EEA and UK notice · Effective July 14, 2026
Your privacy rights in the EEA and UK.
This notice applies when UpTrip offers services to you in the EEA or UK, or is otherwise covered by the GDPR or UK GDPR.
Controller and contact
UpTrip Inc. is the controller. Contact the UpTrip Privacy Lead through the tracked privacy channel or privacy@uptrip.com.
Purposes, bases, recipients and retention
The global notice gives a purpose-by-purpose lawful-basis table, data categories and sources, recipients, transfer safeguards, whether fields are required, matching logic, and specific retention periods. UpTrip relies on contract steps for requested account and loyalty functions, consent for optional provider connection, legitimate interests for proportionate security, and legal obligation where required.
Your rights
You may request access, correction, erasure, restriction, portability, objection to legitimate-interest processing, and withdrawal of consent at any time. Withdrawal does not affect processing that was lawful before withdrawal. You may object at any time to direct marketing; UpTrip sends no promotional marketing.
Automated processing
Hotel matching is explainable decision support. It does not make a decision with legal or similarly significant effect. You can change inputs, review component scores and caveats, ignore a result, or ask for human support.
Special-category information
UpTrip does not ask for diagnoses, medical history or other health information. If you need an accessible hotel feature, describe the feature rather than the underlying condition. Do not place special-category information in profile, trip, support or privacy-request free text.
International transfers
Where personal data leaves the EEA or UK, UpTrip will rely on an applicable adequacy decision or executed contractual safeguards such as EU Standard Contractual Clauses and the UK Addendum, plus supplementary measures when required. UpTrip will not represent a safeguard as active until the relevant provider agreement is executed.
Requests and complaints
Submit a request through Your Privacy Choices. The operating target is 30 days. You may complain to the data-protection authority where you live or work, or where an alleged infringement occurred. EEA authorities are listed by the European Data Protection Board; UK residents can contact the Information Commissioner’s Office.
Representative and DPO
UpTrip will publish EU or UK representative details before deliberately offering the service in a region where a representative is legally required. It will appoint and identify a Data Protection Officer if its actual processing meets the statutory threshold.
