DreamTrips Legacy, LLC - Global Data Privacy Policy

1. Scope

This policy applies to all personal information collected and processed by DreamTrips from:

• Individuals who purchase and use DreamTrips travel club memberships ("Members");
• Independent sales representatives who promote DreamTrips memberships ("Brand Ambassadors"); and
• Visitors to our websites, apps, and digital platforms.

This policy covers data collected globally, but all personal data is received and processed in the United States.

2. Information We Collect

We may collect and process the following categories of personal information:

• Identification Data: Name, date of birth, gender, government-issued identification (if required for compliance).
• Contact Information: Address, phone number, email address.
• Membership and Transaction Data: Membership status, payment details, billing information, travel bookings, purchase history.
• Brand Ambassador Data: Enrollment details, performance data, commissions, payment or banking details (if applicable).
• Technical Data: IP addresses, device identifiers, browser type, operating system, cookies, and online activity on our websites or apps.
• Marketing Preferences: Communication preferences, opt-in or opt-out status.

3. How We Use Your Information

We process personal information to:

1. Deliver Services: Provide travel memberships, process payments, book travel, and manage accounts.
2. Support Brand Ambassadors: Track sales, pay commissions, and manage contractual obligations.
3. Marketing and Communications: Send promotional materials, newsletters, and offers that may be of interest, subject to consent where required.
4. Legal and Compliance: Comply with laws, tax, and regulatory obligations.
5. Security and Fraud Prevention: Detect, prevent, and investigate fraud or misuse of our services.

4. Legal Basis for Processing (GDPR Compliance)

For individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data only when a legal basis applies, including:

• Performance of a contract (for example, fulfilling membership or Brand Ambassador agreements);
• Legal obligations (for example, tax and financial recordkeeping);
• Legitimate interests (for example, improving services, preventing fraud, marketing to existing Members and Brand Ambassadors);
• Consent (for example, sending promotional emails where required by law).

5. International Data Transfers

All personal data collected globally is processed in the United States. DreamTrips complies with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (as applicable) to ensure that transfers of personal information from Europe, the UK, and Switzerland to the United States are adequately protected.

6. Sharing of Personal Information

We do not sell personal data. We may share data with:

• Service Providers: Third-party providers supporting IT, payment processing, customer service, and marketing.
• Travel Partners: Hotels, airlines, and vendors necessary to fulfill bookings.
• Legal or Regulatory Authorities: When required by law, legal proceedings, or to protect our rights.
• Corporate Transactions: In the event of a merger, acquisition, or sale of assets.

7. Data Retention

We retain personal information only as long as necessary to:

• Fulfill the purposes outlined in this policy;
• Comply with applicable laws and financial reporting obligations;
• Resolve disputes and enforce agreements.

Data is securely deleted or anonymized once no longer needed.

8. Your Rights (Under GDPR and Applicable Laws)

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure ("Right to be Forgotten"): Request deletion of your data when no longer necessary.
• Restriction: Limit how we process your data.
• Portability: Request a copy of your data in a machine-readable format.
• Objection: Object to processing, particularly for direct marketing.
• Withdraw Consent: Where consent was the legal basis, you may withdraw it at any time.

To exercise your rights, please email us at operations@dreamtrips.com.

9. Marketing Communications

We may send Members and Brand Ambassadors promotional emails or offers. You may opt out at any time by following the unsubscribe instructions included in the communication or contacting us directly.

10. Data Security

We use reasonable administrative, technical, and physical safeguards to protect personal data from unauthorized access, disclosure, or misuse. However, no system can guarantee absolute security.

11. Children's Privacy

Our services are not directed to children under 18. No one under age 18 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, please do not register on the Website, make any purchases through the Website, or send any information about yourself to us, including your name, address, telephone number, or email address.

In the event that we learn that we have collected personal information from a child under age 18 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child under 18, please contact us at privacy@DreamTrips.com.

12. Complaints and Contact Information

If you have any questions, concerns, or complaints regarding this policy or our data practices, please contact us at:

Email: operations@dreamtrips.com

Mail: DreamTrips Legacy, LLC, 5700 Tennyson Pkwy, Suite 300, Plano, TX 75024

If you are located in the European Union, you also have the right to lodge a complaint with your local Data Protection Authority.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. Updates will be posted on our website with a revised "Last Updated" date.