Legal

Privacy Policy

How GoalTrip collects, uses, stores, and protects your personal information.

๐Ÿ“… Last Updated: 1 January 2026 ๐Ÿ“‹ Version: 1.0

1. Introduction

GoalTrip Ltd ("GoalTrip", "we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform at goaltrip.com and related services.

By creating an account or using the Platform, you agree to the collection and use of your information in accordance with this policy. If you do not agree, please do not use the Platform.

Our Commitment: We will never sell your personal data to third parties. We do not display third-party advertising. Your data exists solely to enable your bookings and improve your experience with GoalTrip.

2. Data We Collect

We collect the following categories of personal information:

CategoryExamplesSource
Identity DataFirst name, last name, nationality, date of birthYou, on registration
Contact DataEmail address, phone number, countryYou, on registration
Booking DataTickets, hotels, flights, extras orderedYour bookings
Payment DataPayment method, last 4 digits, transaction referencesPayment process
Technical DataIP address, browser type, device info, session dataAutomated
Usage DataPages visited, features used, search termsAutomated
CommunicationsSupport messages, emails sent to usYou

We do not collect sensitive personal data such as race, ethnicity, political opinions, or biometric data. We never store full card numbers โ€” card payments are processed by PCI-DSS certified payment gateways and only tokenised references are retained by us.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Booking Fulfilment: To process, confirm, and deliver your bookings for tickets, hotels, flights, and extras.
  • Account Management: To create and manage your GoalTrip account and authenticate your identity.
  • Payment Processing: To verify and process payments across all accepted methods, including manual verification of crypto and bank transfers.
  • Communications: To send booking confirmations, updates, payment notifications, and support responses.
  • Security: To detect and prevent fraud, abuse, and unauthorised account access.
  • Legal Compliance: To comply with applicable laws, regulations, and lawful requests from authorities.
  • Platform Improvement: To analyse usage patterns and improve our features and user experience.
  • Marketing (optional): To send promotional emails if you have opted in. You can opt out at any time.

4. Who We Share Your Data With

We share your personal data only where necessary to fulfil your booking or comply with legal requirements:

  • Booking Partners: Hotels, airlines, ticket suppliers, and event operators, solely to fulfil your specific booking.
  • Payment Processors: PCI-DSS certified card processors and crypto payment verification services.
  • Service Providers: Cloud hosting, email delivery, and customer support software providers, bound by data processing agreements.
  • Legal Authorities: Law enforcement or regulatory bodies where required by law or in response to valid legal process.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy, or as required by law.

  • Account Data: Retained for the duration of your account, plus 2 years after account closure.
  • Booking & Payment Records: Retained for 7 years to comply with financial record-keeping obligations.
  • Support Communications: Retained for 3 years after the conversation is closed.
  • Technical & Usage Logs: Retained for up to 12 months.

You may request early deletion of your data at any time (see Section 7 โ€” Your Rights), subject to our legal retention obligations.

6. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • TLS/SSL encryption for all data transmitted between your browser and our servers.
  • Bcrypt hashing for all stored passwords โ€” we never store plain-text passwords.
  • Role-based access controls limiting data access to authorised staff only.
  • Regular security audits and vulnerability assessments.
  • PCI-DSS compliant card processing via certified third-party gateways.
  • Immutable audit logs for all administrative actions on the platform.

Despite these measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction: Request that we limit how we process your data in certain circumstances.
  • Portability: Request a machine-readable export of data you have provided to us.
  • Objection: Object to processing of your data based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email support@goaltrip.com with the subject line "Data Rights Request". We will respond within 30 days.

8. Cookies

We use cookies and similar tracking technologies to enhance your experience on the Platform. For full details of the cookies we use and how to manage them, please read our Cookie Policy.

Essential cookies are required for the Platform to function. You may decline non-essential cookies via our cookie preference centre without affecting core functionality.

9. International Data Transfers

GoalTrip operates internationally and your data may be transferred to and processed in countries outside your country of residence, including countries that may have different data protection laws.

Where we transfer data outside the European Economic Area (EEA) or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

10. Children's Privacy

The GoalTrip Platform is not directed at children under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@goaltrip.com and we will promptly delete such data.

11. Changes to This Policy

We may update this Privacy Policy periodically. The "Last Updated" date at the top of this page will reflect the most recent revision. For material changes, we will notify registered users via email at least 14 days before the change takes effect.

Continued use of the Platform after changes are published constitutes acceptance of the revised policy.

12. Contact & DPO

For any privacy-related queries, rights requests, or concerns, please contact us:

If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Also see: Terms & Conditions ยท Cookie Policy