Privacy Policy

Introduction

We at Ibatravels care about your interest in our products and services and we really value your privacy, security, and online safety. Your privacy is very important to us, and we want you to feel comfortable about how we use and share your personal information.

This Privacy Policy explains what personal information we might collect, how we use it, and how we share it through our Website, products, and services (together called the "Services") or when you interact with us.

Through this policy, Ibatravels will tell you about the types of data we collect, store, and process, and the steps we take to keep your personal information safe whenever you use the Website.

If you have any questions, you can find our contact details at the end of this policy. You will also find information on how to update or access your personal information, or how to make a complaint.

This policy may change from time to time. Please check this page regularly to stay updated on any changes. For more details on when we might make changes and how you will be informed, please refer to the section titled "Changes to this Policy" below.

By visiting or using the Website, you agree to the collection, processing, and use of your personal data as described in this Privacy Policy. Your consent can be given by actively checking a box that says, for example, "I have read and understood the privacy policy and I accept it," or by using the Website, which may also be considered as implied consent.

The Types of Personal Information We Collect

We may collect, use, and share the following types of personal data:

Data Category	Description
Identity Data	This includes your first name, last name, username, date of birth, photographs, national insurance number, job title, vehicle registration, age, and gender.
Contact Data	This includes your billing address, delivery address, email address, and phone numbers.
Financial Data	This includes your bank account and payment card information.
Transaction Data	This includes details about payments and donations you’ve made, what products or services you’ve purchased, and any activities you’ve taken part in.
Audio and Electronic Information	This includes call records and email threads.
Technical Data	This includes information automatically collected from your device when you access our Website or Services. This may include your IP address, login details, browser type and version, time zone settings, geolocation, device memory, system languages, installed fonts, browser plugins, operating system, and other device-related data.
Profile Data	This includes your username and password, your purchases or orders, your interests, preferences, feedback, survey responses, products you’ve viewed or searched for, page response times, download errors, time spent on pages, and how you interact with pages (such as scrolling, clicks, or how you leave a page).
Usage Data	This includes information on how you use our Website, products, and services.
Marketing and Communications Data	This includes your preferences on receiving marketing from us and from our third parties, and your communication preferences.
Other Information	This may include your search history, IP address, screen resolution, browser type, operating system, access times, and referring URLs. If you’re using a mobile device, we may collect information that identifies your device, your settings, and your location.
Customer Support Information	When you reach out to our customer support, we collect any inquiries, complaints, or other information you provide to our support team.
Any other information you provide us.

We do not collect any special categories of personal data that include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data. Nor do we collect information about criminal convictions or offenses.

Children

Ibatravels doesn’t intentionally collect personal information from children, unless the child is part of the group traveling. If we find out that a child is trying to share personal information, we will take that information out of our records. If you are a parent or legal guardian and your child has shared personal data with us, please reach out to us so we can delete it.

If You Don’t Provide Personal Data

If we need to collect your personal information by law or because of a contract with you, and you don’t provide the requested details, we won’t be able to complete the agreement or proceed with the service. In such cases, we might need to cancel the service. But we will keep you updated on what’s happening.

How We Collect Your Personal Information

Information You Share on Your Own

We collect personal data like your name or email address when you provide it. For example, you might share info by commenting on the website, signing up for a newsletter, buying a product or service, creating an account, filling out a form, joining a contest, asking for help, or communicating with us.

The types of personal data you might give include:

• Contact details like name, email, address, phone number, gender, title, date of birth, and passport number;
• Usernames and passwords;
• Comments, feedback, or other information you submit, including your experience with the website;
• Payment details like card numbers, billing address, bank account info, reward program details, and promo codes;
• Account login details, which could include social media accounts.

Most of the time, you decide how much information to share. However, not giving required information might stop you from doing certain things, like making a purchase without payment details.

Information We Get from Others

We might receive information about you from other sources. For instance, if you connect your Facebook, Instagram, or Google accounts to your profile, we’ll get your name, email, and profile picture from those accounts.

Automatically Collected Information

We collect some data about you and the device you use to access the website, such as OS version, device model, unique ID, and mobile network data. When you use the website, we gather information about your activity, like how often you use it, usage data, and other data from your device. This can include your IP address, time zone, location, purchase history, the services you use, and other statistical details.

Cookies

A cookie is a small file stored on your device used as an anonymous identifier. Usually, cookies don’t contain personal information.

How Your Information May Be Used

We use the information we collect in the following ways:

• To make your experience with our service better by operating, maintaining, and offering all the features of the service;
• To create your account, identify you as a user, and personalize your website experience;
• To receive payment for your service and communicate with you within the service;
• To send you promotional messages, like newsletters, only if you choose to subscribe. Each email will let you know how to stop receiving future messages;
• To send you administrative emails, such as confirmation emails, technical notices, updates on policies, or security alerts;
• To respond to your questions, comments, or concerns;
• To provide user support when requested;
• To protect, investigate, and prevent unauthorized or illegal activities.

To help improve the service, we might send you information about it. If you don’t want to receive this, you can opt out by sending an email to the address provided below.

Third-Party Use of Personal Information

When you ask us to book a flight or use any service, we will share the personal details you provide with the airline or other company involved. They will then be in control of that information, so it's important to read and understand their privacy policy. If you have questions about how they handle your information, you should contact them directly.

Third-Party Disclosure

We do not sell, trade, or share your personal information with others without giving you clear notice. This does not apply to third-party hosting partners or other companies that help us run our website, do business, or serve our users, as long as they agree to keep your information private. We may also share your information when it’s necessary to follow the law, enforce our policies, or protect our or others’ rights, property, or safety.

However, non-personal information about website visitors may be shared with others for marketing, advertising, or other purposes.

Third-Party Links

Sometimes, we may include or offer services from third parties on our website. These sites have their own privacy policies, and we are not responsible for their content or activities. We aim to maintain the quality and integrity of our site and welcome any feedback you might have about these linked sites.

Third-Party Service Providers

We may share your information with third-party service providers, agents, subcontractors, or other organizations to help us provide products or services. These third parties may include cloud service providers (for hosting and email), advertising agencies, administrative support, or other partners who offer additional services.

When we use third-party service providers, we only share the information they need to perform their tasks. We have a contract with them that requires them to keep your information secure and not use it for any other purpose than what we’ve instructed.

About Electronic Communications

We may contact you via email, text message, or mobile push notifications for the following reasons:

• To send information about our products and services, such as booking confirmations, technical updates, security alerts, and support messages.
• To send marketing communications, including details about contests, offers, promotions, rewards, upcoming events, and other news from us, our group companies, travel partners, or other business partners.
• Occasionally, we may send you emails based on your travel or activity interests to help you find travel-related opportunities on our website.

If you no longer want to receive marketing emails from us, you can click the "unsubscribe" link in the email. If you have an account, you can also opt out through your account settings. Note that even if you opt out of marketing emails, we will still send you service-related messages, like confirmations for future bookings.

Push Notifications (on Mobile Devices)

You can adjust the settings on your mobile device to allow or disable push notifications from us.

SMS Message Service

SMS Transactional Terms

With your consent, we may contact you via phone calls, automated calls, or text messages, using the phone number you provide, for the above purposes.

By signing up for the SMS service, you agree to receive recurring automated marketing texts from or on behalf of our company at the phone number you’ve given. You understand that agreeing to receive these texts is not required to make a purchase. Message and data rates may apply.

Once you opt in, you can cancel the SMS service at any time by replying "STOP" to any message. After that, you will no longer receive SMS messages from us. However, we may still send service-related SMS messages related to existing bookings, such as automated calls or SMS for critical travel information like major schedule changes. If you want to sign up again, you can do so as you did before.

If you need help remembering the keywords, you can reply "HELP" to any message. We will then provide instructions on how to use our service and how to unsubscribe.

Message and data rates may apply for any messages sent to or from you. The frequency of messages depends on your activity. If you have questions about your text or data plan, please contact your wireless provider.

You confirm that you are the account holder for the phone number you provide. If you change your phone number, you must inform us immediately by emailing us at info@ibatravels.com.

You agree to fully compensate us for any claims, expenses, or damages related to your failure to notify us about a phone number change, including but not limited to claims under the Telephone Consumer Protection Act.

For any questions about the SMS message service, you can contact us at:

Phone: +1 (877)-224 1212
Email: customercare@ibatravels.com

Anonymous Data

Sometimes, we use anonymous data, which does not identify you on its own, or when combined with data from other sources, such as a third party. This kind of data may be shared with other parties for purposes like marketing or advertising.

We use third-party tools to track how people use the Website. These tools collect information from your device or the Website, like the pages you visit, the add-ons you use, and other details. This helps us understand how people use the Website and improve it. We process this data along with similar data from other users so that it cannot be used to identify any one person.

Publicly Visible Information

If you create an account or leave a comment, some information may be shown publicly. To make an account, you’ll need to choose a username and password and provide your email address for confirmation. Your email address will never be shared publicly.

Payments

If you buy something from us, we collect details such as your name, address, email, and information about what you’re purchasing. Payments are handled by third-party processors like Klarna or Stripe. For more information about how payment data is managed, please review their terms and privacy policies.

Your Rights Regarding Personal Information

We use different methods to protect your personal information, including administrative, organizational, technical, and physical measures. These help keep your data safe, accurate, and available when needed.

We aim to keep your personal information up to date. If you think there is an error in your data, please let us know and provide the correct details so we can fix it.

You have the right to:

• Opt-out: You can stop receiving emails by clicking the unsubscribe link in our messages. You can also email us at customercare@ibatravels.com to remove your name from our mailing list.
• Access: You can request a copy of the personal information we have about you by email at customercare@ibatravels.com.
• Amend: You can email us at customercare@ibatravels.com to change or update your personal details.
• Forget: You can ask us to delete your personal data, provided it is allowed by law. To request this, please contact us at customercare@ibatravels.com.

Please note that we might keep some data for legal reasons, to complete transactions, or for record-keeping.

If you have any concerns about the way we process your data, please reach out to us. If you are not satisfied with how we handle your data, you may contact us at customercare@ibatravels.com.

Links to Other Websites

Our Site and Services may include links to other websites for your convenience. These websites are operated by companies not connected to Ibatravels. The websites you visit may have their own privacy policies. We advise you to read them if you visit. We are not responsible for the content, privacy practices, or use of any websites that are not part of Ibatravels.

Retention

We keep your information as long as the app is installed on your device or as needed to provide our Services. If you remove the app, we will delete your information, but we might keep copies for legal requirements, such as taxes or accounting, to resolve disputes, or to enforce our agreements.

Personal Information According to European Legislation

If you are using our services within Europe, we have provided a description of the legal grounds we rely on for processing your personal data. We have also outlined our legitimate interests where applicable, as well as the rights you have under EEA legislation.

Please note that we may process your personal data based on more than one lawful basis depending on the purpose for which we are using it. If you need details about the specific legal basis we are using for your data, please contact us.

To Help You Buy Air Tickets and Related Travel Products

To help you buy air tickets and related travel products such as car rentals and hotel bookings – this is our main activity – we process your data.

Type of data:

• Identity
• Contact information
• Financial details
• Transaction data
• Marketing and communications
• Audio and electronic information

Legal basis for processing:

• To perform a contract with you
• To register you as a new or regular customer and start a business relationship
• To process and deliver your order, including:
  1. Managing payments, fees, and charges
  2. Collecting and recovering money we are owed
  3. Providing post-sale customer support

For Internal Use

For internal use that is based on your relationship with us or is compatible with the context in which your data was collected:

Type of data:

• Identity
• Contact information
• Marketing and communications
• Profile data
• Audio and electronic information
• Financial data
• Technical data

Legal basis for processing:

• To perform a contract with you
• To manage our relationship with you, including:
  1. Notifying you about changes to our terms or privacy policy
  2. Asking you to leave a review or take a survey
  3. Sending holiday greetings
• To deliver relevant content and advertisements and to measure or understand their effectiveness
• To use data analytics to improve our platforms, products, and services, as well as our marketing and customer experiences
• To suggest or recommend products or services that may interest you
• To create and manage your online account
• To detect security incidents and protect against illegal or fraudulent activity

To Administer and Protect Our Business

To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data):

Type of data:

• Identity
• Contact information
• Technical data
• Audio and electronic information

Legal basis for processing:

• Necessary for our legitimate interests (such as running our business, providing administration and IT services, ensuring network security, and preventing fraud)
• Required to comply with legal obligations
• To deliver relevant website content and advertisements and to measure or understand the effectiveness of the advertising we serve

To Use Data Analytics

To use data analytics to improve our website and products, as well as our marketing and customer experiences:

Type of data:

• Identity
• Contact information
• Profile data
• Usage data
• Marketing and communications
• Technical data

Legal basis for processing:

• Necessary for our legitimate interests (to study how customers use our products and services, to develop them, to grow our business, and to inform our marketing strategy)

To Manage Complaints and Requests

To manage complaints and respond to requests, subpoenas, or other enforcement notices from regulators, courts, and law enforcement agencies:

Type of data:

• Identity
• Contact information
• Financial and transactional data
• Technical data
• Marketing and communications
• Audio and electronic information
• Usage data

Legal basis for processing:

• Necessary for our legitimate interests (to develop our products and services and grow our business)

Customers' Rights Under European Legislation

You can request access to your personal data. This allows you to receive a copy of the data we hold about you and confirm that we are processing it lawfully.

You can also request the deletion of your personal data. This gives you the right to ask us to delete or remove your data from our system. If you have successfully exercised your right to object to processing (as outlined below), you also have the right to ask for deletion. However, in some cases, we may not be able to delete the data if legislation prohibits us from doing so. In such cases, you will be notified.

You can ask us to correct any incomplete or inaccurate data we hold about you. We may need to verify the accuracy of the new data you provide.

You have the right to object to the processing of your personal data when we are relying on a legitimate interest (or that of a third party), especially if your situation makes you feel that the processing affects your fundamental rights and freedoms. You also have the right to object to processing for direct marketing purposes. In some cases, we may show that we have compelling legitimate grounds to process your information, which may override your rights and freedoms.

You can request the restriction of processing your personal data in the following situations:

• To verify the accuracy of the data
• If there are suspicions of illegal use of data
• To keep the data even if we no longer need it, as you may need it to establish, exercise, or defend legal claims
• If you object to our use of your data, while we check whether we have stronger legitimate reasons for using the data
• To transfer your personal data to you or a third party
• To withdraw consent at any time if we are processing your data based on consent

To exercise any of the above rights, you should contact us and provide information to verify your identity so we can confirm that you are the person making the request.

Privacy Notice for California Residents

This Privacy Notice for California Residents adds to the information in our privacy policy above. It applies only to personal data of users who live in the State of California ("consumers" or "you"). We included this section to follow the California Consumer Privacy Act of 2018 (CCPA). Any terms used in the CCPA have the same meaning here.

Information We Collect

Our website gathers information that can identify, relate to, describe, reference, or be connected—either directly or indirectly—to a specific consumer or device. This is called "personal information." In the past twelve (12) months, our website has collected the following types of personal information from California consumers:

• Category A: Identifiers
• Category B: California Customer Records personal information categories
• Category D: Commercial information
• Category F: Internet or other similar network activity
• Category G: Geolocation data

Personal information does not include:

• Information that is available from government records.
• Information that has been de-identified or aggregated, meaning it cannot be used to identify a specific person.
• Information that is not covered by the CCPA, such as:
  • Health or medical information protected by the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), or clinical trial data.
  • Personal information covered by other privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Our website gets the categories of personal information listed above from the following sources:

• Directly from you, such as when you fill out a form or make a purchase.
• Indirectly from you, such as when we observe your activity on our website.
• From third parties, like social media platforms, ad networks, and analytics providers.

Use of Personal Information

We may use or share your personal information for one or more of the following purposes:

• To fulfill the reason you gave us your information. For example, if you provide your name and contact details to request a quote or ask a question about our products or services, we use that information to answer your questions. If you give your information to purchase something, we use it to process your payment.
• To help you with support and respond to your inquiries, including looking into and solving your issues and improving our services.
• To comply with law enforcement requests or to follow laws, court orders, or government rules.
• As explained to you when we collected your information or as outlined in the CCPA.

We won't collect more types of personal information or use the information we have in a way that is very different, unrelated, or not compatible with what you were told, without giving you notice.

Sharing Personal Information

Our website might share your personal information with third parties for business purposes. When we share it for a business purpose, we sign a contract that explains the reason and requires the recipient to keep the information private and not use it for any other purpose except as needed to carry out the contract.

We share your personal information with the following types of third parties:

• Service providers.
• Data aggregators.

Disclosures of Personal Information for a Business Purpose

We work with trusted third parties to perform various functions and provide services to us, such as hosting and maintenance, error tracking, performance monitoring, billing, customer support, data storage and management, and running marketing campaigns. We may share your personal information with these third parties, but only to the extent needed to carry out these functions and provide the services. We also require these third parties to protect the privacy and security of the personal information they handle on our behalf.

In the past twelve (12) months, the company has disclosed the following categories of personal information for business purposes:

• Category A: Identifiers.
• Category B: California Customer Records personal information categories.
• Category D: Commercial information.
• Category F: Internet or other similar network activity.
• Category G: Geolocation data.

We share your personal information for business purposes with the following types of third parties:

• Service providers.
• Data aggregators.

Sales of Personal Information

In the past twelve (12) months, the company has not sold any personal information.

Your Rights and Choices

The CCPA gives consumers who live in California specific rights about their personal information. This section explains your rights under the CCPA and how you can exercise them.

Access to Specific Information and Data Portability Rights

You have the right to ask us to disclose certain information about the personal information we collected and used over the past 12 months. Once we confirm your request with verifiable documents, we will provide you with:

• The categories of personal information we collected about you.
• The sources from which we collected your personal information.
• The business or commercial purpose for collecting or selling that information.
• The categories of third parties with whom we shared that information.
• The specific details of the personal information we collected about you (also known as a data portability request).
• If we sold or shared your personal information for a business purpose, two separate lists that identify:
  • Sales: the categories of personal information each recipient purchased.
  • Disclosures for a business purpose: the categories of personal information each recipient obtained.

Deletion Request Rights

You have the right to ask us to remove any personal information we have collected from you and kept, unless there are certain exceptions. Once we receive and check your request, we will delete (and tell our service providers to delete) your personal information from our records, unless one of the exceptions applies.

We might say no to your deletion request if we or our service providers need to keep the information for:

• Completing a transaction you started, delivering a product or service you asked for, doing something we expect as part of our ongoing relationship with you, or fulfilling our agreement with you.
• Detecting security problems, stopping harmful, fake, dishonest, or illegal activity, or helping to prosecute those responsible.
• Fixing products to find and fix issues that stop them from working as intended.
• Protecting free speech, allowing another person to use their free speech rights, or doing something required by law.
• Following the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
• Conducting public or peer-reviewed scientific, historical, or statistical research that helps the public, as long as it follows all ethics and privacy rules, and you gave informed consent before.
• Using the information for internal purposes that are reasonable based on your relationship with us.
• Complying with a legal requirement.
• Using the information for other internal and legal purposes that match the reason you gave it.

To use your access, data portability, or deletion rights, you need to submit a verifiable consumer request to us.

You can make a verifiable consumer request for access or data portability only twice within a 12-month period. Your request must:

• Give us enough information to check if you are the person we collected the information from or an authorized representative; and
• Describe your request clearly so we can understand, assess, and respond to it properly.

We can’t respond to your request or provide your personal information if we can’t confirm your identity or right to make the request and make sure the information is yours. We will only use personal information from your request to check your identity or right to make the request.

Response Timing and Format

We aim to respond to your verifiable consumer request within 45 days of receiving it. If we need more time (up to 90 days), we will let you know in writing why and how long the delay will be.

If you have an account with us, we'll send our written response to that account. If you don't have an account, we'll send it to you by mail or electronically, whichever you prefer.

Any information we share will cover the 12 months before your request was received. The response will also explain why we can’t comply with your request, if that’s the case. For data portability requests, we’ll choose a format that makes it easy for you to use your personal information and transfer it to another company without problems.

We won’t charge you a fee for processing or responding to your verifiable consumer request unless it's excessive, repeated, or clearly not justified. If we decide a fee is needed, we’ll tell you the reason and the cost before finishing your request.

Do Not Sell My Personal Information

Our company does not sell your personal information to third parties.

Non-Discrimination

We won’t treat you unfairly for using your CCPA rights. Unless allowed by the CCPA, we won’t:

• Refuse to provide goods or services.
• Charge you different prices or rates for goods or services, including giving discounts or benefits, or applying penalties.
• Offer you a different level or quality of goods or services.
• Suggest that you might get a different price or rate for goods or services or a different level or quality of goods or services.

However, we can offer certain financial rewards that are allowed by the CCPA, which might result in different prices, rates, or service quality. Any such reward must be clearly explained in writing, and your agreement to participate is optional and can be canceled anytime.

Cookie Policy

Cookies are small pieces of data that are sent from the Platform and saved on your device, like your computer or smartphone, when you use our Website. These cookies are stored by your web browser. Without cookies, it would be difficult to give you the information and services you need online. Cookies help remember things like items you added to a shopping cart or track your activity while you're browsing. They can also store information you've entered into forms, such as your name, address, password, or billing details.

By using our Website, you agree to the use of cookies and tracking tools mentioned in this policy, unless you have opted out (which is not available for all types of cookies).

Categories of Cookies Used

Technical and Strictly Necessary Cookies

Most of the time, our Website uses cookies to make sure it works properly and connects to your device so you can get the services you want. These cookies are part of the Website by default. If you block or turn off any of these cookies, you might not be able to use some important parts of the website. Examples of these cookies are:

• User input cookies (session-id), for example, when you fill out an online form like buying a ticket or making a payment.
• Authentication cookies, used when you log in to your account on any of our connected systems.
• Security cookies that help prevent fake logins and stop harmful attacks.
• Multimedia content player session cookies, such as those used by flash players.
• Load balancing session cookies, which help your requests be processed faster.
• Third-party social plug-in cookies, used for sharing content.

Functionality and Preferences Cookies

These cookies help us make the Website easier to use, improve security, and make the experience more convenient for you. They are used for things like:

• Making general statistics about new visitors to the Website.
• Recognizing your browser and its settings, such as language preferences or font size.
• Collecting anonymized data to understand how you use the Website, which helps improve it.
• Setting analytics cookies.

The retention period for these cookies is usually short. If they are kept for longer, we make sure that it doesn’t affect your privacy.

Performance and Analytics Cookies

These collect information about how you use the website, which helps us improve the performance and your experience. Examples include:

• Tracking your activity to find trends and fix problems.
• Gathering anonymized data to see how well new features or designs work.

Advertising and Targeting Cookies

We and our third-party partners, like Google and Facebook, use advertising cookies to show you ads based on your previous visits to our sites. For example:

• To track across devices and better target our ads. When we use cross-device tracking, we can combine data from one browser or device with another device linked to it. You can change your cookie settings on your device to control cross-device tracking for ads.
• To work with online ad companies to show you targeted ads on our Website and other websites you visit. This targeting can be based on the information we or other platforms have collected, as well as your activities or behavior on our Website or other sites. We may also get information about your browsing history from our business partners.
• We may use Google Analytics to collect data about your demographics and interests, such as your age, gender, or interests, including through Google Analytics Demographics and Interest Reporting. We use this data for Google services like Remarketing with Google Analytics and Google Display Network Impression Reporting. The options you choose are specific to your browser and device. If you block cookies, you might not be able to use these features. We also anonymize IP addresses in Google Analytics.

We and our advertising partners may also use web beacons, which are single-pixel GIF images placed in web pages or email newsletters. When you visit a partner site from our mobile apps, we may track your activity on that site.

Changes to This Policy

We may change this policy from time to time, so please check it regularly. We might give you different ways to know about any changes, depending on the situation. If you keep using our website or service after we update the policy, it means you agree to the new terms.

Contact Information

We hope this helps answer any questions you have about how your data is used and any changes in the law. If you have questions, comments, or requests about how your personal information is processed, or if you have questions about this Privacy Policy, please contact Ibatravels using the following details:

Ibatravels
FIVE GREENTREE CENTRE, 525 RTE 73 STE 104 MARLTON, NEW JERSEY 08053
Email: customercare@ibatravels.com
Telephone: +1 (877)-224 1212

WhatsApp Notification Privacy Policy (Addendum)

1. Scope of This Addendum

This policy applies to any user who agrees to receive messages about orders through WhatsApp. It is relevant for:

• Users in the EU and EEA, under the GDPR
• Residents of the U.S., especially in California, Virginia, Colorado, Connecticut, and Utah

2. Categories of Data Collected

We collect the following types of personal data for WhatsApp communication:

• Identifiers: Phone number, IP address
• Commercial Information: Booking reference and itinerary
• Internet/Network Activity: Device information, language preference
• Inferences (not collected): No profiling or behavioral analysis is done

3. Purpose and Legal Basis for Processing

• GDPR (EU/EEA Users): We process your data based on your clear consent (Art. 6(1)(a) GDPR), which is collected through a checkbox when you check out.
• CCPA/CPRA (U.S. Users): We process your data only for operational and transactional purposes. We do not sell or share your personal data as defined by the CCPA/CPRA.

4. Use of WhatsApp and Your Rights

We use WhatsApp only for:

• Booking confirmations
• Travel updates and alerts
• Customer support messages

We do not use WhatsApp to send marketing messages unless you give us permission separately.

5. Disclosure of Personal Information

• We share your information with Meta Platforms Ireland Ltd. (the provider of WhatsApp Business API), who handles it under a data processing agreement.
• For U.S. users, this is considered a service provider relationship under the CCPA/CPRA.

6. Data Transfers and Safeguards

• For EU/EEA users, any data sent outside the EEA (such as to Meta in the U.S.) is protected by Standard Contractual Clauses (SCCs).
• For U.S. users, we handle data following state privacy laws that require reasonable security measures.

7. Data Retention

We keep your WhatsApp consent and chat logs for up to three years for auditing and compliance.

We do not store the actual content of messages beyond what is needed for operational purposes.

8. Your Rights

Under GDPR (EU/EEA Users):

• Access, correction, deletion, restriction, objection, data portability, and withdrawal of consent

Under U.S. Laws (e.g., California, Virginia):

• Right to know what data we collect and share
• Right to request deletion
• Right to opt out of sale or sharing (we do not sell or share data)
• Right to not be discriminated against

You can stop receiving WhatsApp messages anytime by typing “STOP” in the chat or by contacting us at customercare@ibatravels.com.

9. Security

We use standard security measures, including:

• Secure API setup for messaging
• Control over who can access WhatsApp accounts
• Logging of consent
• Using WhatsApp only through official, secure business systems

10. Contact Information

If you have any privacy questions or want to exercise your rights, please contact us at customercare@ibatravels.com.

11. Additional Notices for U.S. Residents

Under California law, we must disclose:

• We do not sell or share personal information
• We do not use sensitive personal information for profiling
• We do not use WhatsApp data for automated decision-making

You can appoint an authorized agent to act on your behalf under the CCPA/CPRA by providing proof of identity and written authorization.

12. Reference and Integration

This addendum is part of our main Privacy Policy, which also includes information about cookies, your rights, data transfers, and your legal options.