Privacy policy
Unit.Travel (“Unit.Travel”, “we”, “us” or “our”), our website at https://b2b.unit.travel (the “Website”), and all related websites, downloadable software, mobile applications (including tablet applications), APIs, partner portals, white-label tools provided to travel agencies, and other services provided by us or our partners and on which a link to this Privacy Policy is displayed, and all other communications with individuals through written or oral means, such as email, phone or chat (collectively, the “Service”).
This Privacy Policy (“Policy”) describes the information that we gather on or through the Service, how we use and disclose such information, and the steps we take to protect such information. This Policy is intended to comply with the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and other applicable data protection laws.
1. Definitions
Account means the section(s) of the Service for registered business users, containing tools for search, booking, post-booking management, reporting, administration and support.
Agent (or Partner) means a legal entity (travel agency or other organization) and its authorized representatives who register and use the Service for business purposes.
Booking means a combination of the Agent’s actions, as a result of which the Agent generates and submits an order for accommodation and/or other travel services available through the Service. Provision of certain Personal Data is a necessary condition for making a valid Booking.
Customer / Traveler means a natural person for whom a Booking is made (including where an Agent makes a Booking on behalf of another person).
Personal Data means any information relating to an identified or identifiable natural person, which makes it possible to determine that person’s identity, directly or indirectly.
Service means the multifunctional online travel services platform available on the Website, including versions and modifications designed for mobile devices, APIs and related services provided by us and on which a link to this Policy is displayed.
Controller, Processor, Sub-processor have the meanings given in the GDPR and the UK GDPR.
2. Who is responsible for your Personal Data (Controllers)
Unit.Travel operates through multiple legal entities. Depending on the Agent’s contracting entity, geography, and Service configuration, one or more of the following entities may be the Controller of Personal Data processed under this Policy:
- ALLADYN TRAVEL TECHNOLOGIES OÜ, registry code 16387001, registered address: Narva mnt 7a - 616, B corp, 6 floor, Kesklinna linnaosa, Tallinn, Harju maakond, 15172 Estonia.
- UNIT TRAVEL UK LTD, company number 11232111, registered address: 8 Hermitage Street, London, W2 1BE United Kingdom.
For questions about which entity is the Controller for your data in a specific case, please contact us at help@unit.travel.
3. Scope and applicability (B2B focus)
This Policy applies primarily to:
- Personal Data of Agents’ representatives and other business users (e.g., account owners, managers, bookers, finance users, support contacts);
- Personal Data processed in connection with Agent account creation, access control, support, security and compliance;
- Personal Data submitted by Agents about Customers/Travelers through the Service where Unit.Travel acts as a Processor (see Section 6).
This Policy does not replace:
- consumer-facing privacy notices applicable to B2C/white-label consumer flows; and/or
- any Data Processing Agreement (“DPA” chapter #15 in T&C) concluded between Unit.Travel and the Agent, where Unit.Travel acts as Processor of Traveler Personal Data.
4. The Information we collect on the service
We collect different types of information from or through the Service. The legal bases for Unit.Travel’s processing of Personal Data are primarily that the processing is necessary for providing the Service to Agents (performance of a contract), for our legitimate interests (security, business operations, service improvement), to comply with legal obligations, and in certain cases, based on consent (e.g., particular marketing communications where required).
4.1 Agent-provided Information
When the Service is used, the Agent and/or its authorized users may provide, and we may collect, Personal Data such as:
- name and surname;
- business email address;
- business phone number;
- job title/role;
- company details (legal name, address, registration number, VAT number where applicable);
- billing and settlement information (bank account details for payouts/settlements; invoice references; payment status and transaction references);
- communications and content submitted to us (support requests, emails, chat messages, call records where applicable);
- information required to enable compliance checks (for example, where legally required for AML/KYC purposes).
4.2 Traveler/Customer Information submitted by Agents
Agents may provide traveller details in the course of making Bookings, including:
- traveller names and contact details;
- booking identifiers and itinerary details;
- preferences/special requests;
- identification data where required by suppliers (e.g., passport number and expiry date).
Important: the Agent may be booking for someone else, including multiple travellers. It is the Agent’s responsibility to ensure that any traveller Personal Data provided to Unit.Travel is provided lawfully and that travellers are appropriately informed (see Section 6).
4.3 “Automatically Collected” Information
When the Service is used, we may automatically record certain information from a user’s device by using various types of technology, including cookies and similar technologies. This may include:
- IP address and other device identifiers;
- browser type, device type and operating system;
- the pages or content viewed and interacted with in the Service;
- referring/exit pages, date and time stamps;
- authentication, session and security-related events;
- interaction with email messages (e.g., opens/clicks) where enabled and permitted.
4.4 Information from other sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as:
- identity and fraud prevention partners;
- payment/acquiring partners (limited to payment status and references);
- business partners where the Service is integrated or distributed (subject to contractual controls and applicable law).
If we combine or associate information from other sources with Personal Data collected through the Service, we will treat the combined information as Personal Data under this Policy.
4.5 Payment information (no storage of full card data)
Payments (where applicable) are processed on secure pages of our acquiring/payment service providers. Unit.Travel does not collect or store full payment card details such as full card number or CVV. We may process limited payment-related information necessary for reconciliation, accounting, fraud prevention and customer support (e.g., payment status, transaction reference, amount, currency).
5. How we use the Information we collect
We use the information that we collect in a variety of ways in providing the Service and operating our business, including:
5.1 General Use
We use Personal Data and other information collected through the Service to:
(a) register the Agent and create Accounts;
(b) provide the Agent with the requested Service and features (including search, booking, and post-booking operations);
(c) communicate with the Agent (including for operational and support purposes);
(d) build and maintain functionality that makes the Service easier to use;
(e) conduct surveys and obtain feedback;
(f) detect and prevent fraud, abuse, security incidents and other illegal or unwanted activities;
(g) contact the Agent in case there is an issue with a Booking, account access, payments, settlement, or compliance checks.
5.2 Operations and Support
We use information to operate, maintain, enhance and provide all features of the Service; respond to comments and questions; resolve incidents; provide technical and operational support; and manage service communications required for the performance of the contract.
5.3 Improvements and Analytics
We use information to understand and analyse usage trends and preferences, to improve the Service and develop new products, services, features and functionality. Where feasible, we use aggregated and/or de-identified information for analytics and reporting.
5.4 Marketing Activities and Reminders (B2B)
We may use business contact information for B2B marketing communications as permitted by law (e.g., product updates, service announcements, training/webinars). Where required by applicable law, we will request consent. The Agent can opt out of marketing communications as described in Section 11.2.
5.5 Cookies and similar technologies
We use cookies and similar technologies to:
(a) personalize the Service (e.g., remembering preferences);
(b) maintain sessions and account security;
(c) monitor and analyse Service performance and usage;
(d) measure the effectiveness of communications and (where applicable) marketing activities;
(e) maintain operational integrity and prevent misuse.
5.6 Legal and compliance purposes
We may use and disclose information where we believe in good faith it is appropriate or necessary to:
(a) take precautions against liability;
(b) protect Unit.Travel, Agents, Travelers or others from fraudulent, abusive or unlawful uses;
(c) investigate and defend against claims;
(d) protect the security or integrity of the Service and related infrastructure;
(e) enforce our contracts and protect legal rights;
(f) comply with applicable legal obligations (including accounting/tax and, where applicable, AML/KYC requirements).
5.7 Change of ownership
Information about users of the Service, including Personal Data, may be disclosed and transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, and/or in the event of insolvency, bankruptcy or receivership in which information is transferred as a business asset, subject to applicable law and appropriate confidentiality and security controls.
6. Controller/Processor roles (B2B traveller data)
6.1 Agent as Controller; Unit.Travel as Processor (typical model)
Where an Agent submits traveler Personal Data via the Service for booking purposes, the Agent typically acts as the Controller of traveller Personal Data and Unit.Travel processes such data as the Agent’s Processor to provide the Service and facilitate booking fulfilment. In such cases, the processing is governed by the applicable DPA and this Policy.
6.2 Booking for others
The Agent may provide Personal Data about other persons (e.g., accompanying travellers or persons on whose behalf a Booking is made). The Agent represents and warrants that it has the legal right to provide such Personal Data and that the data subjects have been appropriately informed and, where required, have provided valid consent.
6.3 Suppliers as independent Controllers
Accommodation providers, airlines, tour operators and other travel service suppliers will typically receive traveller data as necessary to provide the booked services and will act as independent Controllers for their own processing, including compliance with their legal obligations.
7. Legal bases for processing
To process Personal Data as described above, we rely on the following legal bases (as applicable):
7.1 Performance of a contract: processing is necessary to provide the Service to the Agent, including creation of Accounts and processing Bookings.
7.2 Legitimate interests: we process Personal Data for our legitimate interests such as operating and improving the Service, ensuring security and preventing fraud, managing business communications, maintaining service quality, internal administration and legal protection, provided those interests are not overridden by data subjects’ rights.
7.3 Consent: where required by law, we may rely on consent for certain marketing communications and/or certain cookies/technologies. Consent may be withdrawn at any time.
7.4 Compliance with a legal obligation: we may process and disclose Personal Data to comply with applicable laws and lawful requests by public authorities, and to meet legal obligations relating to accounting/tax and other regulatory requirements (including AML/KYC where applicable).
8. To whom we disclose information
Except as described in this Policy, we do not intentionally disclose Personal Data collected on the Service to third parties without authorization, unless required or permitted by law. We may disclose information to third parties in the following circumstances:
8.1 Travel service providers
In order to complete Bookings, we transfer relevant reservation details to travel service providers (e.g., hotels, airlines, operators) and/or their authorized intermediaries, as necessary to fulfil the booking and handle post-booking requests and disputes. This may include traveller identity details where required to deliver the booked service.
8.2 Service providers (Processors/Sub-processors)
We may use third-party service providers to process Personal Data on our behalf for purposes such as hosting, maintenance, security, communications, analytics and payment operations. These providers are subject to contractual obligations to process Personal Data only on our instructions and to maintain confidentiality and appropriate security.
8.3 Payment providers and financial institutions
When a chargeback is requested or payment disputes arise, we may need to share certain booking details (and, where relevant, IP address or transaction references) with payment providers and financial institutions to handle the dispute and prevent fraud. We may also share information where strictly necessary for fraud detection and prevention.
8.4 Competent authorities and legal process
We may disclose Personal Data to law enforcement or other authorities insofar as required by law, or where strictly necessary for the prevention, detection or prosecution of criminal acts and fraud, and to protect and defend legal rights.
8.5 Business partners (distribution/integration)
We may work with business partners who distribute, integrate or support the Service for Agents. In such cases, data sharing will be limited to what is necessary for the relevant business purpose (e.g., account provisioning, support), and subject to contractual and legal controls.
8.6 Aggregated/non-identifiable information
We may make aggregated or otherwise non-identifiable information available to third parties for reporting, business or analytical purposes, where such information does not identify individuals.
9. Data sharing and third-party services
The Service may contain features or links to websites and services provided by third parties. Any information provided on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
10. AI in Customer Support (internal helpdesk)
In our Customer Support services we use AI-enabled features within our internally developed helpdesk system to enhance efficiency and responsiveness. These AI features may include (without limitation) routing tickets to appropriate teams, categorizing requests, summarizing content, and estimating complexity and priority.
We do not use AI for fully automated decision-making that produces legal effects or similarly significant effects on individuals. Decisions affecting contractual outcomes, refunds, or a person’s rights are subject to human oversight.
11. Cookies (More on Cookies Policy)
11.1 What are cookies and similar technologies?
A cookie is a small amount of data that is placed in the browser of a device. Cookies may be “first party cookies” (set by the operator of the domain) or “third party cookies” (set by a third party). Session cookies exist until the browser is closed; persistent cookies remain for longer periods.
In addition to cookies, similar technologies may be used, such as web beacons/pixels, tracking URLs, and SDKs (together referred to here as “Cookies”).
11.2 Types of Cookies used on the Service
Technical Cookies. Necessary for the Service to function properly (e.g., login, session management, security, account creation, booking administration).
Functional Cookies. Remember preferences (e.g., language, currency, search context) and enhance user experience.
Analytics Cookies. Provide insight into how visitors use the Service and enable measurement and improvement of features and performance. Analytics may include pages viewed, interaction events, and time stamps.
Commercial/Advertising Cookies. If used, these support advertising/retargeting and measurement activities.
Important note for Unit.Travel: we do not use Meta/Google Customer Match and we do not upload email lists to Meta/Google for ad targeting or matching purposes. If we engage third-party advertising technologies in the future, we will do so in compliance with applicable law and, where required, on the basis of consent and appropriate disclosures.
11.3 Control of Cookies
Where required by law, we will request consent for non-essential cookies. You can also manage cookies through your browser settings and (where available) our cookie preference controls. Disabling cookies may affect certain Service functionality.
12. Data Security and Retention
We maintain appropriate administrative, technical and organizational safeguards designed to protect Personal Data against accidental or unlawful destruction, loss, unauthorized alteration, disclosure, access, misuse, and other unlawful processing. Measures may include encryption in transit (e.g., TLS/SSL), access controls, authentication controls, logging and monitoring, and least-privilege access.
If we learn of a security incident involving Personal Data, we will assess and, where required, notify the relevant parties and authorities in accordance with applicable law.
Retention
We retain Personal Data for as long as:
- the Agent’s Account is active, or otherwise as needed to provide the Service; and/or
- necessary to comply with legal obligations (e.g., accounting/tax), resolve disputes, enforce agreements, or protect legal rights.
Backup and archive copies may persist for limited periods, subject to access controls and retention policies. Where appropriate and feasible, we may anonymize or aggregate data for analytics.
13. International Data Transfers
Personal Data may be transferred to countries that do not provide the same level of protection as the EEA/UK. Where such transfers occur, we take appropriate precautions to ensure compliance with applicable data protection laws. These may include:
- EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum (or equivalent safeguards);
- assessments of transfer risks and implementation of additional technical and organizational measures as appropriate.
In some cases, transfers may be necessary to perform a contract (e.g., to provide booking details to a supplier located outside the EEA/UK).
14. The User’s Choices and Rights
14.1 Access, correction, deletion, portability
We respect privacy rights and provide reasonable access to Personal Data. Account users may update, correct, or delete certain Account information through Account settings where available. Requests for access, deletion or portability may be submitted as described in Section 16.
Please note that we may retain information as necessary for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, dispute resolution, and where we otherwise reasonably believe we have a legitimate reason to do so under applicable law.
14.2 Objection and restriction
Where processing is based on legitimate interests, you may object on grounds relating to your particular situation, unless otherwise permitted by law. You may also request restriction of processing in certain circumstances.
14.3 Marketing opt-out
If you receive marketing communications from us, you may unsubscribe at any time by following the instructions in the communication or by contacting us. Please note that even after opting out of marketing messages, you will continue to receive administrative/service messages regarding the Service.
15. Minors
The Service is intended for business users and is not directed to minors. Account users must be at least 18 years old (or the age of majority in their jurisdiction) and authorized to act on behalf of the Agent.
16. How to Contact Us
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at help@unit.travel.
You may also contact us by post at: [EE ADDRESS FOR NOTICES] and/or [UK ADDRESS FOR NOTICES] (as applicable).
17. Complaints
If you believe your rights under applicable data protection laws have been infringed, you have the right to lodge a complaint with a supervisory authority.
For Estonia: Estonian Data Protection Inspectorate (AKI): https://www.aki.ee/
For the UK: Information Commissioner’s Office (ICO): https://ico.org.uk/
18. Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service and indicate the date of the latest revision, and will comply with applicable law. Continued use of the Service after the revised Policy becomes effective indicates that you have read and understood the current version of the Policy.
