Privacy Policy

Effective Date: May 16, 2026
Previous Version: May 1, 2026

1. Introduction

We value your privacy and are committed to protecting your personal information. This policy explains how we collect, use, store, and protect your data in compliance with GDPR, CCPA, and other applicable privacy laws.

2. Data Controller Information

Company: Travel Wires
Website: travelwires.com
Email: privacy@travelwires.com
General Contact: office@travelwires.com
DPO Contact: dpo@travelwires.com

3. Legal Basis for Processing

We process your data based on:

• Consent: When you explicitly agree (withdrawable anytime)
• Contract: To fulfill our press release distribution services
• Legal Obligation: Compliance requirements
• Legitimate Interest: Business operations and service improvement (with balancing test)

4. Information Collection

4.1 Information You Provide

• Account registration data (name, email, company, phone)
• Press release content and media files
• Payment information (processed by PCI DSS compliant third parties)
• Communications and support requests
• Profile preferences and distribution settings
• Marketing preferences (granular consent per channel)

4.2 Automatically Collected Data

• Technical Data: IP address, device type, browser, operating system
• Usage Analytics: Pages visited, time spent, press releases viewed
• Performance Data: Loading times, error reports, system diagnostics
• Location Data: General location (city/country level, if permitted)

4.3 Cookies and Tracking Technologies

Cookie Categories

• Essential Cookies: Required for site functionality (cannot be disabled)
• Analytics Cookies: Google Analytics, performance monitoring (opt-in)
• Marketing Cookies: Advertising and remarketing (explicit consent required)

Cookie Consent Management

Users can manage cookie preferences through our consent management platform:

1. Click “Cookie Preferences” in the footer or banner
2. Select/deselect categories: Essential, Analytics, Marketing
3. Save preferences (applies immediately across all sessions)
4. Withdraw consent anytime via same mechanism
5. Essential cookies cannot be disabled as they are necessary for site functionality

Consent Withdrawal for Cookies

• Online: Cookie banner “Manage Preferences” → Uncheck categories → “Save”
• Account Settings: Login → Privacy Settings → Cookie Management → Update preferences
• Email: Contact privacy@travelwires.com with “Cookie Opt-Out” subject line

5. Data Usage Purposes

• Press Release Distribution: Processing and distributing your press releases to our network
• Account Management: User registration, authentication, service access
• Communication: System notifications, distribution confirmations, support responses
• Service Improvement: Platform optimization, feature development, user experience enhancement
• Marketing Communications:
  • Newsletter about travel industry trends (separate consent)
  • Service updates and new features (separate consent)
  • Industry event notifications (separate consent)
• Analytics & Reporting: Distribution performance metrics, audience analytics
• Security & Fraud Prevention: Platform protection, abuse prevention, system monitoring
• Legal Compliance: Regulatory requirements, dispute resolution

6. Data Sharing and Transfers

6.1 Third-Party Service Providers

We share data only with processors who provide adequate data protection:

• Analytics: Google Analytics (anonymized IP, data retention limits)
• Email Services: Mailchimp (GDPR-compliant processors)
• Cloud Infrastructure: Cloudflare (Standard Contractual Clauses 2021)
• Distribution Network: Travel industry publications and websites (with consent)

6.2 International Data Transfers

Data may be transferred outside your country with these safeguards:

• EU-US Data Privacy Framework (adequacy decision)
• European Commission Standard Contractual Clauses (2021 version)
• UK International Data Transfer Agreement (IDTA)
• Binding Corporate Rules where applicable

6.3 Legal Disclosure Requirements

We may disclose information when required by:

• Court orders or valid legal process
• Government requests with proper legal basis
• Protection of rights, property, or safety (good faith belief)
• Business transfers (mergers, acquisitions with privacy protection requirements)

7. Data Security Measures

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based permissions, multi-factor authentication mandatory
• Security Monitoring: 24/7 intrusion detection, automated threat response
• Regular Audits: Annual security assessments and penetration testing
• Staff Training: Quarterly privacy and security awareness programs
• Incident Response: Documented procedures with 72-hour breach notification

8. Data Retention Policies

9. Your Privacy Rights

9.1 Universal Rights (All Users)

• Access: Request copy of your personal data (response within 30 days)
• Rectification: Correct inaccurate or incomplete information
• Erasure: “Right to be forgotten” with legal limitations
• Portability: Receive data in machine-readable format (JSON/CSV)
• Objection: Opt-out of certain processing activities

9.2 Consent Management (Granular Control)

Marketing Communications

• Newsletter Consent: Account Settings → Communications → Newsletter (On/Off)
• Service Updates: Account Settings → Communications → Updates (On/Off)
• Event Notifications: Account Settings → Communications → Events (On/Off)
• Email Withdrawal: Click “Unsubscribe” in any marketing email
• Complete Opt-Out: Email privacy@travelwires.com with “Marketing Opt-Out All”

Data Processing Consent

• Analytics: Account Settings → Privacy → Analytics Consent (On/Off)
• Personalization: Account Settings → Privacy → Personalized Experience (On/Off)
• Third-Party Distribution: Account Settings → Privacy → External Distribution (On/Off)

9.3 How to Exercise Rights

1. Online Portal: Account Settings → Privacy Dashboard → Submit Request
2. Email: privacy@travelwires.com with identity verification (government ID required)
3. Mail: Written request to our registered address with notarized signature
4. Phone: Contact through office@travelwires.com (identity verification required)
5. Response Time: Within 30 days maximum, complex requests may extend to 90 days with notice

10. Children’s Privacy Protection

United States (COPPA Compliance)

We do not knowingly collect personal information from children under 13 years of age. If we discover such collection, we will delete the data immediately and terminate the account.

European Union (GDPR Compliance)

We do not process personal data of children under 16 without verifiable parental consent. Where national law sets a lower age (13-16), we comply with that standard.

Other Jurisdictions

We comply with local age requirements:

• Canada: 13 years (with parental consent verification)
• Australia: 13 years (with guardian notification)
• Brazil (LGPD): 13 years (with parental authorization)

Parental Controls

Parents can request account deletion, data access, or processing restrictions for their children by contacting privacy@travelwires.com with proof of guardianship.

11. California Residents (CCPA Rights)

Enhanced Rights for California Residents

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (with exceptions)
• Right to Opt-Out: Sale of personal information (note: we don’t sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Update inaccurate personal information

CCPA Request Process

1. Online: California Resident Privacy Portal (identity verification required)
2. Email: ccpa-requests@travelwires.com (with California address verification)
3. Processing Time: 45 days (extendable to 90 days with notification)

California “Shine the Light” Law

Annual right to request disclosure of personal information shared with affiliates for marketing purposes. Contact privacy@travelwires.com with “Shine the Light Request” subject.

12. Data Breach Notification Procedures

Regulatory Notification

• EU Supervisory Authorities: Within 72 hours of breach discovery
• State Attorneys General: As required by state breach notification laws
• Federal Agencies: Per sector-specific requirements

User Notification

• High-Risk Breaches: Email notification without undue delay
• Low-Risk Breaches: Notice on website and in next account communication
• Information Provided: Nature of breach, data involved, remedial actions, contact information

13. International Privacy Laws Compliance

Brazil (LGPD)

• Legal Basis: Consent, contract, legitimate interest per LGPD Article 7
• Data Subject Rights: Access, correction, anonymization, blocking, deletion

Canada (PIPEDA/Provincial Laws)

• Privacy Officer: Available through office@travelwires.com
• Accountability: Responsible for compliance with provincial privacy laws
• Breach Notification: Privacy Commissioner notification per requirements

Australia (Privacy Act)

• Privacy Officer: Available through office@travelwires.com
• Notifiable Data Breaches: OAIC notification within requirements
• Australian Privacy Principles: Full compliance with APP framework

14. Data Processing Activity Records

We maintain detailed records of our data processing activities as required by GDPR Article 30. These records include:

• Purposes and legal basis for each processing activity
• Categories of personal data and data subjects
• Recipients and international transfer details
• Data retention periods and security measures

Contact our DPO at dpo@travelwires.com for information about specific processing activities not covered in this policy.

15. Regular Policy Updates and Reviews

Update Notification Process

• Material Changes: 30-day advance email notice to all users
• Minor Updates: Website notice and updated policy posting
• Emergency Changes: Immediate notice with explanation of urgency
• User Acceptance: Continued service use constitutes acceptance after notice period

Version History

Previous policy versions are available for 3 years:

• Version 2.0: May 1, 2026 – Enhanced GDPR compliance
• Version 1.0: January 1, 2025 – Original policy

16. Complaints and Dispute Resolution

Internal Resolution

1. First Contact: privacy@travelwires.com (response within 5 business days)
2. Escalation: Data Protection Officer review (within 15 business days)
3. Executive Review: Management team (within 30 business days)

External Resolution

EU/EEA Residents

• Supervisory Authority: Contact your local Data Protection Authority
• Complaint Process: Submit complaint directly or through our DPO

US Residents

• Federal Trade Commission: consumer.ftc.gov
• State Attorneys General: Varies by state

Other Jurisdictions

• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
• Australia: Office of the Australian Information Commissioner (oaic.gov.au)
• Brazil: Autoridade Nacional de Proteção de Dados (gov.br/anpd)

17. Contact Information

Data Protection Officer: Available through dpo@travelwires.com
Privacy Team Email: privacy@travelwires.com
General Contact: office@travelwires.com
Website: https://www.travelwires.com

Response Commitments:

• General Inquiries: 5-10 business days
• Data Subject Rights: Within 30 days (90 days for complex requests)
• Security Incidents: Within 24 hours
• Press Release Support: Within 48 hours

18. Effective Date and Governing Law

Effective Date: May 16, 2026
Governing Law: Laws of the jurisdiction where Travel Wires is incorporated
Language: This policy is originally written in English. Translations are provided for convenience only.

Legal Notice: This privacy policy is designed to comply with major international privacy regulations including GDPR, CCPA, PIPEDA, LGPD, and the Australian Privacy Act. However, privacy laws vary by jurisdiction and evolve rapidly. We recommend regular legal review and updates to maintain compliance.

Last Reviewed: May 16, 2026
Next Scheduled Review: November 16, 2026

Travel Wires – Daily Travel News And Press Releasesa