Travel Point


PRIVACY POLICY


1. General provisions


1.1 The administrator of your personal data is the legal entity from the list below with which you have entered into a contract, or that is a party to the relevant legal relationship:


Consolidator LLC (EDRPOU code 38191054, address: 04070, Ukraine, Kyiv, 33/6 Borychiv Tik St., Letter “A”) 


Travel Point LLC (EDRPOU code 44991114, address: 01054, Ukraine, Kyiv, 30 Franko St., office 47)


Travel Point Global LLC (EDRPOU code 42896302, address: 03150, Ukraine, Kyiv, Velyka Vasylkivska Street, building 72, office 37) 


Each of these legal entities acts as a separate independent personal data administrator and processes only the personal data that has been collected within the framework of its contractual relationship with you. 


Personal data is exchanged between administrators only if this is required for the performance of the contract with you and the provision of relevant services.  


1.2 First of all, we want you to understand how TRAVEL POINT works. 

TRAVEL POINT's functionality is based on interaction with a “token,” such as BMP-Link or GoLink. This is the key to the repository containing data about the tickets you have sold in Global Distribution Systems (GDS). The token is designed to enable you to transfer your data and process it using third-party applications. At TRAVEL POINT, we use a “token” to keep track of tickets sold in one place, provide invoices to customers, and for mutual settlements with partners.

TRAVEL POINT was created to make life easier for airline managers and simplify interaction with consolidators

Is it mandatory to use a token in TRAVEL POINT? No, it is not mandatory. Most of the functionality will be unavailable. You will need to request invoices for payment yourself, return to using ticket tracking sheets, and keep a calendar noting who to register and when.

Can I disable ticket uploads in TRAVEL POINT? Yes, you can do this yourself or write to support@travel-point.me

Can I delete all user data from TRAVEL POINT? Yes. If you need to do this, write to support@travelpoint.me


1.3 We have created this Policy to confirm TRAVEL POINT's compliance with the provisions of the General Data Protection Regulation, i.e. Regulation No. 2016/679 of the European Parliament and of the Council of the European Union “On the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” (“GDPR”), the Law of Ukraine “On the Protection of Personal Data” and other legislative acts regulating the procedure for interacting with the personal data of Internet users.


1.4 We respect personal data. By using TRAVEL POINT services, you entrust us with your personal information, and we do everything possible to ensure the security of this data while giving you the ability to manage it.


1.5 Please note that the Policy applies to all personal data that you provide to us and that we collect independently in the process of providing TRAVEL POINT services (including through the use of cookies), as well as data and information that you enter into the TRAVEL POINT reporting system to simplify the management and analysis of data related to the sale of airline tickets, railway and bus tickets, i.e. in the process of creating your own database.


1.6 This Policy does not apply to websites that you access via hyperlinks on our website https://travelpoint.me/.


1.7 Through this Policy, we would like to inform you about:

- who we are;

- how we work with personal data;

- what personal data we collect;

- the purpose of processing personal data;

- where and why we transfer personal data;

- how long we store personal data;

- what rights you have as a data subject;

- how we keep personal data confidential;

- how we store and ensure the confidentiality of information in your database;

- how to contact us.


1.8 For us, the legal basis for processing personal data, in accordance with Article 6 of the GDPR, is established separately or jointly, and includes:

- your consent to the processing of your personal data, as well as the personal data of third parties on whose behalf or for whose benefit you act, for the purpose of enabling TRAVEL POINT to provide its services;

- the necessity of performing a contract to which you, or a third party on whose behalf or for whose benefit you act, are a party;

- the necessity of taking steps at the request of the passenger/customer in order to conclude a contract or to establish contact with the carrier or supplier. 

1.9 Processing of special categories of personal data (e.g., health data) will only be carried out with your consent to the processing of your personal data and the personal data of third parties on whose behalf or in whose interests you are acting, and/or if it is necessary for carriers to provide special services related to the health condition of the passenger/customer.

1.10 Please note that you, as a user, are solely responsible for interaction of TRAVEL POINT with other programs, extensions, or applications from other developers, and its compliance with the rules and policies, in particular those of GDS terminals.

1.11 We reserve the right to make changes to the Privacy Policy at any time and for any reason. The date of the last update of the Policy will be indicated in the “Last update” line at the end of this page


2. Personal data of third parties


2.1 If you use TRAVEL POINT services on behalf of or for the benefit of third parties (e.g., your customers), the information you provide about such third parties is collected and processed by TRAVEL POINT under the same conditions as your personal data. If you provide us with the personal data of third parties on whose behalf you are acting, you declare that you have the right to entrust us with the processing of this personal data. 


2.2 If you use TRAVEL POINT services to record and store your customers' data, you create your own database. All information and content that you send or upload to this database is your own, and you have full control over it.


2.3 We collect and process third-party data (in particular, your customer data) exclusively on your behalf to provide the data storage and consolidation services to which you have subscribed.


2.4 Our support team and engineers may access this data and information on a limited and strictly justified basis only in exceptional cases:

- to resolve any issue with our services and only at your direct request to our support team,

- to comply with any legal requirement (enforcement action, subpoena or court order, defense against unlawful claims, etc.). 

Any other form of interference with, or use of, this data and information is strictly prohibited.


3. Consent to the processing of personal data


If, during registration on our website, you checked the box “I agree to the Privacy Policy” or accepted our Subagent Agreement for the provision of intermediary services, the provisions of which are published online at the following links https://travel-point.me/offer, https://travel-point.me/terms-tp, https://travel-point.me/terms-consolidator, we consider that you: 

- unconditionally and fully accept the terms of this Policy without any modifications;

- acknowledge that this website may collect your personal data, as well as the personal data of third parties on whose behalf or for whose benefit you are acting, and process such data using the technical resources of TRAVEL POINT;

- consent to the collection and processing of all personal data you provide for the purposes specified in this Policy;

- consent, where necessary, to the processing of special categories of personal data (e.g., health data) relating to you or third parties on whose behalf or in whose interests you are acting, insofar as it is required for the provision of specific services directly connected to such data;

- consent to the processing and international transfer of your personal data, as well as the personal data of third parties on whose behalf or for whose benefit you are acting, where this is required by the terms of service;

- consent to the transfer of personal data to third parties, where necessary, for the performance of contractual obligations and the proper provision of TRAVEL POINT services;

- you consent to the collection and storage of your personal data and the personal data of third parties on whose behalf or in whose interests you are acting, without limitation in time, until you or the third party on whose behalf or in whose interests you acted personally submits a request or wish to terminate the processing of your personal data and/or its destruction, and/or until the termination of the relationship at the initiative of TRAVEL POINT and/or on other grounds in accordance with the provisions of this Policy and the requirements of the law. 


3.2 By agreeing to the terms of this Policy, you confirm that you are a legally capable individual who has reached the age of 16.


3.3 By agreeing to the terms of this Policy, you give your consent to the processing of your personal data, as well as the personal data of third parties on whose behalf or in whose interests you are acting, in accordance with the provisions of this Privacy Policy.


3.4 By providing information regarding third parties, you confirm that such third parties have been informed of the provisions of this Privacy Policy and have provided their unconditional and full consent to the collection and processing of their personal data in accordance with its terms


4. Personal data we collect and process


4.1 We receive and store any information you provide via the website https://travel-point.me/, report to our support service, provide to TRAVEL POINT in any other way to the extent necessary to provide services, improve the quality of such services, and fulfill contractual obligations to you or third parties on whose behalf or in whose interests you act.


4.2 The above information includes:

- information that can be used to identify a natural person who directly uses TRAVEL POINT services, such as: surname, first name, mobile phone number, email address, employer name, position;

- information that can be used to identify a passenger, i.e., a natural person who is transported by aircraft with the consent of the carrier in accordance with the contract of carriage and in whose name a ticket (transport document) is issued, in particular, surname, first name, date of birth, gender, citizenship, mobile phone number, postal address, email address, frequent flyer card, loyalty card information, visa information;

- information that allows identifying the customer- a natural person who uses accommodation services and in whose name the booking was made, as well as persons who will be staying with them. Such information includes, in particular: surname, first name, date of birth, gender, nationality, mobile phone number, postal address, email address and other similar data;

- data from identity documents, such as passport number and series, date of issue, and expiry date;

- technical information, including the Internet Protocol (IP) address used to connect to the Internet, your registration information, browser type and version, time zone, browser plug-in types and versions, operating system and platform;

- profile information (settings, search history, booking and sales history);

- information about your visit, history of visits and movements on our website, history of transitions from our site (including date and time), services you viewed or searched for, page response time, loading errors, time spent on specific pages, information about activity on the page (e.g. scrolling, clicks and mouse hovering), ways of leaving the page;

- information we need to improve the quality of the TRAVEL POINT service, which is an integral part of providing the service in general, including information you use when working with online cloud distribution systems after logging in;

- information obtained in the course of communicating with you by telephone, email, through our website, social media, customer service or other means;

- information necessary to conclude and/or perform a contract with you or third parties on whose behalf or for whose benefit you are acting;

- cookies that are essential and without which our website cannot function, and cookies that are collected and sent to Amplitude so that we can use their tools to improve the website. You can learn more about our cookie policy at https://travel-point.me/cookies-policy;

- information you provide when creating and adding to your own database;

- other information you voluntarily leave on this site.

4.3 If you do not want us to process your personal data or the personal data of third parties on whose behalf or for whose benefit you are acting, please do not provide us with such information.


4.4 We do not collect personal data of persons under the age of 16, and they are prohibited from providing information to receive our services. If we find out that personal data has been submitted by someone other than a parent (i.e., a person under the age of 16) or legal guardian or a user directly authorised by them, we undertake to delete such data immediately.


5. Purpose of personal data processing


5.1 We use your personal data and the personal data of third parties on whose behalf or for whose benefit you act for the purpose of providing TRAVEL POINT's services in a complete and highquality manner, in particular, but not limited to, issuing, preparing, issuing or processing any airline ticket, making changes to a ticket, calculating and refunding a ticket, providing EMD services, as well as making accommodation reservations, confirming, changing or cancelling such reservations.


5.2 We may also use personal data to provide you with quality responses or other information from TRAVEL POINT based on your requests or requests from third parties on whose behalf or in whose interests you are acting.


5.3 Another purpose of processing personal data is to use it for marketing and advertising purposes, including direct marketing, market research, and statistics. 


5.4 We also use personal data to continuously improve TRAVEL POINT services and enhance your experience using our website https://travel-point.me/.


6. Transfer of personal data


6.1 Your data may be transferred to third parties only for the purpose of TRAVEL POINT providing its services, which could not be provided without such transfer of your personal data or the personal data of third parties on whose behalf or for whose benefit you are acting. For example, personal data may be transferred to carriers for the purpose of issuing tickets (transport documents), as well as to accommodation providers for the purpose of booking accommodation and providing accommodation services.


6.2 We may also provide your personal data and the personal data of third parties on whose behalf or in whose interests you are acting to persons associated with TRAVEL POINT, officials, its representatives, agents, employees or partners of TRAVEL POINT for the purpose of providing their services to you.


6.3 TRAVEL POINT uses Amplitude on its website, which is a web analytics tool that helps to understand how visitors interact with this site. Amplitude collects data about the browser, device type, device model, location, country, city, service provider, screen resolution (mobile), time spent on the site, language, operating system, and pages visited on the site. Amplitude uses the information to study website usage, prepare reports on website activity, and offer other additional services. Please note that Amplitude receives your cookies. Without these cookies, Amplitude cannot function. You can read Amplitude's privacy policy on their official website at this link: https://amplitude.com/privacy. 


6.4 In addition, we may disclose information:

- in response to an executive document, subpoena or court order;

- to protect against unlawful claims

- to comply with other legal requirements;

- if we believe it is necessary to respond to illegal actions against us, or to analyse an illegal act, to protect or preserve our rights, property or safety of TRAVEL POINT.


6.5 If personal data is transferred on grounds other than those specified in this Policy, you will be notified of such transfer and you will be able to allow or prohibit us from providing your personal data to a third party.


6.6 When transferring personal data, we always use the most secure and proven methods.


7. Cross-border data transfer


7.1 You agree that in order to provide its services, TRAVEL POINT may store and process personal data, including verifying transactions on servers and resources located outside Ukraine and the European Economic Area. You give your unconditional consent to the transfer of any or all of your personal data and the data of third parties on whose behalf or for whose benefit you are acting outside Ukraine and the European Economic Area solely for the purpose of obtaining an adequate level of service. Your personal data may be stored and processed on servers and resources belonging to TRAVEL POINT or independent contractors, which may be located in any country in the world (e.g. the United States, Canada).


7.2 By using this website, you consent to the transfer of your personal data outside Ukraine, the European Union and the European Economic Area. You are informed and agree that your personal data may also be transferred to the United States. Any cross-border transfer of data occurs only to fulfil the terms of relevant requests, agreements of this Policy and for the purpose of providing services. All cross-border transfers are limited to those categories of data and recipients that are necessary to fulfil the relevant contracts, provisions of the Policy and the provision of services.


8. Personal data retention period


8.1 We retain your personal data for as long as it is necessary for the purposes outlined above. This depends on the purpose for which the data was collected or whether we have a continuing legal basis for storing the data (e.g. to fulfil the terms of a contract between us, to provide services you have requested). Rest assured that if we no longer have a reason or legal obligation to process your personal data, we will delete it or store it in such a way that it can no longer identify you. 


8.2 TRAVEL POINT's storage of different types of personal data depends on the following factors:

- the purpose for which the personal data was collected

- the time required to achieve that purpose;

- any specific reason or strict legal obligation to store personal data for a certain period of time.


8.3 If you have an account on our website, we will store personal data such as your email address, first name, last name, company name, and mobile phone number so that you can log in and access our services for as long as your account exists.


8.4 When determining the retention periods for personal data, we also take into account the retention period necessary to fulfil our obligations to you or to third parties on whose behalf or in whose interests you are acting, to regulatory authorities, and for accounting and tax reporting purposes.


9. Rights of the user (personal data subject)


9.1 We respect your rights regarding personal data and facilitate their implementation. You can contact TRAVEL POINT using the contact details provided below to request the implementation of your rights. 

9.2 You can exercise your rights to:

- access information related to the processing of your personal data;

- access to information that is the subject of the contract between us;

- receive an electronic copy of the personal data that has been processed;

- clarify and/or correct your personal data, in particular, we will notify all persons to whom we have previously transferred your personal data, provided that such notification can be made and does not require disproportionate effort on our part;

- direct transfer of your personal data from TRAVEL POINT to third parties;

- restriction, full or partial withdrawal of your consent to the processing of personal data in certain ways; 

- destruction of your personal data at your request, or if consent to processing has been withdrawn, or if there is no longer a need to process your personal data;

- destruction of your database created as a result of using Travel Point software in the form of an online service to simplify the management and analysis of data related to the sale of airline tickets, railway and bus tickets


9.3 If you believe that your rights and/or legitimate interests have been violated, you have the right to file a claim or complaint with the competent state authority. 


10. Maintaining the confidentiality of personal data


10.1 We take a bunch of technical, organisational, and legal steps to protect your personal info from unauthorised or accidental access, collection, storage, use, transfer, blocking, or destruction, as well as other unauthorised actions or accidental leaks. 


10.2 For example, we ensure:

- Access control: we adhere to the principle of least privilege. Access is granted in accordance with job responsibilities, business needs and the need to know. We periodically conduct access checks to ensure that employees have only the rights necessary for their work;

- Familiarisation of TRAVEL POINT employees with the requirements of current legislation and regulatory documents on the processing and protection of personal data;

- Accounting and storage of physical media, which prevents theft, replacement, unauthorised copying and destruction;

- Identification of threats to the security of personal data confidentiality;

- Access logging: we use a log collection system (Graylog) that automatically collects event logs from critical systems. Automated rules provide alerts about potential incidents;

- Training employees in the use of information security measures and rules for working with personal data information systems;

- Authentication security: all Travel Point systems use a password complexity policy (length, characters, regular change). Where possible, we use multi-factor authentication (MFA);

- Accounting for information security measures, operational and technical documentation for them;

- Monitoring user actions, reviewing incidents of personal data security violations;

- Protection against DDoS attacks: Travel Point uses third-party solutions to prevent distributed denial-of-service attacks;

- Hosting in a secure environment: your data and your customers' data are stored in the AWS cloud environment, which ensures the physical security of data centres. AWS has international security certifications (ISO 27001, SOC 2, etc.);

- Separate environments: your data and your customers' data do not end up in test or development environments. There are separate environments for development, testing, and production.

- Backup: all data is regularly backed up in encrypted form. This prevents information loss in the event of failures or attacks;

- Monitoring and response: algorithms for detecting abnormal activity have been implemented to minimise the risk of data leaks;

- Other measures that contribute to the protection of confidentiality. 


10.3. In the course of our activities, we use specialised solutions for automatic monitoring of incidents 24/7. This allows us to respond quickly to potential threats.


11. Contacts


11.1 You can contact us by sending a message to support@travel-point.me or via TRAVEL POINT technical support using the chat function available directly on our website.


11.2 You can also send a letter to the address of the legal entity that is the administrator of your personal data, specified in clause 1.1.


Document version dated: 06 October 2025