Simulation mode — payments, identity checks and document scans are simulated. No real money moves.
Find a holiday How it works Safety & legal FAQs Pricing
Log in Sell your holiday

Legal

Privacy policy

Pre-launch draft.

Draft — pending legal review. This document is a working draft, published for transparency while reTrippr operates in test mode. It is not yet a binding agreement and will be finalised with a qualified solicitor before launch.

1. Who we are

reTrippr operates a classifieds marketplace and payment intermediary for transferable package holidays. We are the data controller for the personal data described in this policy.

  • Legal entity: [legal entity name]
  • Registered in: [England & Wales], company number [number]
  • Registered office: [registered office address]
  • ICO registration number: [number]
  • Data-protection contact: [privacy@retrippr.com]

This policy explains what personal data we collect, why, how long we keep it, who we share it with, and your rights. Our processing is governed by the UK GDPR and the Data Protection Act 2018.

2. The data we collect

  • Account & contact data — your email address (your login identifier), an optional phone number, and your password (stored only as a secure, one-way hash — never in readable form).
  • Security data — where you enable multi-factor authentication, the device secret used to generate your codes (held encrypted at rest).
  • Identity (KYC) data — sellers only — your legal first and last name, date of birth, identity-document type and number, and the verification result. We collect this to verify a seller's identity before any funds can be released to them.
  • Booking & traveller data — booking references, holiday details, and the booking confirmations you upload, plus the lead passenger's name. These documents may contain the names of other travellers on the same booking (see section 4).
  • Communications — the content of buyer–seller messages and pre-purchase enquiry messages you send through the platform.
  • Reviews — ratings and written reviews you leave after a completed transaction. Once revealed, reviews are public and shown on the reviewee's profile.
  • Payment data — payment and payout references and the amounts involved. Card payments are processed by Stripe; we never see or store your full card details.
  • Technical, security & audit data — IP addresses, browser user-agent strings, timestamps, a tamper-evident audit log of key actions on your account, and a record of your acceptance of our terms (including the IP address used at acceptance).

3. Other travellers' data

A booking confirmation often lists more than one traveller. Where a seller's booking includes other travellers, we process those people's names solely to arrange and verify the name-change with the holiday operator. We did not obtain this data directly from those travellers, so — in line with Article 14 of the UK GDPR — we make this notice available to them. If you are named on a booking listed with us and have questions or wish to exercise your rights, contact [privacy@retrippr.com].

4. Why we use it, and our lawful basis

We rely on the following lawful bases for each purpose:

Purpose Lawful basis (UK GDPR)
Providing the marketplace and arranging your transfer Contract — Art. 6(1)(b)
Verifying a seller's identity (KYC) Legal obligation — Art. 6(1)(c)
Taking payment and paying out, via Stripe Contract — Art. 6(1)(b)
Fraud prevention, security, audit logging, and recording IP and terms acceptance Legitimate interests — Art. 6(1)(f) (running a safe marketplace; a balancing assessment is available on request)
Keeping financial and KYC/AML records Legal obligation — Art. 6(1)(c)

5. How long we keep it

We keep personal data only as long as we need it for the purposes above and to meet our legal obligations. Indicative periods:

  • Account data — for the life of your account, then [X] after closure.
  • KYC and financial/transaction records — [6 years] (anti-money-laundering and accounting law).
  • Booking documents — until the transfer completes, then [X].
  • Messages and enquiries — [X].
  • Audit and security logs — [X].

Some records — our audit log and your terms-acceptance record — are tamper-evident and append-only by design and cannot be altered. Where we are unable to delete data (because the law requires us to keep it, or because a record is tamper-evident), we instead restrict its use and pseudonymise it where we can, keeping access tightly limited.

6. How we protect it

Sensitive fields — identity details, the lead passenger name, and message content — are encrypted at rest, access is restricted, and personal data is never shown on public listings. Booking documents are held in private storage and shared only as needed to complete a transfer. Some fields we extract automatically from your documents (for example by OCR) are derived data held alongside the original; our engineering team continues to reconcile exactly how each field is stored, and we describe our protections honestly rather than over-claiming.

7. Who we share it with

We share data only as needed, with processors acting on our behalf:

  • The holiday operator (such as TUI or loveholidays) — to carry out the name-change.
  • Stripe — to process payments and operate seller payout accounts.
  • Render — to host the platform.
  • [object-storage provider] — S3-compatible private storage for booking documents.
  • [email/SMS provider] — to send transactional notifications.
  • Sentry — for error monitoring, if enabled.
  • Our identity-verification provider — named here once it is in use for live KYC.

Where a provider processes data outside the UK, we rely on an appropriate safeguard — [UK adequacy regulations / the IDTA / SCCs with the UK Addendum]. We do not sell your personal data.

8. Your rights

Under UK data protection law you have the right to access your data, rectify inaccuracies, request erasure, restrict or object to processing, and data portability.

To exercise any right, email [privacy@retrippr.com]; we respond within one month. You can also delete your account from your account settings.

Erasure caveat: we cannot delete everything. We must retain your KYC/AML and financial records for the legal period, and our tamper-evident audit log and terms-acceptance record cannot be altered (we keep them for security and accountability). Where we retain such data, we keep it to the minimum and restrict access to it.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies, changes and contact

We use cookies as described in our cookie notice. We may update this policy; material changes will be notified. For any privacy request, email [privacy@retrippr.com] or see our contact page.

We use strictly-necessary cookies to keep you signed in and secure. We don't use tracking or advertising cookies. See our cookie notice.