Uptrvlr

Privacy Policy

UPTRVLR — Privacy Policy uptrvlr.com Last updated: April 24, 2026.

Summary

This Privacy Policy explains what personal data Uptrvlr collects when you visit uptrvlr.com, why we collect it, how we use and protect it, how long we keep it, and what rights you have over your own data. Uptrvlr is registered in the Netherlands and processes all personal data in compliance with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG — UAVG).

1. Who We Are — Data Controller

Uptrvlr is a travel news and information website operated by Shaw Media, a company registered in the Netherlands. As the operator of this website, Shaw Media is the data controller responsible for the personal data collected through uptrvlr.com.

If you have any questions about how we handle your personal data, or wish to exercise any of your rights described in Section 11, please contact us at hello@uptrvlr.com.

2. Scope of This Policy

This Privacy Policy applies to all personal data we process in connection with your use of uptrvlr.com, including:

  • Visiting and browsing any page on the website
  • Subscribing to our newsletter or email updates
  • Submitting a contact form, comment, or other communication
  • Registering for a user account (if applicable)
  • Participating in surveys, competitions, or promotional activities
  • Applying for a job or contributor role at Uptrvlr
  • Interacting with us on social media where we direct you to this policy

This policy does not apply to third-party websites linked from our content. We encourage you to read the privacy policies of any third-party sites you visit.

3. Legal Basis for Processing

Under the GDPR (Article 6), we are required to have a legal basis for every instance of personal data processing. The legal bases we rely on are:

Consent (Art. 6(1)(a)): Newsletter subscriptions, non-essential cookies (analytics, advertising), and marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Contract (Art. 6(1)(b)): Processing necessary to fulfil a service you have requested — such as delivering a newsletter you subscribed to or managing a user account.

Legal obligation (Art. 6(1)(c)): Where we are required to retain or disclose data under Dutch or EU law, including tax records and responses to lawful authority requests.

Legitimate interests (Art. 6(1)(f)): Website security, fraud prevention, internal analytics, improving our editorial content, and direct marketing to existing contacts where permitted. We conduct a balancing test before relying on this basis and will not use it where your interests or fundamental rights override ours.

Vital interests (Art. 6(1)(d)): In rare circumstances where processing is necessary to protect someone’s life or physical safety.

For special categories of data (Art. 9 GDPR), we rely on explicit consent or another applicable condition. Uptrvlr does not knowingly collect special category data in the ordinary course of operating this website.

4. What Personal Data We Collect

4.1 Data you provide directly

We collect personal data that you actively give us, including:

  • Name — collected via contact forms, newsletter sign-up, and account registration
  • Email address — collected via newsletter sign-up, contact forms, account registration, and job applications
  • Message content — collected via contact forms and comment submissions
  • Account credentials — if you create a user account (username and hashed password)
  • Payment details — if applicable for paid services; processed via a third-party payment provider. Uptrvlr does not store raw card data.
  • Professional information — if you submit a job application or contributor pitch (CV, portfolio, cover letter)
  • Survey responses — if you voluntarily participate in a survey or competition

4.2 Data collected automatically

When you visit uptrvlr.com, certain data is collected automatically by our systems and third-party services:

  • IP address — used for security, fraud prevention, and approximate geolocation for content relevance
  • Browser type and version — used for technical compatibility and analytics
  • Device type and operating system — used for website optimisation
  • Pages visited and time spent — used for editorial analytics and understanding reader interests
  • Referring URL — used to understand how visitors find our content
  • Cookie identifiers — used for session management, analytics, and advertising (subject to consent where required)
  • Scroll depth and click behaviour — used for improving content layout and user experience (subject to consent)

4.3 Data received from third parties

We may receive limited personal data from the following third-party sources:

  • Social media platforms — if you interact with our social media profiles and those platforms share data with us under their own terms
  • Analytics providers — aggregated and pseudonymised behavioural data about website usage (e.g. Google Analytics 4)
  • Advertising partners — aggregated audience and campaign performance data. We do not receive individual-level personal profiles from advertising partners without your consent.
  • Newsletter platforms — delivery status, open rates, and click data associated with your email address if you are a subscriber

5. Cookies and Tracking Technologies

We use cookies and similar technologies (including pixels, local storage, and session identifiers) in accordance with Article 11.7a of the Dutch Telecommunications Act (Telecommunicatiewet) and the GDPR. When you first visit the website, a consent banner allows you to accept or decline non-essential cookies.

Strictly necessary cookies: These enable core website functions including session management, security, and load balancing. The website cannot function without these. No consent is required.

Functional / preference cookies: These remember your preferences such as language, region, and cookie consent choices. Consent may or may not be required depending on whether they are strictly necessary.

Analytical / performance cookies: These help us understand how visitors use the website — which pages are read, how long users stay, and where they come from. Data is pseudonymised or anonymised where possible. Examples include Google Analytics 4 and Plausible Analytics. Consent is required.

Marketing / advertising cookies: These deliver relevant advertising and track ad campaign performance. They may involve cross-site tracking. Examples include Google Ads and the Meta Pixel. Consent is required.

Social media cookies: These enable sharing buttons and embedded social content from platforms including X (Twitter), Facebook, Instagram, and LinkedIn. Consent is required.

You may update your cookie preferences at any time via the cookie settings link in the footer of our website. Withdrawing consent for non-essential cookies will not affect your ability to read our content. Our full Cookie Policy is available at uptrvlr.com/cookies.

6. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

Operating and improving the website: Ensuring the website functions correctly, diagnosing technical issues, optimising page performance, and developing new content and features.

Delivering newsletter and email subscriptions: Sending the editorial content, travel news updates, and any other communications you have subscribed to.

Responding to enquiries: Answering messages sent through our contact form or to our email addresses.

Analytics and editorial insight: Understanding which content performs well, where our audience comes from, and how readers navigate the site — to improve our editorial output.

Personalisation: Where you have consented, presenting content recommendations or advertising relevant to your inferred interests.

Advertising and commercial revenue: Displaying third-party advertisements that help fund our editorial operations. Where behavioural advertising is used, this requires your prior consent.

Security and fraud prevention: Detecting and preventing malicious activity, spam, unauthorised access, and abuse of the website.

Legal compliance: Meeting our obligations under Dutch and EU law, including tax, accounting, and regulatory requirements.

Recruitment: Processing job applications and contributor pitches submitted to us.

7. How We Share Your Personal Data

Uptrvlr does not sell, rent, or trade your personal data to third parties for their own marketing purposes.

We may share your data with the following categories of third parties, and only to the extent necessary for the stated purpose:

Website hosting and infrastructure providers: To host and serve the website. Data shared: IP address, server logs. Location: EU/EEA.

Analytics service providers: To understand website usage. Data shared: pseudonymized usage data, device and browser information. Location: EU/EEA or USA (Standard Contractual Clauses apply).

Email marketing platforms: To deliver newsletters and transactional emails. Data shared: email address, name, subscription preferences. Location: EU/EEA or USA (Standard Contractual Clauses apply).

Advertising networks: To serve and measure advertisements, subject to your consent. Data shared: cookie identifiers and browsing data where consented. Location: EU/EEA or USA (Standard Contractual Clauses apply).

Content Delivery Networks (CDN): For fast and reliable delivery of web assets. Data shared: IP address, request data. Location: global (standard protections apply).

Payment processors (if applicable): To process paid subscriptions or transactions. Payment details are processed directly by the payment provider and are not stored by Uptrvlr.

Legal and regulatory authorities: To comply with lawful requests, court orders, or regulatory requirements. Location: Netherlands/EU.

Professional advisers: For legal, accounting, and audit services. Only what is necessary for the specific engagement is shared.

Business successors: In the event of a merger, acquisition, or sale of assets. Data held at the time of the transaction, subject to equivalent data protection standards.

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, supplementary technical measures.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.

  • Newsletter subscriber data: until you unsubscribe, plus 30 days for technical processing
  • Contact form submissions: 12 months from receipt
  • Website analytics data (aggregated): up to 26 months
  • Website analytics data (individual sessions): 14 months or less
  • User account data: duration of active account plus 12 months after a deletion request
  • Advertising and cookie data: as per third-party ad platform terms, typically 13 months, or deleted when consent is withdrawn
  • Legal and financial records: 7 years, as required by the Dutch Civil Code (Art. 2:10 BW) and tax law (AWR Art. 52)
  • Job application data: 4 weeks after a rejection, unless you consent to a longer retention period
  • Security logs: 90 days, on a rolling basis

When data is no longer required, we securely delete or anonymize it.

9. Children’s Privacy

Uptrvlr is a general-audience travel news website and is not directed at children. In accordance with Article 8 of the GDPR as implemented in the Netherlands under the Uitvoeringswet AVG, we do not knowingly collect personal data from anyone under the age of 16 without verifiable parental or guardian consent.

If you believe that a child under 16 has provided personal data to us without appropriate consent, please contact us at hello@uptrvlr.com and we will promptly investigate and delete the data if confirmed.

10. How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure, in accordance with GDPR Article 32. These measures include:

Encryption in transit: All data transmitted between your browser and our website is protected using TLS (HTTPS).

Encryption at rest: Personal data stored on our servers is encrypted at rest where technically feasible.

Access controls: Personal data is accessible only to authorised personnel who require it for their role, enforced through role-based access controls.

Pseudonymisation: Where possible, analytics and usage data is pseudonymised to reduce the risk to individuals.

Supplier due diligence: We assess the security practices of all third-party processors before engaging them and require data processing agreements under GDPR Article 28.

Incident response: We maintain a data breach response procedure and will notify the Autoriteit Persoonsgegevens and affected individuals within 72 hours of becoming aware of a qualifying breach, as required by GDPR Article 33.

Regular review: We review our security measures periodically and update them in line with evolving best practice.

No method of transmission over the internet or electronic storage is completely secure. While we apply industry-standard protections, we cannot guarantee the absolute security of your data. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at privacy@uptrvlr.com.

11. Your Data Protection Rights

Under the GDPR, you have the following rights in relation to your personal data. These rights are not absolute — in some cases, legal obligations or legitimate interests may limit their application. We will respond to all valid requests within one month (GDPR Art. 12), extendable by a further two months for complex or numerous requests.

Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

Right to rectification (Art. 16): You have the right to ask us to correct inaccurate personal data or to complete incomplete data we hold about you.

Right to erasure (Art. 17): You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you have withdrawn consent, or where we have no lawful basis for continued processing.

Right to restrict processing (Art. 18): You have the right to ask us to pause processing of your data — for example, while you contest its accuracy or the lawfulness of our processing.

Right to data portability (Art. 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to object (Art. 21): You have the right to object at any time to processing based on legitimate interests, including profiling and direct marketing. Where we process data for direct marketing, we will stop immediately upon your objection.

Rights related to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing — including profiling — that produces legal or similarly significant effects. Uptrvlr does not currently use fully automated decision-making that produces such effects.

Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

Right to lodge a complaint (Art. 77): You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority in your EU member state of habitual residence.

How to exercise your rights

Submit a written request to privacy@uptrvlr.com with the subject line “Data Subject Request”. Please include your full name, the email address associated with your data, a clear description of your request, and proof of identity. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

12. International Data Transfers

Uptrvlr is based in the Netherlands and primarily stores and processes data within the European Economic Area (EEA). However, some of our third-party service providers are located outside the EEA, including in the United States.

Whenever we transfer personal data outside the EEA, we ensure it is protected by one of the following mechanisms permitted under GDPR Chapter V:

  • Adequacy decision: a transfer to a country that the European Commission has determined provides an adequate level of data protection
  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms binding the recipient to GDPR-equivalent protections, as updated by EU Commission Implementing Decision 2021/914
  • Binding Corporate Rules (BCRs): where applicable for intra-group transfers within multinational organizations
  • Explicit consent: in limited circumstances where no other mechanism applies and you have been fully informed of the risks

A list of the third-party processors we use and the transfer mechanisms applied is available on request at hello@uptrvlr.com.

13. Third-Party Services and Embedded Content

Our website may contain embedded content from third-party platforms (such as YouTube videos, social media posts, or maps) and links to third-party websites. These services operate under their own privacy policies, and your interaction with them is subject to those policies, not ours.

Third-party services we may use include:

  • Google Analytics 4 (Google LLC) — website analytics — policies.google.com/privacy
  • Google Fonts (Google LLC) — typography — policies.google.com/privacy
  • YouTube (Google LLC) — embedded video content — policies.google.com/privacy
  • Google Ads (Google LLC) — advertising — policies.google.com/privacy
  • Meta Pixel (Meta Platforms) — advertising measurement — facebook.com/privacy/policy
  • Email marketing platform (Mailchimp / Klaviyo or equivalent) — newsletter delivery — see provider’s website
  • Cloudflare (Cloudflare Inc.) — CDN and security — cloudflare.com/privacypolicy
  • Comments platform (Disqus or equivalent, if used) — comment moderation — disqus.com/privacy
  • Social sharing buttons — content sharing — see respective provider policies

Uptrvlr does not control how these third parties process your data. Where a third party uses tracking technologies that require consent under Dutch law, we will request your consent before enabling those technologies.

14. Newsletter and Email Marketing

If you subscribe to the Uptrvlr newsletter or any email communication, you consent to receiving that communication. By subscribing, you agree that:

  • We may send you editorial newsletters, travel news updates, and related content at the frequency stated at sign-up
  • We may analyse open rates, click rates, and engagement data associated with emails sent to you, to improve our content and delivery
  • We will not pass your email address to third parties for their own marketing purposes without your separate, explicit consent
  • You may unsubscribe at any time by clicking the unsubscribe link in any email or by emailing hello@uptrvlr.com. We will action unsubscribe requests within 5 business days.

Where we send direct marketing emails to business contacts based on legitimate interests, we will always provide a clear and easy opt-out mechanism and respect any objection immediately.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will:

  • Notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of the breach, as required by GDPR Article 33
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with GDPR Article 34
  • Document all breaches internally, including those not requiring notification, in our breach register
  • Take prompt remedial action to contain the breach and prevent recurrence

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. The date at the top of the page will always reflect when the policy was last revised.

Where changes are material — for example, if we introduce a new purpose for processing, change our retention periods significantly, or add a new category of data sharing — we will provide prominent notice on the website and, where appropriate, notify you by email if you are a subscriber.

Your continued use of the website after a revised Privacy Policy is published constitutes your acceptance of the updated terms, to the extent permitted by law.

17. Supervisory Authority

The supervisory authority responsible for overseeing data protection law in the Netherlands is:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority) Website: autoriteitpersoonsgegevens.nl Post: Postbus 93374, 2509 AJ Den Haag, the Netherlands Telephone: +31 (0)70 888 85 00 Complaint form: autoriteitpersoonsgegevens.nl/contact-met-de-autoriteit-persoonsgegevens

If you are resident in another EU member state, you also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.

18. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we process your personal data, please contact us. We aim to respond to all privacy-related communications within 5 business days.

General privacy enquiries: privacy@uptrvlr.com Data subject access requests: privacy@uptrvlr.com — subject line: “Data Subject Request” Consent withdrawal / opt-out: hello@uptrvlr.com or the unsubscribe link in any email Data breach reporting: hello@uptrvlr.com — subject line: “Data Breach Report.”

Uptrvlr | uptrvlr.com | Registered in the Netherlands | Last updated: April 24, 2026.

This Privacy Policy was drafted as a comprehensive template informed by GDPR, the Uitvoeringswet AVG, and applicable Dutch law. It should be reviewed by a qualified Dutch advocaat before publication.