Global Privacy Policy

Updated Jan 2025

TripO Global Privacy Policy

Operated by FreeTravel

1. Introduction

FreeTravel ("we," "us," "our"), the developer and operator of the TripO hotel booking platform ("TripO," the "Platform," the "Services"), is committed to protecting the privacy of our users ("you," "your"). This Privacy Policy explains how we collect, use, disclose, transfer, store, and protect your personal information when you use TripO, including our website and mobile application.

This Privacy Policy applies to all users globally and is designed to comply with applicable data protection laws and regulations, including, but not limited to:

General Data Protection Regulation (GDPR) (European Union)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) (California, USA)
Personal Information Protection Law (PIPL) (China)
Act on the Protection of Personal Information (APPI) (Japan)
Australian Privacy Act 1988 (Australia)
Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)

Please read this Privacy Policy carefully. By accessing or using TripO, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household ("personal information"). We may collect the following categories of personal information:

(a) Information You Provide to Us Directly:

Account Information: When you create a TripO account, we collect your [name, email address, password, date of birth (if required for age verification), phone number].
Booking Information: When you make a hotel reservation through TripO, we collect your [travel details (dates, destination, number of guests), hotel preferences (room type, special requests), guest names, passport or ID information where required by local laws, and any other information necessary to complete your booking].
Payment Information: To process your hotel bookings, we collect your payment card information (card number, expiration date, CVV), billing address, and other transaction details. This information may be securely processed by a third-party payment processor (e.g., Stripe, PayPal), and we may not store your full payment card details on our servers.
Loyalty Program Information: If you link your existing hotel loyalty program accounts to TripO to earn triple rewards, we collect your loyalty program membership number and related details.
Communication Information: When you contact us for customer support, feedback, or other inquiries, we collect the content of your communications, including any attachments you provide.
Survey and Research Participation: If you participate in surveys, contests, promotions, or research studies, we may collect the information you provide in connection with those activities.

(b) Information Collected Automatically:

Usage Data: We automatically collect information about your use of TripO, including [pages or features you access, hotels you view, searches you perform, frequency and duration of your activities, referring/exit pages, date and time stamps].
Device Information: We collect information about the device you use to access TripO, including [device type, operating system, browser type, IP address, unique device identifiers (e.g., IDFA, Android ID), mobile network information, language settings].
Location Data: With your consent, where required by law, we may collect precise or approximate location information from your device using methods such as GPS, Wi-Fi, or cellular network data. This helps us provide location-based services, such as finding hotels near you and offering relevant deals.
Log Data: Our servers automatically record certain information in server logs, including [your web request, IP address, browser type, referring/exit pages, date and time stamps, clicks, and other server activity].
Cookies and Similar Technologies: We and our partners use cookies, web beacons, pixels, and other tracking technologies to collect information about your browsing activities, preferences, and device. (See Section 9 "Cookies and Similar Technologies" for more details).

Hotels and Travel Partners: We may receive information about your bookings from the hotels and other travel partners you book through TripO, such as confirmation details and updates regarding your stay.
Loyalty Programs: If you link your hotel loyalty program accounts, we may receive information from those programs to facilitate the earning and redemption of rewards.
Payment Processors: We may receive confirmation of your payments and other transaction-related information from our payment processors.
Social Media Platforms: If you choose to connect your social media accounts to TripO (e.g., for social login), we may collect information from those platforms, such as your [name, profile picture, email address, and other information you have made public on those platforms]. We will only collect information from your social media accounts in accordance with their privacy policies and your privacy settings on those platforms.
Third-Party Partners: We may receive information about you from our partners, such as [advertising partners, data analytics providers, to better understand user behaviour and preferences].

3. How We Use Your Information

We use the information we collect for various purposes, including to:

(a) Provide and Maintain TripO Services:

Create and manage your TripO account.
Process your hotel bookings and reservations.
Facilitate communication between you and hotels regarding your bookings.
Enable you to earn and redeem TripO points and link your existing hotel loyalty program rewards.
Personalize your experience and tailor hotel recommendations and offers to your interests.
Communicate with you about your bookings, account, updates to our Services, and other important information.
Provide customer support and respond to your inquiries.
Monitor and improve the performance, security, and reliability of TripO.

(b) Research and Development:

Analyze user behavior and trends to improve TripO's features and functionality.
Develop new features, products, and services related to travel and hotel booking.
Conduct research and analysis to understand user needs and preferences in the travel industry.

Send you promotional materials, newsletters, and other marketing communications about TripO, special offers, and travel deals, where permitted by law and in accordance with your preferences. You can opt-out of these communications at any time.
Display targeted advertisements to you on TripO and on third-party platforms, based on your interests and browsing behavior.
Measure the effectiveness of our marketing and advertising campaigns.

(d) Legal Compliance and Safety:

Comply with applicable laws, regulations, and legal processes, such as responding to lawful requests from government authorities or complying with tax reporting obligations.
Protect our rights, property, and safety, and the rights, property, and safety of our users and others, including enforcing our Terms of Service and this Privacy Policy.
Detect, investigate, and prevent fraud, security breaches, unauthorized access, and other illegal or harmful activities.
Comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, where applicable.

(e) Other Purposes With Your Consent: Where required by law, we will obtain your specific consent for other purposes not listed above, such as participation in specific research studies or marketing initiatives.

4. Legal Basis for Processing Your Information (EEA and UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we will only process your personal information where we have a valid legal basis to do so, including:

Consent: Where you have given us your explicit consent to process your personal information for a specific purpose (e.g., to receive marketing emails, to collect precise location data). You can withdraw your consent at any time.
Performance of a Contract: Where processing is necessary to perform a contract with you, such as processing your hotel bookings and providing the TripO services you have requested.
Legal Obligation: Where processing is necessary to comply with a legal obligation, such as responding to a court order or complying with tax regulations.
Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party (e.g., hotels, travel partners), provided that those interests are not overridden by your fundamental rights and freedoms. Examples include:
- Improving and personalizing TripO.
- Detecting and preventing fraud and security breaches.
- Conducting research and analysis to improve user experience.
- Marketing our Services where permitted by law.

5. How We Share Your Information

We may share your information with the following categories of third parties:

(a) Service Providers: We may share your information with third-party service providers who perform services on our behalf, such as:

Payment Processors: To process your payments securely.
Cloud Hosting Providers: To store and manage our data.
Data Analytics Providers: To analyze user behavior and improve our Services.
Customer Support Platforms: To manage and respond to user inquiries.
Email Marketing Services: To send you transactional and promotional emails.
Security and Fraud Prevention Services: To protect against fraud and security breaches.
Other IT and System Administration Services.

These service providers are contractually obligated to use your information only as necessary to provide the services to us and to protect the confidentiality and security of your information. They are not permitted to use your information for their own purposes.

(b) Hotels and Travel Partners: To fulfill your bookings, we need to share your information with the hotels and other travel partners (e.g., airlines, car rental companies, if applicable) you book through TripO. This information may include your [name, contact details, travel dates, room preferences, guest names, passport/ID details, and other information necessary to complete your reservation]. These partners will use your information in accordance with their own privacy policies.

(c) Loyalty Program Partners: If you choose to link your hotel loyalty program accounts to TripO, we may share your information with the relevant loyalty program partners to facilitate the earning and redemption of rewards. We will only share the information necessary for this purpose.

(d) Affiliates and Subsidiaries: We may share your information with our corporate affiliates and subsidiaries within the FreeTravel group of companies for purposes consistent with this Privacy Policy, such as internal administration, business operations, and providing you with a seamless travel booking experience.

(e) Business Transfers: In the event of a merger, acquisition, sale of assets, bankruptcy, or other corporate transaction, your information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to the Privacy Policy that may result.

(f) Legal Compliance and Law Enforcement: We may disclose your information to government authorities, law enforcement agencies, or other third parties if required by law or if we believe in good faith that such disclosure is necessary to:

* Comply with a legal obligation (e.g., a court order, subpoena, search warrant). * Protect our rights, property, or safety, or the rights, property, or safety of our users or others. * Prevent or investigate fraud, security breaches, or other illegal activities. * Enforce our Terms of Service and other agreements.

(g) With Your Consent: We may share your information with other third parties for purposes not listed above with your explicit consent.

6. International Data Transfers

As a global platform, TripO may transfer your personal information to countries outside of your country of residence, including to countries that may not have the same level of data protection laws as your own. This may be necessary to provide our Services, process your bookings, and fulfill the purposes outlined in this Privacy Policy.

When we transfer your personal information internationally, we will take appropriate safeguards to ensure that your information is protected in accordance with applicable data protection laws. These safeguards may include:

Standard Contractual Clauses (SCCs): We may use SCCs approved by the European Commission (or equivalent clauses in other jurisdictions) when transferring data to countries that are not deemed to provide an adequate level of data protection.
Adequacy Decisions: We may transfer data to countries that have been deemed by the European Commission (or relevant authorities in other jurisdictions) to provide an adequate level of data protection.
Binding Corporate Rules (BCRs): If applicable, we may rely on BCRs within the FreeTravel group of companies to facilitate international data transfers.
Other Legitimate Transfer Mechanisms: We may rely on other transfer mechanisms as permitted by applicable law.

Specific Transfer Mechanisms by Region:

EEA and UK: For transfers of personal information from the EEA or UK to countries outside these regions, we will primarily rely on SCCs or adequacy decisions.
China: For transfers of personal information from China, we will comply with the requirements of the PIPL, which may include conducting security assessments, obtaining separate consent, or using standard contracts issued by the Cyberspace Administration of China (CAC).
Japan: For transfers of personal information from Japan, we will comply with the APPI, which includes obtaining user consent where required and ensuring that the recipient country provides an adequate level of data protection.
Australia: For transfers of personal information from Australia, we will comply with the Australian Privacy Principles, which include taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation12 to the information.

You can request more information about the specific safeguards we use for international data transfers by contacting us using the details provided in Section 14 "Contact Us."

7. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal information. These rights may include:

(a) Right to Access: You have the right to request access to the personal information we hold about you and to receive a copy of that information.

(b) Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

(c) Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, or when you have withdrawn your consent.

(d) Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when the processing is unlawful.

(e) Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller, where technically feasible.

(f) Right to Object: You have the right to object to the processing of your personal information in certain circumstances, such as when the processing is based on our legitimate interests or for direct marketing purposes.

(g) Right to Withdraw Consent: Where we rely on your consent to process your personal information (e.g., for marketing communications), you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

(h) Right to Non-Discrimination (California Residents): We will not discriminate against you for exercising any of your CCPA/CPRA rights.

(i) Right to Opt-Out of Sale or Sharing of Personal Information (California Residents): You have the right to opt-out of the "sale" or "sharing" of your personal information, as defined by the CCPA/CPRA. While we do not sell your information in the traditional sense, certain data sharing practices for targeted advertising may be considered a "sale" or "sharing" under the CCPA/CPRA.

(j) Right to Limit Use of Sensitive Personal Information (California Residents): You have the right to limit the use of your sensitive personal information, as defined by the CPRA, to only those purposes necessary to provide the Services or as otherwise permitted by law.

Specific Rights by Region:

EEA and UK (GDPR): The rights listed above (a-g) are specifically provided under the GDPR.
California (CCPA/CPRA): The rights listed above (a-i, j) are specifically provided under the CCPA/CPRA.
China (PIPL): Similar to the GDPR, the PIPL provides rights including access, rectification, erasure, restriction of processing, and data portability.
Japan (APPI): The APPI provides rights similar to the GDPR, including access, rectification, erasure, and suspension of use.
Australia (Australian Privacy Act): The Australian Privacy Act provides rights related to access, correction, and complaints about the handling of personal information.

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the details provided in Section 14 "Contact Us." We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before fulfilling your request, and we may charge a reasonable fee where permitted by law (e.g., for excessive or repetitive requests).

8. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

To provide you with the TripO services and fulfill your hotel bookings.
To maintain your account and manage your loyalty program participation.
To comply with our legal obligations (e.g., tax, accounting, and record-keeping requirements).
To resolve disputes and enforce our agreements.
To protect against fraud and security breaches.
As necessary for our legitimate business interests, such as improving our Services and conducting research and analysis.

The specific retention period for each category of information may vary depending on the purpose of processing and applicable legal requirements. When your personal information is no longer needed, we will securely delete or anonymize it.

9. Cookies and Similar Technologies

What are Cookies?

Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit a website or use an app. They are widely used to make websites work more efficiently, to improve user experience, and to provide information to website owners.

Types of Cookies We Use:

Strictly Necessary Cookies: These cookies are essential for the operation of TripO and enable you to navigate the platform and use its features, such as accessing secure areas and making bookings. Without these cookies, the Services cannot be provided.
Performance Cookies: These cookies collect information about how you use TripO, such as which pages you visit most often, how long you spend on each page, and if you encounter any errors. This information helps us improve the performance and usability of our platform. Examples include Google Analytics cookies.
Functionality Cookies: These cookies allow TripO to remember your preferences and choices, such as your language preference, region, or login details. This helps us provide you with a more personalized and convenient experience.
Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies may be placed by us or by our advertising partners.

Other Tracking Technologies:

In addition to cookies, we may also use other tracking technologies, such as:

Web Beacons (Pixels): Tiny, transparent images embedded in web pages or emails that allow us to track user behavior, such as whether an email has been opened or a web page has been visited.
Device Fingerprinting: Collecting information about your device's unique characteristics (e.g., browser type, operating system, installed fonts) to create a unique identifier for your device.
SDKs (Software Development Kits): Blocks of code that can be embedded in our mobile app to enable data collection for analytics, advertising, or other purposes.

Your Cookie Choices:

You have several choices regarding the use of cookies and similar technologies:

Browser Settings: Most web browsers allow you to control cookies through their settings. You can usually choose to block all cookies, accept only first-party cookies, or delete cookies when you close your browser. However, please note that blocking or deleting cookies may affect your ability to use some features of TripO.
Cookie Consent Banner: When you first visit TripO, you will be presented with a cookie consent banner that allows you to choose which types of cookies you want to accept. You can manage your cookie preferences through the "Cookie Settings" link in the banner.
Opt-Out of Targeted Advertising: You can opt-out of targeted advertising from participating advertising networks by visiting the following websites:
- Digital Advertising Alliance (DAA): http://optout.aboutads.info/ (US)
- European Interactive Digital Advertising Alliance (EDAA): http://www.youronlinechoices.eu/ (EU)
- Network Advertising Initiative (NAI): http://optout.networkadvertising.org/
Device Settings: Mobile operating systems (iOS, Android) often provide settings to limit ad tracking and control the use of device identifiers for advertising purposes.
"Do Not Track" Signals: Some web browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites requesting that they do not track your browsing activity. However, there is no universally accepted standard for how websites should respond to DNT signals, and we do not currently respond to them.

10. Security of Your Information

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Encryption: We use encryption (e.g., TLS/SSL) to protect data transmitted between your browser and our servers.
Access Controls: We restrict access to your personal information to authorized personnel who need it to perform their job functions.
Data Minimization: We only collect and process the minimum amount of personal information necessary for the purposes outlined in this Privacy Policy.
Regular Security Assessments: We conduct regular security assessments and vulnerability scans to identify and address potential security risks.
Secure Development Practices: We follow secure development practices to build and maintain our platform with security in mind.
Incident Response Plan: We have an incident response plan in place to address any security breaches or incidents that may occur.
Employee Training: We provide regular training to our employees on data security and privacy best practices.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. Children's Privacy

TripO is not intended for use by children under the age of [13/16/18, depending on applicable law in your jurisdiction]. We do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us using the details provided in Section 14 "Contact Us," and we will take steps to delete such information from our systems.

12. Links to Third-Party Websites

TripO may contain links to third-party websites, such as hotel websites, travel partner websites, or social media platforms. We are not responsible for the privacy practices or the content of these third-party websites. When you click on a link to a third-party website, you will be subject to that website's privacy policy. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Effective Date" and "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If we make material changes to this Privacy Policy that significantly affect your rights or how we use your information, we will provide you with more prominent notice, such as by email or through a notification on TripO. Your continued use of TripO after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise your data protection rights, please contact us at:

FreeTravel Beijing Co., Ltd.

eric.qian@freetravel.me