Privacy Policy

This Privacy Policy was last updated on November 18, 2025.

What This Privacy Policy Governs

This Privacy Policy explains how This Mamma Travels (“we,” “our,” or “us”) collects, uses, discloses, and protects your information when you visit our website https://www.thismammatravels.com

Global Policy

We collect and process personal information to provide customized travel content, respond to inquiries, and improve our services.

What We Collect

  • First and last name
  • Contact details:
    • Email address
    • Phone number
    • Social media usernames
  • Mailing address
  • Passport information
  • Payment information
  • Browser and device information
  • IP address and geolocation
  • Usage behavior on our Site
  • Marketing preferences
  • Submitted content via online and offline forms
  • Minor’s personal and sensitive information (under limited circumstances as outlined below)

How We Use It

  • To provide personalized travel deals
  • To respond to inquiries and support requests
  • To send newsletters and downloadable guides (if opted in)
  • To improve website performance through analytics
  • For security and fraud prevention
  • To comply with legal obligations
  • To facilitate booking local and international travel
  • To communicate with you using your preferred contact method: email, text, social media, etc

Data Sources

  • You:
    • when filling out contact forms
    • contacting us directly via phone, email, social media or other electronic means
    • newsletter subscription
  • Your browser/device via cookies or tracking scripts
  • CRM tools like Zoho Bigin
  • Analytics tools like Google Analytics

Your Rights & Choices by Region

You can find country-specific details on how cookies and personal data are processed on our Regional Privacy Policies directory page: Regional Privacy Policies

All Users

We do not currently respond to Do Not Track (DNT) signals, as there is no universally accepted standard for implementing them. However, you can manage your privacy preferences including cookie consent and opt-outs using the geo-based banner and regional policies on our website.

You may exercise your rights including access, correction, deletion, objection, or other privacy choices by contacting us. No login or form submission is required, and we do not discriminate against users who decline cookies or opt out of tracking.

If you prefer not to use our web forms due to cookie consent, you may email us directly at anne@thismammatravels.com.

Data Retention and Deletion

Retention

We retain personal and sensitive data only as long as necessary for the purposes described in this policy, including to fulfill your travel requests, manage ongoing business obligations, and comply with legal or regulatory requirements.

Criteria used to determine retention include:

  • The purpose for which the data was collected
  • The nature and sensitivity of the data
  • Legal or regulatory obligations
  • Ongoing consent or subscription status

Deletion

You may request that we retain your information for repeat bookings. Otherwise, data is periodically reviewed and deleted when:

  • The service you requested is completed
  • Any applicable chargeback or legal record-keeping period has expired
  • You withdraw consent or request erasure
  • We are no longer required to retain it under law

Secure deletion protocols are in place for both active and archived systems.

Data Protection and Processing Agreements

We store and process your personal information using cloud-based providers with strong privacy safeguards.

For example, we use Zoho for CRM and email communication. Our agreement with Zoho includes a Data Processing Addendum (DPA) that ensures compliance with:

  • GDPR and UK GDPR, including Standard Contractual Clauses (SCCs) for international data transfers
  • CPRA/CCPA, ensuring Zoho acts as a service provider with no right to sell or share your data
  • LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), and APP (Australia), covering access control, security, and deletion

Zoho encrypts your data in transit and at rest. We also review Zoho’s certifications and policies regularly to ensure ongoing compliance. You can learn more at Zoho’s GDPR Center

We perform due diligence before engaging any data processor and require contractual privacy protections for all service providers.

International Data Transfers

We are based in the United States. If you are located outside the U.S., including in the EU, UK, Brazil, or other regulated jurisdictions, your data may be transferred to and processed in the United States or other countries.

To safeguard international transfers, we rely on legally recognized mechanisms such as Standard Contractual Clauses (SCCs). Our service providers, including Zoho and Google Analytics, are contractually bound to uphold these protections.

We recommend reviewing Google’s Business Safety page and Zoho’s GDPR Center.

How We Handle Personal and Sensitive Data

We do not sell sensitive personal data, such as credit card details, passport information, accessibility needs, or home addresses.

We collect this type of data only when necessary to fulfill specific travel-related services that you have requested. This may include:

  • Passport or ID numbers for international travel arrangements
  • Payment card information for bookings
  • Accessibility or health-related notes for accommodations
  • Contact and address details for travel documentation delivery

How It’s Used

We share sensitive personal data only with trusted travel providers and vendors, such as InteleTravel, Delta Airlines, or Royal Caribbean, when such sharing is required to complete your travel request.

This is done under a legitimate business interest and with appropriate safeguards in place.

Legal Basis for Processing

Australia (Privacy Act 1988)

We process Australian visitors’ personal data in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs). We rely on:

  • Consent, where required, including for marketing and cookies
  • Contractual necessity, for providing requested services
  • Reasonable expectations, when using information to improve site experience or customer service

Sensitive information (such as accessibility or health accommodations) is only collected with your explicit consent and used strictly for the stated purpose.

Brazil (LGPD) Legal Basis for Processing

If you are a resident of Brazil, we process your personal data in accordance with the Lei Geral de Proteção de Dados (LGPD).

We rely on the following legal bases:

  • Consent, when you agree to receive communications or allow us to process optional information (e.g. marketing cookies, newsletter signup)
  • Contract performance, when you request travel booking services
  • Compliance with legal obligations, for recordkeeping, invoicing, or responding to legal requests
  • Legitimate interest, when we improve our website functionality or security, provided this does not override your rights

If we ever collect sensitive personal data, such as health information for accessibility or dietary accommodations, we will do so only with your explicit consent and limit its use to the specific purpose requested.

You may contact us at anne@thismammatravels.com to exercise your rights under the LGPD, including access, correction, deletion, and data portability.

Canada (PIPEDA)

In accordance with PIPEDA and applicable provincial laws, we process Canadian user data based on:

  • Your informed consent, typically implied for standard transactions and explicit for sensitive data or marketing
  • Service delivery, when fulfilling travel requests
  • Regulatory compliance, when legally required to retain information

You have the right to withdraw consent at any time and to request access, correction, or deletion of your data.

European Union Economic Area and Switzerland (GDPR)

We process personal data of residents in the European Union in accordance with the General Data Protection Regulation (GDPR). Our lawful bases include:

  • Consent, when you opt into marketing communications or accept cookies
  • Contract performance, when you request travel services or contact us about a booking
  • Legal obligations, for recordkeeping and tax compliance
  • Legitimate interests, such as improving our website or preventing fraud, unless those interests are overridden by your data rights

South Africa (POPIA)

Under South Africa’s Protection of Personal Information Act (POPIA), we process your data based on:

  • Consent, for newsletters, cookies, and contact forms
  • Contract necessity, when organizing travel bookings
  • Legal obligations, including administrative recordkeeping
  • Legitimate interest, such as fraud prevention or improving service — provided your rights are not infringed

We treat personal data confidentiality as a priority and apply appropriate safeguards when processing any information.

United Kingdom (UK GDPR)

We follow the UK General Data Protection Regulation, which mirrors the EU GDPR after Brexit. Our legal bases for processing your data include:

  • Consent, for marketing, cookies, and form submissions
  • Contract performance, when facilitating your travel bookings
  • Compliance with legal obligations, such as maintaining business records
  • Legitimate interests, where applicable and balanced against your rights

Retention of Sensitive Data

Sensitive data is retained only as long as necessary to:

  • Complete your requested booking
  • Meet legal or regulatory obligations
  • Facilitate repeat bookings, if you ask us to retain your details securely

If you choose not to have your information stored beyond fulfillment, we will remove it automatically unless retention is legally required.

Children’s Data and Family Travel Bookings

We understand that family travel may require us to process personal information about minors. We take this responsibility seriously and limit the collection and use of children’s information to what is necessary for travel arrangements.

We do not knowingly collect personal information from anyone under the age of 18 unless a parent or legal guardian provides it to us for the purpose of fulfilling a travel service that they have requested. Examples include booking airline tickets, cruise travel, lodging, or accessibility arrangements. In these cases, the parent or guardian provides the child’s information directly, and we rely on the parent or guardian’s authorization to process that information.

We do not use children’s information for marketing, advertising, or promotional communications. Minors are excluded from all marketing lists, newsletters, and other promotional contact.

If we become aware that we have unintentionally collected children’s information without appropriate parental or guardian authorization, we will delete it upon request and take steps to prevent future collection.

If you believe a minor has received marketing materials from us in error, please notify us at anne@thismammatravels.com so we can correct our records.

Parents and guardians may request access to, correction of, or deletion of their child’s information at any time. We will retain a child’s information only as long as necessary to complete the requested services or, if you choose, to securely store details for the purpose of simplifying repeat bookings.

Contact Form & Newsletter Subscription

When using our contact form or newsletter form, we collect personal data such as your name and email. Submission requires marketing consent, due to the use of Google reCAPTCHA and CRM integrations.

Newsletter

Our newsletter offers:

  • Personalized travel recommendations
  • A free downloadable pre-travel checklist
  • Frequency options for updates

You can unsubscribe at any time using the link in our emails.

Cookies and Tracking

We use cookies to improve your experience. These may include:

  • Essential cookies
  • Functional cookies
  • Analytical/statistical cookies
  • Marketing cookies

Consent is collected based on your region. We use Complianz to manage geo-location based cookie banners and tracking control.

Google Analytics 4 (GA4) is configured to delay all data collection until cookie consent is granted.

Find your regions specific Cookie Policy on our Regional Policy page.

Security Measures

We are committed to protecting your personal data. We implement appropriate technical and organizational measures to safeguard your information against unauthorized access, fraud, alteration, disclosure, or destruction.

Our security measures include, but are not limited to:

  • SSL/TLS encryption for secure connections
  • HTTP Strict Transport Security and other security focused browser headers
  • Routine vulnerability scanning and patching
  • Firewall and IP-based access controls
  • Automated IP blocking for malicious and fraudulent activity
  • Abuse reporting mechanisms, including WHOIS-based threat notifications

We process IP addresses and related metadata as part of our website’s security and anti-fraud efforts. This processing is based on our legitimate interest in protecting our platform and users.

Future Features

We may offer email updates, registration and account management, downloadable travel resources or other travel, coaching and travel blog related features in the future. When these features become available, we will comply with the terms outlined in our terms of service and our privacy policy.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or for legal and regulatory reasons. The “Last Updated” date at the top of the specific policy page will always indicate the most recent revision.

Contact Us

For questions or concerns about this Privacy Policy or your data:

Email: anne@thismammatravels.com