In accordance with CNIL policy, this document provides users with clear, understandable, and concise
information on the privacy policy and cookies policy applicable to the processing of your personal data.

How useful is this policy?
Travel&More, which manages the website www.digitrips.com, attaches great importance to the protection and
confidentiality of your personal data which represent for us a pledge of seriousness and confidence. The Privacy
Policy specifically reflects our willingness to enforce compliance within Travel&More with applicable data
protection rules and, in particular, with the General Data Protection Regulation (“GDPR”). In particular, the Privacy
Policy aims to inform you about how and why we process your data in connection with the services we provide.

Who is this policy for?
Our Privacy Policy applies to you, wherever you live, if you are at least 15 years old, whether you are one of our
customers or just a simple visitor to www.digitrips.com. If you are under the legal age detailed above, you are not
authorized to use our services without the prior and explicit consent of one of your parents or the holder of
parental authority, which must be sent to us by e-mail at [email protected]. If you believe that we are holding
personal data about your children without your consent, please contact us at the dedicated address detailed
above.

Does our Privacy Policy apply to job applicants?
If you are a candidate for a position with Travel&More, you should consult our “candidate” policy, which can be
accessed at any time on our dedicated page at www.digitrips.com and which details the processing carried out as
part of our recruitment process.

Why do we process your data and on what basis?
To provide our services, we must process your personal data for:
– navigate our website, benefit from our services and so that we can respond to your requests (e.g.,
requests for information, complaints, etc.) on the basis of our general terms of use and our legitimate
interest in providing you with the best possible service.
– follow us and comment on our publications on social networks based on our legitimate interest in having
a dedicated page on social networks.
– to launch videos on our website on the basis on our legitimate interest in providing you with content in
video format.

How do we obtain your personal data?
Your data is collected directly from you when you are a customer of our services or a “simple” visitor to our
website www.digitrips.com, and we undertake to process your data only for the purposes described above.
Your personal data may also be processed indirectly in the context of trade fairs or social networks (e.g., Linkedin).
However, when you voluntarily post content on the pages we publish on social networks, you acknowledge that
you are fully responsible for any personal information you may transmit, regardless of the nature and origin of
the information provided.

What data do we process and for how long?
We have summarized the categories of personal data that we collect and their respective duration of retention.
– Professional identification data (e.g., last name, first name, position, company, etc.) and contact data
(e.g., email address and business phone number, etc.) kept for the entire duration of the provision of the
service, plus the legal statute of limitations, which is generally 5 years.
– When there is a confusion between the name of your structure and your personal name (ex: autoentrepreneur, TPE, etc.), economic and financial data (ex: bank account number, verification code, etc.)
kept for the time necessary for the transaction and the management of invoicing and payments, to which
are added the legal statute of limitations, which are generally from 5 to 10 years
– Video protection images collected with our video protection cameras and kept for a maximum period of
one month.
– Statistical data relating to the viewing of our videos which is anonymized and stored indefinitely.
– Connection data (e.g., logs, IP address, etc.) kept for a period of 1 year.
– Cookies which are generally kept for a maximum of 13 months. For more details on how we use your
cookies, you can consult our cookie policy, which can be accessed at any time on our website.
Once the retention periods described above have expired, the deletion of your personal data is irreversible, and
we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for
statistical purposes.
Please also note that in the event of litigation, we are required to retain all your data for the duration of the
processing of the case even after the expiration of the retention periods described above.

What rights do you have to control the use of your data?
The applicable data protection regulations give you specific rights that you can exercise, at any time and free of
charge, to control how we use your data.
– Right of access and to obtain a copy of your personal data if this request is not in opposition with business
secrecy, confidentiality, or the secrecy of correspondence.
– Right of rectification of personal data that are incorrect, obsolete, or incomplete.
– Right to object to the processing of your personal data implemented for commercial prospecting
purposes.
– Right to request erasure (“right to be forgotten”) of your personal data that are not essential to the
proper functioning of our services.
– Right to the restriction of processing your personal data which allows you to freeze the use of your
personal data in case of dispute about the lawfulness of a processing.
– Right to ask for the portability of your data which allows you to download part of your personal data to
store it or transmit it easily from one information system to another.
– Right to provide guidelines on the fate of your data in the event of your death either by you, a trusted
third party or an heir.
To be considered, you must do your request only at the address [email protected]. Any request that does not
follow this process cannot be treated. Requests cannot be made by anyone other than you. Therefore, we may
ask you to provide proof of identity if there is any doubt about your identity. We will respond to your request as
quickly as possible, within one month of receipt, unless the request is complex or repeated. In this case, the
response time may be up to three months. Please note that we may always refuse to respond to any excessive or
unfounded request, especially if it is repetitive.

Who can access your data?
Your personal data is processed by our teams and by our technical service providers for the sole purpose of
operating our service. We would like to point out that we check all our technical service providers before
recruiting them, to ensure that they scrupulously comply with the rules applicable to the protection of personal
data. WE GUARANTEE THAT WE WILL NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS
PARTNERS.

Can your personal data be transferred outside the European Union?
Personal data processed by our website is hosted on servers located outside the European Union. To protect your
personal data, we scrupulously ensure that our host implements the appropriate guarantees required to ensure
the confidentiality and protection of your data. We may also use technical tools located outside the European
Union. If this is the case, we guarantee that they strictly comply with the applicable transfer rules to guarantee
confidentiality and adequate protection of your personal data.

How do we protect your personal data?
We implement all the technical and organizational means required to guarantee the security of your personal
data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.
Do we use cookies when you browse our website?
We inform you that we use cookies when you browse our website. For more information, please consult our
Cookie Policy (below).

Who can you contact for more information?
We have officially appointed an outsource and independent Data Protection Officer (“DPO”) to our supervisory
authority to ensure the safety and confidentiality of your personal data. You can contact our DPO at any time and
free of charge at [email protected] to obtain more information or details on how we process your personal data.
How can you contact the CNIL?
You may at any time contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at the
following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by
phone at 01.53.73.22.22.

Can the policy be modified?
We may change our Privacy Policy at any time to adapt it to new legal requirements as well as to new processing
that we may implement in the future.


*************************************************************************
COOKIES POLICY

What is the purpose of this Policy?
Travel&More, which manages the www.digitrips.com website, attaches great importance to the confidentiality of
your personal data, which represents for us a pledge of seriousness and trust, including with regard to cookies.
In this respect, our Cookie Usage Policy is a clear demonstration of our determination to ensure that Travel&More
complies with the rules applicable to the protection of personal data and, more specifically, those relating to the
cookies used when you browse our website www.digitrips.com.
For information on our other personal data processing operations, please refer to our Privacy Policy, which can
be accessed at any time on our website www.digitrips.com.

What are cookies and can they identify you directly?
A cookie is a small “text” file placed and hosted by a server on your terminal (e.g., smartphone, tablet, or
computer) when you visit a website. A cookie does not enable us to identify you personally, since it only enables
us to identify your terminal via your IP address, as well as various information related to your browsing (e.g.,
browsing time, pages viewed, screen size, etc.).

What are technical cookies and why do we use them?
The proper functioning of our www.digitrips.com website necessarily involves the use of technical cookies, which
we may use without your prior consent, on the basis of our legitimate interest in providing you with a functional
website. By way of example, a technical cookie enables us to retain the language of your website as well as the
format of the site to facilitate future connections and navigation. Although we don’t recommend it, you can always
prevent these cookies from being deposited on your terminal using your browser’s settings, by following the
instructions below: Chrome, Microsoft Edge, Safari, Firefox and Opera.
In this case, however, your experience as a visitor may be degraded. To restore your browsing experience, you
will need to reset your technical cookies.

What are statistical cookies and why do we use them?
A statistical cookie is used to analyze your use of a website (e.g., browsing time, pages visited, etc.) in order to
improve your experience and provide you with a service tailored to your needs. For our website
www.digitrips.com, we use non-exempt statistical cookies, which can only be placed on your terminal with your
prior consent expressed via our cookies banner.

What are advertising cookies, and do we use them?
An advertising cookie can be used either to provide advertising on a website or to identify the source of a visitor’s
visit to a website (e.g., Google, Bing, etc.). We use advertising cookies to identify the source of the visitor’s arrival
on our website, and they can only be deposited on your terminal with your prior consent expressed via our cookie
banner.

What personal data do we process with our cookies and for how long?
The personal data processed by the cookies we use are:
– your IP address and a user ID that we create when you first connect, so that we can recognize you for up
to 13 months.
– if you accept the deposit of statistical cookies, your personal data linked to your browsing on our website
(e.g., pages visited, browsing times, etc.) for a maximum period of 13 months, non-renewable before
any new connection before the 14th month.
– If you accept advertising cookies to identify the source of your arrival on our platform, any navigation
data necessary to identify your source of arrival on our platform for a maximum period of 13 months,
non-renewable, before any new connection before the 14th month.
Once the retention periods specified below have expired, we do not retain any data concerning you. At most, we
may anonymize your data for statistical purposes.

How do you control the use of cookies?
You can refuse cookies at any time by clicking on our cookies banner. In the event that the cookies banner is no
longer displayed, you can also configure cookies via the “manage cookies” tab on our website, or directly on your
browser by following the instructions below: Chrome, Microsoft Edge, Safari, Firefox and Opera.

What rights do you have to control the use of your personal data via cookies?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of
charge, to control the use we make of your data.
– The right to access and copy your personal data, provided this request does not conflict with business
secrecy, confidentiality, or the confidentiality of correspondence.
– The right to rectify any personal data that may be erroneous, obsolete, or incomplete.
– The right to request the deletion (“right to be forgotten”) of personal data that is not essential to the
proper functioning of our services.
– The right to restrict the use of your personal data in the event of a dispute as to the legitimacy of
processing.
– The right to data portability, which enables you to retrieve part of your personal data so that it can be
easily stored or transmitted from one information system to another.
– The right to give instructions on what to do with your data in the event of your death, either through
yourself, a trusted third party or a beneficiary.

For a request to be considered, it must be sent directly by you to [email protected]. Any request that is not made
in this way cannot be processed. Requests cannot come from anyone other than you. We may therefore ask you
to provide proof of identity if there is any doubt about the identity of the person making the request. We will
respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request
is technically complex or if we receive many requests at the same time. Please note that we can always refuse to
respond to any excessive or unfounded request, particularly in view of its repetitive nature.

Can your personal data used via our cookies be transferred outside the European Union?
The statistical cookies we use may send your IP address and user ID outside the European Union to function. In
this case, we guarantee that these tools strictly comply with the applicable transfer rules to guarantee
confidentiality and adequate protection of your personal data.

Who can you contact for more information?
We have officially appointed an outsource and independent Data Protection Officer (“DPO”) to our supervisory
authority to ensure the safety and confidentiality of your personal data. You can contact our DPO at any time and
free of charge at [email protected] to obtain more information or details on how we process your personal data.

How can you contact the CNIL?
You may at any time contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at the
following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by
phone at 01.53.73.22.22.

Can the policy be modified?
We may change our Cookie Policy at any time to adapt it to new legal requirements and to new processing
operations that we may implement in the future.