Privacy Policy
Last updated: 15 June 2026
At My Trip Online, protecting the privacy and personal data of our users is a core concern. We strive to implement practices aimed at ensuring compliance with the applicable data protection requirements, in particular with the General Data Protection Regulation No. 2016/679 of 27 April 2016 (the "GDPR"), applicable since 25 May 2018, and with the Cyprus Law 125(I)/2018 on the Protection of Natural Persons with regard to the Processing of Personal Data, in its latest version.
This Privacy Policy (hereinafter, the "Policy") is intended to inform you clearly, simply and accurately about how we collect and process your personal data in connection with your use of the website my-trip-online.com (hereinafter, the "Website") and/or your subscription to our offers, as well as about the means available to you to understand and exercise your rights regarding your personal data.
If you have any questions regarding this Policy, please contact us by email at contact@my-trip-online.com or by postal mail at: Eudialyte Limited, Vladimirou Kafkaridi 2A, Nicosia, 2202 Cyprus.
Article 1 – Definitions
| Account | Personal area made available to the User on the Website, enabling the User to access certain services and to view or manage their information using personal login credentials. |
| Cookies | Cookies and similar tracking technologies enabling access to information stored on a visitor's terminal equipment. |
| DPO / Data Protection Officer | Person responsible for advising and monitoring the Data Controller's compliance with personal data protection requirements. The DPO may be contacted at: dpo@eudialytetld.com |
| Personal Data | Any information relating to an identified or identifiable natural person, either directly (surname, first name) or indirectly (identifier, location data, online identifier, etc.). |
| Email Connect | Optional feature allowing the User to connect their email account so that the system can automatically detect their travel booking confirmations. This processing is based exclusively on the User's consent (opt-in). |
| Data Subject | Identified or identifiable natural person whose personal data is processed. |
| Data Controller | Natural or legal person who, alone or jointly with others, determines the purposes and means of processing. In this case, Eudialyte Limited / My Trip Online is the data controller. |
| Website | The Website accessible at the URL address my-trip-online.com |
| Service | All services offered on the Website, including travel subscriptions (Fast Track, Check-in, Places to Go). |
| Processor | Natural or legal person who processes personal data on behalf of the Data Controller. |
| Third Party | Any authorized natural or legal person other than the Data Subject, the Data Controller, the Processor and persons placed under their direct authority. |
| Processing | Any operation performed on personal data (collection, recording, organization, storage, modification, consultation, use, disclosure, dissemination, erasure, destruction, etc.). |
| User | Any person visiting, consulting or using the Website and the services offered there. |
| Data Breach | A breach resulting in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of personal data. |
Article 2 – General Information and Contact Details
2.1 Data Controller
Eudialyte Limited, a company incorporated under Cypriot law and registered under number HE 416378, whose registered office is located at Vladimirou Kafkaridi 2A, Nicosia, 2202 Cyprus ("My Trip Online"), may process your personal data in connection with your use of the Website my-trip-online.com and, where applicable, your subscription to and/or management of our offers and services.
Eudialyte Limited acts as data controller within the meaning of the GDPR, which means that it determines the purposes and means of the processing described in this Policy.
2.2 Data Protection Officer
For any question relating to the processing of your personal data by My Trip Online, or to exercise your rights, you may send your request to: dpo@eudialytetld.com or Eudialyte Limited, Vladimirou Kafkaridi 2A, Nicosia, 2202 Cyprus.
If there is any doubt as to your identity, My Trip Online may ask you for information enabling it to confirm that you are indeed the data subject, ask you for additional information to specify your request, or inform you that the particular complexity of your request requires an extension of the response period (two-month extension).
Article 3 – Categories of Data Subjects
Categories of data subjects are as follows:
- The Users of the Website and/or member area;
- Customers subscribed to the Travel Services;
- Persons contacting our customer service department.
Article 4 – Collection of Personal Data
My Trip Online collects and processes personal data, in particular through the following channels:
- Collection forms submitted in connection with subscription and/or available on the Website;
- The member area (account creation and management, access to certain services);
- Customer service (telephone, email, contact form);
- The Email Connect feature, when the User chooses to connect it (see below);
- Where applicable, from other companies with which My Trip Online may exchange data, in compliance with the purposes described in this Policy.
My Trip Online collects only the data strictly necessary in view of the purposes described in this Policy, in accordance with the principle of minimization. Providing certain data is mandatory in order to process a request or provide a service. Failure to provide certain data may make it impossible to achieve the purposes described below.
The personal data that may be collected includes, in particular:
- Identification data: surname, first name and, where applicable, postal address;
- Data relating to the account / member area: identifier, login data, password;
- Contact details: email address, telephone number;
- Data relating to subscription to the service: order references, billing, subscription history, payment status;
- Travel data (Fast Track, Check-in): flight number, airport, terminal, date and time of flight, airline, seat preferences;
- Data relating to marketing and follow-up of exchanges: contact history, requests made, contact preferences;
- Data relating to the collection and recording of consent: timestamp, medium and methods of collection, choices expressed;
- Browsing data: pages viewed, viewing time, interactions, technical logs;
- Electronic identification data: IP address, cookie and tracker identifiers;
- Financial data: your bank card or payment account details are collected and processed by a specialized third-party payment service provider. We do not have direct access to them.
- Aggregated data: we collect statistical or demographic data derived from your personal data. Such aggregated data does not identify you and does not constitute personal data within the meaning of the GDPR.
- Data relating to the exercise of rights: requests, exchanges and follow-up;
- Voluntarily provided data: information provided in free-text fields and comments.
Email Connect Feature
If you choose to connect your email account from your member area, the system scans incoming emails solely to identify travel booking confirmations, using dedicated keywords. The feature is configured to process only travel-related emails: no other content is accessible, read or processed.
This feature is based exclusively on your consent (opt-in). You may disconnect your email account at any time from your member area: all data collected in this context will then be permanently deleted.
Health Data
In connection with the performance of certain services (special check-in assistance, specific dietary requirements, accessibility needs), My Trip Online may process health data. This processing is based exclusively on your explicit consent, collected separately and specifically prior to any processing. You may withdraw this consent at any time, without affecting the lawfulness of processing previously carried out.
Such data is retained only for as long as strictly necessary to provide the relevant service.
Article 5 – Purposes of Processing
The table below presents all the purposes for which your data is collected and processed, as well as the corresponding legal bases.
| Purpose | Legal basis |
|---|---|
| Management and performance of subscriptions and services (subscription, billing, access) | Performance of the contract |
| Management of the customer relationship and after-sales service (requests, complaints, cancellation/termination, support) | Performance of the contract |
| Management of accounts and member area | Performance of the contract |
| Service communications (information relating to the account, subscription, billing) | Performance of the contract |
| Identification of trips via Email Connect and activation of subscription benefits | Consent (opt-in) |
| Processing of health data in connection with the performance of the service (special assistance, dietary requirements, accessibility) | Explicit consent |
| Marketing communications by email or SMS (offers and news) | Consent or legitimate interest for similar services |
| Transmission of data to partners for prospecting purposes | Consent |
| Improvement of services and user experience (statistics, optimization) | Legitimate interest |
| Website administration and security (maintenance, fraud prevention, technical logs) | Legitimate interest / Legal obligation |
| Management of cookies and trackers | Legitimate interest (functional) / Consent (marketing) |
| Management and recording of consents and objections | Legitimate interest |
| Management of litigation and pre-litigation matters | Legitimate interest |
| Retention for limitation periods and accounting and evidentiary obligations | Legal obligation / Legitimate interest |
Article 6 – Retention Periods
My Trip Online processes your personal data only for the period necessary to achieve the purposes for which it was collected, including complying with any legal or accounting requirement.
To determine these periods, My Trip Online considers the amount, nature and sensitivity of the data; the risk of harm resulting from unauthorized use or disclosure; the purposes of processing; and the applicable legal requirements.
At the end of the retention period in the active database, certain data may be kept in intermediate archiving with restricted access, particularly for evidentiary purposes and to comply with applicable legal obligations. Upon expiry of the applicable periods, the data is deleted or anonymized.
The applicable retention periods include, in particular:
- Customer account and subscription data: 6 years from the end of the contractual relationship.
- Data collected for commercial prospecting purposes: 3 years after the end of the commercial relationship.
- Email Connect Data: when you activate the Email Connect feature, we extract from your mailbox the booking confirmations and flight details relating to your trips. Only these emails are processed; no other content is accessible to our systems. This processing is based on your consent and may be revoked at any time from your member area. This data is deleted as soon as the purpose for which consent was given has been achieved.
- Health data or sensitive data: in connection with certain services (check-in assistance, dietary requirements, accessibility needs), we may process health data. This processing is based on your explicit consent, collected separately and prior to any processing. You may withdraw it at any time, without affecting processing already carried out. This data is deleted as soon as the purpose for which consent was given has been achieved.
- Browsing data (analytics and security cookies): maximum of 13 months from placement, in accordance with CNIL recommendations.
- Data collected through these trackers: may be retained for a maximum period of 25 months.
Article 7 – Recipients
My Trip Online ensures that only authorized persons may access your personal data, within the limits of their duties.
My Trip Online may share certain data with third parties only where this is necessary to achieve the purposes described in this Policy. My Trip Online governs these relationships through contractual undertakings compliant with the GDPR.
Certain recipients act as processors (processing on behalf of My Trip Online, governed by a processing agreement compliant with Article 28 of the GDPR), while others act as independent data controllers (in particular third-party travel service providers and, where you have consented, partners for prospecting purposes). Where we use processors, we ensure that they provide sufficient guarantees as to the implementation of appropriate technical and organizational measures, in accordance with Article 28 of the GDPR.
The data may in particular be disclosed to the following categories of recipients:
- Third-party travel service providers, acting as independent data controllers to whom your data is disclosed for the purpose of performing the subscribed services;
- Other group companies acting as processors;
- Email infrastructure providers (email connect feature) as processors;
- Partners for prospecting purposes, in particular;
- IT and system administration providers;
- Third parties to whom we may transfer or merge parts of our business or assets.
Article 8 – Transfers of Data Outside the European Union
My Trip Online seeks to limit transfers of personal data outside the European Union. However, certain processing operations may involve a transfer of data to recipients located outside the European Union, in particular where certain technical service providers are located in a third country.
In this case, My Trip Online ensures that such transfers are governed by appropriate safeguards in accordance with the GDPR, including:
- where the recipient country is the subject of an adequacy decision by the European Commission (Article 45 of the GDPR), or;
- where no adequacy decision exists, by the signing of standard contractual clauses adopted by the European Commission (Article 46 of the GDPR) and, where applicable, by the implementation of additional measures in accordance with the recommendations of the European Data Protection Board;
- for transfers to the United States, where the recipient is certified under the EU-U.S. Data Privacy Framework, that mechanism applies directly.
A copy of the applicable safeguards may be requested from: dpo@eudialytetld.com.
Article 9 – Cookies
My Trip Online uses cookies and other trackers to ensure the proper functioning of the Website, improve user experience and, where applicable, measure audience and offer personalized content.
Certain cookies are strictly necessary for the operation of the Website, while others require your prior consent, which you may withdraw at any time.
You can configure your browser to refuse all or some cookies. Please note, however, that certain Website features may be affected if you refuse cookies.
To learn more about the nature of the cookies placed, their purposes and how to configure them, you can consult our Cookie Policy. my-trip-online.com/cookie-policy.
Article 10 – Rights of Data Subjects
In accordance with the regulations in force, you have the following rights regarding your personal data.
To exercise your rights, you may contact My Trip Online at the following address: dpo@eudialytetld.com — Eudialyte Limited, Vladimirou Kafkaridi 2A, Nicosia, 2202 Cyprus.
My Trip Online will respond within one (1) month from receipt of your request (period extendable by two (2) months in the event of complexity). If there is reasonable doubt as to your identity, My Trip Online may ask you for proof of identity. Exercising your rights is free of charge, except in the case of manifestly unfounded or excessive requests.
It is expressly acknowledged that these rights may be subject to limitations provided for by applicable regulations, in particular where this is necessary to comply with a legal obligation or to exercise legal claims.
10.1 Right of access
You may obtain information about the personal data processed concerning you and request a copy of such data.
10.2 Right to rectification
You may request the correction of inaccurate or incomplete data concerning you. If you have an account, we invite you to modify your data directly from your member area.
10.3 Right to erasure ("right to be forgotten")
You may request the erasure of your personal data where there is no compelling reason for My Trip Online to continue using it or if its use is unlawful.
10.4 Right to restriction of processing
You have the right to request the temporary suspension of the use of your data (while restricting access to it) in the following cases: contesting the accuracy of the data, unlawful processing with a preference for restriction rather than deletion, retention necessary for the exercise or defense of legal claims, pending verification of legitimate interest.
10.5 Right to data portability
You have the right to retrieve and reuse certain personal data that you have provided, in a structured, commonly used and machine-readable format. This right applies only to data processed with your consent or for the performance of a contract, by automated means.
10.6 Right to object
You may object to certain types of processing on grounds relating to your particular situation, insofar as the processing is based on legitimate interest. Where your data is processed for prospecting purposes, you may object at any time, without having to justify a particular situation.
10.7 Right to withdraw consent
Where My Trip Online processes your data on the basis of your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of prior processing.
10.8 Right to provide post-mortem instructions
You have the right to provide My Trip Online with instructions concerning the management of your personal data after your death (retention, erasure, disclosure). These instructions may be modified or revoked at any time.
Article 11 – Complaints
If you are dissatisfied with the response provided by My Trip Online, or if you believe that the processing of your data does not comply with the applicable regulations, you may lodge a complaint with the competent supervisory authority in the Member State of your habitual residence, your place of work or the place where the alleged infringement occurred.
In France, this authority is the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.
In Cyprus, it is the Commissioner for Personal Data Protection: www.dataprotection.gov.cy.
Article 12 – Data Security
My Trip Online ensures that your personal data is processed securely and confidentially, including where certain operations are carried out by processors.
To this end, My Trip Online implements appropriate technical, organizational and physical measures to prevent, in particular, loss, unauthorized access, disclosure, alteration or accidental destruction of data. These measures are adapted according to the level of sensitivity of the data processed and the level of risk presented by the processing.
In the event of a personal data breach, My Trip Online will apply the procedures provided for by the applicable regulations and will inform the data subjects and the competent supervisory authority where required.
Article 13 – Changes to this Policy
My Trip Online reserves the right to amend this Privacy Policy, in particular in the event of changes to the regulations governing the processing of personal data.
When a change is made, My Trip Online will inform you by any appropriate means. Nevertheless, we invite you to consult this Policy regularly to be informed of how your personal data is protected and processed.