messages via email, which you cannot opt out of (unless a relevant retention schedule or right to erasure request necessitates the deletion of such email addresses).
In accordance with GDPR Article 77, individuals have the right to file a complaint regarding EaseMyTrip's processing of their personal data with a competent supervisory authority. This can be done in the member state of their habitual residence, place of work, or where the alleged GDPR violation occurred, as applicable.
Additionally, individuals may exercise their third-party beneficiary rights under EaseMyTrip's Standard Contractual Clauses, as applicable.
Contact information for EU data protection authorities can be found at : http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
EaseMyTrip's services are not intended for individuals under the age of eighteen (18), and we ask that they refrain from providing personal data to EaseMyTrip through any means.
If we plan to process your personal data for a purpose different from the one for which it was originally collected, we will inform you of that purpose and any other relevant information in a timely manner prior to such processing. Following this notification, the relevant information regarding the processing activity will be revised or added appropriately (either within this Privacy Policy or elsewhere), and the “Effective Date” at the top of this page will be updated accordingly.
If you have any questions regarding our privacy practices, please contact us via email at care@easemytrip.co.uk with the subject line, "GDPR Notice,
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
**Note:** This section regarding the E.U.-U.S. and Swiss-U.S. Privacy Shield is applicable only to personal information processed under the Privacy Shield framework.
**Important Notice for Individuals in the European Economic Area and Switzerland**
EaseMyTrip adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as established by the U.S. Department of Commerce concerning the collection, use, and retention of personal information from European Union member states and Switzerland that is transferred to the United States under the Privacy Shield. EaseMyTrip has certified its compliance with the Privacy Shield Principles for such data. In the event of any discrepancies between the policies outlined in this privacy policy and the rights of data subjects under the Privacy Shield Principles, the Privacy Shield Principles will take precedence. For more information about the Privacy Shield program and to view our certification page, please visit https://www.privacyshield.gov/.
EaseMyTrip is subject to the investigatory and enforcement authority of the Federal Trade Commission (FTC).
In compliance with the EU-US and the Swiss-U.S. Privacy Shield Principles, EaseMyTrip commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Privacy Shield Principles. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact EaseMyTrip at care@easemytrip.co.uk with the subject line, “Privacy Shield.”
EaseMyTrip has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Like many businesses, we engage other companies to provide specific business-related services. We may share personal information with certain types of third-party companies, but only to the extent necessary for them to deliver these services. The types of companies that may receive personal information and their roles include: hosting services, technical support, database management and backup services, information security and fraud detection services, analytics and marketing providers, and contact centers. All these third parties act as our agents, performing services at our direction and on our behalf under contracts that require them to provide at least the same level of privacy protection as outlined in this Privacy Policy and implemented by EaseMyTrip. We may also share personal information with our affiliates to assist in the marketing, sale, and delivery of any services.
In certain circumstances, we may be obligated to disclose personal data in response to lawful requests from public authorities, including those related to national security or law enforcement.
EaseMyTrip's accountability for personal data received under the Privacy Shield and subsequently transferred to a third party is outlined in the Privacy Shield Principles. Specifically, EaseMyTrip remains responsible and liable under these Principles for any third-party agents it engages to process personal data on its behalf if they do so in a manner that is inconsistent with the Principles, unless EaseMyTrip can demonstrate that it is not responsible for the event that caused the damage.
Individuals have the opportunity to opt-out of sharing of their personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to care@easemytrip.co.uk , with the subject line “Privacy Shield.”
We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may provide your consent by sending us an email at care@easemytrip.co.uk
In each instance, please allow us a reasonable time to process your response.
If you submit a request to EaseMyTrip with the subject line "Privacy Shield," we will confirm whether we are processing your personal data under the Privacy Shield framework and will communicate that information to you within a reasonable timeframe. You have the right to access, correct, amend, or delete any personal data processed under the Privacy Shield if it is inaccurate or has been processed in violation of our privacy disclosures. We may charge a reasonable fee to cover our expenses related to this request. Please allow us a reasonable amount of time to respond to your inquiries and requests.
We will retain personal information processed under the Privacy Shield in a manner that identifies you, in accordance with our retention policy outlined above. We may continue to process this personal information for extended periods, but only to the extent that such processing serves legitimate purposes such as archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis, while ensuring compliance with our privacy disclosures. Once these time periods have elapsed, we may either delete your personal information or retain it in a form that does not personally identify you.
EaseMyTrip is committed to ensuring the security and privacy of the personal information collected under the Privacy Shield. We will implement reasonable and appropriate security measures to safeguard your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks associated with processing and the nature of the data, while complying with applicable laws and regulations.