Legal

GDPR

Last updated: 20 May 2026

### 1. Commitment to EU and International Data Privacy 1inalltravel is headquartered in Kolkata, India, and provides modern CRM and workflow automation solutions globally. We understand that many of our subscribing travel agencies and tour operators manage travel arrangements for clients residing within the European Union (EU) and the European Economic Area (EEA).

Consequently, we design our software platform architecture to comply fully with the requirements of the **General Data Protection Regulation (GDPR)** (Regulation (EU) 2016/679).

### 2. Our Role: Data Controller vs. Data Processor Under GDPR To understand your rights and our obligations under the GDPR, it is critical to distinguish our operational roles: * **1inalltravel as a Data Controller:** We act as a Controller for our own corporate subscriber operations (e.g., handling the name, login details, and invoice transactions of the travel agencies who purchase our SaaS product). * **1inalltravel as a Data Processor:** We act as a Processor regarding any personal data inputted into our platform by subscribing agents concerning their end-travelers (e.g., customer flight data, passports, emails, hotels). Subscribing agents are the **Data Controllers** and assume full compliance duties for obtaining proper legal bases (such as explicit consent or performance of a contract) before recording end-traveler data.

### 3. Core GDPR Principles Embedded in Our Software Our dynamic workflow engine and software tools have been built with "Privacy by Design" principles to help you remain GDPR compliant:

* **Data Minimization & Purpose Limitation:** Our systems are configured to process only the data fields necessary for you to execute automated itineraries, lead tracking, and client invoicing. * **Confidentiality and Security:** We employ advanced AES encryption at rest and secure Transport Layer Security (TLS/HTTPS) protocols in transit to guard traveler records from threat elements. * **Data Portability and Exporting:** Travel agents can easily download or export clean CSV/JSON/PDF data bundles of customer files to honor customer data portability requests.

### 4. Supporting Data Subject Rights We provide the technical tools inside the CRM dashboard to help travel agents immediately respond to requests from European data subjects exercising their rights, including: 1. **The Right of Access:** Promptly reviewing stored profiles. 2. **The Right to Rectification:** Modifying incorrect contact or travel details. 3. **The Right to Erasure ("Right to be Forgotten"):** Permanently purging client records from active CRM databases upon a customer's formal request. 4. **The Right to Restrict Processing:** Freezing specific automated workflow triggers for individual accounts.

### 5. International Data Transfers When data is transferred outside the EEA to our secure infrastructure, we ensure that appropriate safeguards are in place—such as deploying strict Standard Contractual Clauses (SCCs) or relying on valid technological protection parameters—to assure that data protection parity matches EU baselines.

### 6. Data Protection Contact If you are an EU-based travel agent or an individual whose information is handled via our platform, and you have questions specifically regarding our GDPR infrastructure alignment, please reach out to our dedicated operations desk:

* **Email:** support@1inalltravel.com * **Subject Line:** GDPR Compliance Query