1. INTRODUCTION AND SCOPE

1.1 About TravelGliders

TravelGliders operates the website www.travelgliders.us and provides independent travel agency services to clients throughout the United States and internationally. TravelGliders is an independent travel agency — not owned by, affiliated with, or acting on behalf of any airline, airline group, or airline alliance. This Privacy Policy describes how TravelGliders collects, processes, uses, stores, shares, and protects personal information in connection with your use of our website and services.

1.2 Who This Policy Applies To

This Privacy Policy applies to:

• Visitors to www.travelgliders.us, regardless of whether they make a booking
• Clients who purchase or inquire about travel services through TravelGliders
• Travelers on whose behalf a booking is made by a lead client
• Recipients of TravelGliders's marketing communications (where applicable)
• Job applicants and other individuals who interact with TravelGliders

1.3 Legal Basis — Overview

TravelGliders processes personal data in compliance with applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) as amended effective January 1, 2023. To the extent TravelGliders interacts with individuals in the European Union or European Economic Area, data processing is conducted in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) to the extent applicable.

1.4 Independent Agency — No Airline Data Sharing for Marketing

TravelGliders is an independent travel agency with NO affiliation to any airline. Personal data collected by TravelGliders is NEVER sold to, or shared with, any airline, airline alliance, or airline loyalty program for marketing or commercial purposes. Mandatory transmission of traveler data to airlines (such as passenger name records and Secure Flight data) occurs solely to fulfill booking obligations and applicable legal requirements — never for TravelGliders's own marketing benefit.

2. PERSONAL INFORMATION WE COLLECT

2.1 Categories of Personal Information

The following table sets out the categories of personal information TravelGliders collects, the specific types of data within each category, the source of that data, and the business purpose for which it is collected:

2.2 Sensitive Personal Information

Certain categories of personal information are classified as sensitive under applicable law, including health-related information, government-issued identification numbers, and financial account data. TravelGliders collects sensitive personal information only to the extent strictly necessary to fulfill your booking or comply with legal requirements. You have the right to limit TravelGliders's use and disclosure of your sensitive personal information (see Section 7).

2.3 Information We Do NOT Collect

TravelGliders does not intentionally collect:

• Full payment card numbers (these are collected and processed exclusively by our PCI-DSS compliant payment processor)
• Social Security Numbers, except where legally required for international travel documentation or insurance purposes
• Biometric data
• Personal information from children under the age of 13

Our website is not directed to children under 13. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@travelgliders.us.

2.4 Automatically Collected Data

When you visit www.travelgliders.us, our servers and analytics tools automatically record certain information about your visit, including your Internet Protocol (IP) address, browser type and version, operating system, the URL from which you arrived, pages you viewed, duration of your visit, and other standard log data. This information is used to maintain website security, analyze traffic patterns, and improve user experience. It does not identify you as an individual unless combined with other identifying data.

3. HOW WE USE YOUR PERSONAL INFORMATION

3.1 Primary Business Purposes

TravelGliders uses personal information collected from you for the following primary business purposes:

• Booking Fulfillment: Processing and confirming travel reservations, communicating booking details, issuing itineraries and travel documents, and providing pre- and post-travel support.
• Payment Processing: Verifying payment information, processing charges, issuing refunds where applicable, and maintaining payment records for accounting and audit purposes.
• Customer Service: Responding to inquiries, resolving complaints, providing travel advice, and managing changes or cancellations.
• Regulatory Compliance: Transmitting required passenger data to airlines, governmental authorities, customs and immigration agencies, and other regulatory bodies as required by applicable law.
• Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent bookings, unauthorized access, and other security threats.
• Legal Obligations: Meeting obligations under U.S. law, responding to lawful government requests, and enforcing TravelGliders's contractual rights.
• Quality Assurance: Monitoring and recording communications for quality control, staff training, and service improvement purposes.

3.2 Secondary Purposes — Marketing

With your consent or where otherwise permitted by applicable law, TravelGliders may use your contact details to:

• Send promotional emails about travel deals, destination inspiration, and TravelGliders services
• Deliver personalized travel recommendations based on your booking history and stated preferences
• Invite you to participate in surveys or feedback programs
• Notify you of changes to TravelGliders's services or policies

You may opt out of marketing communications at any time by clicking the 'Unsubscribe' link in any email, by contacting privacy@travelgliders.us, or by adjusting your account preferences. Opting out of marketing does not affect TravelGliders's ability to send transactional communications related to your bookings.

3.3 Lawful Basis for Processing — GDPR Reference

For individuals in the EU/EEA, TravelGliders's legal bases for processing personal data are:

4. HOW WE SHARE YOUR PERSONAL INFORMATION

4.1 TravelGliders Does Not Sell Personal Information

TravelGliders does NOT sell, rent, trade, or otherwise transfer your personal information to unaffiliated third parties for their own marketing or commercial purposes. This commitment applies without qualification to all users of our website and services.

4.2 Permitted Disclosures to Travel Suppliers

To fulfill your booking, TravelGliders must share necessary personal information with the relevant travel suppliers. Such disclosures are limited to what is strictly required to complete your booking and are governed by the supplier's own privacy policies:

4.3 Service Providers and Processors

TravelGliders engages carefully selected third-party service providers (data processors) who process personal data on TravelGliders's behalf and under TravelGliders's instructions. These include:

• Payment processors — for secure credit card and electronic payment processing
• Cloud hosting and IT infrastructure providers
• Email and communication service providers
• Customer relationship management (CRM) software providers
• Web analytics service providers
• Cybersecurity and fraud prevention services

All service providers are contractually obligated to: (a) process personal data only on TravelGliders's documented instructions; (b) maintain appropriate technical and organizational security measures; (c) not subcontract processing without TravelGliders's prior written consent; and (d) return or destroy personal data upon termination of the service relationship.

4.4 Legal Disclosures

TravelGliders may disclose personal information where required to do so by applicable law, regulation, court order, subpoena, governmental authority request, or to: (a) comply with TSA, CBP, or other aviation and border security requirements; (b) detect, investigate, or prevent fraud or illegal activity; (c) protect the rights, property, or safety of TravelGliders, our clients, or the public; or (d) exercise or defend legal rights in any legal proceeding.

4.5 Business Transfers

In the event of a merger, acquisition, asset sale, restructuring, or other corporate transaction involving TravelGliders, personal information held by TravelGliders may be transferred to the successor entity as part of the transaction. TravelGliders will provide notice of such transfer and any material change in data practices through this Privacy Policy.

5. COOKIES, TRACKING TECHNOLOGIES, AND ONLINE ADVERTISING

5.1 What Are Cookies?

Cookies are small text files that a website places on your browser or device when you visit. They allow the website to recognize you, remember your preferences, and collect information about how you use the site. TravelGliders uses cookies and similar tracking technologies (including web beacons, pixel tags, and local storage) on www.travelgliders.us.

5.2 Types of Cookies Used

5.3 Managing and Opting Out of Cookies

You can manage your cookie preferences through:

• TravelGliders's cookie consent manager, available on the website banner at first visit and accessible thereafter via the 'Cookie Settings' link in the website footer.
• Your browser settings — most browsers allow you to refuse all cookies or certain types. Refer to your browser's help documentation for instructions.
• Third-party opt-out tools such as the Network Advertising Initiative (NAI) opt-out at optout.networkadvertising.org, the Digital Advertising Alliance (DAA) opt-out at aboutads.info, and Google's ad settings at adssettings.google.com.

Disabling marketing or analytics cookies will not prevent you from using TravelGliders's website or making bookings, but may limit our ability to provide personalized experiences.

5.4 Do-Not-Track Signals

Some web browsers transmit 'Do Not Track' (DNT) signals. As there is no universally accepted technical standard for responding to DNT signals, TravelGliders's website does not currently alter its behavior in response to DNT browser signals. However, you may opt out of tracking through the means described in Section 5.3.

6. DATA SECURITY AND RETENTION

6.1 Security Measures

TravelGliders implements appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, loss, and destruction. Our security practices include:

• Transport Layer Security (TLS/SSL) encryption for all data transmitted between your browser and our servers
• Secure, access-controlled server environments for storing personal data
• Role-based access controls limiting access to personal data to authorized personnel on a need-to-know basis
• Regular security assessments and vulnerability testing
• Staff training on data protection and confidentiality obligations
• PCI-DSS compliant payment processing — full card numbers are not stored on TravelGliders's systems

No method of electronic transmission or storage is 100% secure. While TravelGliders implements commercially reasonable security measures, we cannot guarantee the absolute security of any information you transmit to us. You transmit information at your own risk. In the event of a data breach affecting your rights and freedoms, TravelGliders will notify you and applicable regulatory authorities as required by law.

6.2 Data Retention

TravelGliders retains personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law. The following table summarizes our general data retention practices:

Upon expiration of the applicable retention period, personal data will be securely deleted or anonymized in accordance with TravelGliders's data disposal procedures.

7. YOUR PRIVACY RIGHTS

7.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights with respect to your personal information:

• Right to Know: You have the right to request that TravelGliders disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information that TravelGliders has collected from you, subject to certain exceptions (including information needed to complete a transaction, detect fraud, comply with legal obligations, or for other internal legitimate uses consistent with applicable law).
• Right to Correct: You have the right to request correction of inaccurate personal information that TravelGliders maintains about you. TravelGliders will use commercially reasonable efforts to correct inaccurate data upon receipt of a verifiable request.
• Right to Opt-Out of Sale or Sharing: TravelGliders does not sell personal information. However, if TravelGliders ever engages in activities that qualify as 'sharing' personal information under the CPRA (e.g., cross-context behavioral advertising), you have the right to opt out via the 'Do Not Share My Personal Information' link on our website.
• Right to Limit Use of Sensitive Personal Information: You have the right to direct TravelGliders to limit its use and disclosure of your sensitive personal information to uses necessary to perform services or provide goods.
• Right to Non-Discrimination: TravelGliders will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a lower quality of service because you exercised a privacy right.
• Right to Data Portability: You may request a copy of the personal information you provided to us in a portable, machine-readable format.

7.2 Rights Under GDPR (EU/EEA Residents)

To the extent GDPR applies to the processing of your personal data, you have the following rights:

• Right of Access (Art. 15): Obtain confirmation of whether TravelGliders processes your personal data and a copy of that data.
• Right to Rectification (Art. 16): Have inaccurate or incomplete personal data corrected.
• Right to Erasure (Art. 17): Request deletion of your personal data where processing is no longer necessary or lawful.
• Right to Restrict Processing (Art. 18): Request that TravelGliders restrict processing of your personal data in certain circumstances.
• Right to Data Portability (Art. 20): Receive personal data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your national data protection supervisory authority

7.3 Submitting a Privacy Rights Request

To exercise any of the rights described above, you may:

• Submit a written request by email to: privacy@travelgliders.us
• Write to TravelGliders at our mailing address listed in Section 11
• Use the privacy rights request form available at www.travelgliders.us/privacy-request (where available)

TravelGliders will verify your identity before processing any request. We may require you to provide: (a) your name and email address on file; (b) sufficient information to locate your records in our system; and (c) if submitting on behalf of another person, written authorization from that person. TravelGliders will respond to verifiable requests within forty-five (45) calendar days of receipt, with one possible extension of an additional forty-five (45) days where reasonably necessary, accompanied by notice of the extension and reason.

7.4 Authorized Agents

California residents may designate an authorized agent to submit privacy rights requests on their behalf. Authorized agents must provide written proof of authorization. TravelGliders may still require verification directly from the consumer for certain requests.

8. INTERNATIONAL DATA TRANSFERS

TravelGliders is based in the United States. Personal information collected through our website and services may be transferred to, processed, and stored in the United States and, for the purpose of fulfilling travel bookings, in other countries where travel suppliers are located.

If you are located in the European Union or European Economic Area, please be aware that the United States and other countries to which your data may be transferred may not provide the same level of data protection as your home country. Where we transfer personal data internationally, TravelGliders employs appropriate safeguards, which may include Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with suppliers, and other transfer mechanisms compliant with applicable law.

For airline bookings, mandatory passenger data transmission to the airlines and to U.S. government agencies (including TSA and CBP under Secure Flight and Advance Passenger Information System requirements) constitutes a legally required international transfer and is not subject to our control.

9. THIRD-PARTY LINKS AND SUPPLIER PRIVACY POLICIES

www.travelgliders.us may contain links to third-party websites operated by travel suppliers, partners, review platforms, or other entities. This Privacy Policy applies only to TravelGliders's website and services. Third-party websites have their own privacy policies, for which TravelGliders accepts no responsibility. We strongly encourage you to review the privacy policy of any website you visit before submitting personal information.

When you make a booking through TravelGliders, your data is also subject to the privacy policies of the relevant travel suppliers. You should obtain and review the applicable supplier privacy policies, which TravelGliders can provide upon request to the extent they are made available to TravelGliders.

10. CHILDREN'S PRIVACY

The TravelGliders website and services are not directed to children under the age of 13, and TravelGliders does not knowingly collect personal information from children under 13. If a parent or guardian believes that a child under 13 has provided personal information to TravelGliders, please contact us immediately at privacy@travelgliders.us. TravelGliders will promptly delete such information upon verification.

11. UPDATES TO THIS PRIVACY POLICY

TravelGliders reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. The revised Privacy Policy will be posted at www.travelgliders.us/privacy-policy with the effective date of the update noted at the top of the document.

For material changes that significantly affect your rights or TravelGliders's data practices, TravelGliders will provide advance notice by email to the address on file (where applicable) or by a prominent notice on our website. Your continued use of TravelGliders's website or services after the effective date of any update constitutes acceptance of the revised Privacy Policy.

We recommend reviewing this Privacy Policy periodically, at a minimum each time you make a booking with TravelGliders.

12. CONTACT US — PRIVACY INQUIRIES

For any questions, concerns, or requests relating to this Privacy Policy or TravelGliders's data practices, please contact our Privacy Team:

NOTICE TO CALIFORNIA RESIDENTS

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). To exercise these rights, please submit a request at suport@travelgliders.us. California residents may also contact the California Privacy Protection Agency at cppa.ca.gov for regulatory guidance.