GDPR Privacy Notice

GDPR Privacy Notice

This GDPR Privacy Notice (this "Notice") integrates into our Privacy Policy for Infinity Travels, owned and operated by Infinity Web Solutions LLC. We craft this Notice to govern our handling of "personal data," as defined under the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) or the United Kingdom (UK) (referred to as "EEA Individuals," "you," or "your" throughout this Notice).

The capitalized terms we have not defined in this GDPR Privacy Notice carry the exact meaning as stated in our Privacy Policy, or failing definition there, according to the GDPR. This Notice takes precedence for EEA Individuals and their personal data if there's a dispute with other parts of our Privacy Policy.

Refer to our Privacy Policy page for details if you reside outside the EEA or the UK.

Who controls your data?

Infinity Web Solutions LLC controls all the personal data you provide on our website, customer service team, booking systems, and other related travel services. Infinity Travels controls the personal information it collects of EEA/UK individuals and how it is processed in accordance with the GDPR.

Where is your data stored?

We store your personal data on servers in the United States with protection applied to match the GDPR requirements.

Cross-Border Data Transfers

We maintain self-certification under these data privacy frameworks:

• EU-U.S. Data Privacy Framework (EU-U.S. DPF)
• UK Extension to the EU-U.S. DPF
• Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

Should any of these frameworks lose validity for data transfers, we commit to enforcing the European Commission’s Standard Contractual Clauses (SCCs) to protect transfers from the EEA/UK to the U.S.

We ground transfers to travel suppliers outside the EEA/UK, such as airlines or hotels, in GDPR Article 49(1)(b) and/or 49(1)(c), as essential to execute a booking or fulfill your specific request.

Data Retention

We hold your personal data only as long as necessary to fulfill our obligations, guided by these key factors:

• Your booking history, account activity, and participation in loyalty rewards programs.
• Our analysis of travel trends to improve our services.
• The status of your marketing subscription and interaction history.
• Prevention of fraud, security, and regulatory compliance.
• Settling conflicts and delivering customer support.
• Relevant legal retention duration and statutes of limitations.
• Addressing potential legal claims or regulatory duties.

Once your data has fulfilled its purpose, we securely go ahead and delete or anonymize it.

Security Practices

Infinity Travels safeguards your personal information through technical and organizational methods, including:

• PCI-DSS compliance for payment processing.
• SSL encryption for sensitive information.
• Industry-standard frameworks like ISO 27001.

We gather system logs such as IP addresses, browser types, timestamps, and referrer URLs to monitor them closely for the prevention of fraud.

Government and Legal Disclosures

We are liable to share your personal information with public authorities, under the law, for reasons like national security, law enforcement, or other regulatory compliance causes.

Business Changes

If Infinity Travels faces a merger, acquisition, or asset sale, we may transfer your personal data to the successor entity in full compliance with governing laws. That entity pledges to uphold this Privacy Notice.

GDPR Rights for EEA/UK Users

EEA/UK Users have the following rights under GDPR:

• Access the personal data we maintain on you.
• Demand corrections or deletions.
• Limit or oppose specific processing.
• Obtain a portable version of your data.
• Revoke consent where we rely on it for processing.

To exercise these rights, send an email to info@theinfinitytravel.com with the subject "GDPR Privacy Request."

Marketing and Legitimate Interest

You hold the right to object to:

• Processing of your personal data based on our legitimate interests, unless we establish compelling legal grounds that supersede your objection.
• Direct marketing, at any time, by clicking the unsubscribe link in our emails or emailing info@theinfinitytravel.com.

Note that the transactional and administrative messages, such as booking confirmations, fall outside marketing and cannot be opted out of.

Complaints

Residents of the EEA/UK can submit complaints to their local data protection authority: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

You are allowed to enforce rights under the applicable Standard Contractual Clauses (SCCs) we implement.

Residents of the U.S. can connect with their state consumer protection office.

Data Privacy Framework Commitments

Infinity Travels upholds the EU-U.S. DPF Principles, the UK Extension, and the Swiss-U.S. DPF Principles. The Principles will govern in case of any conflict between these Principles and this Notice. U.S. law enforces these obligations, backed by Federal Trade Commission (FTC) oversight.

Access our certification: https://www.dataprivacyframework.gov/

For unresolved DPF concerns, reach BBB National Programs Data Privacy Framework Services: https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers

In instances where it is legally mandated, binding arbitration may serve as a definitive option for resolving any unresolved complaints.

Learn more: U.S. Data Privacy Framework Program

Onward Transfers

We share only limited personal data with our trusted service providers, such as handling hosting or customer support, mainly for operational needs, and under binding confidentiality agreements. The providers must hold the same privacy protections we enforce and inform us if they cannot.

Infinity Travels may transfer personal data to affiliates to facilitate our operations. We share sensitive personal data only with your explicit opt-in consent.

Contact info@theinfinitytravel.com to opt out of onward transfers to third parties not serving as our agents.

Minors

Infinity Travels provides Services intended for individuals aged 18 and above. We do not, in any circumstance, knowingly collect or process the personal data of children.

Changes to This Privacy Notice

Note that Infinity Travels regularly updates this Notice to reflect any changes in our legal requirements, practices, or industry standards. The changed terms will take immediate effect upon uploading the revised Notice. By continuing the use of our service after these updates, you acknowledge the new terms. We encourage you to thoroughly read this Notice and revisit periodically for updated terms.

Commitment to Data Privacy Framework (DPF) Principles

Infinity Travels adheres to the applicable Data Privacy Framework Principles and is under the jurisdiction of the U.S. Federal Trade Commission for enforcement. You can find more information about our certification through the U.S. Data Privacy Framework Program. For concerns that may remain unresolved after connecting with us, visit the DPF Consumer Process page of the BBB National Programs Data Privacy Framework Services. In some cases, finding arbitration may be available as a final means for resolving disputes.

Sharing of Personal Data (“Onward Transfers”)

We might share personal data with:

• Authorized service providers operating on our behalf (website hosting, analytics, marketing, and customer support).
• Corporate affiliates as essential for operational reasons.

Third parties receiving data from Infinity Travels must keep the protections equivalent to our own and notify us if they cannot uphold these standards.

Opt-In / Opt-Out Rights

Infinity Travels does not disclose your sensitive personal information with any third party without first obtaining your clear opt-in consent. Though we may share certain data with trusted providers only for the purpose of completing your booking or improving our services.

Contact Us

If you have any questions or know more about exercising your GDPR rights, reach out:

We ask you to refrain from sending any payment-related information or sensitive data through email.