GDPR Privacy Policy

Effective Date: June 22, 2020
Last Updated: April 1, 2024

This GDPR Privacy Policy applies to individuals located in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK) and supplements our general Privacy Policy. It describes how NTA Travel℠ processes your personal data in accordance with the EU General Data Protection Regulation (GDPR) and UK GDPR.

1. Data Controller

NTA Travel℠
1350 E Flamingo Rd #65
Las Vegas, NV 89119, USA
Email: privacy@nta.travel
Phone: +1 (877) 777-9195

As a U.S.-based company serving EU/EEA/UK residents, we are subject to GDPR obligations when processing personal data of individuals in those regions.

2. What Personal Data We Process

  • Identity data — name, company name, job title
  • Contact data — email address, phone number, postal address
  • Travel and service data — travel preferences, destinations, dates, event details, and budget information
  • Technical data — IP address, browser type, pages visited, cookie data
  • Marketing data — your preferences for receiving marketing from us

3. Lawful Basis for Processing

  • Contract (Article 6(1)(b)) — responding to enquiries and fulfilling travel services you have requested
  • Consent (Article 6(1)(a)) — newsletter subscriptions and marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Article 6(1)(f)) — website improvement, fraud prevention, and direct marketing to existing clients
  • Legal obligation (Article 6(1)(c)) — where processing is required by law

4. International Data Transfers

As a U.S.-based company, your personal data will be transferred to and processed in the United States. Where we transfer data outside the EU/EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, derogations under Article 49 GDPR. Our hosting provider Automattic Inc. (WordPress.com) participates in applicable data transfer frameworks. See Automattic’s Privacy Policy for details.

5. Your Rights Under GDPR

  • Right of access (Article 15) — obtain a copy of your personal data and information about how it is processed
  • Right to rectification (Article 16) — have inaccurate or incomplete data corrected
  • Right to erasure / “right to be forgotten” (Article 17) — request deletion of your personal data in certain circumstances
  • Right to restriction of processing (Article 18) — request that we limit the processing of your data
  • Right to data portability (Article 20) — receive your data in a structured, machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interests or direct marketing at any time
  • Rights related to automated decision-making (Article 22) — we do not use automated decision-making or profiling

To exercise any of these rights, contact us at privacy@nta.travel. We will respond within 30 days. We may verify your identity before processing your request.

6. Data Retention

Enquiry and correspondence data is retained for up to three (3) years. Newsletter and marketing data is retained until you withdraw consent or unsubscribe, at which point it will be securely deleted or anonymised.

7. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the EU, find your national authority via the European Data Protection Board. In the UK, contact the Information Commissioner’s Office (ICO).

We would appreciate the opportunity to address your concern first. Please contact us at privacy@nta.travel before approaching a supervisory authority.

8. Contact

GDPR & privacy enquiries: privacy@nta.travel
Legal notices: legal@nta.travel

9. Changes to This Policy

We may update this policy from time to time. The “Last Updated” date above reflects the most recent changes.