Privacy Policy

1. Overview

Roamer ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our B2B travel booking platform.

We comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Roamer is the data controller for the personal information we collect about you. Our contact details are provided in the "Contact Us" section below.

2. Information We Collect

Information You Provide Directly

• Account Information: Name, email address, phone number, business details, payment information
• Business Information: Company name, address, tax identification numbers, banking details
• Communication Data: Messages, support requests, feedback, and correspondence
• Tour Content: Descriptions, images, pricing, and availability information you upload
• Transaction Data: Booking details, payment information, refund requests

Information We Collect Automatically

• Usage Data: How you interact with our platform, features used, time spent
• Technical Data: IP address, browser type, device information, operating system
• Log Data: Access times, pages viewed, errors encountered
• Performance Data: Platform performance metrics and analytics

Information from Third Parties

• Payment Processors: Transaction details, payment status, fraud detection data
• Integration Partners: Data from connected services and APIs
• Public Sources: Business verification information from public databases

3. How We Use Your Information

Platform Operations

• Provide access to our booking platform and services
• Process bookings, payments, and refunds
• Manage your account and user profile
• Facilitate communication between operators and customers
• Generate reports and analytics for your business

Business Operations

• Verify your business credentials and prevent fraud
• Calculate and process commission payments
• Provide customer support and technical assistance
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our terms

Platform Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Monitor platform performance and security
• Conduct research and analytics

4. Information Sharing

When We Share Information

• Service Providers: Payment processors, hosting providers, analytics services
• Business Partners: Integration partners and affiliated services
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Consent: When you explicitly consent to sharing

Customer Data

Customer booking information is shared with relevant tour operators to fulfill services. We act as a data processor for this information on behalf of operators.

5. Data Security

Security Measures

• Encryption of data in transit and at rest
• Secure hosting infrastructure with access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection practices
• Incident response procedures for data breaches

Payment Security

We use PCI DSS compliant payment processors and do not store complete payment card information on our servers.

6. Data Retention

Retention Periods

• Account Data: Retained while your account is active and for 7 years after closure
• Transaction Data: Retained for 7 years for accounting and legal purposes
• Communication Data: Retained for 3 years or until resolved
• Technical Data: Retained for 2 years for platform improvement

Data Deletion

We securely delete personal data when it's no longer needed, except where required by law or legitimate business interests.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Access Rights

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data

Control Rights

• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

8. Cookies & Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for platform functionality and security
• Performance Cookies: Help us understand how the platform is used
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into platform usage and performance

Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect platform functionality.

9. Third-Party Services

Integrated Services

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Google Analytics: Platform analytics and usage insights
• Hosting Providers: Cloud infrastructure and data storage
• Email Services: Transactional and marketing communications

These services have their own privacy policies and data handling practices.

10. International Data Transfers

We may transfer your personal data to countries outside the UK/EEA for processing. When we do:

• We ensure adequate protection through approved mechanisms
• We use Standard Contractual Clauses where appropriate
• We conduct transfer impact assessments
• We implement additional safeguards as necessary

11. Children's Privacy

Our platform is designed for business use and is not intended for individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information promptly.

12. Marketing Communications

Opt-In Basis

• We only send marketing emails with your consent
• You can opt out at any time using unsubscribe links
• We respect your communication preferences
• Transactional emails are sent regardless of marketing preferences

13. Legal Basis for Processing

Our Legal Grounds

• Contract Performance: To provide our platform services
• Legitimate Interests: Platform improvement, fraud prevention, business operations
• Legal Obligation: Compliance with financial and regulatory requirements
• Consent: Marketing communications and optional features

14. Privacy Policy Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to account holders
• Platform notifications
• Website posting with 30 days notice

Continued use of our platform after changes constitutes acceptance of the updated policy.

15. Contact Us

16. Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):