PRIVACY STATEMENT FOR USERS AND BUSINESS PARTNERS
0. EXECUTIVE SUMMARY AND IMPORTANT NOTICES
0.1 Why, what, where, when, who and how (long)
Why: Your personal data is needed to use our service, create/access a group and communicate with
fellow group members or third party suppliers.
What (personal data): OOAKT collects and process various types of personal data from you, partly by
asking, partly automatically. The personal data we ask from you includes your (full) name, (email)
address, (mobile) telephone number, employer. The information we collect automatically includes
preferences, special requests, geolocation.
What else - cookies: we use cookies to recognize visitors and remember their preferences
(personalisation) and deliver better user experience (see our cookie statement [link] for more
information).
What else – rights: you will obviously enjoy all rights as granted by applicable law (e.g. right to know
what information we hold, right to be forgotten, right to amend, correct, delete, block your personal
information).
What else – security: we have implemented a range of procedures, controls and measures to prevent
unauthorised access to, and the misuse of, your personal data that we process (including encryption,
prevailing access control tools and technologies and network security controls).
Where: we collect and process information through our website and app. On these platforms, you can
manage and maintain your personal information, including the cookie settings.
When: upon registration with OOAKT (or at any time thereafter), OOAKT may ask you to provide,
update and complete relevant required personal information in its system through the platform on
which our service is available to you.
Who: OOAKT is responsible for the data it collects and acts as data controller; see paragraph 1.1 below
for more information about OOAKT. OOAKT may share certain Aggregated Data with its partners who
use this data for benchmarking purposes.
Furthermore, OOAKT may share certain personal information with its affiliated group companies (e.g.
for customer service) and trusted subcontractors. OOAKT is responsible for these parties (which act as
data processor subject to a data processor agreement with OOAKT).
How (long): we will collect and process your personal information in accordance with this Privacy
Statement (including cookie statement) and retain personal data for as long as it is deemed necessary
to manage the business relationship with you, to provide our services to you and to comply with
applicable laws (including those relating to the retention of documents), to resolve disputes or claims
with any third parties, and - if otherwise necessary - to enable us to conduct our business.
The above is a general overview. Depending on the law that applies to you, we might be required to
provide some additional information on your rights and our obligations. Please find below more
detailed information about the use and process of your personal information.
0.2 Important notices
0.2.1 Although the Services and Platform are globally available (in Dutch and English) and can be used by
consumers worldwide, we do not specifically target consumers nor monitor the activities of individuals
that are using the Services in any countries outside EU (the relevant 'excluded' countries being, the
'Excluded Territory'), nor do we conduct any specific marketing activities focused on consumers in
the Excluded Territories and therefore, the Services may not be subject to any relevant privacy and
data protection laws and legislation of these relevant jurisdictions in the Excluded Territory (other
than GDPR). Until further notice, we do not envisage offering the Services to those consumers in the
Excluded Territory although nothing shall prevent, limit, preclude or restrict such consumer in the
Excluded Territory from using the Platform (at your own risk and account).
0.2.2 Our Platform and Services are operated and offered in and from within Amsterdam. If you are located
outside the Netherlands, your personal information will be transferred to the Netherlands and may
subsequently be transferred to affiliated companies (as data processors) and Travel Providers and
Partners (as (co) data controllers) in and outside the Netherlands in accordance with the terms of this
Privacy Statement. The cross-border transfer to the Netherlands and subsequent transfer to the
relevant jurisdiction where the Travel Provider or Partner is established) is necessary for the
conclusion or performance of the Reservation, required as per mandatory law (e.g. governmental
inquiries) and/or for the establishment, exercise and defense of legal claims. To the extent permitted
by relevant applicable laws, your use of the Platform and the Services or provision of any personal
information constitutes your consent to the cross-border transfer of your personal information and
the other activities identified in this Privacy Statement.
0.2.3 The Platform contains links to other websites (including those embedded in advertisements and social
media features) that are not owned or controlled by us. This Privacy Statement only applies to
information collected by our Platform and the Services. We have no control over these third party
websites, and your use of third party websites are subject to privacy policies on such linked websites.
Your use of third parties’ websites linked to our Platform is at your own risk, so we encourage you to
review the Privacy Statement at any third party website you visit.
0.2.4 In some cases, we work with our affiliates and other third-party partners ('Partners') to facilitate the
listing and Reservation of certain Products. For example, certain online reservations for Products on
our Platform are facilitated and processed by our Partners. Where this is the case, the Reservation
may be made through and/or processed by the Partner (including confirmation email) and the
Partner’s terms and conditions of use and Privacy Statement will govern the relationship between you
and our Partner for the relevant Reservation of the relevant Product(s).
0.2.5 Depending on your country of residence, you may have rights to request information from us including
how we share certain categories of your information with third parties.
0.3 Scope
0.3.1 This Privacy Statement applies to our users (customers/consumers and the people in your group) and
also applies to and for the benefit of our business partners (e.g. Travel Providers and other natural or
legal persons maintaining a business relationship with us). 'User' (or 'you') for the purpose of this
Clause 0.2.6 also includes any of our business partners. See also paragraph 8 for more information
about the processing of personal data of our business partners (and their employees, representatives,
owners and staff).
1. INTRODUCTION AND DEFINITIONS
1.1 About us
1.1.1 We are One Of A Kind Travel B.V., (trading as OOAKT), a company incorporated under the laws of the
Netherlands and having its registered office at Kloosterstraat 38, 1398 AM, Muiden, the Netherlands
('OOAKT', 'we', 'us', 'our').
1.1.2 We collect personal data via our platform (website/app) and cookies (see our cookie statement for
more information).
1.1.3 The personal data that OOAKT collects in relation to its Users depends on the context of the business
relationship and their interaction with OOAKT, the choices the User makes and the products, services
and functions they use.
1.2 Privacy Statement
1.2.1 This Privacy Statement explains how OOAKT processes your personal data. 'You', 'your' or 'User'
means you, the user of our service as made available on our website/app (including any other natural
person of whom the personal data is provided to OOAKT).
1.2.2 This Privacy Statement applies to all our services (directly or indirectly) made available online (website
and app), through any mobile device, or by email, sms or telephone.
1.2.3 This Privacy Statement applies to every group company of OOAKT that is responsible for or involved in
the processing of a User's personal data. Depending on the nature of the business relationship, various
group companies of OOAKT may be responsible for the processing of that personal data.
2. DATA COLLECTION
2.1 Personal data OOAKT collects
2.1.1 We may ask you for the following personal data:
Contact details
We collect relevant contact information from Users, such as first and last name, date of birth (if
required), (email) addresses, (mobile) telephone numbers, bank and/or credit card details (if
required), preferences or special requests etc.
Financial data
We collect data necessary for payment and billing purposes (including your bank details, bank
account number, credit/ debit card and VAT number) and data otherwise required for invoice
processing.
Other data
When a User communicates with OOAKT, we collect and process information about this
communication.
2.2 Information we collect automatically
2.2.1 Depending on the business relationship and your settings on your laptop or mobile device, OOAKT
may also automatically collect information, some of which may be personal data. This data is collected
when a User uses online services such as a registration form or a user account.
The data collected may include:
Language settings
IP address
Geo location
Place
Device settings
Device operating system
Log information
Time of use
URL requested
Status report
User agent (information about the browser version)
Browsing history
the type of data being viewed
2.3 Personal information you provide us about others or without our request
2.3.1 By sharing personal data of other persons (if applicable), you confirm that these persons have been
informed about the use of their personal data by OOAKT in accordance with this Privacy Statement.
You also confirm that you have obtained all necessary consents as required by applicable laws and
regulations.
2.3.2 Unless explicitly requested by us, we discourage you from providing sensitive personal data at your
own initiative. For example, you may elect to provide us with other information which may imply or
suggest information like religion, health or other information, such as when specifying your dietary
needs or any (disability, medical/physical) limitations. If you choose to disclose without our explicit
request, we accept and assume through your self-disclosure your explicit and unconditional consent to
process and use that information as described in, and subject to this Privacy Statement.
2.4 Other information we receive from other sources
Data related to requests from governmental authorities
Law enforcement or tax authorities may contact OOAKT with additional information about Users
in the event that they are affected by an investigation.
Fraud Detection & Prevention, Risk Management & Compliance
In certain cases, and as permitted by applicable law, OOAKT may need to collect data from third
party sources for fraud detection and prevention, risk management and compliance purposes.
3. PROCESSING PURPOSES AND SHARING
3.1 Purposes
3.1.1 OOAKT uses the previously described information about Users, some of which may be personal data,
where relevant, for the following purposes:
A. Registration and administration
OOAKT uses account information, contact details and financial information to manage and maintain
the relationship with the User and to render its service to you. This also applies to registration and
verification purposes.
B. Render its services (including customer service and support)
OOAKT uses your personal data to complete and administer your Reservation. This includes sending
you communications that relate to your Reservation, such as confirmations (including, where
applicable, providing you with a proof of purchase and/or payment), modifications and reminders. In
some cases, this may also include processing your personal data to enable online check-in with the
Travel Provider or processing personal data in relation to possible damage deposits.
OOAKT uses the relevant personal data for the performance of the contract that the User has
concluded with OOAKT or the Travel Supplier or to allow the User to use the services offered by
OOAKT or the Travel Supplier.
OOAKT further uses the information provided, which may include personal data, to provide support
services, such as responding to requests, questions, complaints, problems and concerns of Users or
the Travel Supplier. In this context, the relevant Personal Data may be exchanged back and forth
between OOAKT, the User and/or Travel Supplier and used for the purpose for which the parties have
agreed (e.g., when referring to the other party's customer service).
C. Other activities, including marketing
If a potential User has not yet completed the online registration, OOAKT may save and send a
reminder to complete the registration process. We believe that this extra service is useful for our
(future) Users because it allows them to complete the registration without having to re-enter all
registration details.
OOAKT may invite Users to complete travel related reviews, ratings and scores and attend (online)
events, seminars, webinars that may be relevant or interesting to them or where they can share travel
experiences. We may also use personal data to provide and host online forums that allow Users to find
answers to frequently asked questions about the range and use of OOAKT's products and services.
Marketing (e.g. newsletters): To the extent relevant to the business relationship and depending on
your personal preferences, wishes and requests, OOAKT uses personal data for communication,
including providing information about our services and product (including updates and upgrades),
sending our newsletter, inviting Users to participate in (User or Supplier) surveys, reviews, groups,
references, promotions or for other marketing communications. When we use personal information to
send direct marketing messages electronically, we offer an opt - in option.
D. Communication with Users
If you need to get in touch with our customer support team (via email, live chat, video logging, phone),
or reach out to us through other means (such as through social media, or communicating with your
accommodation through us), we may collect and process personal information from you there too.
During calls with our customer service (including when being in queue or on hold), live listening and
calls can be recorded for quality control and training purposes. These recordings can also be used for
claims handling and fraud detection. If a call is recorded, each recording is kept for a limited time
before being automatically deleted. This is the case unless we have determined that it is necessary to
keep the recording for fraud investigation or legal purposes.
OOAKT has (access to) communication with you and other Users (telephone, chatbot , email,
platform). We may also use automated systems to review, scan and analyze communications for the
following purposes:
Product development and improvement
General research
Customer engagement (including providing information or offers to guests that we think may
be of interest to them)
Safety
Fraud prevention
Compliance with legal and regulatory requirements
Research possible misconduct
Customer or technical support
Communications sent or received using OOAKT's means of communication are received and stored by
OOAKT. We do not record all calls. If a call is recorded, you will be notified in advance and each
recording is kept for a limited time before being automatically deleted. This is the case unless we have
determined that it is necessary to keep the recording for fraud investigation or legal purposes.
E. Analysis, improvement and research
OOAKT uses the information provided to us, which may include personal data, for statistical, analytical
and research purposes.
This data can also be used for testing purposes, troubleshooting and to improve the functionality and
quality of OOAKT's services and products. We also invite Users to participate in surveys and conduct
other market research from time to time.
Certain Users may be invited to join a user forum to communicate with OOAKT and/or to exchange
experiences with other Users and stakeholders.
Please refer to the information OOAKT provides when you are invited to participate in a survey,
market research or to join an online platform to understand how your personal data may be treated
differently than described in this Privacy Statement.
F. Security, fraud detection and prevention
We process the information provided to us, which may include personal data, to investigate, prevent
and detect fraud and other illegal acts. This may include personal data that a User has provided to
OOAKT, for example for verification purposes as part of the registration process, personal data
collected automatically or personal data obtained from external sources (including from guests).
OOAKT may also use personal data to facilitate investigation and enforcement by competent
authorities, if necessary. For these purposes, personal data may be shared with law enforcement
authorities.
OOAKT may also use personal data for risk assessment and security purposes, including user
authentication, and we use external service providers for third party risk management. These
providers help us assess the business risk profile of our Users. They may also provide us with due
diligence reports from third parties, which, as permitted by applicable law, may contain potential
information about criminal convictions and owner or User violations.
G. Legal, regulatory and compliance
In certain cases, OOAKT must use the information provided (which may include personal data) to
handle and resolve legal disputes or for regulatory investigations, risk management and compliance.
We may also use it to enforce our agreement(s) with Users or to resolve any complaint or claim
involving a User, and in accordance with internal rules and procedures.
In addition, we may need to share information about Users (including personal data) where required
to do so by law or strictly necessary to respond to requests from competent authorities. This includes
tax authorities, courts, other government and public authorities or local municipalities.
Finally, OOAKT may use personal data for AML verification and KYC related purposes and obligations
(including sanction screening for 'politically exposed persons' (PEPs) and sanctioned individuals)..
If we use automated means to process personal data that produces legal effects or significantly affects
you or other natural persons, we will take appropriate measures to safeguard your or the other
person's rights and freedoms. This includes the right to human intervention.
3.2 Legal grounds
3.2.1 As applicable for purposes A and B, OOAKT assumes the legal basis that the processing of personal
data is necessary for the execution of the agreement between the User and OOAKT and provide our
services to you (including for you to open an account with us). If the required information is not
provided, OOAKT will not be able to work with a User and provide our services (e.g. reservation
services), nor will we be able to provide customer service.
3.2.2 For purposes C to G, OOAKT relies on its legitimate interest to provide its services to, or obtain
services from Users, to prevent fraud and to improve its services. When we use personal data to serve
the legitimate interest of OOAKT or a third party, we will always balance the rights and interests of the
data subject and the protection of their information against the rights and interests of OOAKT and/or
the third party.
3.2.3 For F and G purposes, OOAKT also relies, where applicable, on compliance with legal obligations (such
as lawful law enforcement requests).
3.2.4 Finally, if necessary under applicable law, OOAKT will obtain your consent before processing personal
data, including for its services, marketing purposes or as otherwise required by law.
3.2.5 If you wish to object to the processing as set out under C to G and cannot find a way to opt out directly
(for example in your account settings), please contact OOAKT.
4. SHARE WITH OTHERS
4.1 Sharing with affiliated group companies
4.1.1 To support the use of OOAKT services, your information (which may include personal data) may be
shared with or within OOAKT affiliates. This is done for the purposes described below, subject to any
contractual terms.
The purposes for sharing data within the OOAKT group of companies are:
A. to offer, provide or make available services and products and to provide support (such as
customer support and any customer service, billing and collection);
B. to prevent, detect and investigate fraudulent and other illegal activities;
C. for analytical, quality and product improvement purposes (including monitoring
conversations by live listening or recording for quality and training purposes);
D. marketing activities (including news items) from which you can easily unsubscribe or
unsubscribe) and to personalize online services (including personalized offers and
promotions);
E. communication purposes (by email, telephone or post) for the above purposes (including
survey, market research, reviews or ratings) or as necessary under our agreement with you;
F. legal purposes, including the handling of complaints, claims, legal claims and for the detection
of fraud (in which cases any telephone conversations may be recorded);
G. to ensure compliance with applicable laws or law enforcement.
With a view to purpose A, and insofar as applicable, OOAKT relies on the legal basis that the
processing of personal data is necessary for the performance of the agreement with you for the
reservation, purchase or use of the Services.
OOAKT further relies on its legitimate interest and that of its group companies to receive, process and
share personal data as described under A to G. This is to provide services to or obtain services from
Users, including to improve the services and to prevent fraud or other illegal acts. When personal data
is used to serve the legitimate interest of OOAKT or a third party, OOAKT will always balance the rights
and interests of the person concerned in protecting their personal data and the rights and interests of
OOAKT or the third party.
For purpose G, OOAKT also relies on compliance with legal obligations where applicable (such as
lawful law enforcement requests or enforce its terms and conditions for use of the service).
Finally, where needed under applicable law, OOAKT will obtain your consent prior to processing your
personal data, including for email marketing purposes or as otherwise required by law.
If you wish to object to the processing as set out under B to G, and cannot find a way to unsubscribe
directly (for example in your account settings), please contact OOAKT [add contact/link].
4.2 Sharing with third parties
4.2.1 We may share and use the Users' information (which may include personal data) with third parties, as
permitted by law and as described below:
(a) We share your relevant personal data with Travel Providers. In order to complete your
Reservation, we transfer relevant reservation details to the Travel Provider you have booked.
This is one of the most essential things we do for you. Depending on the Reservation and the
Travel Provider, the details we share can include your name, contact and payment details (if
required), the names of the people accompanying you and any other information or
preferences you specified when you made your Reservation. In certain cases, we also provide
some additional historical information about you to the Travel Provider (e.g. your booking
history with the relevant Travel Provider or with OOAKT and your 'standing as customer of
OOAKT (good standing, reports of misconduct, cancellations).
If you have a query about your Reservation, we may contact the Travel Provider to handle
your request. Unless payment is made during the booking process on the Platform or through
bank transfer/credit card via OOAKT (or any payment processor), we may forward your credit
card details to the relevant Travel Provider for further handling.
In cases of Reservation-related claims or disputes, we may provide the Travel Provider with
your contact details and other information about the booking process, as needed to resolve
the situation. This can include, but might not be limited to, your email address and a copy of
your reservation confirmation as proof that a Reservation was made or to confirm reasons for
cancellation.
For completeness, Travel Providers will further process your personal data outside of the
control of OOAKT. Travel Providers may also ask for additional personal data, for instance to
provide additional services, or to comply with local restrictions. If available, please read the
Privacy Statement of the Travel Provider to understand how they process your personal data.
The Travel Providers shall act as joint data controllers. Please check their privacy statement
for further information on how they will handle and process your personal data.
(b) We share personal information with the service providers and suppliers (including auxiliaries
and subcontractors) in order to allow them offer their products and services to you) and
selected third-party service providers that support us with our products and services,
facilitation of payments, billing/collection, prevent and detect fraud, store data and
otherwise support our business processes.
The service providers and suppliers shall act as data processors of OOAKT, subject to an
appropriate data processing agreement.
(c) Payment providers and other financial institutions. In order to process payments between a
User and OOAKT (for and on behalf of the Travel Provider), relevant personal data may be
shared with payment processors, credit card companies/banks and other financial
institutions.
(d) Other professional third parties: In certain cases (such as disputes or legal claims or as part of
auditing activities), we may need to share your personal data with professional advisors.
These advisors include parties such as law firms or auditors. We only share your personal
data to the extent that is necessary and such third parties process this data in line with their
own professional obligations
(e) Screening of sanctions lists or risk management as required by applicable law (including KYC
(know your customer) and anti-money laundering obligations).
(f) Forced disclosure. When required by law, strictly necessary for the performance of our
services, in legal proceedings, or to protect our rights or the rights of users, we disclose
personal data to law enforcement agencies, research organizations, users or group
companies.
(e) As applicable and unless indicated otherwise, for purpose (a) and (c) OOAKT relies on the
legal basis that the processing of personal data is necessary for the performance of a
contract, and for purpose (b) -(d), OOAKT relies on its legitimate interests to share, process
and receive personal data, and, where applicable, for (e) and (f) on compliance with legal
obligations (such as lawful law enforcement requests).
4.3 Third parties we use
4.3.1 In addition to the global players such as Microsoft, Google, Amazon, IBM, SAP and Cisco we from time
to time may use for our operations (including hosting website, server, (email) communication), we
also use the following third parties, which act as our data processor (unless indicated otherwise),
subject to an appropriate data processing agreement.
[TBC]
5. SECURITY AND PROTECTION
5.1 You have access to your personal data via your Account.
5.2 We have procedures in place to prevent unauthorized access to and misuse of personal data.
5.3 We use appropriate business systems and procedures to protect and secure information, including
personal data. We also use security procedures and technical and physical restrictions to access and
use the personal information on our servers. Only authorized personnel have access to personal data
in the context of their work.
5.4 To protect your privacy and security, we may need to verify your identity before responding to any
privacy related request that you may have that involve your personal data (e.g. access/amendment
request, deletion request, etc), and your request will be answered within a reasonable timeframe. We
may not be able to allow you to access certain personal data in some cases e.g. if your personal data is
connected with personal data of other persons, or for legal reasons. In such cases, we will provide you
with an explanation why you cannot obtain this information. We may also deny your request for
deletion or rectification of your personal data if you have future/ongoing service with us or due to
statutory provisions, especially those affecting our accounting processes, processing of claims, for
fraud detection or prevention purposes, and mandatory data retention, which may prohibit deletion
or anonymization.
6. DATA RETENTION
6.1 We retain personal data for as long as it is deemed necessary to manage the business relationship
with a User, to provide OOAKT services to a User and to comply with applicable laws (including those
relating to the retention of documents), handle any post-booking matters such as in the case of
complaints or claims, disputes or claims with any parties, for fraud prevention, trade sanction reasons,
legal claims or requests and if otherwise necessary to enable us to conduct our business.
6.2 Any personal data we hold about you as a User is subject to this Privacy Statement and our internal
retention guidelines. If you have any questions about the specific retention periods for the different
types of personal data we process, please contact OOAKT.
7. YOUR CHOICES AND RIGHTS
7.1 Depending on where you are located or the entity of OOAKT that processes your personal data,
different rights may apply to the processing of that data, as set out in this Privacy Statement. As
applicable:
You can ask us for a copy of the personal data we hold about you (see also your account settings
with your relevant personal information),
You can notify us of any changes to your personal information, or you can ask us to correct the
personal information we hold about you,
In certain situations, you can ask us to delete, block, amend or restrict the personal information
we hold about you, or you can object to certain ways in which we use your personal information,
In certain situations, you can also ask us to send the personal data you provide to us to a third
party.
7.2 Where we use your personal information based on your consent, you have the right to withdraw that
consent at any time, subject to applicable law. Where we process your personal data on the basis of
legitimate interest or public interest, you also have the right to object at any time, subject to
applicable law.
7.3 Regardless of your location or the OOAKT entity you have a contract with, we rely on our Users to
ensure that the personal information we hold is complete, accurate and current. Always inform us in
good time of any changes or inaccuracies in your personal data.
8. MINORS
8.1 Our services are not intended for children under 18 years old, and we will never collect their data
unless it is provided by (and with the consent of) a parent or guardian. The limited circumstances we
might need to collect the personal data of children under 18 years old include part of a reservation,
the purchase of other travel-related services, or other exceptional circumstances (such as features
addressed to families). Again, this will only be used and collected as provided by a parent or guardian
and with their consent.
8.2 If we become aware that we’ve processed the information of a child under 18 years old without the
valid consent of a parent or guardian, we will delete it.
9. BUSINESS PARTNERS
9.1 This privacy statement applies to all our (existing, former, or potential) business partners, including
accommodation partners, other trip providers, vendors as well as the employees, contractors or
representatives of these parties (all to the extent related to a natural person (i.e. human being)) (each
a 'Business Partner').
9.2 The personal data Booking.com collects in regards to Business Partners depends on the context of the
business relationship and their interaction with us, the choices made by the Business Partner and the
products, services and features they use. In addition to the information set out elsewhere in this
Privacy Statement, please note the following.
9.3 By sharing other individuals’ personal data for business purposes – such as data belonging to your staff
members – you confirm that these individuals have been informed about the use of their personal
data by us in accordance with this privacy statement. You also confirm that you have obtained all
necessary consent, as required by the laws and regulations applicable to you.
9.4 In addition to your contact details, we may ask for, collect or require the following addition
information and personal data in respect of our Business Partners:
- data necessary for payment and invoicing purposes (including your bank details, bank
account number and VAT number) and data otherwise necessary for the processing of credit
slips;
- a copy of company registration documents (including proof-of-licenses, tax information, ID
card or passport, a photo, video or other relevant information) to verify the authenticity of
the Business Partner.
Furthermore, we may receive or otherwise obtain the following information from third parties:
- information relating to Business Partners from insolvency administrators, courts or other
public authorities;
- law enforcement or tax authorities can contact us with additional information about Business
Partners in the event that they are affected by or subject of an investigation;
9.4 In addition to the (third) parties we share your information with as set out above, we may share your
relevant personal data with the customers to the extent required to market and promote your
property, product and service on our platform, and/or to complete or enjoy the reservation or for
legal purposes (e.g. (indemnification or damage) claims and legal proceedings). The legal basis for such
disclosure is performance of the agreement and legitimate interest (including the legitimate interest
of the third party customer).
10. CONTACT US AND LAW ENFORCEMENT REQUESTS
10.1 If you have any questions, wishes or comments about how we process your personal data, or if you
would like to exercise any of the rights you have under this Privacy Statement, please contact us. You
can also contact your local data protection authority.
10.2 We handle privacy specific questions, requests and concerns reported to us using internal policies and
procedures based on applicable privacy laws, regulations and guidelines. We regularly review and
improve this policy and procedures, also taking into account User feedback.
10.3 Requests from law enforcement should be submitted using the appropriate law enforcement
processes as applied by Dutch/EU law and must be in compliance with and shall be subject to
applicable laws (including GDPR). Any law enforcement request from outside the Netherlands all
requests should be submitted as part of a judicial assistance procedure to the Dutch authorities
(MLAT), even in the event that OOAKT has a local entity in the country where the requesting Law
Enforcement Authority is established.
10.4 All requests must be in English and addressed to OOAKT at its corporate head office in Amsterdam (One of
a Kind Travel B.V. Attn. Legal Department. Address: Keizersgracht 572, 1017 EM, Amsterdam, the
Netherlands).
10.5 OOAKTS reserves the right to notify its customers or Travel Providers when their personal data is being
sought, except where providing such notice is prohibited by law.
11. CHANGES TO THIS PRIVACY STATEMENT
This Privacy Statement may be amended or supplemented from time to time. If we intend to make
material changes or changes that affect you, we will always contact you in advance. An example of this
type of change would be if we started processing your personal data for purposes not described
above.
Version: 29 October 2024
Latest update: 15 November 2025.