PrivacyPolicy

Privacy Policy

EffectiveDate: 18/05/2025

Welcome to dnatravel.io (the "Website", “Site”, “DNA Travel Platform”, “Platform”), owned and operated by DNA Travel LLC ("we," "us, “company” or "our").We created this privacy policy (“Privacy Policy”) because we know that you care about how information you provide to us is used and shared. This Privacy Policy explains the conditions under which and the purposes for which (i) we collect and use your Personal Data, as defined in this Privacy Policy,  in connection with the provision of our Services and through your use of our Platform and (ii) we may share or disclose your Personal Data to third parties, as well the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Data 

Before accessing or using the products/services on the Platform, please read this Policy carefully and ensure you fully understand its contents, particularly the terms highlighted in bold font, which require your focused attention. Only after confirming your full understanding and agreement should you proceed to use the products/services. If you or your legal guardian (if you are a minor) disagree with any part of this Policy, you will be unable to log in and access the Platform’s products/services. For any questions, feedback, or suggestions regarding this Policy, please contact us using the methods provided in this Policy.

The server(s) that make(s) this Platform available may be located outside the country from which you accessed this Platform, but we will collect and use Personal Data only in accordance with this Privacy Policy and as required by local law in the places in which we operate. 

Please pay special attention to the scope of application of this Policy:

  1. This Privacy Policy applies to all products and services (the “Services”) offered through the platform. In instances where our products or services utilize elements of the platform that do not maintain their own separate privacy policy, such elements shall be governed by this Privacy Policy. For any products or services that maintain independent privacy policies, those standalone policies shall take precedence over this Privacy Policy. Any matters not specifically addressed in such standalone policies but which are addressed herein shall remain subject to this Privacy Policy.
  2. This Privacy Policy expressly does not apply to any third-party information or services (including but not limited to third-party applications, websites, APIs, or other digital assets) that may be embedded within or linked to from the platform’s products or services. Such third-party information and services are operated independently by their respective owners and are subject to the privacy policies or similar data protection regulations established by those third parties. We bear no responsibility for the privacy practices of such third parties.regulations.

I. Information We Collect

We collect information about you when you use ourplatform or in providing our Services or Products to you. “Personal Data” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g., cookies identifiers and your IP address) or one or more factors specific to your physical, physiological, economic, cultural, or social identity. The laws of some countries have different definitions of personal data or equivalent terms and, in this Privacy Policy, we give this the same meaning as under the data protection laws that apply to our processing of your personal data.

We do not consider Personal Data to include information that has been de-identified so that it does not allow information to be linked to a specific individual or that does not allow a specific individual to be singled out. We may collect non-Personal Data related to your interaction with or use of the Services.

We may collect different types of Personal Data such as “Technical Information” and “Personal Information.”

II. How We Collect and Use Your Personal Information

Your Personal Information is provided to us either directly by you), in order to provide you with the Services you have requested, and for other purposes as set out in this Privacy Policy.

“Personal Information” typically consists of your:

  1. full legal name,
  2. email address,
  3. mailing address,
  4. telephone number and
  5. credit / debit card number, security code, expiration data or other payment information.

We may also collect other Personal Information of the third party in order to assist with the products and services, including but not limited to:

  1. passport number,
  2. driver’s license or other government-issued identification number,
  3. date and place of birth,
  4. Photo and signature included on ID,
  5. Visa content,
  6. gender,
  7. arrival and departure locations and times,
  8. airline, hotel or car rental frequent loyalty numbers,
  9. known traveller and global entry number, and
  10. other related travel information.

Sensitive Data

We may collect or process data that is deemed “Sensitive Data” under certain laws.  We may process the following categories of Sensitive Data when you use our Services:

  1. Authentication data such as account Personal Data and log in credentials, including unique identifiers such as username, account number, and password.
  2. Passport number, driver’s license, or other government-issued identification number.
  3. Immigration and citizenship information.
  4. Health related information.

When required by applicable law, we will collect consent prior to processing certain categories of Sensitive Data.

Collection Of Technical Information

We Collect Information Through Automatic Data Collection Technologies We collect other “Technical Information”, such as your:

  1. IP address,
  2. search terms, and
  3. pages you visit while on our Platform, whenever you visit our Platform, use our services, or view our online advertisements.

We and/or certain service providers operating on our behalf may collect Information about your activity, or activity on devices associated with you over time, on our Platform, and across non-affiliated websites or online applications.  We may collect this Information by using certain technologies, such as cookies, web beacons, pixels, software developer kits, third party libraries, and other similar technologies.  Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons. We collect Technical Information when you use our Site, or information that has been made anonymous, such as:

Log data

Our servers automatically record information when you use our Platform, such as your IP address, the type of browser you are using and its settings, the third party website you visited immediately prior to accessing our Platform, the operating system you are using, the domain name of your Internet service provider, the search terms you use on our Platform, the specific Site pages you visit, type of product selected, the brand, order, and product identifications, and the duration of your visits.

Cookie data

A “cookie” is data that a website server stores on your computer. Cookies enable websites to recognize your computer and to “remember” your entries as you move from page to page, or even when you revisit the site from time to time using the same computer.

Web Beacons.

Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf. Our Services use retargeting pixels from Google, Facebook, and other ad networks. We also use web beacons in HTML emails that we send to deter-mine whether the recipients have opened those emails and/or clicked on links in those emails.

Analytics

Analytics are tools we may use, such as Google Analytics to help us gather and analyze information about the areas visited on the Platform (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the convenience of the websites. For more information or to opt-out, see “How Google uses data when you use our partners’ sites or apps” and “Google Analytics and Privacy”. You may opt out of the use of Google https://tools.google.com/dlpage/gaoptout.

Google AdWords

Our Platform also use the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our Platform That could mean that we advertise to previous visitors who haven’t completed a task on our Platform, such as registering for an account. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to our Platform. Any data we collect will be used in accordance with this Privacy Policy, and Google is responsible to abide by its own privacy policy. You can set your preferences for how Google advertises to you using the Google Ad Preferences page: https://adssettings.google.com/

We may also collect information pertinent to the marketing of our products and services. This information may include marketing channels, User Market IDs (CenterPoint, TNMP, etc.), Site brands and product names, contract terms, financial information and other information.

We collect and analyze this Technical Information to measure the number of visitors to the different sections of our Platform, to evaluate how visitors use our Platform and to provide you with advertisements that are relevant and useful to you, unless you have told us not to. We also use the information we collect to understand customer needs and trends, to carry out targeted promotional activities, and to generally help us make our Platform more useful to visitors.

We may use your data by itself or aggregate it with similar information we have obtained from others. We may share your data with our affiliates and other third parties to achieve these objectives. You may obtain a list of our affiliates and third parties with whom we share your data by contacting us here.

Depending on the jurisdiction in which you reside, we may use Internet Protocol (IP) addresses to identify a visitor when we feel it is necessary to enforce compliance with our Site’s terms and conditions, or to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Site, or other users; or (d) in an emergency to protect the health and safety of our Site’s users or the general public.

Authorization for Collection and Use of Personal Information

When utilizing platform services, you may be required to authorize the collection and use of personal information under the following circumstances:

  1. Core Platform Functionality: To deliver the essential features of our platform, you must authorize us to collect and use necessary information. This information is required for the fundamental operation of our wholesale travel inventory system. If you decline to provide such information, you will be unable to use our platform and related services in their intended capacity.
  2. Enhanced Platform Features: To access premium or supplementary features of our platform, you may voluntarily authorize us to collect and use additional information. Declining to provide such supplementary information will limit your access to these enhanced capabilities or restrict their effectiveness, but will not impair your ability to use the core booking functionalities.

As we offer various products and services to travel agents and agencies, we collect and process your personal information strictly in accordance with the principles of legitimacy, proportionality, and necessity, based exclusively on the specific products and services you elect to utilize.

To continuously improve our offerings to travel professionals, we may introduce new or optimized platform features that necessitate modifications to the purposes, scope, or methodologies of personal information collection and processing. In such instances, we will provide advance notification via updated policy documentation, system notifications, or in-platform alerts, clearly articulating the nature of these changes and requesting your explicit consent prior to implementation. For inquiries or concerns regarding our data practices, please contact our Data Protection Officer using the methods outlined in this Privacy Policy.

Search and Browsing Functionality

Under normal circumstances, you can search and browse various travel products and services on the Platform after accepting the Privacy Policy and logging into your account.

After agreeing to this policy, to ensure the proper functioning of search and browsing features, the Platform will collect search keywords you enter on the web page and record pages or links you click in order to return corresponding results. Additionally, the Platform collects your log information for the purposes described above.

Please note that log information alone or search keyword information alone cannot identify you and does not constitute personal information. However, when your log information or search keywords are combined with other information about you in a way that can identify you, the Platform will treat this combined information as personal information, which will be processed and protected in accordance with this policy.

Platform Account Registration and Management

To use the Platform's products/services, your employer must first register a Platform account for you. The Platform will complete account registration based on company name, employee name, mobile number, and email address provided by your employer.

To ensure account security during registration, the Platform will send a verification message to your registered email address to verify registration or login. During the login process, the Platform will send verification information to either your registered mobile phone number or email address, depending on your chosen login method, to maintain login security.

For account protection, the Platform will send a verification code to your mobile phone number when you perform sensitive operations such as extending credit lines, canceling orders, redeeming points, topping up accounts, making payments, or conducting other financial transactions on the Platform. When querying or modifying account information (including creating sub-accounts, modifying sub-account information, or deleting sub-accounts), the Platform will send a verification code to your mobile phone number to verify your identity. If you decline to provide the corresponding information, please contact your employer, as you will be unable to create an account or use the Platform's products/services.

Displaying, Recommending, and Promoting Products/Services

Provision of Travel Products and Services.When delivering products and services through the Platform, it is necessary to process your personal information or that of the actual service user. For hotel bookings, the Platform typically needs to collect the check-in guest's name and nationality, while hotels may require phone numbers, passport numbers, or other identification information to confirm reservation details. To help guests determine appropriate room types and complete booking and check-in procedures, hotels may request children's names and ages when accompanying adults. For flight bookings, the Platform needs to collect passenger names, document types and numbers, mobile phone numbers, and email addresses where necessary.

Please note that the Platform functions as a distribution service for travel products and is not the ultimate provider of travel services. Accordingly, the Platform may deliver products or services through third parties including business partners and affiliates, which may necessitate sharing collected information with suppliers, third-party payment processors, financial institutions, business partners, and related affiliates.

Market Research and Promotional Activities

To enhance our product and service offerings, the Platform may periodically send information about new products, special offers, or other content that may interest you to your provided email address. The Platform may also invite you to participate in market research via your provided contact information to better understand your preferences and opinions regarding our products and services.

API Integration Partnership Evaluation

To facilitate potential technical integrations and enhance partnership communication efficiency, the Platform provides a dedicated API collaboration inquiry system. If you are interested in establishing an API connection, you may indicate your integration intentions through our Platform. To properly evaluate your request and establish appropriate communication channels, the Platform collects essential business information including your company's legal name, jurisdiction of operation, business classification, and official website URL through the partnership inquiry interface. For communication purposes, the Platform collects your company's official telephone number and email address, as well as your individual name and position within the organization.

To customize our API solutions and service offerings to your specific business requirements, the Platform may request additional information regarding your company's classification (travel agent or agency), annual travel transaction metrics, yearly hotel room night volume, and previous experience with API integration systems. To continually improve our technical offerings and integration processes, the Platform also collects information about your specific business objectives and strategic reasons for seeking an API partnership with our services.

Bookmarking Functionality

While using the Platform's products and services, you may elect to bookmark specific hotel properties or accommodation options of interest. To facilitate this feature and support other explicitly disclosed operational purposes, the Platform collects and processes the log information generated during your bookmarking activities, including but not limited to timestamped data and unique hotel identification codes. This information enables the Platform to maintain your personalized inventory of preferred accommodations and enhance your booking experience.

Providing Order Inquiry and Account Management Functionality

When you place an order for products/services on the Platform, the system generates an order record. During the ordering and management process, we may collect the following information:

  1. Information is required for the specific product/service you select.
  2. Contact details: Name and mobile number of the contact person.
  3. Order information is generated during your use of the Platform.

The purpose of such a Collection shall be:

  1. To facilitate transaction confirmation, payment settlement, notifications, order management, and client support/after-sales services.
  2. To monitor transaction anomalies and ensure your transaction security.

Special Requirements for Travel Products/Services

Due to the nature of travel services, the following products require additional mandatory information to complete bookings. You must provide this information directly or authorize us to assist in its entry.

Flight Bookings:

  1. Domestic flights: At minimum, the passenger’s name, ID type, ID number, and mobile number.
  2. International flights: At minimum, passenger’s name (including phonetic spelling), gender, nationality, date of birth, ID type, ID number, ID expiration date, and contact mobile number. Additional fields (e.g., contact email) may apply depending on the product.

Hotel Reservations:

  1. At minimum, the guest’s name and mobile number. Additional fields (e.g., ID number, email) may apply depending on the product.

Airport Transfers/Chartered Car Services:

  1. Passenger’s name, contact phone/email.
  2. For airport transfers: Flight number (to ensure punctuality).
  3. For chartered services: Travel date (to confirm scheduling).

Minors in Travel Groups:

  1. Name, ID type, and ID number of minors, provided with consent from their legal guardian.

Note: Other products/services may require further information, which shall be specified during the booking process.

Facilitating Payment

When purchasing products or services through the Platform, third-party payment platforms may collect relevant information such ascredit / debit card number, security code, expiration date or other payment informationto ensure successful payment processing for your order.

Facilitating Delivery of Products/Services

To ensure the secure delivery of your purchased products/services, we will collect and use at minimum your order information during this process.

If you redeem points for digital vouchers or mailing services (e.g., invoices, physical goods), we require:

  1. Recipient’s phone number and email address.
  2. For physical goods: Delivery address, recipient’s phone number, and recipient name
  3. For digital vouchers: Your mobile number is required for online redemption.

For Invoicing:

  1. If you request paper or electronic invoices for purchased products/services, we collect:
  2. Billing information: Invoice title, email address.
  3. Delivery details (as specified above).

Contacting You

We may contact you viaPlatform notifications, email, phone, or postal mail to address order-related issues or other product/service inquiries.

Customer Service and Communication

To maintain account security, our telephone and online customer support will use your user profile and order information to verify your identity. When you proactively request assistance related to your bookings, we may inquire about relevant order details to provide appropriate support and resolution. If you request customer service assistance with modifying information (such as contact details or booking information), you may need to provide supplementary verification information beyond standard authentication to complete these changes.

When you interact with our support team, the Platform may retain communication records, call content, or contact information you provide to facilitate ongoing assistance, follow up with unresolved issues, or document the solutions implemented and outcomes achieved.

To safeguard your information security, transaction integrity, and service quality—and to address potential future disputes—when you contact our customer support department, the Platform may preserve call recordings and communication content. Such records are automatically deleted after the minimum retention period required by applicable law, unless maintained for compliance requirements or legitimate business interests. Please note that due to network conditions, call environments, regulatory requirements, or technical factors, recording or storage failures cannot be entirely eliminated.

If you submit inquiries, complaints, or suggestions regarding our services or specific bookings, the Platform will utilize your account information, order details, and related page interaction records to facilitate fact verification and dispute resolution. This information may be provided to administrative regulatory authorities, judicial bodies, and opposing parties in legal proceedings to the extent permitted by law.

Enhancing our Products/Services

We may use your de-identified data for research, statistical analysis, and predictive modeling to improve the Platform’s content, layout, support business decision-making, and refine our offerings.

Third-Party Personal Information Collection and Use

When prov

formation that contains personal data of other individuals—for example, when submitting personal details of actual travellers when booking products/services on their behalf through the Platform, or when personal information of others is included in content you upload, publish, or share through the Platform, you must ensure that you have obtained proper consent from these individuals prior to providing their information to the Platform. You must verify that these individuals are aware of and accept this Policy. In cases involving a child's personal information, you must obtain prior consent from the child's legal guardian.

Except where authorized consent exemptions apply, we will, in accordance with applicable laws, regulations, and industry standards, obtain your specific individual consent through appropriate means before processing sensitive personal information in particular scenarios. The specific consent mechanism will be presented on the relevant function page. You acknowledge that improper handling of sensitive personal information may compromise your personal dignity or endanger your personal safety and property security. We will employ reasonable de-identification measures for your sensitive personal information while maintaining necessary functionality.

If we intend to use your information for purposes not specified in this Policy, or repurpose information collected for a specific purpose, we will obtain your consent again before such use.

We may receive information about you from third parties, including affiliated companies and business partners who provide services to you. For instance, when you make bookings through our affiliates' or business partners' websites or mobile applications, the booking information you provide to them may be transferred to us to process your order and ensure seamless booking completion. In accordance with our agreements with such third parties, we require them to disclose the source of your personal information before collection, confirm the legal compliance of these information sources, and verify the scope of authorization and consent granted to them for collecting your personal information. Should we collect and use your information for purposes beyond the scope of authorization granted to a third party, we will either process your personal information under our own authority or require the third party to obtain your separate consent.

Exceptions to authorized consent

You are fully aware that according to the requirements of laws and regulations, we do not need to obtain your authorization to collect and use your personal information in the following circumstances:

  1. Necessary for the performance of our statutory duties or statutory obligations;
  2. Related to national security and national defense security;
  3. Related to public security, public health and major public interests;
  4. In connection with criminal investigation, prosecution, trial and execution of judgments;
  5. Necessary for the conclusion and performance of a contract to which you are a party;
  6. In case of emergency, to protect the life, health and property of you or other individuals;
  7. The personal information collected is the personal information subject's own disclosure to the public or other personal information that has been legally disclosed;
  8. Your personal information collected from legally publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;
  9. Conduct news reporting, public opinion supervision and other acts in the public interest, and process personal information within a reasonable scope;
  10. Other circumstances stipulated by laws, regulations and national standards.

Please be aware that, in accordance with applicable law, if we process personal information with technical measures and other measures necessary to make it impossible for the recipient of the data to re-identify a particular individual and to recover it, the use of such processed data does not require further notice to you and your consent.

III. How We Use Cookies

To enhance your browsing experience, when you visit the Platform or use our services, we may store small data files called Cookies on your device or system to recognize your identity. These Cookies help:

  1. Simplify repeated logins by saving registration details.
  2. Optimize ad preferences and interactions.
  3. Assess your account security status.

Managing Cookies:

  1. You may clear all Cookies stored on your computer or mobile device.
  2. You have the right to accept or reject Cookies. If your browser automatically accepts Cookies, you can modify its settings to block them.

Note: If you choose to reject Cookies, some features of our services may be limited or unavailable.

For detailed information about our use of Cookies, please refer to the Cookie Policy.

IV. How We Share, Transfer, Entrust Processing, and Publicly Disclose Your Personal Information

Principles of Processing

We may share your order information, account details, device data, and location information with third parties (e.g., partners) to ensure the successful delivery of services. However, we will only share your personal information for lawful, legitimate, necessary, specific, good faith, and explicit purposes, and only to the extent strictly required to provide such services.

  1. Third-Party Assessments: We evaluate the legality, legitimacy, and necessity of third parties’ data collection practices.
  2. Data Handling Requirements: Third parties must:
    Process your personal information within the scope of your authorized consent.
    Implement necessary administrative and technical measures to prevent unauthorized access, loss, alteration, or leakage of your data.
  3. Usage Restrictions: Third parties are prohibited from using shared data for purposes beyond the agreed scope. If they intend to alter the purpose or method of processing, they must re-obtain your explicit consent.

Separate Consent

Unless there are authorized consent exceptions, we will, in accordance with the requirements of laws and regulations and national standards, take reasonable ways to obtain your separate consent for the sharing and provision of personal information in certain scenarios other than those described above. However, regardless of whether we need to obtain your separate consent, we will explicitly inform you in a reasonable manner about the third-party supplier information that specifically provides you with the products/services involved and the purpose, method and type of processing your personal information. For example, when you are preparing to order some products/services of the Travel Platform, We may explicitly inform you of the above information through the order filling page or the order confirmation page before you place an order, and obtain your separate consent to authorize Tao Travel to provide your personal information to suppliers or service providers if necessary. For specific individual consent forms, please refer to the specific product/service order page.

Our Partners Include the Following

(1) Your Employer:

As our client, your employer may receive necessary personal information from us based on contractual agreements and operational needs. This data sharing enables purposes such as reconciliation, data analysis, and statistical reporting. Information may also be shared with individuals authorized by your employer.

(2) Suppliers:

Includes but not limited to hotels, airlines, car rental services, travel agencies, attraction and activity providers, and agents to fulfill your bookings. We share:

  1. Basic personal details (e.g., name, nationality).
  2. Identity information (e.g., passport/ID number).
  3. Contact details (e.g., phone number, email).

Suppliers may contact you directly to finalize travel arrangements.

(3) Financial Institutions & Third-Party Payment Providers:

  1. When placing orders or requesting refunds, we share specific order details (e.g., transaction amount, booking dates).
  2. For fraud detection and prevention, we may share additional data (e.g., IP address) with relevant institutions.

(4) Business Partners:

We collaborate with partners to deliver services such as:

  1. Logistics (e.g., courier services).
  2. Communication (e.g., SMS providers for notifications).
  3. Customer support, marketing, technical services, identity verification, and consulting.
  4. For example, SMS providers receive your mobile number and message content for service updates.

(5) Affiliated Companies:

We share personal information with our affiliates to offer travel-related or complementary products/services. These affiliates adhere to protection measures no less stringent than those outlined in this Policy.

Note:

To prevent and detect fraud, we may prudently share necessary personal information with partners and affiliates. Such sharing undergoes rigorous internal security assessments and approvals, with strict agreements limiting data usage to specified purposes.

We may share your personal information in accordance with laws and regulations, litigation dispute resolution needs, relevant agreements signed between you and us (including online electronic agreements and platform rules) or legal documents, or when required by administrative, judicial and other competent authorities according to law.

In addition to the above instructions or otherwise provided by laws and regulations, if we share your personal information with any other company, organization or individual, we will seek your authorization again according to law.

Information Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:

  1. With your explicit prior consent or authorization.
  2. To comply with applicable laws, regulations, legal proceedings, or mandatory administrative/judicial requirements.

In the event of mergers, divisions, acquisitions, asset transfers, or similar transactions:

  1. If personal information transfer is involved, we will:
    Notify you in advance of the name and contact details of the receiving entity.
    Ensure the new entity continues to be bound by this Policy and assumes the original personal information processing obligations.
  2. If the new entity cannot comply, we will require them to re-obtain your authorization and consent.

Public Disclosure

We will only publicly disclose your personal information under the following circumstances:

  1. With your separate consent, we will disclose your specified personal information in the manner you approve.
  2. To comply with laws, regulations, mandatory administrative enforcement actions, or judicial orders, we may disclose your personal information as required, including the type of data and method of disclosure. In compliance with legal requirements, we will demand proper legal documentation (e.g., subpoenas, investigation letters) before responding to such requests.

V. How We Store Your Personal Information

Security

We take extensive measures to ensure the security and confidentiality of your personal information. We implement industry-standard protocols to safeguard against unauthorized access, disclosure, or alteration of your information.

Storage Location

Principles of Processing. In compliance with laws and regulations, we store personal information collected within the United States of America.

If your personal information is transferred from the United States of America to overseas, we will strictly adhere to legal requirements.

Scenarios requiring cross-border transfers include:

  1. Your explicit authorization.
  2. Involvement of overseas service providers in marketing activities.
  3. Your proactive actions (e.g., booking international hotels/flights Platform that involve overseas suppliers).
  4. Legal or regulatory mandates.

We will fulfill obligations such as security assessments, personal information protection certifications, and executing standard contracts with overseas recipients as prescribed by authorities.Overseas entities must maintain confidentiality and uphold equivalent data protection obligations.

Retention Period

We retain your information only for the shortest period necessary to fulfill the purposes outlined in this Policy or as required by laws and regulations. Our criteria for determining retention periods include:

  1. Achieving transaction-related purposes.
  2. Maintaining transaction and business records to address potential inquiries or complaints.
  3. Ensuring service security and quality.
  4. Complying with statutes of limitations.
  5. Adhering to legal retention requirements or specific agreements.

After exceeding the retention period, or upon your request to delete data or close your account, we will delete or anonymize your personal information.

Exceptions for Extended Retention:

We may adjust retention periods under the following circumstances:

  1. Legal Compliance: To meet statutory obligations (e.g., the E-Commerce Law mandates retaining product/service and transaction records for at least three years from the transaction date).
  2. Judicial Requirements: To comply with court judgments, rulings, or legal proceedings.
  3. Government or Regulatory Requests: To fulfill demands from authorized governmental or regulatory bodies.
  4. Public or Individual Interests: To safeguard public interests or protect the safety, property, or legal rights of Platform users, our company, affiliated entities, employees, or other stakeholders.

(C) Cessation of Operations

If we cease operations of the Platform or its services:

  1. We will immediately halt further collection of your personal information.
  2. Notify you via individual notifications or public announcements.
  3. Securely delete or anonymize all retained personal information.

VI. How We Protect the Security of Your Personal Information

We give great importance to information security and has set up a dedicated team responsible for the supervision of personal information processing activities and protection measures taken. We strive to provide you with information protection, take appropriate management, technical and physical security measures, with reference to domestic and foreign information security standards and best practices to establish an information security assurance system suitable for business development.

In the event of an unfortunate personal information security incident, we will inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce risks, and the remedial measures for you. We will inform you by email, letter, telephone, push notification, etc. When it is difficult to inform the personal information subject one by one, we will take a reasonable and effective way to release the announcement. At the same time, we will also report the disposal of personal information security incidents in accordance with the requirements of the regulatory authorities.

VII. How We Protect Minors’ Personal Information

We give great importance to the protection of minors' personal information. If you are a minor under the age of 18, you should obtain the prior consent of your legal guardian before using our services. We protect the personal information and privacy of minors.

We do not actively or directly collect personal information from minors. For information collected with guardian consent, we will use, share, transfer, or disclose such data only when:

  1. Permitted by laws and regulations.
  2. Necessary to protect the minor’s interests.
  3. Explicit guardian consent is obtained

Guardian Responsibilities:

  1. When using the Platform services for a child under your guardianship, we may collect the child’s information as necessary to fulfill the service.
  2. Failure to provide such information will result in inability to access related services.
  3. Guardians must fulfill their responsibilities diligently to ensure the child’s information security.

VIII. Data Protection Rights Under GDPR and CCPA

European Economic Area (EEA) Residents' Rights

If you are located in the European Economic Area (EEA), you benefit from specific rights under the General Data Protection Regulation (GDPR). DNA Travel LLC acts as the data controller for personal data processed through the Platform, with our registered address at [30 North Gould Street, STE R Sheridan, WY 82801 USA].

We process your personal data based on the following legal grounds:

  1. Performance of Contract: Processing necessary to fulfill our contractual obligations.
  2. Legitimate Interests: Processing required for our legitimate business interests, including service improvement, fraud prevention, and network security, provided these interests do not override your fundamental rights.
  3. Legal Obligations: Processing necessary to comply with applicable laws and regulations.
  4. Consent: Processing based on your explicit consent, where legally required.

As an EEA resident, you possess the following rights:

  1. Right to Access: You may request confirmation of whether we process your personal data and access such data.
  2. Right to Rectification: You may request correction of inaccurate personal data.
  3. Right to Erasure: Under specific circumstances, you may request deletion of your personal data.
  4. Right to Restriction of Processing: You may request limitation of processing of your personal data.
  5. Right to Data Portability: You may request transfer of your personal data to another service provider in a structured, commonly used, machine-readable format.
  6. Right to Object: You may object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes.
  7. Automated Decision-Making Rights: You have rights related to automated decision-making, including profiling.

We will respond to your requests within one month, with possible extension by two additional months when necessary, considering request complexity and volume. If we decline to act on your request, we will inform you of the reasons and your right to lodge a complaint with a supervisory authority.

We may transfer your personal data to locations outside the EEA. When transferring data to countries lacking an adequacy decision, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

California Residents' Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  1. Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which personal information is collected, our business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.
  2. Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  3. Right to Opt-Out of Sale: California residents have the right to opt-out of the sale of their personal information. The Platform does not sell personal information as defined by the CCPA.
  4. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights, including by denying services, charging different prices, providing different quality of services, or suggesting you will receive different pricing or services.

To exercise your rights under the CCPA, you or your authorized agent may submit a verifiable consumer request by contacting us at [support@dnatravel.io]. We will verify your identity by matching information provided in your request with information we maintain in our records. We will respond to verifiable consumer requests within 45 days, with possible extension by an additional 45 days when reasonably necessary.

In the preceding 12 months, the Platform has collected the categories of personal information described in this Privacy Policy. We disclose personal information to third parties only as described in this Privacy Policy.

Exercising Your Rights

To exercise any of the rights described above, please contact us at [support@dnatravel.io]. Our Data Protection Officer will address your concerns and facilitate the exercise of your rights. For your protection, we may need to verify your identity before implementing your request.

IX. Policy Revisions and Notifications

We may update this Personal Information Protection Policy as necessary. Please note that we reserve the right to amend this Policy periodically, with the latest revision date clearly indicated. Revisions will take effect after being published. We will not diminish your rights under this Policy without your explicit consent. For material changes, we will provide prominent notice (e.g., email notifications detailing specific revisions for certain services). We encourage you to review this Policy regularly to stay informed of updates.

X. How to Contact Us

For any questions, feedback, or suggestions regarding this Privacy Policy, please contact our Data Protection Officer at[hello@dnatravel.io]. If you disagree with any terms of this Policy, you may choose to discontinue access to the Platform. Continued use will be deemed as your acknowledgement, acceptance, and binding agreement to this Policy.