Privacy Policy — Holiday Xpert LTD
This Privacy Policy explains how Holiday Xpert LTD (“Holiday Xpert LTD”, “we”, “us”, “our”) collects, uses, shares, and protects your information when you visit our websites, contact us, or use our travel search and booking services (the “Services”). By using the Services, you agree to this Policy and to any additional notices we present at the time we collect your information.
1) Who We Are
Holiday Xpert LTD provides online travel search and booking assistance for flights and related services.
Data Controller (outside of vendor processing): Holiday Xpert LTD, Holidayxpert Ltd. N S Adhikari 20-22 Wenlock Road LONDON N1 7GU United Kingdom.
Contact: Info@holidayxpertltd.com.
If you are located in the EEA/UK, the controller is the same; we may appoint an EU/UK representative where required (details available upon request).
2) Scope & Changes
This Policy applies to information we collect online via our websites and any official forms, chats, or phone lines that reference this Policy. It does not cover third-party websites or services you access through links from our site. We may update this Policy from time to time. When we make material changes, we will revise the “Last Updated” date and, where appropriate, provide additional notice.
3) Information We Collect
We collect information in three main ways: (a) directly from you, (b) automatically from your devices, and (c) from partners.
| Category (CPRA/State Law) | Examples | Business / Commercial Purpose | Retention (typical) |
|---|---|---|---|
| Identifiers | Name, email, phone, postal address, account IDs, device IDs, GCLID/UTM | Account creation, quotes, booking, support, security, marketing (with consent/opt-out controls) | Account life + up to 3 years; logs up to 24 months |
| Customer Records | Trip details, passenger names, dates, preferences | Booking, itinerary management, customer service | Contract life + legal retention (often 7 years for financial records) |
| Commercial Information | Quotes, purchases, refunds, vouchers | Fulfillment, accounting, fraud prevention | Up to 7 years (tax/audit) |
| Internet/Network Activity | Pages viewed, clicks, referring sites, approximate location, cookie IDs | Site operations, analytics, security, marketing measurement | Analytics 24 months (typical); security logs up to 12 months |
| Geolocation (approx.) | Derived from IP (city/region level) | Localization, fraud prevention, compliance | Logs up to 12 months |
| Payment Data | Last 4 digits, tokenized payment references | Billing, refunds, chargeback handling | Up to 7 years (financial records) |
| Sensitive Personal Information (we minimize) | Government ID only if law requires for specific services; accessibility notes if voluntarily provided | Regulatory checks; assistance requests you ask us to relay to providers | Only as long as necessary for the request/requirement |
| Communications | Emails, chat transcripts, call summaries | Support, training, quality assurance, dispute resolution | 12–36 months (typical), longer if required for legal claims |
4) Where We Get Your Information
- Directly from you: forms, calls, chat, email, booking details, feedback.
- Automatically: cookies, pixels, SDKs, server logs, and similar technologies.
- Partners & providers: airlines and travel suppliers, payment processors, fraud-prevention and analytics partners, marketing and ad networks.
- Public/enterprise sources: lawful sources such as anti-fraud databases, or corporate client administrators if your travel is arranged through a business account.
5) How We Use Your Information
- Provide the Services: quotes, bookings, ticketing, itinerary changes, notifications.
- Customer support: answer enquiries, troubleshoot issues, process refunds/credits.
- Security & fraud prevention: detect, prevent, and investigate fraud or misuse.
- Analytics & improvement: understand usage and improve performance and experience.
- Marketing & personalization: send offers (where permitted), measure campaign effectiveness; you can opt out.
- Legal & compliance: tax, accounting, audits, regulatory requests, enforcing terms.
GDPR/UK legal bases (where applicable): contract performance, legitimate interests (e.g., security, analytics), consent (for certain cookies/marketing), and legal obligations.
6) How We Share Information
- Travel providers: airlines and related suppliers to fulfil your booking under their terms.
- Service providers (processors): hosting, payments, email/SMS delivery, analytics, anti-fraud, customer support tools—bound by contracts to process data on our behalf.
- Business partners: where you choose to link, bundle, or purchase third-party insurance, hotels, or transport.
- Advertising & measurement partners: to measure and improve our ads; see Cookie Policy.
- Compliance & legal: to comply with law, enforce terms, protect rights, security, or safety.
- Corporate transactions: during mergers, acquisitions, financing, or asset transfers, subject to confidentiality.
7) Cookies, Ads & Analytics
We use cookies and similar technologies to run our site, keep you signed in, remember preferences, perform analytics, and (with your consent or as allowed) deliver and measure advertising. You can manage choices via our cookie banner, your browser settings, or our Privacy Policy page. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of certain cookie-based “sale”/“share” activities where required by law.
| Cookie Category | Examples | Opt-Out? |
|---|---|---|
| Strictly Necessary | Session ID, load balancing, security | No (required for the site to work) |
| Functional | Preferences, saved searches | Yes (via banner/settings) |
| Analytics | Traffic stats, error diagnostics | Yes |
| Advertising/Measurement | Conversion tags, retargeting pixels | Yes (and via GPC where honored) |
Opting out of advertising cookies won’t stop ads entirely but may make them less relevant. Browser-level cookie blocking can affect site features. For mobile ads, adjust your device’s ad tracking settings.
8) Retention
We keep information only as long as reasonably necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Typical retention periods are listed in the table above. We may retain anonymized or aggregated data that does not identify you to improve our Services.
9) Security
We implement administrative, technical, and physical safeguards to protect your information (e.g., encryption in transit, access controls, monitoring). However, no method of transmission or storage is 100% secure. You are responsible for safeguarding your account credentials and for notifying us promptly if you suspect unauthorized use.
10) Your Privacy Choices & Rights (U.S.)
Depending on your state (e.g., CA, CO, CT, UT, VA), you may have rights to request: (a) access/know, (b) correction, (c) deletion, (d) portability, and (e) to opt out of certain processing (e.g., targeted advertising, “sale”/“sharing” of personal information, and certain profiling).
- Submit a request: email Info@holidayxpertltd.com.
- Verification: We may ask for information to verify your identity and state residency.
- Authorized agents (CA): You may designate an agent; we may require proof of authorization.
- Opt-out of sale/share/targeted ads: Use the banner, our Privacy Choices page, or send a GPC signal.
- Non-discrimination: We will not discriminate against you for exercising your rights.
California residents can also request a list of certain third parties to whom we disclosed personal information for their own direct marketing in the preceding year (“Shine the Light”); contact us to submit this request.
11) Your Rights (EEA/UK)
If you are in the EEA/UK, you have rights to access, rectify, erase, restrict, port, and object to processing, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your local supervisory authority. To exercise rights, contact us at Info@holidayxpertltd.com.
Where we rely on legitimate interests, we balance our interests against your rights; you may object at any time.
12) International Transfers
We operate in the United States and may transfer your information to providers and processors in other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.
13) Children’s Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without appropriate parental consent as required by law. If you believe a child has provided us personal information, contact us and we will take appropriate action. For EEA/UK, we do not knowingly collect from children under the applicable local age of digital consent without required approvals.
14) Automated Decision-Making & Profiling
We do not make decisions with legal or similarly significant effects solely through automated means. We may use limited profiling for fraud prevention, service personalization, and advertising measurement; you can opt out of certain advertising profiling via our cookie settings and Privacy Choices page.
15) Appeals & Complaints
If we decline your US state-law request, you may appeal by replying to our decision email with “Privacy Appeal” in the subject line. For GDPR/UK, you may contact your supervisory authority if you are not satisfied with our response.
16) Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. If changes materially affect your rights, we will provide additional notice where required and post the new Policy with an updated date.
17) Contact Us
Questions about these Terms? Contact our support team:
Email: Info@holidayxpertltd.com
Phone: 1 (844) 352-8649
Mailing Address: Holiday Xpert LTD, Holidayxpert Ltd. N S Adhikari 20-22 Wenlock Road LONDON N1 7GU United Kingdom
At-a-Glance Summary
- We collect information to provide quotes, bookings, support, security, analytics, and (with controls) marketing.
- You can manage cookies in our banner and at /privacy-choices; we honor GPC where required.
- US residents can request access, deletion, correction, and opt-out of sale/share/targeted ads.
- EEA/UK residents have GDPR rights and can contact supervisory authorities.
- We keep data only as long as needed, then delete or anonymize it.
