Privacy Policy – TripTyMizer SRL
Your data deserves transparent protection.
Learn how TripTyMizer SRL collects, secures, and uses your information to run the TripTy platform in full GDPR compliance.
(Last updated: October 2025)
01 - Summary
This policy explains how TripTyMizer SRL processes your personal data when you use the TripTy platform to simulate, book, and manage business trips.
It outlines the data collected, the purposes, legal bases, retention periods, user rights, and the security measures applied.
02 - Data Controller
- TripTyMizer SRL
- Rue du Bay-Bonnet 14, 4620 Fléron – Belgium
- Company / VAT number: BE1021.753.656
- Email: info@tripty.be
- Internal privacy contact: Privacy Team – TripTyMizer SRL
03 - Data We Collect
TripTy only collects the data that is necessary to deliver the service:
- Identification data: first name, last name, email address, phone number.
- Professional and tax data: company, VAT number, role.
- Booking data: travel preferences, destinations, fellow travelers, hotel categories, business events.
- Billing data: accounting information required to issue invoices and supporting documents.
- Technical data: IP address, login logs, required cookies (see separate cookie policy).
- Marketing data: newsletter subscriptions or marketing communications based on consent.
04 - Purposes and Legal Bases
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Deliver TripTy services (account creation, simulations, bookings) | Contract performance |
| Billing, accounting, and tax obligations | Legal obligation |
| Customer support and user account management | Legitimate interest |
| Sending newsletters or marketing information | Consent |
| Usage analysis and service improvement | Legitimate interest |
| Responding to legal obligations or authority requests | Legal obligation |
05 - Data Retention
| Data type | Retention period |
|---|---|
| Account data | As long as the account is active + 3 years after deletion |
| Billing data | 7 years (statutory accounting obligation) |
| Technical logs and logins | 12 months |
| Marketing data | 3 years after the last interaction |
| Bookings and travel history | 5 years from the last activity |
06 - Data Sharing
- Technical providers: Vercel (hosting), Supabase (database), OVH (domain).
- Payment providers: Stripe, Bancontact.
- Travel suppliers (airlines, hotels, event organisers) when required to complete a booking.
- Public authorities when required by law (e.g. tax administration).
- No data is shared for commercial or advertising purposes without consent.
07 - Transfers Outside the European Union
TripTyMizer prioritises hosting and storage within the European Union.
Some processors (e.g. Stripe) may nevertheless transfer data outside the EU.
These transfers rely on the European Commission’s Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to the GDPR.
08 - Security Measures
TripTyMizer applies appropriate technical and organisational measures:
- SSL/TLS encryption for communications.
- Secure storage in European data centres.
- Restricted access for authorised personnel only.
- Internal procedures in case of a security incident.
09 - Your Rights
Under the GDPR, you have the following rights:
- Access your personal data.
- Rectify or update your information.
- Erase your data ("right to be forgotten").
- Restrict processing.
- Port your data.
- Object to processing, in particular for marketing purposes.
10 - Right to Lodge a Complaint
If you believe your rights are not respected, you can lodge a complaint with:
- Data Protection Authority (Belgium)
- Rue de la Presse 35, 1000 Brussels – Belgium
- 📧 contact@apd-gba.be
- 🌐 https://www.autoriteprotectiondonnees.be
12 - Changes
TripTyMizer may update this policy to reflect legal, technical, or operational developments.
The latest update date appears at the top of the document.