Privacy & Security Notice

  1. Background and scope

Travel Dreams And Destinations collects and uses personal data to manage travel bookings. We are committed to protecting your privacy through physical, electronic, and procedural safeguards.

If local data protection laws are more restrictive than this Notice, we will adjust our practices to ensure full compliance with your jurisdiction’s requirements.

  1. What personal information do we collect?

“Personal information” refers to any data or opinion that identifies or could reasonably identify a living individual. This includes recorded information, intentions, or expressed opinions about a person, regardless of their accuracy.

We primarily collect personal information necessary to facilitate your travel arrangements, bookings, and requested travel services.

We generally  process types of personal information about you as follows:

  • Identifiers
    • contact information (such as name, residential/mailing address, telephone number, email address);
    • date of birth;
    • passport details, national identity card details, driver’s license details;
    • online identifiers (such as IP address, device data, and network information);
    • loyalty program / frequent flyer details;
  • Geolocation data;
  • Professional or employment-related information if needed;
  • Payment account information (credit/debit card details, including card type, card number, security number and expiry date and other financial details necessary to process various transactions);
  • Health information such as your dietary requirements and health issues (if any); and
  • Other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers).

Furthermore, we collect information essential to the legitimate business operations of Travel Dreams And Destinations and its affiliates. This includes the processing of financial data for transaction fulfillment and any additional personal information voluntarily disclosed to us.

In certain instances, we may process Special Categories of Personal Data or Sensitive Personal Information (SPI) as defined by applicable data protection regulations. This may include, but is not limited to:

  • Protected Characteristics: Racial or ethnic origin, religious or philosophical beliefs, and sexual orientation.
  • Affiliations: Membership in political, professional, or trade associations.
  • Biometric & Genetic Data: Information processed for the purpose of unique identification.
  • Security & Financial Data: Account passwords and sensitive financial information.
  • Health Information: Data concerning physical or mental health conditions.

Regarding Minors’ Data, we may collect personal information relating to a child of any age from a parent or legal guardian when necessary for travel arrangements. We do not knowingly solicit or collect personal data directly from children without Verifiable Parental Consent as required by laws such as the Children’s Online Privacy Protection Act (COPPA) or similar regional statutes.

These legal articles define sensitive personal information and outline specific data categories, including protected characteristics, affiliations, biometric and genetic data, and financial and health information:

We shall process sensitive information strictly in accordance with applicable local data protection laws, contingent upon obtaining your explicit, voluntary consent. The collection of such data must be reasonably necessary for, or directly related to, our specified business functions, such as the provision of travel-related products and services, unless alternative collection is mandated or permitted by law.

To the full extent allowed by relevant data protection legislation, by submitting your sensitive data, you explicitly consent to our use and disclosure of that information solely for the original intended purpose.

Illustrative Examples of Consent:

  • Health Information: Providing health data for a travel insurance application constitutes explicit consent for us to use and disclose that information to facilitate the arrangement of the travel insurance policy on your behalf.
  • Religious Beliefs: Disclosing religious beliefs when inquiring about specific holiday packages implies voluntary consent for us to utilize and disclose that information in connection with facilitating your requested arrangements.

We are committed to using or disclosing sensitive information exclusively for the purpose for which it was originally collected, unless we subsequently obtain a new, voluntary, and explicit consent for a different purpose.

  1. How do we collect personal information?

Generally, this collection will occur:

In accordance with applicable data protection laws, we primarily collect personal information directly from you throughout our professional relationship. Direct collection is our standard practice unless circumstances render it unreasonable or impracticable to do so.

  • By in person visit, by telephone, letter, email;
  •  By visits to our websites; or
  • Through  connections with us via social media.

We may collect personal information about you:

  • when you purchase or make enquiries about travel arrangements or other travel-related products and services;
  • when you enter competitions or register for promotions;
  • when you subscribe to receive marketing from us (e.g., e-newsletters);
  • when you request brochures or other information from us; or
  • when you provide information, or use our services, on social media.

We may collect your personal information (excluding sensitive data) through surveys or feedback submissions unless you elect to provide such information anonymously or via a pseudonym.

In specific circumstances, we may collect your personal information from third parties. This occurs primarily when an individual or entity—such as a family member, group leader, or employer—executes a travel booking on your behalf. In these instances, we operate under the presumption that the person facilitating the booking possesses the requisite authority to provide the personal data of all travelers included in the transaction.

For further information on third-party data rights and compliance, you may consult the International Air Transport Association (IATA) Data Protection Guidelines or regional resources like the European Data Protection Board (EDPB) regarding representative bookings.

When facilitating a travel booking for another individual—such as family members, group participants, or employees—you represent and warrant that you have obtained the voluntary and informed consent of said individual(s).

By proceeding, you confirm that you have been authorized to permit Travel Dreams And Destinations to collect, process, and disclose their personal data in accordance with this Privacy Notice. Furthermore, you agree to ensure that all affected parties are made aware of the terms and conditions set forth in this document.

For guidance on managing group data consent, you may refer to the General Data Protection Regulation (GDPR) guidelines on consent or the Federal Trade Commission’s privacy principles.

Please notify us immediately if you discover that your personal information was submitted to us by a third party without your voluntary consent. Similarly, you must inform us if you provided another individual’s personal data to us without first obtaining their explicit authorization.

We strive to maintain the accuracy and completeness of your personal data. To assist us, please notify us promptly of any changes or inaccuracies. Travel Dreams And Destinations is not liable for losses resulting from inaccurate, inauthentic, or incomplete information provided by you or your representative.

For updates to your information, please consult the Consumer Financial Protection Bureau (CFPB) guidelines on data accuracy for more on your rights regarding personal information as of 2026.

If the provision of our services is contingent upon your voluntary consent for data collection and processing, withholding such consent may prevent us from fulfilling specific service requests or negatively impact the quality of the services provided.

For more information on how consent impacts service delivery under current 2026 regulations, you may review the GDPR guidelines on conditions for consent or the California Consumer Privacy Act (CCPA) standards.

Similarly, requesting a restriction on data processing or withdrawing previously granted consent may impede or prevent the delivery of our services. Essential travel functions, such as booking reservations, require mandatory data including legal names, contact information, and valid identification (e.g., passport details); failure to provide or maintain this information renders such transactions impossible to fulfill.

For details on how data withdrawal affects service contracts in 2026, you may refer to the International Air Transport Association (IATA) Passenger Standards or the European Data Protection Board guidelines on data subject rights.

Any voluntary consent you provide for the collection, use and disclosure of your personal data will remain valid until such time as you withdraw your consent in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data by submitting your request in writing, or by emailing/writing-to our Privacy teams via the contact details provided in section 13. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as mandated or permitted by applicable law. Data retention will cease, and all means of individual association will be removed, when it is reasonable to determine that the data no longer serves its original purpose and is no longer required for legal or legitimate business operations.

  1. How do we use your personal information?

We will process your information when:

We will process your personal data based on the following lawful bases:

  • Consent: You have granted voluntary consent for processing, which remains revocable at any time (as further detailed in the relevant privacy policy section).
  • Service Necessity: Processing is essential to provide requested services to you.
  • Contractual Obligation: Processing is necessary for the performance of a contract to which you are a party.
  • Legal Compliance: Processing is required to comply with our statutory and regulatory obligations.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of authorized third-party recipients, as elaborated in the subsequent sections of this Notice.
  • WE WILL NEVER SELL YOUR PERSONAL INFORMATION!

When you contact us regarding travel inquiries or reservations, our primary purpose for collecting your personal information is to provide expert travel advice and facilitate the procurement of travel-related products and services

As of 2026, while booking assistance remains the standard objective, the specific purpose for collection may vary based on the context described in this Notice, such as administering promotional competitions, processing customer feedback, or managing specific service requests

When facilitating travel bookings, we typically act as an agent for third-party travel service providers (e.g., hotels or airlines). In this capacity, we process your personal data to fulfill your service requests, collect information for both our internal administrative purposes and for transmission to the relevant provider to ensure service delivery.

For instance, if you reserve airfare through our agency, we utilize your personal information to execute the booking and disclose the necessary data to the airline so they may provide the transportation services

In our capacity as an intermediary for third-party travel providers, such as hotels or carriers, we process your personal data to execute your service requests [2, 4]. We collect this information for internal administration and transmit it to the respective providers to facilitate service fulfillment [1, 2].

For example, when booking air travel, we utilize and disclose your personal data to the airline to finalize your reservation and enable the provision of flight services [3].

  1. GDPR Article 6: Lawfulness of Processing
  2. European Data Protection Board Guidelines
  3. IATA Passenger Data Standards
  4. FTC Privacy and Data Security Guidance

We act on behalf of hundreds of travel service providers around the world, so it is not possible for us to set out in this Notice all of the travel service providers for whom we act or their locations. For more information about the disclosure of personal information to travel service providers located overseas, please refer to section 6  below.

If you have any concerns regarding the transfer of your personal information to a travel service provider, or you wish to contact us for further information, please refer to the “Feedback / Complaints / Subject Access Requests / Contacts” section below (section 13).

Additional purposes for which we process personal information include:

  • Providing selected services and tools (e.g., wish lists, pre-populating forms).
  • Identifying and correcting errors.
  • Protecting against, detecting, and investigating fraudulent or illegal activities.
  • Meeting regulatory reporting and compliance requirements.
  • Developing and improving our products and services.
  • Managing customer relationships and personalizing website experiences based on preferences.
  • Providing selected services and tools (e.g., wish lists, pre-populating forms).
  • Identifying and correcting errors.
  • Protecting against, detecting, and investigating fraudulent or illegal activities.
  • Meeting regulatory reporting and compliance requirements.
  • Developing and improving our products and services.
  • Managing customer relationships and personalizing website experiences based on preferences.

We may use your personal information to send targeted marketing about products and services we believe may interest you, provided it is permitted by local law and you have not opted out.

Marketing efforts may include:

  • Mail outs
  • Electronic marketing & notifications (e.g., e-newsletters, email, SMS, MMS, iM)
  • Telephone calls

To opt out of marketing communications, market research, or other correspondence, please refer to the “Feedback / Complaints / Subject Access Requests / Contacts” section below. For information on limiting or opting out of online behavioral advertising, consult the “Your Rights” section of this Notice.

  1. Is personal information disclosed to third parties?

We do not and will not sell, rent out or trade your personal information. We will only disclose your personal information in accordance with local data protection laws and the specific provisions of this Notice. In this context, “disclose” refers to the transfer, sharing, or provision of access to your data—whether verbally or in writing—to another individual or entity.

For more information on data disclosure standards in 2026, you may consult the Global Privacy Assembly or the Federal Trade Commission’s privacy framework.

Your personal information may be disclosed to the following types of third parties:

  • our independent contractors, suppliers and service providers, including without limitation:
  • information to the following parties:
  • Authorized Service Providers:Entities facilitating the operations described in Section 4.
  • IT & Data Infrastructure:Suppliers of technology solutions and external data hosting.
  • Marketing & Distribution:Publishers and distributors of promotional materials.
  • Event Coordination:Organizers of corporate events and exhibitions.
  • Analytics & Communications:Agencies specialized in market research, data analysis, and strategic communication.
    • mailing houses, freight services, courier services; and
    • external business advisers (such as lawyers, accountants, auditors and recruitment consultants);
  • our related entities and brands;

We may disclose your personal information to the following entities:

  • Travel Service Providers: Wholesalers, tour operators, airlines, hotels, car rental companies, transfer handlers, insurance providers, and travel risk management companies to fulfill bookings.
  • Assignees: Any third party to whom we transfer our rights or obligations.
  • Financial Entities: Banks, credit providers, issuers, and payment service providers for transaction processing.
  • Booking Representatives: The individual who made a booking on your behalf (e.g., family, friend, or employer representative).
  • Employers: Your employer if you are traveling as a corporate, business, or government client employee.
  • Business Travel Clients’ Suppliers: Third parties providing services to our business travel clients to facilitate service delivery.
  • Verifying Individuals: A person who verifies a relationship with you (e.g., family member) when you are unreachable, for welfare concerns or urgent actions.
  • Legal & Regulatory Bodies: As required or authorized by law to meet legal obligations, including:
    • Customs & Immigration: To comply with travel requirements.
    • Government Agencies & Public Authorities: To fulfill valid requests, court orders, or legal processes.
    • Law Enforcement: To regulatory bodies and law enforcement officials for security and fraud protection.
    • Enforcement Agencies: Where unlawful activity is suspected.
  • Third-Party Logins: External services (e.g., Facebook, Google) when used to log into your account, sharing specific information with that provider.

For information on data sharing standards in 2026, you may consult the FTC’s Privacy and Security Guide or the European Data Protection Board’s guidelines on third-party disclosures.

When booking flights, rail journeys, cruises, or tours, we provide your contact details (name, email, and/or phone number) to the respective service providers. As of 2026, this disclosure is necessary for providers to notify you directly regarding operational disruptions, such as cancellations or schedule changes.

Beyond these operational requirements, we will not disclose your personal information without voluntary consent except in the following legal or emergency situations:

  • Safety Threats: To prevent or lessen a serious threat to an individual’s life, health, or safety, or to public health and safety.
  • Law Enforcement: To assist enforcement bodies in detecting, investigating, or prosecuting criminal offenses.
  • Legal Mandates: Where disclosure is authorized or required by applicable 2026 data protection laws or court orders.

On our website, you may choose to use certain features that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with us. These features, which include social networking and geo-location tools, are operated by third parties, including social networks, and are clearly identified as such. These third parties may use or share personal information in accordance with their own privacy policies. We strongly suggest you review the third party’s privacy policies if you use the relevant features.

  1. Is personal information transferred overseas?

We may transfer your personal information to overseas recipients when necessary to fulfill your travel contracts or as permitted by law. In 2026, all international transfers are conducted using appropriate safeguards, such as Standard Contractual Clauses, to comply with regional mandates like the EU General Data Protection Regulation (GDPR) or the China Personal Information Protection Law (PIPL).

Please note that some recipients may operate in jurisdictions with different data protection standards than your own. To the extent permitted by local law, we are not liable for how these third parties process your data once transferred. Given our global network of providers, we cannot list every destination; however, you may contact us via the “Feedback / Complaints / Subject Access Requests / Contacts” section for specific details regarding your data’s destination.

We may disclose your personal information to overseas recipients in the following scenarios:

  • Our Overseas Related Entities: Data may be shared with international affiliates for administrative, advisory, and technical services, including data storage and single sign-on functionality across our brands.
  • Overseas Travel Service Providers: Information is disclosed to relevant international providers (e.g., airlines, hotels) in the country where services are delivered to fulfill your booking.
  • Third-Party Service Providers Overseas: Data may be shared with international third parties for storage, processing, and administrative or technical services performed on our behalf.
  • China Cybersecurity Law Compliance: Personal data collected within the People’s Republic of China is only transferred internationally for legitimate business reasons or other legally authorized purposes, in compliance with Chinese law

For more information on cross-border data transfer rules in 2026, you can consult the International Association of Privacy Professionals (IAPP) or review the China PIPL regulations for specific mandates.

  1. Security of information

We are committed to safeguarding your personal data through robust technical, physical, and organizational security measures. These protocols are designed to prevent accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure. We regularly review our security technologies to maintain the highest standards of data protection.

Please note that Travel Dreams And Destinations is not responsible for the security practices or actions of third parties regarding data they collect via their own services.

In accordance with 2026 data standards, we will destroy or de-identify personal information once it is no longer necessary for our legitimate business purposes or legal obligations.

For more on secure data handling, you may consult the NIST Cybersecurity Framework or the ISO/IEC 27001 standards for information security.

  1. Your rights in relation to the personal information we collect

To submit a Subject Access Request to access, rectify, erase, restrict, or port your data (in a machine-readable format), please contact us as detailed in Section 13. We will acknowledge and process all requests within statutory timeframes, though complex requests may require extensions as permitted by 2026 data protection laws.

Key Provisions:

  • Verification: We may require valid identification to prevent unauthorized disclosure.
  • Denials: We reserve the right to deny requests for legally exempt reasons (e.g., national security). If denied, we will provide a written explanation where required.
  • Fees: To the extent permitted by law, a reasonable administrative fee may apply to manifestly unfounded or excessive requests.
  • Marketing: You may opt out of marketing communications at any time via the contact details below.
  • Accuracy: You are responsible for providing accurate information and notifying us of changes; otherwise, we will assume existing data is correct.

You also maintain the right to lodge a complaint with a relevant Data Protection Supervisory Authority. All formal correspondence regarding these rights must be directed in writing to Owner/Travel Agent Roselyn Wilson.

For more on your rights in 2026, see the FTC Consumer Privacy guide or GDPR Article 15.

  1. Social Media Integrations

Our websites and mobile applications utilize social media features and widgets (e.g., “Like” or “Share” buttons) operated by third parties such as Facebook. These features may collect your IP address, track the pages you visit, and deploy cookies to function.

If you are logged into a social media account, the provider may link your activity on our platforms to your profile. These third parties may share data with us—such as your name, profile picture, and friend lists—based on their specific policies. We may also share data with them to deliver targeted marketing to you.

Key Information:

  • Data Governance: Your interactions with these features are governed exclusively by the privacy policy of the third-party provider.
  • User Control: You can manage data sharing and opt out of targeted marketing through your specific social media privacy settings.
  • Third-Party Policies: We strongly recommend reviewing the privacy policies of providers like Meta (Facebook) or Google to understand their 2026 data collection practices.

For further guidance on managing cross-site tracking, you may consult the Digital Advertising Alliance (DAA) Choice Tool.

  1. IP addresses

When you access our website, or any of our applications for communication to or from us, , we may record data regarding your device and the network you are using to connect with us, including your IP address. Your IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.

  1. Tracking Technologies / Cookies

We do not use tracking technologies/cookies.

  1. Linked Sites

Our websites may contain links to third-party websites that we do not  control. We are not responsible for practices or the content of such websites. We encourage you to read the privacy policies of any linked third-party websites you visit as their privacy policy and practices may differ from ours.

  1. Feedback / Complaints / Subject Access Requests / Contacts

You may direct any inquiries or concerns regarding the utilization or disclosure of your personal information to the contact details provided below.

Regardless of your location, should you wish to submit a Subject Access Request to notify us of any modifications or corrections to your personal information, to obtain a copy of the data we have collected about you, to request the deletion of your information, or to request limitations on the further processing of your data, please do not hesitate to call or email us. We will address these requests within the timeframe mandated by the relevant jurisdiction.

Contact:          Roselyn Wilson           roselyn.wilson@icloud.com or write to us at:

Travel Dreams and Destinations

2920 W El Dorado Blvd, Unit 536

Friendswood, Texas 77546

  1. Changes to our Notice

This Notice may be updated at any time. The current version will always be available on our website. We will notify you of any major updates via a prominent website announcement and by updating the effective date at the bottom of the Notice. You are responsible for checking the website regularly for changes.