Apaleo Privacy Policy

Our Commitment to Your Privacy

At Apaleo, we are revolutionizing global travel through blockchain and digital identity. In doing so, we are deeply committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how Apaleo ("we," "our," or "us") collects, uses, processes, stores, and shares your information when you engage with our innovative travel ecosystem, including our online platform, services, and any related offerings. We operate in full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

Apaleo acts as the data controller for the personal data collected and processed through our site. Our contact details are:

Apaleo GmbH
[Insert Company's Physical Address]
[Insert City, Postal Code, Country]

Information We Collect

We collect various types of information to provide and improve our services, ensuring a seamless and secure experience within our ecosystem. This information falls into the following categories:

• Information You Provide Directly: This includes data submitted when you create an account, complete your digital identity, book travel services, participate in loyalty programs, or communicate with us. This may include your name, contact details (email address, phone number), payment information, travel preferences, and digital wallet addresses.
• Information Collected Automatically: When you access our platform, we automatically collect certain information about your device and usage patterns. This may include IP addresses, browser type, operating system, referral URLs, pages viewed, and access times. This data helps us understand user behavior, enhance platform functionality, and maintain security.
• Information from Third Parties: In some instances, we may receive information from third-party travel service providers, partners, or publicly available sources to facilitate your travel bookings or enhance our service offerings, always with your consent or a legitimate legal basis.

How We Use Your Information

We use the collected information for the following purposes and under the following legal bases:

• To Provide and Maintain Our Services (Contractual Necessity): Processing your bookings, managing your digital identity, facilitating payments, and delivering the travel experiences you request.
• To Improve and Personalize Your Experience (Legitimate Interest): Analyzing usage data to enhance our platform's functionality, develop new features, and personalize offers, ensuring relevance to your preferences.
• For Security and Fraud Prevention (Legal Obligation & Legitimate Interest): Protecting our platform and users from fraudulent activities, unauthorized access, and other security threats, including leveraging blockchain's inherent security features.
• To Communicate with You (Consent & Legitimate Interest): Sending service-related updates, customer support responses, and, with your explicit consent, marketing communications about our innovative offerings.
• To Comply with Legal Obligations (Legal Obligation): Adhering to applicable laws, regulations, and legal processes.

Data Sharing and Disclosure

We may share your data with trusted third parties under specific circumstances, always with robust data protection agreements in place:

• Travel Service Providers: To fulfill your bookings, we share necessary information with airlines, hotels, car rental agencies, and other travel service providers. Your digital identity, managed through blockchain, ensures secure and permissioned access to this data.
• Third-Party Service Providers: We engage third-party vendors to perform services on our behalf, such as payment processing, data analytics, infrastructure provision, and customer support. These providers are bound by strict confidentiality obligations.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the transaction, subject to applicable data protection laws.

Blockchain and Data Privacy

Apaleo leverages blockchain technology to enhance data privacy and security. While certain transaction data may be recorded on an immutable ledger, your personally identifiable information is not directly stored on the public blockchain. Instead, we use cryptographic techniques and decentralized identifiers (DIDs) to link your digital identity to your travel preferences and bookings, granting you granular control over who can access your data, and for what purpose. This approach minimizes the surface area for data breaches and empowers you with true data ownership.

International Data Transfers

As a global travel ecosystem, your information may be transferred to, and processed in, countries outside your country of residence, including those outside the European Economic Area (EEA). We ensure that any such transfers comply with applicable data protection laws by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or relying on adequacy decisions where available.

Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security audits, and the inherent security benefits of blockchain technology for digital identity management.

Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• The Right to Erasure (Right to Be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When it is no longer necessary to retain your data, we will securely delete or anonymize it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new Privacy Policy on our site with a revised "last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please do not hesitate to contact us at:

Apaleo GmbH
[Insert Company's Physical Address]
[Insert City, Postal Code, Country]

You also have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that our processing of your personal data infringes data protection laws.